Laser Accelerated Neural Cybernetic Experience

Stolen Identities Sold Cheap on the Black Market

2007-03-18T22:13:00.000-07:00

How much is your identity worth to the thieves who sell it to other fraudsters? Turns out, less than the price of two tickets to the movies.

read more | digg story

A DNS that fights back for you!

2006-07-10T16:10:00.000-07:00

Anti typo-squatting (resolves craigslist.og to craigslist.org), a really big cache, several redundant/fast connections, and anti-phishing. Just by changing your DNS settings!

read more | digg story

Phishers Defeat 2-Factor Authentication

2006-07-10T16:09:00.000-07:00

Phishers have now started phishing for the two-factor token ID from victims. The most interesting part is that these tokens only give you one minute to log in to the bank until that key will expire. The phishers employ a man-in-the-middle attack against the victim and Citibank to log in via php and conduct money transfers immediately.

read more | digg story

The Naughty List

2006-06-20T15:09:00.000-07:00

I was going through my old list of reported Vulnerabilities (in this case, mainly sites with Cross-Site attacks that I can find within 5 minutes of looking). So far here are the still vulnerable culprits that "lend a hand to phishers" and definitely don't protect their customers.

American Stock Exchange - Cross-Site Scripting/Frame Redirect

Nasdaq - Cross-Site Scripting and Redirects

New York Stock Exchange - Cross-Site Scripting/Redirects

Amazon - Response Splitting, Redirects and Session Riding

Ebay - Response Splitting, Redirects and Cross-Site scripting - and all those vulnerable links can be found in legitimate emails in your inbox.

JP Morgan Chase - Cross-Site Scripting (Chase.com has a sql injection too)

Microsoft.com - Redirect and Cross-Site Scripting (on their genuine validation tool page - ouch, can we say file manipulation).

First National Bank - Arbitrary redirects

WebSideStory, a web site company I might add - Cross-Site Scripting.

Yahoo - Redirect upon login, Session Riding, and Nasty Cross-Site Scripting.

Gmail - Redirect upon login, Session Riding, and Cookie Stealing <-- this one is theoretical

Fidelity - Redirect upon login, Cross-Site Scripting.

Bank of America - Cross-Site Scripting on an SSL page (this is bad because I can use their cert to auth to the users but still successfully steal their credentials.

Barclays Bank - Redirects and Cross-Site Scripting

Comcast - Cross-Site Scripting.

American Express - Response splitting, Redirects and Cross-Site Scripting (these are also found in all links that they send via legitimate email).

And for the cake and glory, I'll only give out one link since it was definitely reported and if you have my book you can see it in there:

American Stock Exchange

Stealing this off my old slashdot post - free cellphone service

2006-06-18T13:19:00.000-07:00

I posted this in feb of '05 on slashdot, but no one really saw it. This was some research I did awhile back. I'll be posting some more stuff soon on this kind of research. Educational purposes only:

