Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: Linux

Linuxwochen Vienna 2010

What else does a geek do when he’s got the day off work…. yes, that’s right, he goes to a Linux conference of course. I found out about the Linuxwochen event in Vienna a little late (about a day before the event), but as I’d already booked the day off (I hate working on my birthday) I decided to pop down to Vienna and take a look.

Although most of the talks weren’t security related, there were a few interesting topics discussed. The opening talk on the upcoming release of PostgresSQL 9.0 (was a good overview of the new functionality being implemented. It’s easy to forget as security professionals, that we need to keep up with “normal” technology as well, so this served as a good update, and provided some good information for the next time I come across a PostgresSQL database when testing.

The first “real” security talk was presented by Sebastian Graf (@naxxatoe) talking about “Security vs Usability”. Sebastian left us with some interesting things to think about when it comes to usability effecting security of sites… as well as some interesting screenshots of websites that really shouldn’t be vulnerable to SQL Injection, but are. You can’t fill out a web form nowadays without stumbling over a SQLi it seems. Sebastian also discussed briefly the Apache compromise and the fact that attacks against the infrastructure are using flaws in the web application to gain access.

——————————————

Following that, Florian Eichelberger (@Florensik) talked about the new honeypot project, Community Sense Net (CSN.OR.AT). The project was originally sponsored by ISPA in 2008, and is designed to deal with the issues of attack coverage and visual representation that other honeypot systems suffer from. CSN is based on Debian, and programmed in Python. It also integrated SNORT as it’s signature base. It also offers an SMTP based sensor that scans incoming emails for attachments or links to content/malicious code hosted on the web. In testing, there have been between 600-900 attacks per day, with a large number of these (~400) being repeats of the same attack. Of those that are “new”, a number are still detected using generic AV signatures due to commonalities with previous versions/revisions of the Virus/Bot. Since 2008, more than 100,000 individual Virus/Bots/Attacks have been registered. The majority of attacks focus on DCOM/LSASS/ASN.1 exploits, with Microsoft being the number 1 target (with Linux as the second most popular target). More statistics are present on the website. A new service being opened up to the public now is the IP/MD5 search feature, which allows you to search on IP or MD5 values to see if they are known to the honeypot. The project is currently looking for additional sensors if people are interested in assisting with the project.

——————————————

Finishing up the security theme, Christian Amsüss talked about “Reverse Engineering von Smartcards am Beispeil von Bankomatkarten“. More information and applications can be found on Christian’s homepage. Nice overview of the communication channels used by the Quick e-purse system (Austrian System), as well as an overview of the project and software developed by Christian to interact with the smartcards. Using Linux it’s possible to sniff the USB communications when using a USB card reader. By simply catting the data from /dev/usbmon0, it’s possible to capture and decode the communication. The data on the card is encoded using Big Endian (e.g 02 00 = 512), other information is stored in simple binary coded decimal (e.g. the Bank code, BLZ). There are also a range of other encodings in use for dates, including the use of a “days since the start of the year” counter alongside the 2-digit year. Alongside sniffing, it is also possible to send some commands to the card to read specific data from the card.

The carddecoders tools offer a decoder for the card communication to provide a more readable output from the device. The tool also offers the ability to search for common numbers using various encoding types.

More information on Sniffing the smartcard protocol can be found here.

——————————————

Overall I really enjoyed my day in Vienna. The whole event runs for 3 days, but I was only able to attend today. If you’re around in Vienna in the next few days, go and check it out, it’s free and that’s the best price there is 😉

Links:

Advertisements

Upgrade your Linux-Fu

I’ve recently re-discovered the wonderfully named shell-fu website. If you use Linux a lot then some of the tips and tricks here are going to certainly come in handy. Sure some of them are wild and wacky, some are even older than I am (don’t ask), still there’s some nice little tricks that every real Linux user should appreciate.

My favourite, which I’ve been using with great success over the past few months is the shortcut to run a follow-up command with the same arguments as your previous command. You can simply use !* to repeat all arguments from the previous command, or !:x where x is the argument number you want to repeat.  you can also use !! to repeat the whole command (useful if you need to sudo a command) An example is in order I think.

mkdir /etc/configuration/really_long_and_hard_to_remember_directory_name

cd !:1

This command will use the 1st argument (!1 is 1st argument)from the previous command line and add it to the cd command. Saves valuable seconds that you could be using surfing for lolats of browsing the FAIL blog 😉

Check out the site for some more great time saving hints…