April 24th, 2014

They’re watching. Sshhhh…

Here are a couple interesting documents that describe some of the details on the “secret room” at AT&T that was setup for the NSA. The first is one of the original documents that Mark Klein wrote about the secret room. It contains some background, technical details about room and the fiber split, what type of equipment went in the room, where it was, and even some pictures of the entrance. Here is an excerpt from the summary:

I wrote the following document in 2004 when it became clear to me that AT&T, at the behest of the National Security Agency, had illegally installed secret computer gear designed to spy on internet traffic. At the time I thought this was an outgrowth of the notorious “Total Information Awareness” program which was attacked by defenders of civil liberties. But now it’s been revealed by the New York Times that the spying program is vastly bigger and was directly authorized by president Bush, as he himself has now admitted, in flagrant violation of specific statues and Constitutional protections for civil liberties. I am presenting this information to facilitate the dismantling of this dangerous Orwellian project.

Here is one of the pictures of an entrance to the “secret room” at AT&T central office, 611 Folsom St. San Francisco:

The second is the public version of Klein’s declaration from EFF’s class-action suit against AT&T. This has some more details and some of the back story on how he was approached. Interestingly some of the redacted information in this document is covered in the first document.

This image has been floating around and is pretty amusing:

Random API of the day

Today’s random API is CoCreateInstance, the gateway to the world of Microsoft’s COM object technology.

COM, for those of you who haven’t had the pleasure, is a method for objects to publish an interface with a system, and then allow programs to call that object across language, process, or even system boundaries.   Programs that want to use a COM object begin by calling CoCreateInstance() or CoCreateInstanceEx().

Many things in Microsoft land are COM objects.  For instance, I just found out today that the new user-mode driver mechanism in Vista requires that drivers publish COM interfaces for the system to call.  Windows also includes a rich set of COM objects to do all kinds of things, like speech synthesis, start an embedded web browser, do a background download, and so forth.  Some things in Windows, like the speech synthesizer, are only available via their COM interfaces.

CoCreateInstance returns a funny value called a HRESULT, which is different from all the other mutually incompatible return value systems found in Windows.  Because the HRESULT system supports the notion of a conditional success — that is, the function succeeded but something funny happened on the way — it’s wise to use the FAILED() and SUCCEEDED() macros when testing a returned HRESULT for success or failure.

More Visual Sploit

While I can only guess from the graphics that this is a bad April Fool’s joke, here is a link to a video of Immunity’s supposed Visual Sploit in action (Dave seemed serious when announcing it here). It’s still not quite the 3-d interactive hacker holo-sphere we all hoped for.


Fisher-price ® “my first sploit”

metasploit 2.6 released

A new version of metasploit is out today. Here is a previously linked metasploit blog post on doing metaspoit exploit development end to end.

Version 2.6 of the Metasploit Framework has been released. This release includes 43 more exploits, numerous bug fixes, improvements to the SMB/DCERPC layers, and a few cosmetic changes. If you are running version 2.5, you can seemlessly upgrade to 2.6 by running the msfupdate tool (twice). Please see the release notes for more information.

Slipping, Slipping, Slipping into the future

It looks like we might want to hold off on that order of 802.11n gear. Rumor has it that the task force is way behind the ratification schedule, and have considerably more comments (12,000) than they expected.
From Wi-fi networking news:

An IEEE member informed me that the Task Group N schedule has slipped considerably: The group received 12,000 comments on the Draft 1.0 proposal that was accepted as a working draft in March, and which failed to achieve in May anywhere near the 75 percent required (it received under 50 percent) to make it a final draft that would head to ratification. What wasn’t expected is that instead of perhaps 2,000 comments on the draft, a typical occurrence after drafts are sent around for review by IEEE voting members, 12,000 comments came in.

Record 21,549 websites defaced at once

Online graffiti trackers Zone-H bring us this story of Turkish cracker “iskorpitx” who defaced 21,549 sites at once by placing a page on each with an image of the Turkish Flag. The article says that a secondary page was added (so it wasn’t a DNS trick or similar), though it doesn’t say how many actual hosts this affected. It wasn’t a domain parking service either, a cursory glance (at the time of this post) shows that many of the sites are up with real pages (and still defaced). Here is the list of actual defaced sites.

RealVNC 4.1.1 Remote Vulnerability

RealVNC has a remote exploit that allows users to gain full access to the vnc server without a password. In short , during the authentication process the VNC server sends one byte that is equal to the number of security types available to the client. The server then sends the security types offered to the client. The client then selects one of the security levels out of the array and sends it back (1 byte) . However, the RealVNC Server does not check to see if that security level was even offered in the first place. Soooo, if you return say a 01 , which is type 1 which just happens to be security type “None” , bam your in. James Evans wrote a nice little article on it that goes into more detail about the hole. Check it out

Random API of the Day

Your RAD editor apologizes for having been out lately, due to a malpractice lawsuit involving the use of BIG5 instead of GB encoding in a Chinese heart-transplant robot (“yes, that’s precisely where the robot told me to stab the patient, your honor”).

Today’s random API is realpath(3), which you can find on any POSIX compliant system. Given a pathname, realpath(3) will “clean it up” by resolving symbolic links, and translating shorthand directories like `.’ and `..’. On some systems, there’s even a realpath(1) command which just calls realpath(3):

[thalakan@shaitan /usr/share/man/man3]> realpath /usr/share/../share/../../bin/../usr/share/man/man3
/usr/share/man/man3
[thalakan@shaitan /usr/share/man/man3]>

This is very handy for canonicalizing user input prior to opening a file.  How many times have you done things like fopen(argv[1], "r") ?  Then logged it?  Perhaps your programs would produce better output if you called realpath(3) first.

Mexican Avocados

In 2007, the Department of Agriculture’s ban on Mexican avocados will be lifted in all 50 states, allowing Mexican avocados into California.

Mobile power sources for the MRL antenna rig have been a concern, and this may reduce availability of the superior California avocados for the planned series-parallel avocado battery system (Mexican avocados have a lower siemens rating).

O RLY virus

From Digg:

“O RLY?” Virus Is On The Loose — It tries to print the famous owl picture to network printers, RLY, it does.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS