Operation n

There are loads of open source SQL Injection tools on the market. I decided to make a list for future reference.

• sqlmap - feature-rich SQL Injection tool
• bsqlbf 1.1 - Blind SQL Injection Tool
• sqlninja - Microsoft SQL Server SQL Injection tool
• Absinthe - Blind SQL Injection Tool
• SQL Power Injector - SQL Injection Tool
• SQLiX - SQL Injection Tool

More:http://www.databasesecurity.com/sqlinjection-tools.htm

A couple days ago I had to have a look into vulnerabilities associated with Blackberrys - see my post "Blackberry Insecurities".

While its fresh in my mind, I’ll discuss some brief security strategies and techniques supported by BES (Blackberry Enterprise Server).

Blackberry security at the enterprise level should include (at minumum):

• Good Design & Architecure
• A Strong BlackBerry IT Policy (similar to MS Windows Group Policy)
• Policy and Procedures

This could probably make a nice whitepaper, but who has time! :)

The BES server is the central point to manage registered Blackberry devices. From here, you can view the current settings of the BlackBerry, change its password, check its software, lock it and much more. The BES server is made up of a number of components and generally these components are installed on the same server but do not have to be. It is recommended that the BES server router component be placed in a DMZ, allowing port 3101 through the firewall at both ends. However, there are other more complex designs which may be preferable.

Passwords must be used on the devices to mitigate risks in the event that they are stolen. A really strong IT policy should be in place which dictates what software is permitted on the user’s Blackberry. BES actually allows you to deny the user access to the Blackberry should it not meet the IT policy requirements.

Some basic policies and guidelines should be in place, such as having the user contact the IT department in the event that the Blackberry is stolen, and a process for the IT department to follow, dictating how to lock the phone out of the network.

You basically have two choices for BlackBerry connectivity, Wireless (G) or GPRS. GPRS, doesn’t introduce new holes into your network, however, Wireless (G) does, as you then have to worry about how the Wireless is configured. Regardless of what solution you choose, remember that additional holes will have to be punched in your firewall regardless. With this in mind, let me encourage you to really think about your Network Design and Architecture before plugging in your BES server and please remember, the BlackBerry should be treated like any laptop of mobile device.

I’ve heard alot about hacking BlackBerry devices via Blackjacking. It was big news late last year, but was it really big news? I wanted to get down to the facts and the real risks involved.

If you don’t already know, Blackberry’s are awesome little "dinky" mobile computers that many companies use to connect their offices via giant Blackberry enterprise servers usually placed within the internal network so that it has access to their Exchange mail servers (or Lotus) to get mail etc. I think you get the point.

It all started with Jesse D’Aguanno who released a really funky tool called, "bbproxy" (BlackBerry Proxy).

bbproxy is really just a trojan which performs port forwarding. Once installed an attacker can perform attacks against internal systems via the BlackBerry. You cannot send the trojan via e-mail, because the BlackBerry Enterprise Server (BES) doesn’t allow software to be installed via e-mail attachments. This means, the more likely route would be via a web server; the attacker would have to lure the user to a peice of software on a web server somewhere and get them to install it.

My first thoughts were, well, how different is this from sending a trojan to a normal PC? There are some subtle differences. Firstly, once BlackJacked (the user has installed bbproxy), Intruder detection systems will be unable to detect the attacks as all traffic is encrypted between the BlackBerry and the BES server via symmetric encryption. Second, the BES server is often located within the corporate network rather then being seperated on its on DMZ. This is because of all the required ports to the MSQL server, mail servers and a fair bit more.

So is the risk any different from installing malware on a PC within the internal network via a website? Its a debatable point in my mind.

From a security perspective, the BES server and every component should really be seperated (security best practises). Also, you can define on the BES server what software can be installed on the BlackBerry - almost like MS Windows group policies.

As a side note, I have seen some guys reverse engineering parts of the BlackBerry proprietary protocols which allows some communication if you can get the BlackBerry key, as well as a number of Denial of Service issues via Bluetooth . . . so in the future we may have a little more to go on.

Great link of the week: It is old news that an inexpensive Wireless hacking antenna can be made with a simple Pringles tin!

Back in 2002, Gregory Rehm hosted an Antenna Battle Royale between a Lucent popsicle stick, a couple of Pringles Cans, our Coffee Can, a Hunt’s Tomato Sauce can, and a 40oz can of ‘Big Chunk’ beef stew.

I really loved this idea . . . this to me is hacking at its best, using everyday equitment to perform cool and sometimes extraordinary behaviour. Definately a good read.

Whenever I think of first-person shooter games, I always think of Doom. It seems to be one of those "hello world" type games for new application hacking and development. Some time ago, I saw a group of dev guys developing a virtual reality training room… guess what they used as the demo? Thats right Doom! I came across some guys who had installed Linux onto their Ipod and guess what they used to test it?

By the way, if you want to get Linux onto your Ipod to hack it like these guys check out ipodlinux!