Standard Bank phishing attacks

Justin   |   3 Comments » Posted on August 16, 2010

Over the last few weeks I have been getting emails “from” Standard Bank on a regular basis, probably one or two a week. Today I received two more. I am not a Standard Bank customer, so it is immediately obvious that they must be fake. Perhaps a little less so for those who bank with Standard Bank? Both of these mails look a little different, originate from different email addresses, and have slightly different profiles. Standard Bank (or someone) is on the ball (thankfully) as when I tried to follow up on the mails to see how the attacks were working both had been blacklisted with Firefox/Mozilla as phishing sites, and the offending pages had also been removed. There was one a few weeks back that had not yet been blocked at the time I tried to access it, so I have a little more info on that attack, which I will post as an update when I get a chance (probably on only the weekend).

Read the rest of this entry »

Written by Justin Privacy, Research, Security   |   Tags: , , , , , , , ,

Update on Oracle password hashes and crackers #in

Justin   |   No Comments » Posted on August 16, 2010

As mentioned in my very first post on this “new and improved’ site, my original site from way back when had some information on Oracle password hashes and a list of default passwords. This initial work was taken and improved on by Marcel-Jan Krijgsman and subsequently Pete Finnigan (read more about it here), who now runs what is probably one of the best Oracle Security resources available on the net.

During those early days not much was known about Oracle password hashes. There also weren’t too many options when it came to cracking them. Adam Martin came up with a plan in the early days, writing some code that would take create an account, and then change the password to each word in a dictionary (stored in another table) using the oracle password change functionality, and then grab the hash after the change to compare it to the hash you are trying to crack. It was slow (around 10 passwords/second if I recall correctly). I wrote my own version to automate the process and build a “pot” of known hashes along the way. I was busy getting this ready for release when Orm released his far superior tool. At that stage I stopped development and released my list of known hashes.

Orm’s tool was orabf. This tool changed the game, as it was a completely offline tool not needing a running database and it was orders of magnitude quicker. It is probably still the best password cracker around for pre 11g hashes. The early version was a little buggy after a few mails Orm quickly fixed it and has improved it since then. (History here). Download orabf here.

A little about Oracle password hashes and the algorithm (Oracle 7- Oracle 10g)

Passwords can be up to 30 characters in length. The username and password are concatenated and all characters are converted to uppercase, then an eight byte hash is generated using the DES encryption algorithm without any salt (just the username).

The hashes can be obtained using either
* SELECT username, password FROM DBA_USERS;
* SELECT name,password FROM SYS.USER$ WHERE password is not null;

The second is potentially safer if there is a suspicion the server may have been compromised.

Use orabf (download as per link earlier) to crack these hashes, or get the modified version of John the Ripper.

Oracle 11g pasword hashes

Oracle 11g password can be up to 50 characters in length, and passwords are no longer case insensitive. The passwords are stored in two ways (Ala LANMAN hashes – don’t they learn from mistakes of others?), the old style DES (password field) AND the new SHA-1 (spare4 field).

Oracle 11g concatenates the password and salt, then applies SHA-1 to obtain the hash.

Password hashes can no longer be selected from dba_users, so can only be obtained as follows :
* SELECT name,spare4 FROM SYS.USER$ WHERE password is not null;

For more detail on the the Oracle 11g password hashing read the writeup at Recurity Labs.

To crack Oracle 11g hashes you can use The Hackers Choice (THC) OrakelCrakert which handles both brute force and dictionary attacks.  Check first though to see if the old-style hashes are available first, as it’s much easier to crack the new style password if the old style is known first, THC explain how this works in their post linked above.

That’s pretty much where things are at currently with Oracle passwords and hashes. There are many more tools out there to help with hacking and securing Oracle. Google is your friend :)

Written by Justin Research, Security   |   Tags: , , , , , , , , , , , , , , , , ,

Network security podcast covers Cisco 2010 Midyear Security Report #in

Justin   |   No Comments » Posted on August 04, 2010

I was listening to the Network Security podcast this morning (Blackhat mini-cast) and they had an interview with Mary Landesman, a Senior Cisco security researcher, who discussed the Cisco 2010 Mid-year security report that is now available. Download here. Direct link to PDF.

