Operation n

Obviously I have been pondering around the ultimate hacker story or collection of stories for some time. The greatest challenge is entertainment cost verse the the display of what real hackers could potentially do!

The Hollywood version of Hackers includes, hacking the Matrix, flying through Cyberspace and being hunted down by every known government agency.

There are two approaches I can see. First, the hacker as the primary role, second, a hacker in a secondary role. The primary role includes films like Hackers, Swordfish and Takedown. Secondary roles includes, Die Hard 4, can’t think of any others right now.

The entertainment value of someone sitting down and coding blows! The value as in the traditional Macguyver series might involve Michael Daw using hacking techniques in a clever way to keep ahead. This is perhaps the way forward.

Cool Wikipedia page of Hacker books here.

Its been a week now since emailing the vendor a vulnerability that could potentially be used to break into 20,000+ sites.

Still waiting for a fix…

My original ramblings can be found on WithDK.com.

Ethics are defined as:

Ethics (from the Ancient Greek ethikos, the adjective of ethos “custom, habit”), a major branch of philosophy, is the study of values and customs of a person or group. It covers the analysis and employment of concepts such as right and wrong, good and evil, and responsibility.

• What is acceptable vulnerability disclosure? Is vulnerability disclosure good at all?
• Is releasing security research publicly really beneficial to the security at large?
• Who benefits the most from the security tools, research and discussions?
• How do governments view public disclosure of vulnerabilities and research?
• How do corporate bodies view public disclosure of vulnerabilities and research?

In the past 2 years, client side attacks such as XSS and CSRF have been on the increase. In a presentation I gave at OWASP a short time ago I discussed what I called the Attack Renaissance, where attacks move toward breaking-in via client-side holes rather then traditional server-side vulnerabilities; however, there is more to it then meets the eye.

I think many would agree that web applications have become target number 1. However, I would like to draw the glaze away from that for a second and point out that network-based intrusion is by no means dead and burried.

Services such as VOIP and BES are growing in popularity and often require significant network design and architecture changes to get working. Also, encryption within new protocols may provide attackers with tunnels to hide and mask traffic to avoid intruder detection systems.

Robert Moore is in prison for breaking into a number of VOIP providers, this is what he had to say:

“I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had ‘admin’ or ‘Cisco0? as passwords on them. We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. …

In summary, web applications are vulnerable yes, but it is only one area of concern. Currently SANS shows little traffic to BES (one service i’ve been researching lately), but this may very well change in months to come.

There are loads of open source SQL Injection tools on the market. I decided to make a list for future reference.

• sqlmap - feature-rich SQL Injection tool
• bsqlbf 1.1 - Blind SQL Injection Tool
• sqlninja - Microsoft SQL Server SQL Injection tool
• Absinthe - Blind SQL Injection Tool
• SQL Power Injector - SQL Injection Tool
• SQLiX - SQL Injection Tool

More:http://www.databasesecurity.com/sqlinjection-tools.htm