I just got informed that the registration and login system was pretty broken for a while. Like, you coudn’t login broken. Just wanted to let you know that this has been fixed. Sorry for the inconvenience…
Cheers,
Ruben.
SOPA is as good as gone. But ACTA is still a realistic and much bigger threat to the internet and our online privacy. Also with ACTA need to stand up and stop the copyright madness!
Please help me spread the word about this terrible and unacceptable behavior shown by our governments. A real democracy doesn’t work like this and this is forgotten by the people in power.
Copyright laws should be done correctly, without a rush and solve the real issue. Not criminalize privacy and sharing knowledge.
For more info:
http://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement
Ruben.
As some of you already know, today is a big day on the internet. Today a lot of very large online organizations like Wikipedia, Google and WordPress protest against the new ‘Stop Online Piracy Act’ aka ‘SOPA’ and the ‘Protect IP Act’ aka ‘PIPA’. Both acts will change the way we are using the internet today. This cannot happen! For most of you this act is not going to apply because you are not living in the US. But if the US accepts these acts your country will probably follow not much later. We cannot censor the web! Educate yourself about what is happening to our online freedom.
For my US friends, please write to your congress man (http://sopastrike.com/).
Curious what I’m talking about? – http://www.youtube.com/watch?v=fEdjYW2olPA
Ruben.
As some of you are already aware of, in the Netherlands the organization called “Brein” won a lawsuit that stated that “The Pirate Bay” should be blocked by ISP’s (Internet Service Providers). The first and only two (for now) victims are “XS4ALL” and “Ziggo”. The reason these two IPS’s were chosen was because the most proof could be collected that stated that the users of these two ISP’s were using “The Pirate Bay”, and were downloading illegal content (although downloading illegal content from the internet is not illegal in Holland (uploading is). This makes this decision a bit strange by the way….)
Basically the result is that XS4ALL and Ziggo need to block the IP addresses linking to “The Pirate Bay”. Also, if “The Pirate Bay” changes or adds a new IP to their list (DNS records), “Brein” is allowed to ask XS4ALL and Ziggo to block this new IP. XS4ALL and Ziggo are in that cased obligated by law to also block the new IP.
Over the last few day’s some movement has been happening. Anonymous has published an video about their disagreement, anti-piracy.nl has been down for the last two day’s (because, and i quote: “fanmail”. (Dutch) Source: https://twitter.com/#!/StichtingBREIN/status/157228524258852865) users are angry, and Dutch citizens question the political consequences.
So what does this decision actually mean? Is this a good reason to be angry just because a website that is offering illegal content is being blocked? Is this censorship? Is it a useful move? What does this mean for the future of the internet?
This is a big issue but I’ll try to keep it short. Please feel free to share your opinion in the comment section 
.
I don’t think this issue has any big consequences for the near future. All that has happened here is that an organization (“Brein”) made a legal move into blocking websites that provide illegal and illegally obtained data. This is something we will probably see much more in the future and on a bigger and international scale too. This is not censorship but simply fighting crime. By the way, websites are already being blocked – I don’t think blocking child porn or websites that provide you information about building bombs can be seen as censorship. – This is in the common interest of civilians and victims.
The only problem is, is that the current download model is accepted and is not being seen as illegal. I think that this is also where the music industry needs to take their responsibility. The music industry didn’t catch up with the quick changing digital environment. They are still behind (remember this is a multi-billion dollar industry). The music industry (yes “Brein” you are part of this) needs to stop forcing an outdated model on there customers and need to adapt (only the fittest will survive). And they have to do this quick! The internet gives everybody the possibility to be connected within seconds. Some don’t realize that this technology is a gift and can be used in various ways to promote and sell products or services. The music industry should welcome this technology with open arms, not fight against it. Piracy has always existed and it will always do. But the internet made it possible to do this on a bigger scale (but also made the crime (piracy) more transparent). But don’t forget, also reaching your audience as an artist can be done on a bigger scale using the internet. So is it a fair assumption to say that piracy but also sales have increased because of the internet?
