Thursday, April 29, 2010

Be careful with Free WiFi

Recently I and my colleagues have visited Moscow for a business.
When we get tired we found a nice cafe (Coffee house network) with free WiFi from Beeline.
It was really nice but only for first look. We easily get internet connection, type gmail.com and .. get warning that Google use self-signed ssl certificate from Beeline!
When we try point to other sites over https - we get absolutely the same message.
So,please note, that free Wifi providers start use some kind of proxies (there are a lot of them) with https monitoring features enabled (by man-in-the-middle technique).

Stay secured!

Monday, April 19, 2010

security asceticism - getting list of subdomains

Hi folks.
During first step of security audit you need to get list of all sub-domains for a company domain name. How we can do it?
1. If target corporate DNS server support zone transfer (it's a security problem itself) it's easy:
#dig nameserver domainname axfr
#host -l domainname
2. DNS brute forcers - as a any brute force attack it's take a lot of time and it's always dirty work
3. My favorite way - ,sure thing, using google:
Just do a simple request
-inurl:www.ibm.com site:ibm.com
So, if google already indexed these domains you will find it in the list!
Sure thing, it works only with domains with web-servers on it.

Monday, April 5, 2010

Big Brother watching you or mobile phone security issues

Lets talk about mobile phone security. You are well qualified security specialist and never install suspicious application on you handset, so, you think you are secure? Have you heard about OMA-DM technology?
OMA-DM stands from Open Mobile Alliance Device Management. Within the Open Mobile Alliance Device Management the standard for firmware handset updates is known as the Firmware Update Management Object (FUMO) This standard permits Firmware Over the Air (FOTA) technology. How it works - here you can find short description. But it was only first step of implementing such technology on the market.
The second step is SCOMO - Software Component Management Object standard that permits Software Component Over the Air (SCOTA) technology. This technology was created for more granular and flexible management of each software components. With SCOTA, one or more piece of software could be changed without requiring update whole handset firmware. SCOTA is a best way to create phones' application stores, so, consumers can have access to the latest applications, without needing to replace devices.
The most interesting thing that all these technologies use http/https over IP and xml data format.
Sound cool, does it? But lets turn on our paranoia:
1. These technologies allow vendors, mobile or value added service providers (but not only them) to install or delete any application or data on your mobile phone.
2. This technology uses centralized management model , so, from the one management Center it's possible to legally control a huge botnet of mobile phones.
3. This technology could allow (or it could be already used) government to spy on citizens.
4. These system components could be penetrated by some "bad guys" and used for stealing your data or spying on you.

Talking about OMA-DM overall security conception - I' ve found only OMA Device Management Security Candidate Version 1.2 document. According to it OMA-DM protocol use to level of authentication: on transport layer (recommended to use TLS 1.0, SSL 3.0 ) and on application layer (OMA-DM use MD5 !).
Some useful information for Windows based smartphones you can find on msdn web site:

How many phones support these technologies? There are two types of OMA-DM support: OMA-DM ready terminals (soft client already build-in) and terminals that need OMA-DM client to be installed by user to enable OMA-DM support. Some useful but a bit old information you can find here .

Big Brother is watching you! Stay secured!

Sunday, April 4, 2010

How to see unseen

If I say that you 100% have a lot of infrared cameras at home you probably will not trust me.
So, lets test it! As a infrared light source we gonna use remote control.
First tests - Sumsung Corby mobile phone:


Second test - build-in web camera in MacBook laptop.


How it's possible? Sensor in you camera (CCD or CMOS) is sensitive for Infrared. CMOS sensor is sensitive in the near infrared than CCD sensor, but both of them work good with infrared projector (that could be made from infrared light emitting diodes ) Usually vendors install IR cut filter before the sensor, so, if you remove it (for a lot of cameras models it's really easy) you will get possibility to make cool IR photos.

How we can use it? For fun, as a very simple night vision system, or even as kind of x-ray system for some kind of materials transparent in IR lights (some types of paper, synthetics, etc)