22nd October, 2007

An approach to overcome a keylogger /--evilbitz   

Well… this is not 100% fool-proof but if you care about your passwords and there is a chance that a keylogger is installed on the PC you are using (of course you must use it! and not a safer one), try the following method to type your passwords, it is simple but yet will overcome a decent amount of keyloggers out there:

If, for example, your password is ghostbuster:

  1. Type random parts of your password correctly: ghostbuster (type just htbu).
  2. In another window, type a lot of gibberish , like that: “;jklehf;3jmxmpojgedrjqhnm,bBNVuytewpirk,vmb” (-:
  3. Copy & Paste parts of your password and start assemble it in the password textbox ghostbuster
  4. Use random order when copy & pasting
  5. Delete parts of it by selecting parts of the password text and by pressing any key, do not use the backspace
  6. If you place spaces in the password text then select the text by pressing Ctrl+Arrow
  7. Assemble the password using all the above tips with random order

Thanks,
Guy.



Posted in security, hacking, stega | 3 Comments

9th December, 2006

An Intriguer Virus /--evilbitz   

Another post about viruses! YAY! well, and this time it’s even more sophisticated than my ecological computer viruses post. A few years ago I asked myself what kind of viruses can cause the most damage to a certain company or an organization? well, I’m not that evil (even if my nickname suggests so), but it still a nice question to ponder about. If you remember MyDoom, the worm which infected around 500,000 computers worldwide and launches a DDoS (Distributed Denial of Service) attack against The SCO Group’s website www.sco.com in 2004, you probably remember how much noise it made back then.

It made me think about an idea. Could a worm, such as MyDoom, lead a Big Company (BC) into some legal issues? could it force that company into juridical matters or problems? well… the answer is yes, let me explain how this can be achieved. Consider a worm such as MyDoom, which spreads into a decent amount of computers and launches a DNS DDoS attack, an attack that leverages the DNS protocol in its advantage in order to amplify the DDoS ~73 times than the original generated packets. Consider this power and the assumption that if it launches the attack against BC’s website, the website will be down for a long period, causing BC to lose huge portions of their income. But (and here comes the juridical issue…), what if that worm would have a predefined condition for this attack, such as the following: if BC’s website has a .txt file placed at a specific URL, and it would contain something like 15 other domain names, that each one of them has a Google Page Rank value of above 6, then the DDoS attack will move to those websites, sparing BC’s website and allowing more income to flow. Of course that those websites would be shutted down and they would blame BC for this fault. Lawsuits will come and BC might pay those websites for their damage, but, it might be still cost-effective for BC to place that .txt file, since the compensation will cost much less than the loses that would have been caused if BC hadn’t placed that .txt file.

A lot of side-effects emerges and this idea can be further developed. I’ll just bring up another “fun” thing that can be done with such power. One creative worm can let Big Company #1 (BC1) and Big Company #2 (BC2) play chess against each other, the worms will read a .txt file both at BC1 and BC2 and let them play chess against each other on a predefined board that would be extracted from the worm itself. Every 5 minutes, each company should make a move. The one who lose will suffer the DDoS attack. The worms would synchronize themselves in a P2P manner to prevent from the companies to trick them.

Well, that’s about it, I hope this post was fun reading as it was fun for me to write it :-)

Until the next time… CYa.



Posted in security, virus | Be The First To Comment!

23rd October, 2006

Hacking StatCounter /--evilbitz   

There is a web service which is called StatCounter, it gives it’s users a free log of their website’s statistics.

The problem is that the log size is limited to the last 100 visitors. StatCounter collects statistics by running javascript in the visitor’s browser. When you open an account at StatCounter, they giv you e a piece of javascript to put at the footer of your website, this javascripts collects the interesting information from the visitor’s browser and sends it to StatCounter for logging.

Bypassing the 100 limitation is kind of easy, because you can open multiple projects (each is limited seperately) for the same website. now, If you’ll open 10 projects, you’ll get 10 pieces of javascript. You should put a different JS for different visitors, anytime a new visitor comes (you should rotate the JS), the problem is that you’ll want to put the same visitor in the same StatCounter project, so you’ll have to maintain a table that translates IPs to the correct pieces of JS. My estimation is that it takes something like 20 minutes to setup such a thing with PHP/MySQL.