For those in the music industry, change your model quick! Create good and cheap alternatives and people will buy it! You already see significant differences in the amount people buy music since iTunes gained popularity. Now do the same with movies and you’ll see the profit increase.
But its of course not fair to just blame the industry. Everybody who downloads illegal content is aware of the fact that nothing is being given to the person who works hard to provide you this product. If you like it, buy it. People work hard and lets be fair, 10 dollars for an album? 20 bucks for an application? 5 euro to rend a movie? Bitch please, don’t tell me that you don’t have that money.
But we still have a problem. We can change all we want but at the moment we cannot prosecute these websites/website owners. There is not an international law (yet) that allows prosecution of cyber criminals. That is why we have to stick to solutions within our own borders. The problem with this is though that ISP’s are asked to serve a law enforcement role. This is where things go wrong. You cannot ask from businesses to serve this role. Blocking or taking down websites that provide or serve an illegal cause should be dealt with. But this should be done by an government organ. This issue goes hand in hand with the part that “Brein” is able to provide new IP addresses to add to the blacklist. The whole process that law enforcements should deal with is for a big part handed over to two private organizations. This is wrong and unacceptable. What we need is an international cyber law, and quick! Next to that, blocking individual websites is a useless, expensive and time consuming activity. The minute you take one down two other will pop up. We need to find a solutions for the root of the problem, not the result of it.
So in short:
1. The music industry needs to change there model (cheap and accessible).
2. People need to realize that there are (already) good alternatives (and that piracy is illegal)
3. Blocking websites based on IP or DNS is useless, time consuming, expensive and a temporary solution. Stop wasting money on this stupid activity and spend your money and time in solving the root of the problem.
Cheers,
Ruben.
Welcome to DamnSecure.org in 2012,
As social norms apparently specifying, a happy new year wish is considered an obligation these day’s. That is why also DamnSecure.org would like to wish you all a happy new year and all the best for 2012. 2012 will be an other challenging year for most of you and I hope that you are all able to handle these issues in the best possible way.
I’ll do my best to keep DamnSecure.org going and publish interesting and useful articles.
DamnSecure.org’s goal this year is to keep users and IT specialists informed about what issues in the IT-Security and Development sector with the intention to educate or inform.
Hopefully we will also see some articles from some guest writers. More about this later. For now, have a good 2012!
Cheers,
Ruben.
I just watched this presentation. I think it is very important, that you as an Internet user (and especially you as IT specialist) should know what is happening around the world with the Internet and why Anonymity is important.
That is why i found it necessary to share this video.
Ruben.
Lately I’ve been checking out some way’s for hiding data on a Windows system. Of course you have the default Windows “Hide” function, but this is no fun and there is an easy and build-in solution for finding files that use this method. In this article I’ll focus on other way’s to hide data on the windows file system.
Before we start: the goal of this article is not to reveal any new methods for hiding data. The goal is to make you aware of the fact that hiding data on an operating system is very easy. Most people are not aware of these file system “features” and are unable to notice abuse. Detecting suspicious behavior is one of the most important skills a system admin has to have. The goals of this article is to make you aware of the things that attackers use and what you have to look for during your analysis.
There are two methods that are quite out-dated but still do there job on most Windows systems. All described methods have been tested on Windows 7 but are even more effective on Windows XP (and lower) because these Operating Systems allow much more. You’ll read more about this issue in method 2 (fork file system)
1. Hiding text in “plain” sight
In Windows when opening an image the operating system will read the file until it has all the data it needs (header, data and the end data signal), if all that has been found the file will be shown. This means you are able to add data to the end of an image file. Windows will still show the image (because its not corrupted) and will “ignore” all added data. This allows you to include text (pre-compiled code, commands or other data) via an image to any image file without creating suspicion. I’m almost sure that IDS systems will pick this up, but the average user won’t have a clue (unless he/she is really looking for it of course….)
There are two way’s of doing this:
1. Simply open the image-file with an text editor and add your text at the end of the file.
2. Open a command-prompt and use the following command to add data to a file: “type [source-file].ext >> [destination-file].jpg” – I like this way better 
(Me loves the console)
*This method is very useful if the source-file is a zip file. The image will still show and opening it (7zip is great for this) will give you access to all your files.
