Proof of concept code BEAST, which is short for Browser Exploit Against SSL/TLS, that can defeat SSL on an address protected by the HTTPS prefix… which is like every secure site on the Internet. [Read more…]
Windows 7 has God Mode? I dont think so.
A rather silly “trick” ( and really that’s all it is, has been making headlines over the last few days. From what I can tell it was really brought to the forefront by Ina Fried from CNET who says:
“By creating a new folder in Windows 7 and renaming it with a certain text string at the end, users are able to have a single place to do everything from changing the look of the mouse pointer to making a new hard drive partition.”
So somebody decided to call this “God Mode” because to enable this “trick” you make a folder called GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} and double-click on it. What you end up with is… drum roll… the control panel; it’s just in a different view than you’d normally see.
First of all, the text ”GodMode” has nothing to do with making the trick work. You can call the folder “IFreakinRawk.{ED7BA470-8E54-465E-825C-99712043E01C}” and now you’ve discovered the magical “IFreakinRawk” feature hidden in Windows.
In reality all you have discovered is:
A documented feature of the shell. Folders can be easily made into ‘namespace junctions’. The whole thing is described on MSDN. Basically, any folder named <DisplayName>.<CLSID> will show up with just the <DisplayName> portion visible in Explorer, and navigating into the folder will take you to the namespace root defined by the <CLSID> portion of the name. This isn’t for USERS, it’s really more of a developer feature.
The second thing is that it’s really the “All Tasks” folder. This is a special shell folder which is used as the source of the “Control Panel” search results seen in the Start menu. This folder was not designed to be browsed to directly, as the normal Control Panel folder (accessible via Start -> Control Panel) contains all the same items but with a custom view designed to be easier to navigate. The “All Tasks” folder has no custom view, so you just see the standard Explorer list view and little else.
The existence of this folder and its CLSID are implementation details and should not be relied upon by anybody for any purpose.
EvilMaid versus Full Disk Encryption (TrueCrypt and PGP)
The Evil Maid Attack is an attack type against whole system disk encryption in a form of a small bootable USB stick image that allows to perform the attack in an easy “plug-and-play” way. The whole infection process takes about 1 minute, and it’s well suited to be used by hotel maids.
The Invisible Things blog goes into great detail on how most whole disk encryption is vulnerable in a relatively simple way. The scenario we consider is when somebody left an encrypted laptop e.g. in a hotel room. Let’s assume the laptop uses full disk encryption like e.g. this provided by TrueCrypt or PGP Whole Disk Encryption. Many people believe, including some well known security experts, that it is advisable to fully power down your laptop when you use full disk encryption in order to prevent attacks via FireWire/PCMCIA or ”Coldboot” attacks. So, let’s assume we have a reasonably paranoid user, that uses a full disk encryption on his or her laptop, and also powers it down every time they leave it alone in a hotel room, or somewhere else.
Now, this is where our Evil Maid stick comes into play. All the attacker needs to do is to sneak into the user’s hotel room and boot the laptop from the Evil Maid USB Stick. After some 1-2 minutes, the target laptop’s gets infected with Evil Maid Sniffer that will record the disk encryption passphrase when the user enters it next time. As any smart user might have guessed already, this part is ideally suited to be performed by hotel maids, or people pretending to be them.
So, after our victim gets back to the hotel room and powers up his or her laptop, the passphrase will be recorded and e.g. stored somewhere on the disk, or maybe transmitted over the network (not implemented in current version).
Now we can safely steal/confiscate the user’s laptop, as we know how to decrypt it. End of story.
Researchers seize control of Kraken -one of the largest spam botnets
Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets. By reverse engineering the encryption they have successfully cracked into the botnet. They basically have the ability to create a fake Kraken server capable of overtaking a redirected zombie.
Essentially, TippingPoint can now overtake the infected system and cause it to connect to TippingPoint’s fake Kraken server and receive a command to kill the target process handing the communication. In other words, they CAN stop the spam spewing from these machines. The catch is, they would be sending remote commands to someone’s computer without their knowledge which has caused an ethical dilemma. If they send the commands and stop the spam they are basically hacking the infected computer to do something the end user doesn’t know about.
Personally, I say they send the commands… the computers are already infected. I can however see the issue they have, nobody wants their machine doing anything without their permission. They don’t want to be as bad as the bad guys.
Read more on the issue at eWeek.