Making Security a Common Sense

Ever wondered what is this “Free Public WiFi” or “Free Internet Access” wireless network visible in most of the places?

These are known as Viral SSID, don’t expect it to be a free access to internet

Is it a virus, why doesn’t my antivirus detects it?
Its not a computer virus kind of thing which will be detected by Anti-virus, but still it is “Viral SSID” cause its spreads like virus

What is Viral SSID?
Like virus spread from infected computer to healthy one, a viral SSID spreads from an infected wireless-enabled computer to another. That’s why Viral SSID is the network name for ad-hoc (laptop to laptop) . See the icon next to it in the window carefully

How does this Viral SSID Spread?
The culprit here is “Wireless auto configuration utility” of Windows.

Whenever a user connects to wireless network, its SSID is added in a list of known network names, this list is called the Preferred Network List (PNL). This list includes the viral SSIDs to which a user may have connected (by greed :P) or in fact, a user need not manually connect to a viral SSID for it to be added to the list. In certain auto-configuration utilities, there are options where a user can choose to connect to any network in vicinity whether it is ad-hoc or belongs to the infrastructure type.

When the user moves to a different location and starts the computer, the wireless auto configuration utility tries to look for the SSIDs stored in the PNL. When it doesn’t find any infrastructure networks mentioned in this list, it starts looking for ad-hoc networks stored in the PNL. If it finds one, it connects to the host displaying the corresponding SSID. However, if it does not, it becomes the first node of that ad-hoc network and starts showing the viral SSID.

If an unsuspecting healthy laptop is searching for wireless networks in vicinity, it will see the advertised viral SSID in its list. If the laptop is configured to “Connect to any wireless network” as it comes in range, it will attach itself to the respective network. The connection can also be made when an unsuspecting user manually connects to an advertised viral SSID. As soon as this connection is made, the viral SSID appears in the PNL of the healthy laptop and thus gets infected.

Why tempting names such as “free internet access”?
This phenomena of viral SSID started with generic names such as “default” or “<vendor name>” where the same SSID was in infrastructure mode (access point) as well as ad-hoc mode (peer to peer).

These lucarative named viral SSIDs could have been deliberately created by malicious intent where the attackers knew that the clients would be tempted to connect to this SSID if they didn’t find any infrastructure netowrk. Its a kind of social engineering, attracting the victims.

Should someone worry?
Answer is Yes, if your machine is searching for a viral SSID, an attacker may have setup his/her machine to advertise that viral SSID and connect to your machine. The same is true if your machine is advertising it. Once the connection is made, the attacker can use various means to attack your computer and get the information he/she requires.

The mildest form of attack could be stealing information from your hard disk. The attacker can also become a man-in-the-middle routing all your Internet traffic through itself and observing/modifying all your data. Your passwords can also be stolen in this way.

So how to protect yourself?

(a) First and foremost, avoid the temptation to connect to such networks, no one is giving you free internet there
(b) Disable auto-connection or advertisement for ad-hoc networks in your wireless auto configuration utility
(c) In windows XP, ensure that you have selected the “Access point (infrastructure) network only” in the “Advanced” configuration of Wireless Network Connection Properties.
(d) If you ever do connect to such a network (even by mistake), clear it from your PNL.
(e) If you need to connect to a peer device, make sure of the identity of that peer device before connecting.

Friends
Happy diwali to all.
Same time of the year is here when all the hackers come together under one roof.
Come December we’ll organize our second annual hackers convention.

