StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts tagged Security

http://www.piotrbania.com/all/kon-boot/

About Kon-Boot
Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as ‘root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems 🙂 Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far 🙂 Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

Additional notes:

* Kon-Boot was designed to work on X86-32 architectures only.
* This utility was not designed to work with USB sticks, however you can try some unofficial methods to boot Kon-Boot from USB, check the USB tutorial on IronGeek or Raymond blog post.

Kon-Boot was presented on numerous places, it was featured in: Hak5 Episode-518, PaulDotCom Security Weekly Episode-158, WindowsITPro and others. Till the 13-07-2009 it was downloaded about 170.000 times.

http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html

Interesting.

http://www.ehow.com/how_4500828_privately-track-missing-laptop-computer.html

http://preyproject.com/

http://www.absolute.com/en-GB/lojackforlaptops/home.aspx

Same idea as the other security flaw I found. The change password page I thought would at least be secure but it appears, even this page, Twitter is sending the passwords out in plain text instead of encrypting them.

Here the new password appears in the Username field of NetworkMiner. People may wonder what’s the use without a user name for these passwords. Well using other tabs in NetworkMiner you can get the username as well but I just never bothered to show that. Also, a lot of people have a bad habit of using the same password on other sites. So if someone gets your password for Twitter and you’re using it for, say, your googlemail account. If they find out your e-mail address then they’ll be able to get into that as well.

Further testing I changed the http to https before typing in the password. It’s making no difference. The password is still picked up by Wireshack and NetworkMiner. Meaning Twitter is sending the passwords in plain text.

I’m crap at explaining stuff so for a better and easier to understand explanation of a Man in The Middle Attack, check out Hak5’s vid

http://www.youtube.com/watch?v=N86xJpna9Js

UPDATE:

netresec.com used this video on their blog and said they reported this issue to Twitter security and got a swift reply. Good on them, but fuckers at Twitter never replied to me when I originally reported this. Besides, took them months to fix this which isn’t good.

Found this issue while sniffing traffic on my network. You only really need to worry about this if you’re on a public network, such as an Internet Cafe etc. You can use Twitter just don’t update anything in your settings as that’s where the password gets sniffed. Although I wouldn’t really use Twitter on a public network full stop as there are other ways they can get into your account while sniffing the traffic.

This is also a reason you need to protect your WIFI. Using WPA2 is best with a strong password.

All this is doing is using a Man in The Middle Attack. Basically someone will get onto your network and then listening in to the traffic. They will fool your PC into thinking they are the router and the router into thinking they are your PC. They can then sniff all the traffic (as I’m doing with NetworkMiner in the video). With this they can pick up chat messages being sent, get login details where the login isn’t encrypted and more. Best way to protect yourself is to know who is on your network, which you obviously won’t if you’re on a public one. And all sites with https are secure (not totally but that’s another story and it’s a lot harder to break). Anyway, enough waffle, enjoy the vid.

Further testing I changed the http to https before typing in the password. It’s making no difference. The password is still picked up by Wireshack and NetworkMiner. Meaning Twitter is sending the passwords in plain text.

UPDATE:

netresec.com used my 2nd video in this series on their blog and said they reported this issue to Twitter security and got a swift reply. Good on them, but fuckers at Twitter never replied to me when I originally reported this. Besides, took them months to fix this which isn’t good.