2 Alternate data stream aka Fork (file system)
The NTFS file system allows you to use alternate data streams. This means that you have multiple data streams available per file. This allows you to attach multiple files to one file. This is very useful if you are using files (e.g. images or DLL’s) in an executable and you want to ship your software as one executable (Default in the Mac OS X operating system). The way of doing this is via the following commands:
notepad visible.txt
notepad visible.txt:secret.txt
Executing a ‘dir’ command now wont show you visible.txt:secret (Windows Vista and 7 support ‘dir /R’ to make alternated data streams visible) but the data is definitely there.
This is a great way of “hiding” data in files. In Windows XP (and older) it is even allowed to do this with Executables. You are even allowed to run these files from the alternate data stream.
They way of hiding an executable in a text file under Windows XP can be done via the following commands:
1. type yourexe.exe > textfile.txt:hidden.exe #writing the exe to the ADS in textfile.txt
2. start .\textfile.txt:hidden.exe #running the ADS exe
As you probably can imagine, (especially this last one) this is incredibly useful for malware writers. It allows you to move and execute files without people noticing them.
Both methods are very outdated but are still actively used. Finding them is for most people a bit of a challenge. Luckily there are some tools that can help you rather quickly.
From Windows Vista, Microsoft added a new function to the ‘dir’ command. ‘/r’ will show you all the alternated data streams of a file, allowing you to find ADS really easily. Also Sysinternals has a tool that allows you to view ADS. The name of this tool is Stream (http://technet.microsoft.com/en-us/sysinternals/bb897440)
Also detecting images that are very large (> 5mb; of course this also relies on the size of the image) can be helpful. Moving stuff this way is very efficient.
Although these two methods only allow you to transfer some data it won’t be very useful if your target is running Windows Vista or higher. But unfortunately Windows XP still allows this, and because this is still worldwide the most common OS, ADS are still a threat and widely (ab)used by malware.
Reference:
[1] http://www.online-tech-tips.com/computer-tips/hide-file-in-picture/
[2] http://www.irongeek.com/i.php?page=security/altds
[3] http://en.wikipedia.org/wiki/Fork_%28file_system%29#NTFS
In the past few weeks I’ve been working on a (python) script that is able to analyze log files. A feature I find quite interesting to use is a combination between Google Maps and GeoIP. These two allow you to make a graphical representation of all the IP’s found in the input (file).
The image below is the map my tool generated using the spam IP blacklist database (source: http://spam-ip.com/spam-blacklist.php; date:9/12/2011). It is fun and also disturbing to see how many hosts (312505 IP’s) are active in sending spam all over the world.
Cheers,
Ruben.
Resources, spam-ip.com, google-maps, max-mind.com (geoip)
PS: I’ll see if I can make my tool public. But first it needs some cleaning up .
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Some of ZAP’s features:
Some of ZAP’s characteristics:
ZAP is a fork of the well regarded Paros Proxy. |
 Screenshot 1  Screenshot 2 |
Version 1.3.3 has just been released, which is the third bugfix release of the 1.3.x branch.
Compared to previous releases, the 1.3.x branch adds the following main features:
Download: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
DamnSecure.org used this plugin and noticed this vulnerability.
Vulnerability occurs because the ‘Title’ of a post is printed directly into the widget without processing it.
# Exploit Title: WordPress plugin ‘List Draft Posts’ – Stored XSS
# Date: [2011/10/21]
# Author: [Ruben]
# Software Link: http://wordpress.org/extend/plugins/list-draft-posts/
# Version: Tested and verifyed on version 3.0.1; My guess, all version are affected, but I cannot verify this.
# Developer notified?: No (plugin is no longer under development)
# Google-Dork: intext:listdrafts-widget-3
Stored XSS is possible by creating a new post using the ‘Title’ as the injection field.
Exploitation can only occur when an already existing user is allowed to write posts.
For more information checkout http://www.damnsecure.org/?tag=xss
FYI: Plugin is not being used by DamnSecure.org anymore
Ruben.