Posted in security, hacking | Be The First To Comment!

22nd October, 2006

A MP3 Steganographic File System Approach /--evilbitz   

Inspired by Paranoia, a book by Joseph Finder, I decided to write this post. Paranoia really had influenced my thinking as I was reading about Adam Cassidy, a young man who was hired to do some dirty industrial espionage work for another firm. The tools that are needed for this kind of work are various, and I’m not going to discuss about these tools but rather about an imminent need for this kind of job, and that is: the place to collect your prize.

Well, you don’t have to be an industrial spy to see the advantages in a steganographic file system, even the most naive and simple PC user can find a Steganographic file system useful, as it can protect him from different kind of threats. Information Hiding can protect users against hacker attacks, and information theft in general, imagine that your password list or your bank account info is hidden in an encrypted way inside your mp3 files (this is what I’m going to talk about).

It looks naive and unsuspicious, who would imagine that your sensitive information is stored over some ordinary looking files. If we will go back to our industrial spy example - let’s say that he needs to get some documents from a competitive firm, first he will apply for a job there, then, after he is actually there and have access to these documents, he needs to steal them - his stolen documents are going to be stored inside some movies or other media files, it is innocent and even if he is getting caught somehow, he can just play the movies at his hard drive / removalble media device (usb key for example).

Design

Whem I’m looking for requirements for such a project, I try to see it as simple as I can. Implementing the file system over regular files let’s you be independent from technologies or operating systems, the stegnographic file system should be portable and easy to implement in any language / OS. The storing media is also taking into account when you can be using your local hard drive or your removable USB key, it let’s you be independant from low level issues. the most innocent looking files I can think of are music files like MP3s, and the media can be any MP3 Player / iPod.

The file system requirements are also not so wide. It should give you the ability to store various files, inside different directories, if it’s feasible. The operations that the file system supports are the follows:

  • Expand: Looping through a list of mp3 files and preparing them for future data.
  • Format: Deleting all files that are currently availble in the file system.
  • Add: Copy a file to the file system or from the file system.
  • Remove: Delete an existing file from the file system.
  • Rename: Changing the name of an existing file.
  • Extract: Copy a file from the file system to any other place.

Simple Implementation

Lets say, that on each MP3 file you have a different amount of free data to store, so the file system overall storing size is the sum of all free size of each and every MP3 file. Each MP3 file should be treated as a stream, that is, the free size will be filled with chunks of the original files that we are storing, each chunk will contain a simple header that describes the chunk. It can be something like the following struct:

typedef struct _ORIGFILE_CHUNK {
/* crc32 of the current chunk */
UINT32 chunk_crc32;
UINT32 origfile_crc32;

struct orig_filename {
UINT8 filename_size;
CHAR filename[];
};

struct orig_data {
/* the offset from the original file */
UINT32 offset;
UINT32 chunk_size;
BYTE chunk_data[];
};

} ORIGFILE_CHUNK, *PORIGFILE_CHUNK;

The original files will be stored in chunks, in any order, over as many files that are needed. The restoring process will be done as follows:

  1. Read all chunks into memory
  2. Validate integrity for all the loaded chunks
  3. Build a dictionary with the original filename as the key
  4. Build the original files from the chunks

When these steps are done, we should validate integrity for each file. We’ll do that using the origfile_crc32 field of each chunk and compare them to the calculated crc32 of the overall original file data of the corresponding chunk.

The underlying steganographic approach can be anything you can think of, a nice project that is looking quite good is mp3stego, and can be used to implement the steganographic part, The data is further protected with encryption.

Conclusion

Armed with our MP3 steganographic file system, our evil spy can go to work, insert his USB key and listen to his favourite music while stealing and collecting info from the firm.

Are you scared? ;-)



Posted in security, stega | 8 Comments

Top »
"If you can't join them, beat them!"
Search Evilbitz: