My Humble Blogworld

Your invitation from Krishnan Rajagopal is about to expire

2008-05-13T09:06:00.001+08:00

Krishnan Rajagopal sent you an invitation to connect as business contacts on Pulse on April 8. That invitation will expire soon! Follow this link to accept Krishnan's invitation.

http://pulse.plaxo.com/pulse/invite?i=18315167&k=1742949688&l=en_my

Plaxo is free, easy to use and takes only a minute to join. Come see what Krishnan wants to share.

Thanks!
The Pulse team

More than 20 million people use Plaxo to keep in touch with the people they care about.

Don't want to receive emails from Plaxo any more? Go to: http://www.plaxo.com/stop

Krishnan Rajagopal added you as a business connection on Pulse

2008-04-08T22:20:00.001+08:00

I'd like to keep in touch with you on Plaxo Pulse.

Click here to learn more:
http://pulse.plaxo.com/pulse/invite?i=18315167&k=1742949688&l=en

Thanks,
Krishnan

More than 20 million people use Plaxo to keep in touch with the people they care about.

Don't want to receive emails from Plaxo any more? Go to: http://www.plaxo.com/stop

Abandoning blogger for iWeb

2006-05-06T04:23:00.000+08:00

For anyone out there who reads this blog, I will no longer be maintaining it. I have created a website/blog called Krishna's Blogsphere using Apple's new iWeb application. Here is the link:

http://web.mac.com/srimadhava

See you there guys and gals !

The grass is just greener there !

On my way back

2005-10-30T00:27:00.000+08:00

After a long trip away from home conitnuously, Im gonna be leaving back to Malaysia tomorrow !

Oh boy ! Am i glad !

I hope to see my family and friends in the coming holiday of Deepavali and Eid !

SpreadFirefox Busted again...

2005-10-05T06:15:00.000+08:00

The Mozilla Foundation's community marketing site Spread Firefox has been hacked for the second time in less than three months. According to an email sent to registered users of the site, unknown remote attackers exploited a vulnerability in the TWiki wiki software, which was installed on the server but not actually used by the public website. The TWiki software has now been disabled. The Spread Firefox Team does not believe that any sensitive data was taken but they have shut down the site as a precaution. Only Spread Firefox was affected by the security breach; no other Mozilla Foundation or Mozilla Corporation sites have been hacked and the flaw does not affect users of Mozilla software.

PS : Oh boy Oh boy ....

Back to KL

2005-08-14T13:27:00.000+08:00

Im back to KL.. finally..

I will type more when i have the energy too.. i hope tomorrow.

Sky.. Sky.. please be clear ?

WGA Cracked

2005-08-07T21:58:00.000+08:00

Microsoft Corporation requires users of it's flagship operating system,
Windows XP, to verify the authenticity of their software installation
before downloading patches and updates from Microsoft's website. The
validation tool, called Windows Genuine Advantage (WGA), can easily be
cracked without much trouble. This allows users of pirated copies of
Microsoft Windows to verify their installation and receive the extra
bennies offered from the manufacturer.

Although Microsoft has not confirmed that the crack works, details are well
publicized, and it appears that the crack is popular, at least amongst
nefarious users.

Previously, JavaScript tricks were required to bypass the WGA requirement;
however, now it appears that it's as simple as running the WGA application
in Windows 2000 compatibility mode.

Veritas Backup Exec - Remote Registry Vulnerability

2005-08-05T21:41:00.000+08:00

Now tis the season for Veritas and Arcserve ! *smile*

A vulnerability exist in Veritas Backup Exec for Windows, which can be exploited by remote attackers to get unauthorized access. The problem lies with some access validation error within some RPC handlers in "beserver.exe" (port 6106), which can be used by remote attackers to gain "administrator" privileges.

Okay, im goin back to sleep.. To muuch bro...too much ...

Cisco and ISS sues Blackhat !

2005-08-03T21:33:00.000+08:00

Now , since were at the topic of utter dumbness , here is another go at it..

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers — a problem that he said could bring the Internet to its knees.

The filing in US District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman.

Now this is interesting, is this a reality or a farce ? Now if its true, Oh thank you C & I for a whole load of pure , crap !

Where do ya guys get ideas such as this ? How about playing around with someone your size , who "reverse engineered " your product ? Not willing to ? To scared of the super powers ?

Ah Cry Babies !

Read more here

ActiveSync Blooper !

2005-08-02T22:54:00.000+08:00

Now this is got to be interesting, A recent Activesync vulnerability reported by a Russian Group.

Microsoft ActiveSync is widely used to synchronies Windows based PDAs
and smartphones with desktop computer. PDA can connect to PC via
COM/USB/IR or LAN. Before synchronization user on PC must setup
"partnership" to allow synchronization. If PDA is protected with
password user on PC should provide password before he can access the
device.

Synchronization over LAN has some design weakness.

1. All data, including initial "authentication", is transmitted in clear
text. This is OK in case COM/USB and other physical protected
communication, but LAN (Wi-Fi in most cases) is very sensitive for
sniffing.
2. Even if PDA is password protected, ActiveSync doesn't ask password in
case of network synchronization. I’m not sure, what is it - security bug
or feature, because password is transmitted in clear text over USB.
3. ActiveSync doesn't use any form of authentication for server (PC) or
client (PDA), so fake server or fake client attack is possible.

Discover Activesync with LAN synchronization allowed

nmap -p 5679 192.168.0.*

Fake server

It is easy to build fake server attack without special software. All you
need are ActiveSync, sniffer and any MitM condition.

1. Install ActiveSync on fake server. Enable network synchronization
2. Realize MitM condition.
3. Launch you favorite sniffer and set filter to save TCP packets on port 5679.
4. Wait for PDA connection.
5. Open sniffer and check second data packet from PDA. At offset 0x14 and 0x18 you can see partnerships ids. Activesync can support up to 2 PC and as you can see, PDA send both IDs in the "handshake"
6. Import template in registry. Change key HKEY_CURRENT_USER\Software\Microsoft\Windows CE Services\Partners\ to sniffed partnership id.
7. Wait for another connection and check ActiveSinc, device should be connected as "guest". Even if you got "Synchronization Error", try to click "Explore" button on the toolbar.

Fake Client

Is very similar to the fake server, but you don't need MitM conditions
to accomplish this attack. All you need it a name of PC and
corresponding "partnership id".

1. Launch your favorite registry editor for Windows Mobile.
2. Navigate to HKLM\Software\Microsoft\Windows CE Services\Partners\P1
3. Create string value PName =
4. Create DWORD value PId =
5. Launch active sync on PDA and try to connect. If everything is ok,
synchronization will occur.

Mitigating factors
1. LAN synchronization disabled by default
2. To implement "fake client" you should know Partnership ID. It’s hard
to guess (2^32), but because ActiveSync accept 2 partnership ID per
connection, actually we need (2^31) connections for bruteforce.

Read More here

SANS Reports New Vulnerabilities

2005-07-28T21:12:00.000+08:00

The SANS Institute reports that 422 new vulnerabilities were discovered
in the second quarter of 2005. This is an 11 percent increase over the 
previous quarter. The increase in the number of security vulnerabilities 
stems from malicious crackers changing focus from attacking operating 
systems to webbrowser and other connected applications, such as digital 
music applications.

In addition to the online applications, backup software systems received 
much attention from crackers seeking to access corporate and personal data, 
possibly for resale. Detailed warnings were published in SANS Top 20 Q2 
2005 Critical Vulnerability Update.

SANS Top 20 Q2 2005 - Click Here

Skype phone

2005-07-05T14:14:00.000+08:00

Hi Guys !

Here is an interesting article of a Skype "hack" , making your own Skype phone using cheap parts !

Check this out, very interesting, and let me know if anyone of you tried it out !

"You have a computer, your friend has a
computer, you both have a broadband connection, and you make use of Skype or
like the voice chat in MSN or something like this - And - you’re sick and tired
to sit by the computer all the time when you talk. And you might even sit with
one of these ridiculous headset (hmm, yes I also have one) on your head just
because the echo cancellation feature isn’t that great in reality."

Wireless Skype phone

Unpatched IE Vulnerability / Exploit

2005-07-03T19:50:00.000+08:00

Micro$oft IE bloopers again ! A javaprxy.dll COM Remote Vulnerability was identified in Micro$oft IE, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to an error in the 'javaprxy.dll' COM Object when instantiated in Internet Explorer via a specially crafted HTML tag, which could be exploited via a malicious Web page to compromise and take complete control of a vulnerable system.

Critical Windows SMB Exploit - Popular

2005-07-01T04:49:00.000+08:00

A recent surge in port 445 scanning activity could herald impending hack attacks, and industry experts have warned firms to take 'immediate steps' to ensure that the affected Windows ports are secure.

Gartner pointed to recent reports that security vulnerability sensors have noted an increase in activity on TCP port 445, which is associated with Microsoft's Windows Server Message Block (SMB) protocol.

Microsoft Security Post - MS-05-027

Sorry buddies !

2005-07-01T04:31:00.000+08:00

Sorry for the "MIA" for 10 days, long trip..

Im here with my thoughts on Micro$oft and its Longhorn again...

Last week, as Micro$oft released its statement, about integrating RSS into its Longhorn OS and IE, it raised many security professional's eyebrows , on its strength and hardness against combatting against hackers. With the current available "oh-so-many" ways of exploiting 'Windoze' OS, what would the scene be, with RSS integrated right into its Operating System ?

Krishna starts wondering... What a wonderful world it would be....

"When Microsoft laid out its plans last week for building RSS -- Real
Simple Syndication -- into Longhorn, it didn't say anything about how it might
secure the automated feeds.Nor has really anyone, said Gartner research director
John Pescatore, the research firm's resident security analyst.'What inevitably
happens with any new protocol, especially the ones with the word "simple" in
them, is that developers try to come up with a way to easily communicate data,'
said Pescatore. 'Only at the end do they say, 'let's sprinkle some security on
it.' RSS is like that.

RSS security
-- or insecurity -- is hardly new. A possible way to deliver malicious code and
spam via the protocol was highlighted two years ago by Mark Pilgrim, a writer of
several technical and programming books, such as "Diving Into Python."

With all this, the chances of hackers and spammers turning to Windows mainstream , to look for weaknesses , seems to bring up more light.

Krishna turns back to his dark world of security, "Life's good."

RSS: Safe At Any Feed?

GooglePAL ?

2005-06-20T11:45:00.000+08:00

Now this is something very interesting, i thought to myself, I had to blog about !

Google, the leading search engine company in search of itself has again
added a new service to its eclectic portfolio. Later this year, Google
plans to offer an electronic payment service that will compete directly
with PayPal, owned by eBay. Services will, reportedly, include processing
payments using consumer credit cards and checking accounts, the mainstay of
PayPal's service !

Should Google enter the payment processing market, PayPal will have to
dance with the wolf, and catch up quickly, if it wants to remain in business.
E-business helps to flatten the world, and Google is taking full advantage of
of its global presence and name.

Before you go any further read this: Paypal Sucks

Google Plans Online Payment Service

ISO 7799 - 2005 !

2005-06-19T06:36:00.000+08:00

Hi everyone !

Sorry for the silence, havent had the opportunity to be online for some time.

Travels have taken up space and prioritised over these areas :(

The latest revision of ISO 17799, has been under development for
several years, is now available. It introduces a number of fundamental
changes to the standard.

ISO 17799 now contains eleven 'core' chapters, as opposed to the
previous ten, with existing chapters also being re-organized. The new
setup is as follows:

- Security Policies
- Organizing Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Information Security Incident Management
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Business Continuity Management
- Compliance.

ISO 17799 2005 also introduces controls to address security related
issues not previously covered. These include outsourcing provision,
patch management and others. Other issues have been extended or
re-written (eg: employment termination, and mobile comms).

On the overall, the document itself is much more user friendly !

OFFICIAL SOURCES
The following official outlet (via BSI) has been updated to provide
downloads of the new standard:
http://www.standardsdirect.org/iso17799.htm

The ISO 17799 Toolkit, the standard's support kit, has also been
updated to include the 2005 version:
http://www.17799-toolkit.com

New lyrics to Beatles Song

2005-06-16T12:35:00.000+08:00

Write in C' (Let it be)

When I find my code in tons of trouble,
Friends and colleagues come to me,
Speaking words of wisdom,
"Write in C."

As the deadline fast approaches,
and bugs are all that I can see
Somewhere, someone whispers:
"Write in C."

Write in C, Write in C,
Write in C, oh, Write in C.
Logo's dead and buried,
Write in C.

I used to write a lot of FORTRAN.
For science it worked flawlessly.
Try using it for graphics!
Write in C.

If you've just spent nearly 30 hours,
Debugging some assembly.
Soon you will be glad to
Write in C.

Write in C, Write in C.
Write in C, oh, Write in C.
BASIC's not the answer.
Write in C.

Write in C, Write in C.
Write in C, oh, Write in C.
Pascal won't quite cut it.
Write in C.

Kaspersky Privilege Escalation

2005-06-07T20:56:00.000+08:00

Users of Kaspersky ! Here is something to take note. Yet another "unpatched" vulnerability.
This time around its with the Kaspersky Labs Antivirus Program.

Those who are running Kaspersky Antivirus on Windows 2000, you're affected. A vulnerability was identified in Kaspersky AntiVirus, which can be exploited by attackers to execute privilege escalation attacks. This flaw is due to a bug in the "klif.sys" driver where insecure functions calls are made from the user level, which may be exploited by local users to execute arbitrary commands with kernel privileges .

This leads to my theory, which i repeat time, and time again. An antivirus, is JUST and antivirus. It ain't a god sent program ! Often end-users are made to think, "If you've got an antivirus, then you're all fine buddy !" ... Now... Think again.