ClubHack2008 has some changes and some attractions

To name a few

a) This year the event will be of 2 days

b) 6th December : Talks and panel discussion like last year

c) 7th December : Workshops on security related topics. Yes learning on the spot

d) Chief Guest for the event will be Dr. Satyapal Singh, Commissioner of Police, Pune.

e) We’ll hold few contests again, details will follow soon

f) One not-so-good news. Due to the financial condition of the country, we are not getting good response from our sponsors, hence we’ll have to keep a nominal conference fees this time. Proposed amount is Rs 1000 for day 1 and Rs 1000 per workshop on day 2. This is very nominal amount just to cover the convention cost.

g) Before the event we’ll be doing some awareness exercises, Sshh!! its a surprise as of now

To get an regular update subscribe to Google SMS channel [1] and/or follow us on twitter [2]

[1] http://labs.google.co.in/smschannels/channel/ClubHack

[2] http://twitter.com/clubhack

Happy Hacking
team ClubHack

Our good old friend Vivek Ramachandran launched a new website by the name http://securitytube.net

As per Vivek

It’s a community driven videos website for computer networking and security related fields. Though there are many video sharing websites available online, SecurityTube.Net is strictly focussed on hosting computer networking and security videos only. We have started this site to provide a knowledge sharing platform for security professionals, so that they can reach out effectively to a wider and focused audience

The collection is very good and is useful for every learner starting for beginners to experts.

The best part is that one can also embed a video from securitytube.net into his/her blog
Example:

Good work Vivek!

A lot is being said and written about the new vulnerability found in debian/ubuntu and other variants

This post is not to give you the technical explanation or suggest a remedy but to bring together all the fun associated an one place

Source: http://metasploit.com/users/hdm/tools/debian-openssl/

Source: http://xkcd.com/424/

Do let me know if you some across any more on these lines

happy hacking

Rohit Srivastwa

Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam uses firewire port (IEEE 1394) to gain a read/write access of the RAM of a locked and password protected computer.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

Checkout Adam’s website for more details. http://storm.net.nz/projects/16

From the announcement:
“Today CULT OF THE DEAD COW (cDc), the world’s ost attractive hacker group, announced the release of Goolag Scanner, a web auditing tool. Goolag Scanner enables everyone to audit his or her own web site via Google. The scanner technology is based on “Google hacking,” a form of vulnerability research developed by Johnny I Hack Stuff.”

http://goolag.org

Folks at cDc launched a wonderful tool to do an analysis of your website. Goolag uses Google hacking techniques to scan your website and report vulnerabilities.

Caution: One might end up blocking his/her IP on Google due to high number of automated search queries. It will result in something like this http://sorry.google.com/sorry

I just stumbled accross this nice website

http://bcheck.scanit.be/bcheck/index.php

You can use the test to scan for vulnerabilities of your browser. As of now they have 13 tests only, but its worth doing a test.

H D Moore and team has released the version 3.1 of MetaSploit.

For those who don’t know about it, MetaSploit is one of the best and most effective exploit tool which can be used in the comfort of best point-n-click graphics interface as well as real fast and favorite command line shell interface.

“The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits…”
The best part with MetaSpolit 3.1 is the new cool Windows GUI.

For old school shell/CLI lovers, the flavor remains the same & power is increased.

Three cheers to metasploit3 & H D Moore

CyberAttack 2008, a first of its kind conference is being held at International Convention Center, Pune on 27^th April 2008.

Hosted by Asian School of Cyber Laws, CyberAttack 2008 is aimed at knowledge sharing amongst cyber crime investigators and computer emergency response professionals.

The conference will focus on:

1. latest trends in cyber crimes
2. best practices for cyber crime investigation
3. best practices for cyber forensics.

Original papers are invited from professionals. Authors of short listed Papers will have the option to present the paper in person or in absentia. All short listed Papers will be published in the conference proceedings.

Further information can be obtained from:

www.cyberattack.in

Asian School of Cyber Laws is the pioneer in education and research in cyber law and cyber crime investigation in India. We have assisted the Government of India in framing rules and regulations under the Information Technology Act. We work closely with Governments and law enforcement agencies around the world in the fields of cyber crime investigation and cyber forensics.

1: Zombie storm attack

Botnet is a group of “zombie” computers controlled remotely, to craft attacks. The most common ways to make a computer zombie is by virus, and exploits on unpatched vulnerabilities. Botnets are not a new concept; they have been around for sometime. But attacks from botnets are expected to grow this year. Some attacks we see from zombie networks include Denial-of-Service attack, Spyware, E-mail spam, and Click frauds.

