Posted on

Increasing risks to SCADA security

It seems, hackers will be hackers. The advent of single point remote control systems like SCADA (Supervisory Control And Data Acquisition) which are connected to the internet means that obscurity of their existence is only a matter of social engineering or port scanning.

What happens to say a electricity grid that is managed by SCADA? Is it possible to orchestrate weather based resource terrrorism like the recent event in Brazil? Not a few days ago, a blackout across the southern half of Brazil sends 50 million people into darkness and prompts a major police mobilisation amid fears of an opportunistic crime wave.

Source: http://www.news.com.au/story/0,,26335596-401,00.html

So a “cyber” hacker sits in a remote location, usually outside of the target country itself, finds some holes in the SCADA’s security, and 50 million people are thrown into a state of confusion and fear about their safety. To contextualise this, more than double the Australian population put together was affected by one SCADA system failing to deliver 17000 megawatts.

In Australia, we are heading towards the SCADA control of our electricity grid. What measures are being taken by law enforcement agencies to ensure that our SCADA systems are safe?

What is the risk posed to ‘weather-fragile’ individuals like the elderly and ill, in a seriously hot period of weather when a hacker decides to mount a DOS/malicious attack on a SCADA system?

Posted on

Adelaide Hacker Compromised 3000 Machines!

Adelaide Hacker compromised over 3000 machines and infected them with a known computer virus that can phish data like credit cards, banking logon details etc. He also tried to launch the virus globally and to potentially infect 74000 machines. He is facing a jail sentence of 2 to 10 years if convicted.

He is being charged with:

– unauthorised modification of computer data, supply and possession of a computer virus with intent to commit a serious computer offence,
– unlawful possession of a computer system, theft and
– trafficking a controlled substance.

“The arrest has resulted in the acquisition of intelligence which can be utilised to identify further offenders,” said Detective Inspector Jim Jeffrey of SAPOL.

Could this uncover a ring of hackers in Adelaide?

AdeladeNow Story: http://www.news.com.au/adelaidenow/story/0,22606,25923434-5006301,00.html

Posted on

Black Hats no longer behind White Hats

Research has shown that Black Hat hackers in many cases are far ahead of their White Hat counterparts. Many of the wares produced by Black Hats are now “dormant” and waiting on your system to be activated when signaled. They are mainly trojans that wait for you use your online banking.   Viruses have quadrupled from over 15,000 in 2007 to almost 60,000 in 2008. F-Secure says there were 59,177 programs called “Trojans,” circulating on the Internet since last year, compared with 15,969 in 2007 (USA Today).

Things to consider to have a fighting chance:

  1. Keep your PC up to date. If running Linux, make sure you keep up with the system updates (especially the critical updates). On a Windows box, ensure that Updates are enabled.
  2. An anti-virus software must be installed. I suggest AVG. Even on a linux machine you should run anti-virus software to prevent the propagation of viruses to Windows based machines.
  3. Install some form of Spyware Removal Tool.
  4. It seems Microsoft’s Internet Explorer is at the top of the list of “most hacked” browser. Firefox and Chrome are far less susceptible to attacks, making them safer browsers. Use them instead.
  5. Secure your wireless network. Try to use WPA2-PSK at the very least with a more secure pseudo-random generated key. A good key generator is found here.
  6. Ensure a firewall of some sort is running. Windows Firewall is the absolute bare minimum.

It seems, after all that, it sometimes comes down to just plain common-sense sometimes. A lot of trojans and viruses make their way into your system when certain executables are run. If you receive a file by email, always check the extension on the file. For example, spears.jpg.vbs is not a picture but a vbscript that could be potentially dangerous.

Technorati Tags: , , , , , , , ,

Posted on

Top 70 Hacking Methods

The List

  1. Cross-Site Printing (2007 issue)
  2. CUPS Detection
  3. CSRFing the uTorrent plugin
  4. Clickjacking / Videojacking
  5. Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  6. I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
  7. Safari Carpet Bomb
  8. Flash clipboard Hijack
  9. Flash Internet Explorer security model bug
  10. Frame Injection Fun
  11. Free MacWorld Platinum Pass? Yes in 2008!
  12. Diminutive Worm, 161 byte Web Worm
  13. SNMP XSS Attack (1)
  14. Res Timing File Enumeration Without JavaScript in IE7.0
  15. Stealing Basic Auth with Persistent XSS
  16. Smuggling SMTP through open HTTP proxies
  17. Collecting Lots of Free ‘Micro-Deposits’
  18. Using your browser URL history to estimate gender
  19. Cross-site File Upload Attacks
  20. Same Origin Bypassing Using Image Dimensions
  21. HTTP Proxies Bypass Firewalls
  22. Join a Religion Via CSRF
  23. Cross-domain leaks of site logins via Authenticated CSS
  24. JavaScript Global Namespace Pollution
  25. GIFAR
  26. HTML/CSS Injections – Primitive Malicious Code
  27. Hacking Intranets Through Web Interfaces
  28. Cookie Path Traversal
  29. Racing to downgrade users to cookie-less authentication
  30. MySQL and SQL Column Truncation Vulnerabilities
  31. Building Subversive File Sharing With Client Side Applications
  32. Firefox XML injection into parse of remote XML
  33. Firefox cross-domain information theft (simple text strings, some CSV)
  34. Firefox 2 and WebKit nightly cross-domain image theft
  35. Browser’s Ghost Busters
  36. Exploiting XSS vulnerabilities on cookies
  37. Breaking Google Gears’ Cross-Origin Communication Model
  38. Flash Parameter Injection
  39. Cross Environment Hopping
  40. Exploiting Logged Out XSS Vulnerabilities
  41. Exploiting CSRF Protected XSS
  42. ActiveX Repurposing, (1, 2)
  43. Tunneling tcp over http over sql-injection
  44. Arbitrary TCP over uploaded pages
  45. Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
  46. JavaScript Code Flow Manipulation
  47. Common localhost dns misconfiguration can lead to “same site” scripting
  48. Pulling system32 out over blind SQL Injection
  49. Dialog Spoofing – Firefox Basic Authentication
  50. Skype cross-zone scripting vulnerability
  51. Safari pwns Internet Explorer
  52. IE “Print Table of Links” Cross-Zone Scripting Vulnerability
  53. A different Opera
  54. Abusing HTML 5 Structured Client-side Storage
  55. SSID Script Injection
  56. DHCP Script Injection
  57. File Download Injection
  58. Navigation Hijacking (Frame/Tab Injection Attacks)
  59. UPnP Hacking via Flash
  60. Total surveillance made easy with VoIP phone
  61. Social Networks Evil Twin Attacks
  62. Recursive File Include DoS
  63. Multi-pass filters bypass
  64. Session Extending
  65. Code Execution via XSS (1)
  66. Redirector’s hell
  67. Persistent SQL Injection
  68. JSON Hijacking with UTF-7
  69. SQL Smuggling
  70. Abusing PHP Sockets (1, 2)
  71. CSRF on Novell GroupWise WebAccess