Quoting the intro from the report :

The Cisco 2010 Midyear Security Report examines the major forces of change reshaping the global security landscape. These changes demand that organizations rethink their approaches to enterprise security. Current shifts — from the virtualization of operations to collaboration and social networking — provide new opportunities for criminals to infiltrate networks and steal high-value business data.

The Cisco 2010 Midyear Security Report includes:

  • Results and analysis from two new Cisco studies — one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
  • International trends in cyber-security and their potential impact on business
  • Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
  • An update on global spam trends since late 2009 and spam volume predictions for 2010
  • Guidance from Cisco security experts to help businesses improve their enterprise security by 2011

Read the Cisco 2010 Midyear Security Report, and find the best strategies to help you meet current security demands for your organization.

During the podcast it was also mentioned that Cisco put out weekly and monthly reports. I hadn’t seen these reports before and have just whipped through some quickly and it’s quite interesting, definitely something I will come back to and have a look at on a weekly basis. To quote the site blurb “The weekly Cyber Risk Reports provide strategic intelligence that highlight current security activity. The reports address seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical.”

You can find the weekly reports and supporting podcasts here.

Written by Justin Research, Security   |   Tags: , , , ,

Sophos mid-year 2010 Security Threat Report

Justin   |   No Comments » Posted on August 03, 2010

IT security company Sophos has released its mid-year 2010 Security Threat Report. The report provides some insight into Cybercrime as well as other IT security trends and developments for the first half of 2010.

The report provide a short history and background into the cybercrime economy, then covers some noticeable arrests and sentences over the last 12 months, making for interesting reading. Of particular interest is the particularly “tolerant” attitude of those survyed to government cyber-crime activities.

Some thoughts around social media as an attack vector are also explored, as well as some insights into the threats to the major mobile platforms (iPhone, Blackberry, Android).

The report also provides details on the top malware/spyware hosting countries for January to June 2010.

Download the PDF copy of the full report here.

Written by Justin Privacy, Research, Security   |   Tags: , , , , ,

Reports on DLP, Service Auditor Standard & Social Media Security

Justin   |   No Comments » Posted on August 02, 2010

Social Media:  Business Benefits and Security, Governance and Assurance Perspectives (ISACA)

This week, ISACA released a white paper outlining the five biggest risks posed by social media in the workplace–and how to manage them without banning the technology.  The download page also includes links to a number of other usesful reports on social media by Forbes, Enisa, Web-strategist, and socialmediagovernance.com.

Download the ISACA report here

New Service Auditor Standard (Replacing SAS70) : A User Entity Perspective (ISACA)

The International Auditing and Assurance Standards Board (IAASB) and the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) have recently approved new standards for reporting on controls at a service organization with a truly global constituency in mind. Under the approach adopted by the IAASB and the ASB, Statement on Auditing Standard No. 70 (SAS 70) will be replaced by two new standards:  an attestation standard that will guide service auditors in the conduct of an examination of, and the resulting reporting on, controls at a service organization and an auditing standard that will guide user auditors in consideration of internal control when processing is performed by a service organization. While these new standards are intended to be a communication from the service auditor to the user independent auditor that permit a user entity independent auditor to fulfill auditing requirements, management at user entities also has recognized its responsibility for designing and implementing internal control over financial reporting, whether performed internally or by a service provider, and acknowledged the benefits of SAS 70 reports as part of their risk management, vendor management or regulatory compliance processes. This paper will address the changes in the new standards and will focus on providing management of user entities with valuable practical guidance on their responsibilities to help ensure that they are ready for the changes.

Download report here

The 2010 Data Loss Prevention Report (Aberdeen Group

AberdeenGroup have temporarily made their 2010 data loss preventation report available for free download.

Report Intro:

Companies achieving top results successfully use content-aware technologies to identify sensitive data across multiple channels, and to invoke a range of remediation options to enforce established security policies. In doing so, they reap the substantial benefits of fewer incidents of data loss or data exposure, fewer audit deficiencies, and lower operational cost.