-DISCLAIMER- This information is for educational or research purposes only. This "hack" should not be attempted as it could be considered toll-fraud. This research was conducted under controlled circumstances and is intended to prove a vulnerability within Telecommunication, not to commit telco fraud, or any other fraudulent activity in nature. -DISCLAIMER END- <-- aka don't try this at home :) A while ago, I wanted to make a (overly-complicated) device that I could make calls on which would allow me to use "In Network" calling with my cellphone for every call I made. (Ok, let's back up). Anyone who knows me knows my verizon cellphone bill usually ranges between 200-500 dollars per month, and somehow no matter what I do, I can't get it to lower. So, we all know that verizon, and many other carriers offer "In-Network" calling for free. That means, when another verizon wireless subscriber calls my verizon cellphone, it doesn't cost me a dime, or minutes off my phone, and it doesn't cost that person anything either. My wife and I both have fones with a family plan on it, so hence, if she calls me or I call her, it's In Network (i want to call it mobile-to-mobile, so we'll make an acronym m2m from this point on). So, my original and overly complicated idea was to bug my friend Tony about helping with this circuit board that would essentially sit in the middle of a cellphone and a DTA (VOIP Desktop Terminal Adaptor) device. (DTA device is what is used when your purchase a residential voip phone). Quick variable definitions: <--R--> = a phone call [inet] = internet cloud [lc] = lance's cell [wc] = wife's cell [dta] = voip dta device (has rj11 and rj45 connectors rj11 in, rj45 out, it's a bridge between those two interfaces) [drb] = d-raper box (the device that's overly-complicated). <---> = a connector, usually either rj11 (11), rj45 (45), or a spliced headset (sh) that connects to the cellphone earjack. A "|" represents the splice. voip = Voice Over Internet Protocol. The idea is that this device would do this: [lc]<----R----->[wc]<------>|<-------->[d ta]<---------->[inet]<------> (sh) rj11 rj45 voip Quickly described: this box would detect when a call comes in and tell the dta device to pick the phone up to give me a dial tone so I could make calls out through VOIP rather than cell. There were some possible flaws in the theory, and it looked like it could get overly complicated, since I'm not an EE nor do I try to be, this was probably going to go nowhere fast. The point of the box: I would call my wife's phone to get a dialtone from the VOIP carrier, essentially allowing me to have m2m calls so that the phone company would stop raping me. By the time I would have finished this project though, the economics of the entire theory started looking grim. Onto software! Well, as some of you know, I spoke at Shmoocon (www.shmoocon.org) with a topic titled "Ph0wned: Phreaking in the 21st century" with Lucky225 (a known phone phreak). Some of you know that I gained a sudden interest in the SIP protocol and VOIP in general, particularly in the way that it can be used to manipulate our Plain Old Telephone Service (POTS) into doing things that they probably never would foresee, but none-the-less, it can be useful and fun. Thanks CP5 for introducing me to this stuff. So, I'm at shmoocon and I get introduce by Lucky225 to some other phone hackers, and it's just great because the more I learn, the better the day I have ;) Anyway, point being, i make some friends that have asterisk boxes setup, and have access to lots of fun pbx voip services (since they run a voip service), (you can do it yourself with asterisk, nuphone or voicepulse, etc). So what this next exploit is demonstrating is that m2m calling uses CPN to authenticate. The reason this is (in theory) is that the switches are inter-integrated (I made that word up), meaning that if you have t-mobile in california, there is a good chance most of your calls are made off of the cingular/att network switch. A good example is when you're roaming on another network and you call another "In network" number that's not roaming: e.g. I am roaming in nevada desert somewhere, but I call my wife in san diego, it's still a free call for her incoming wise, but the roaming service will charge me because I'm on their network. The free part, is because it sends my CPN to her phone and the billing system says, ok, that's a mobile number on our network calling her, don't bill for it. So that's how it works so far as we know it. (We have tested this, our bills aren't billed when we spoof caller id from an in-network number). On to the project: I'm complaining still because my first attempts at making a device never surfaced, and it really wasn't worth it and my phone bill still sucks, (Plus, if you noticed with the overly-complicated device, I would have to take my wife's fone from her. I don't want to take my wife's fone away from her, that's not very nice now is it?). So I'm talking to friend of Lucky's about some idea I had to exploit the m2m calling feature within cell carriers, and since he has the equipment to handle that, we decided to get to work. So, our first software piece was a perl aimbot (use net::aim perl module and net::telnet for asterisk). This aimbot pretty much gets to sit there with a username like veriz0wned, and takes in two commands. veriz0wned: . Then my phone rings. Then the pbx asks me to login and I can make a call. Essentially, the phone network thinks I have received a call from my wife (an in-network call) and I am not billed any minutes for the call, and then the pbx lets me make outgoing calls through VOIP which is next-to-nothing in cost. Pros: We have accomplished the m2m calling exploit so now we have unlimited (no billed airtime) cellphone calls out using IM as the call control. Cons: Stuck at keyboard since it's on aim, great for hotspots, and at home, but has limitations. Now for the fun part - mobility :) So we want to make calls from my phone while we're not sitting at a computer. So we play with asterisk and a little more perl (2 lines of perl, that's the cool part). What we investigated was the airtime billing policies for verizon (specifically for verizon wireless, other carriers may vary). A helpdesk faq (the standard verizon faq is so out of date) revealed that airtime was only billed and applied to what is known as "answer supervision". Essentially this means if a caller picks up, the answer detection process activates and performs "answer supervision", so busy signals or continuous ringing is known as "unsupervised". This is good news for us, since this specific carrier doesn't bill us for just hitting the send button. So we decide to set up asterisk in a way that we use CPN (a synonymous term for Caller ID that means Calling Party Number) verification. What CPN verification is, is just what it means, we read the CPN number to obtain information about the calling party. This is important because we use this for the call-back feature in asterisk. So to review, there are three important steps taking place - we are calling a number that is unsupervised (in our case, the DID number we are using will just ring with no answer), and then we are utilizing CPN verification for it to retrieve the number (Caller-ID), and then asterisk will call us back at the CPN that it received from an "In-Network" number (aka my wife's cell). In conclusion, we demonstrate that with CPN Spoofing we can successfully exploit and abuse the "In-Network" calling feature of multiple carriers (tested mainly with verizon) to make "no airtime" calls. Props to Lucky225, Natas, CP5, h1kari, cathedral-of-hate and anyone I missed, but you know you should be in here. Next rant: Social engineering the cellphone tech to obtain unbillable numbers. Thank you all for the patience to read this, and if it upsets you, or you feel that you are receiving unwanted email, just tell me and I'll be glad to break into your voicemai...er, I'll be glad to take you off my address list.

Free Windows Watchdog

2006-06-16T01:45:00.000-07:00

For some of you that might not know, winpooch is a neat tool for detecting trojans, rootkits, and spyware. It monitors API Hooking and also works with clamwin Anti-Virus. Many windows users are looking for a free tool that monitors this type of activity, and doesn't just scan for known spyware. Well this is the tool.

Why spend money on Slingbox?

2006-06-16T00:58:00.000-07:00

I don't know how popular this program is yet, but lots of people are buying the slingbox for about $300.00 or so, when they could spend $40.00 on an ADSTech or wintv card and then go sign up for orb.com for free.

Orb allows you to stream and record your tv/video/tivo over the internet on any device. I personally watch tv at airports when I'm travelling on my ppc-6700 sprint phone over evdo. Works great.

House approves Caller ID Spoofing Ban

2006-06-16T00:27:00.000-07:00

As you may know there is an effort in Congress to ban the act of caller-id manipulation. I partook in the hearing involved with this bill (HR 5126) and stuck up for the pros of Caller-ID Spoofing, highlighted the bad stuff, and pushed for careful wording of this bill with success.

Here is a link of the webcast video so that you can see how fast I read when I have 5 minutes to say my testimony. I slow down when they ask me questions.

First official post

2006-06-16T00:22:00.000-07:00

I hate soapboxes! So this will be a research whiteboard that will instill peer review and such. Anything else?