Technorati Tags: , , ,

Source: Jeremiah Grossman

Posted on

21000 Wyndham Credit card numbers stolen

The break-in occurred at a property belonging to a Wyndham franchisee, but that computer was linked to other company systems. That intrusion enabled a hacker to use the company server to search for customer information located at other franchised and managed property sites.

The hackers were able to get guest names, credit card numbers and expiration dates as well as data from the card’s magnetic stripe.  That magnetic stripe information, sometimes called a card verification value (CVV) code, is critical if the thieves want to make fake credit cards.

Technorati Tags: , , , ,

Source: www.networkworld.com

Posted on

Govtrip.com hacked!

A prominent US Government travel website used by federal agencies has been hacked. The site which is operated by defence contractor Northrop Grumman Corp, was breached and changes made so that unsuspecting users would be redirected to a rogue URL where malicious software was thrust upon their systems.

GovTrip is used by several U.S. government agencies, including the EPA and the departments of Energy, Health and Human Services, the Interior, Transportation, and the Treasury, to make travel reservations, as well as to reimburse workers for travel expenses.

You would have to ask why federal agencies would need to expose a travel website to the WWW when they have their own intranets.

Technorati Tags: , , , ,

Source: www.computerworld.com

Posted on

Visual Forensic Analysis

Interesting research in the field of Visual Computer Forensic Analysis has been presented at Black Hat 2009 by Greg Conti and Erik Dean from the United States Military Academy

Their research uses a visualisation tool to “view” files in a system being forensically analysed. In this manner, a file that is considered unknowned from its filename can be identified by the way it looks. A MS Word file will look different to say a JPEG file. To do this traditionally would require the analyst to use two viewers.

The researchers  say, “Visualization has the potential to dramatically change the field of computer forensics. Each time we created a new visualization tool there were always surprising insights. Visualizations create windows on data that hasn’t ever been readily visible, much to the dismay of people trying to hide information in the dark corners of a computer.”

Technorati Tags: , , , , , ,

Source: http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202428248638

Posted on

Virus Infected Valentine’s Day e-cards

Spammers are targeting both loved-up and single Australians with Valentine’s Day-themed malware that tricks users into downloading what look like legitimate Valentine’s Day e-cards but are cleverly disguised computer viruses. Phishing attempts have also been reported. Email attacks contain attachments like  “meandyou.exe” and “onlyyou.exe” which have the potential to spread to everyone the victim knows via unauthorised access to address books within their email client, social networking or instant messaging applications.

Technorati Tags: , , , ,

Source: http://www.news.com.au/story/0,,25045134-5015723,00.html

Posted on

Security company’s customer database hacked by SQL Injection

Kaspersky Lab, a Moscow-based security company, admitted today that a database containing customer information had been exposed for almost 11 days and that it only learned of the breach when Romanian hackers told the firm about it (the hackers in this instance were white hats). No data was actually downloaded or looked at.

The hackers (presumed from Romania), went public in a blog post. They claimed that after launching a SQL injection attack on Kaspersky’s U.S. support site, they were able to access a customer database that included e-mail addresses and software activation codes.

Roel Schouwenberg,  a Kaspersky senior antivirus researcher,  confirmed that the database was hacked via a SQL injection attack, but he reiterated that only the database’s table labels had been accessed by the hackers, not the data itself. “A more advanced hacker could have gotten access to the information,”  Schouwenberg acknowledged, “including activation codes for the product and e-mail addresses. But that didn’t happen.”

A combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky was to blame, thus an Application Security issue.

Kaspersky has hired Next Generation Security Software Ltd.’s David Litchfield, one of the world’s experts on SQL injection attacks and database security, to do an independent audit of the company’s systems.  Considering that if Kapersky had been using Rational Appscan to look after their site, they would have been notified during a scan of the vulnerability and other issues without having to extend to external “experts” in SQL injection.

SQL Injection seems to be the major choice by hackers to compromise applications through the web frontend. Rational Appscan can test and identify SQL Injection vulnerabilities in a given system being tested.

Technorati Tags: , , , , , ,

Source: www.computerworld.com