2: Web2.0 and SaaS attack

More and more software-as-a-service websites are coming up these days (like salesforce.com, Google docs, Spreadsheet, and so on). They will get more attention from attackers. Many of these hold your important personal/company information and that’s juicy information for attackers.

3: Parasitic attackware

These might look like legitimate and branded applications, but are infected by attackers and redistributed (similar to Firefox extensions). Fake shareware distribution sites might distribute legitimate but infected programs online. The Victim would, for example, think that they are downloading legitimate Adobe Acrobat Reader from a ‘xyz’ site (not parent site of the product). However, this site might have parasitic attack software patched onto it.

4: iPhone and smart phones

iPhone is expected in India this year. We can anticipate many attacks on the iPhone and other smart phones we see these days. These might get infected over GSM or some other malicious website. With the popularity of smart phones like HTC, Blackberry and so on, people are increasingly using internet on handheld devices. We haven’t seen antivirus products emphasizing much on theme.

5: Attack from your pocket

We can expect attacks being launched from new age phones and handheld devices. Most of the handheld devices these days have wireless connectivity, and Linux or windows as the operating system. We will see a trend of hacking tools on these devices which can be used for attack. Attackers know how easy it is to create an attack toolkit on a Linux based phone. We are also witnessing a trend in tools that can assist malicious acts from handhelds. Normal phones these days are more powerful in processing as compared to the first generation of computers we stared using.

6: Attack on Govt. websites

In the recent past, we have observed cybercrooks trying to hack Govt. and bank websites. Latest in series was the ‘Govt. of Maharashtra’ website. We can expect increase in the trend of hacking into Govt. websites. The need of the hour is to secure such websites and manage them properly

7: Phishing: Majorly targeting SSO based services

We are moving towards one username, one password, and many services kind of architecture, just like Google. It’s commonly known as single-sign-on (SSO) in the IT industry. We can expect malicious websites offering some services which pretend to, for example, use Google Auth API where you could avail the service under the Google services umbrella. It will look legitimate but the attacker might get away with your crucial information. This can directly relate to financial loses as well. We have seen a lot of people using Google checkout to shop. Attackers might try to take benefit of this fact.

8: Social networking websites

What with the way social networking websites are booming these days, we can expect more and more crime on that front. As of now identity theft is growing through these sites. Pornography might grow a great deal on these channels.

Attackers might also use these sites for mining data about people, fetching information that people share and use it to “authenticate” their attacks.

9: Lucrative websites

Fancy looking websites of greetings, gaming and cyber pornography has been a good source of attacks in the past and the same will continue in 2008 also. It targets the mentality and emotions of people to serve its purpose, and the same will remain a prime method for adversaries in future too. These might be used to spread malwares and steal financial or personal information.

10: Wireless attacks

The wireless medium is getting popular in India these days with cheap and affordable devices. But people are ignorant about the security aspects of the wireless. Wireless attacks are on a high prowl in the west where companies have incurred losses in millions. We will see a rise in wireless attacks in India too, if people are not educated in time.

What should a common man do to be safe?

There are a few things a common man can do to be secure online. Many of these have been told again and again in past, but people do not take it that seriously

a) Use genuine software

b) Update all the software with latest patch issued by the vendor

c) Use a good antivirus and antispyware tool

d) Keep antivirus antispyware updated

e) Use a good desktop level personal firewall

f) Abstinence: Avoid temptation of downloading anything and everything.

g) Open email attachment from trusted source only

h) Do not give too much personal information on public websites

i) Double check before using any executable, verify the integrity and the source.

j) Download software from trusted websites only

k) As far as possible use HTTPS and other encrypted protocols.

l) Never ignore any warnings, read them carefully & try to understand the reason behind it

m) Use best security practices to secure your networks, wired or wireless

n) Use smartphones responsibly.