Recent
Old School hacking
Back in the late nineties, around 1999, my mother bought me my first computer. Around this time The Matrix movie was released which as a young boy with a new computer had me Yahoo’ing (Google was largely unknown) for the term ‘hacking’. Back then Yahoo! Chat was still around and had a chat room called the ‘Hackers Lounge’, everyone in there was talking about all sorts of cool things you could do with computers that I had never heard of before. With hindsight, most of the people in the chat room were script kiddies who knew how to run a few Windows GUI ‘hacking’ tools and largely acting like they were the kings of the Internet. At the time I wanted to learn about all of the cool things they knew. I started downloading and learning how to use these ‘hacking’ tools by the use of my guinea pig friends and family (my siblings soon grew tired of me remotely opening and closing their CD-ROM drives).
Some of these tools are still actively developed and used today, invaluable to conducting modern Penetration Testing and security audits. For the sake of nostalgia, I present to you some of the coolest most 1337 ‘hacking’ tools that I and others used ‘back in the day’. Warning: Download links not verified.
Legion by Rhino9
Use: Windows Null Session share scanner.
Released: 1999
Platform: Windows
Further Info: http://www.informit.com/articles/article.aspx?p=26263&seqNum=5
Download: http://packetstormsecurity.org/files/14711/legion.zip.html
X-Frame-Options
A colleague tweeted a link to a blog post by WhiteHat Security about the X-Frame-Options HTTP header. I had heard of X-Frame-Options before and knew what it did but didn’t really know how it was used so I decided to investigate further.
X-Frame-Options is a HTTP response header that tells the browser what pages are allowed to be loaded in <frame> or <iframe> HTML tags. The header is an extra layer of security that a web application can implement to attempt to mitigate clickjacking (UI redressing).
The X-Frame-Options header may have three different values:
DENY – No pages are allowed to be loaded.
SAMEORIGIN – Only pages from the same domain are allowed to be loaded.
Allow-From http://www.example.com – Only allow frames from www.example.com.
Wireless Man In The Middle (MITM)
This is a recent piece I did for the BBC Inside Out program that originally aired on February 6th. In the video I demonstrate a wireless Main In The Middle (MITM) attack in a coffee shop using a FON+ wireless router, Karma and Jasager. Oh, and they’re the ones who call me an ‘expert’, personally, I hate the term and would never call myself one.
Prevention of unwanted telemarketing calls
I am tired of receiving multiple telemarketing calls per day, I’m tired of the Telephone Preference Service (TPS) not having an affect and I’m tired of telecommunication companies charging for prevention features which should be free.
I came across an e-petition that was setup by a Rob Whitelock, it is not perfect in its recommendations but certainly puts the general point across.
e-petitions is an easy way for you to influence government policy in the UK. You can create an e-petition about anything that the government is responsible for and if it gets at least 100,000 signatures, it will be eligible for debate in the House of Commons.
You can help by signing the petition here;
http://epetitions.direct.gov.uk/petitions/17324
WordPress 3.3 Cross-Site Scripting (XSS)
Yesterday two Indian security researchers, Aditya Modha & Samir Shah, released an advisory outlining a Cross-Site Scripting (XSS) vulnerability within the latest version (at the time of writing) of WordPress 3.3. Many people started re-tweeting the news (including myself) and blogging about it. The problem came when I tried to reproduce the vulnerability, I couldn’t.
I started to think that the vulnerability was a miss-understanding or publicity stunt and was getting annoyed at the many people who were spreading miss-information. I contacted the researchers over Twitter and told them that I was unable to reproduce the vulnerability in any browser or on any WordPress installation including vanilla installs.
The researchers got back in touch with a link to a WordPress installation on which the vulnerability worked. The URL they gave me was an IP address. Within their environment the XSS worked.
At this point I think even the researchers were puzzled. They sent me this code that they believed was the function causing the XSS within wp-includes/functions.php http://pastebin.com/iBnpN8Zm.