PoC Code

Windows 2000 Finale

2005-06-07T06:48:00.000+08:00

Micro$oft has recently announced that as early as next week , the LONG awaited security update rollup for Windows 2000 would be released.

The Update Rollup, which replaces Windows 2000 SP5 (Service Pack 5), is a cumulative set of hot fixes, security patches and critical updates packaged together for easy deployment.

The Update Rollup comes just one month before mainstream support for Windows 2000 client and server releases expires on June 30. Micro$oft divides its support lifecycle into two phases: mainstream and extended. Once a product enters the extended support period, Micro$oft charges for support.

So , Here it comes the final awaited finale of Windows 2000. I'm sure we'd see a lot corporates who are stuck with a Windows 2000 Server , and with no updates, being victims of "new" hacking tricks.

Microsoft Announces Security Rollup

No Internet Explorer for Windows 2000

2005-06-02T14:15:00.000+08:00

Well all those of you who have been die hard supporters of Internet Explorer from Micro$oft , here's another blow...

"With Internet Explorer 7 Beta 1 set to debut next month, Microsoft has quietly closed the door on Windows 2000 users planning to adopt the new Web browser. IE7 will require Windows XP Service Pack 2 due to internal security changes that rely on Microsoft's latest operating system release."

IE program manager Christopher Vaughn said , "It should be no surprise that we do not plan on releasing IE7 for Windows 2000. One reason is where we are in the Windows 2000 lifecycle. Another is that some of the security work in IE7 relies on operating system functionality in XPSP2 that is non-trivial to port back to Windows 2000."

Read more here : IE weblog

Oh gosh ! Oh gosh ! There goes the ticker of sarcasm for Micro$oft again !

My thoughts on this ?

This spells bad news for governments across the globe, as Windows 2000 is the predominant operating system in use today on these networks. With the hundreds of bugs and vulnerabilites on IE 6, users of Windows 2000 would eventually be forced to find alternative browsers (such as Firefox or Opera), or abandon the Windows operating system completely.

As for the geniuses who thought about IE7, CMYAZZ.

XSS - NS@?

2005-06-01T00:53:00.000+08:00

Well, Here is something for u to laugh ...
A simple XSS attack on a website.

www.nsa.gov

Not even the NS@ can get it right !

Windoze again..

2005-05-31T18:30:00.000+08:00

Well i just got a couple of emails recently requesting me to comment on the vulnerability released sometime ago on Micro$oft's COM and OLE storage vulnerability.

Well many of us know of this as a infamous MS05-012 bug, but, however ... i think theyre loads of people out there who are still VULNERABLE. This is because, simple... when they tried the updates , it caused "unexpected results" *smile* on their machine, and thus having them to rollback the update.

Well there is 2 parts to this problem / vulnerability.

The first flaw exists in the way , affected Os'es and programs access memory when they process COM structured storage files, which allows attackers to gain elevated privileges. The second problem exists in OLE because of the way it handles input validation, and may be exploited by by constructing a malicious document that could potentially allow remote code execution.

Affected Products :-

Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Office XP Service Pack 3
Microsoft Office XP Service Pack 2
Microsoft Office XP
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003

PoC Code available here .

Solution ?

Well you could try to take a look at this.. in my definitions, i dont consider this as a solution *smile*

Microsoft Technet Solution

Look straight in here , ma'am !

2005-05-31T02:57:00.000+08:00

"International travelers should get used to having their fingerprints taken or their irises scanned because traditional airport security tests are outdated and open to abuse, a leading U.S. official said Thursday.

'As a general principle, certainly in the area of international travel, biometrics is the way forward in virtually every respect,' said Michael Chertoff, Homeland Security secretary.

'When we screen based on names, we're screening on the most primitive and least technological basis of identification -- it's the most susceptible to misspelling, or people changing their identity, or fraud.

Krishna's views : I remembered the facial recognition systems in the US airports which i personally felt was much more of a farce than an actual effective solution. I said to myself, what next ? " Body movement recognition ? - Ah there he goes ! He walks just like a terrorist, so he has to be a terrorist ! "

But this step forward with retina and thumbprint scans are something commendable.

'Biometrics is the way ahead.'

US wants to be able to access Britons ID cards

Wordpress Bug !

2005-05-31T01:29:00.000+08:00

For all you bloggers out there on Wordpress, be careful ! If youre still using version 1.5 and prior , then you may be at risk.

A vulnerability was identified in WordPress, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "template-functions-category.php" script that does not properly filter the "cat_ID" parameter, which may be exploited by remote users to conduct SQL injection attacks.

Solution ?

Upgrade to the newest version of Wordpress version 1.5.1.2