Download from here

Written by Justin ISACA, Privacy, Research, Security, Social Media   |   Tags: , , , , ,

MSc/PhD Scholarships:The Dept of Science & Technology and National Research Foundation, Cosmology,Radio astronomy

Justin   |   No Comments » Posted on July 30, 2010

Thanks to @cecilia_vdm for tweeting about this :

The South African SKA Project is a project of the Department of Science and Technology and the National Research Foundation and comprises Africa’s bid to host the Square Kilometre Array Radio Telescope (SKA), the design, construction and operation of the Karoo Array Telescope (MeerKAT) and a youth into science and engineering programme focused on supporting science and engineering students and postdoctoral fellows. Africa has been short-listed with Australia to host the SKA. If Africa is selected to site the SKA,the core of the telescope will be located in the Karoo region of the Northern Cape.

Scholarships are being offered aligned to the SKA project. The research focus for the SKA PhD and MSc scholarships must align very closely with specific areas of MeerKAT, SKA, PAPER and C-BASS science and technology where research is required.

For 2011, the research projects must be in the following general fields:
• Observational radio astronomy and cosmology.
• Experimental cosmology
• Radio astronomy engineering and instrumentation technologies

Alternatively, if a student wishes to undertake a project that does not appear on this list, he/she is free to submit a proposal for consideration, together with motivation for why the proposed project is relevant to the design, construction and scientific research goals of the MeerKAT and / or SKA.

Closing date for applications is 31 August 2010.

This project sounds really interesting and there are some wonderful research opportunities here. Go and read up further on their website.  http://infoscholarship.net/nrfsa-ska-phd-and-msc-scholarships-2011-south-africa.html

P.S. If you are interested in scholarships being offered around the world in many diverse research areas, follow @infoscholarship on Twitter.

Written by Justin Research   |   Tags: , , , , , ,

Help out an MBA student by completing questionnaire on Phishing

Justin   |   1 Comment » Posted on July 23, 2010

I, RAJAN MUNIEN, an MBA student, at the Graduate School of Business, University of Kwazulu-Natal, hereby invite you to participate in a research project entitled “Internet Phishing – Hook, Line and Hopefully not Sunk…” The aim of this study is to gain a better understanding about online user’s awareness to the problem of Internet Phishing (IP). Through your participation I hope to determine the level of awareness amongst users and to present a strategy in creating further awareness on the problem. The results are intended to contribute towards implementing an awareness programme that will prevent further users from becoming victims to the threat of Internet Phishing. Your participation in this project is voluntary. You may refuse to participate or withdraw from the project at any time with no negative consequence. There will be no monetary gain from participating in this survey group. Confidentiality and anonymity of records identifying you as a participant will be maintained by the Graduate School of Business, UKZN.

If you agree to the above and want to proceed to the questionnaire, please click on the link below. This survey will take you approximately 10 minutes to complete.

http://internetphishing.questionpro.com

If you have questions at any time about the survey or the procedures, you may contact the author hereunder:
Rajan Munien, Cell : 084 – 5800 176, email : rajan.munien@gmail.com

Written by Justin Privacy, Research, Security   |   Tags: , , , ,

It’s a new beginning

Justin   |   1 Comment » Posted on April 24, 2010

It took a cold (well for Durban) miserable autumnish first day of the long weekend to finally get motivated to get this site back up and running again. After going through the process of changing ISPs a few times in short succession I finally have a new home (thanks Gridhost.co.za) and things are back up and running again.

The content from the old site is backed up on my old PC (which now won’t boot – duh) so it is time to start afresh. When I eventually get around to recovering the data from the old PC I will bring anything useful across.

The most accessed part of the old site was the Oracle default passwords list, linked from Pete Finnigan’s security site (www.petefinnigan.com) so I have uploaded it. You can grab it on  :   Oracle password list

Now to find a theme I like (that is usable from mobile devices and blackberry).

Written by Justin General, Research, Security   |   Tags: , , , , , ,

Paying the rent

Close block

Paying that rent

Close block

Post history

Close block
July 2015
S M T W T F S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: