Security Thread

[Triple Zero]

Hm, I gotta figure out how to change the MAC address on my router.

I mean, given that those WiFi cracking Linux boot-CDs with Kismet and WAP-crack (?) and Wireshark and whatnot on them are able to make any network card spoof any arbitrary MAC address, implies it's not completely hardcoded on the card. That's for PCs and laptops, though. Hopefully the same goes for WiFi routers.

And if the default firmware on my router can't do it, maybe Tomato can. That's an open-source firmware available for a lot of different routers, which I really should install anyway, because router firmware is generally a really insecure piece of trash. At least, the web-admin interfaces are. The people that code those things are obviously really good at programming hardware, but when it comes to web applications they seem to be years behind.

[Cain]

The Anonymous /i/nsurgent wiki used to have some software for changing the MAC address with.  Not sure if the site is still up, however.

[Bebek Sincap Ratatosk]

I was surprised when *LARGE TELCO THAT I SIGNED AN NDA WITH* showed us that they can track pretty much any individual, anywhere in the world.

Once you control much of the Internet Infrastructure, you can cross-correlate all sorts of logs.

[Triple Zero]

The Anonymous /i/nsurgent wiki used to have some software for changing the MAC address with.  Not sure if the site is still up, however.

Yeah the software is out there and easily available, I just forgot what it was called, and am not sure whether it also works for routers and not just network cards in PCs and laptops.

I was always kinda surprised the MAC address wasn't hardcoded burned into the chip in the first place.

[Triple Zero]

Heh, anyone remember Enemy of the State?


Position of killed FARC commander was determined by GPS in boot

Bogot - The location of Jorge Briceño (Mono Jojoy), second in command of the Revolutionary Armed Forces of Colombia (FARC), was allegedly determined by military intelligence personnel through a global positioning system (GPS) chip secretly implanted in a boot.
The implanting of the GPS chip was possible after authorities intercepted a communication from the guerrillas requesting special shoes for the guerrilla leader, reported Colombia's ElExpectador.com (in Spanish).



also, DIABETICS!!!



According with the version of a security agent interviewed by RCN Radio (audio in Spanish), Briceño was suffering of diabetes that affected the blood circulation in his feet which, in recent months, caused him serious sores forcing him to use special footwear.

[Triple Zero]

Interesting:

Remember how in the old days we were told to NEVER CLICK the "unsubscribe" links in our spam? Turns out that nowadays it's perfectly fine to do so, and they actually work!

Spam unsubscribe links no longer considered harmful

We've always been told never to follow unsubscribe links in spam. However, the CAN-SPAM act has created a curious paradox. If the message is readable, then it's highly likely the unsubscribe link is safe and functional.

The article explains that there are basically 2 categories of spam:

- one "don't care as long as it gets through the spamfilter" type that has malformed emails, clunky language and spam-poetry snippets to circumvent the Bayesian filters, and links that send you to Chinese domains that become invalid within days. These usually don't even have an unsubscribe link.
- The other are people that believe they send "legitimate" commercial mailings, and they take care to adhere to all sorts of rules because of the CAN-SPAM act. This way they don't need to circumvent (many?) filters, and can actually use proper english in their messages But if they would ignore an unsubscribe request, they get blacklisted. And because of them following the rules, circumventing the blacklist will get them into trouble.

Additionally, the guy did an experiment and clicked the unsubscribe links in a 10y old email inbox, which received about 300 messages per day. He has a nice graph showing that this exercise indeed reduced the amount of spam to just 80 messages per day after just a few days! And seems to stick, as well.

[Triple Zero]

Hm, I gotta figure out how to change the MAC address on my router.

Turns out this is super easy if you're on Linux, and really not that hard to do from Windows, either:

how-to-change-or-spoof-mac-address-in-windows-xp-vista-server-20032008-mac-os-x-unix-and-linux



Sorry about all the ads crap on that page, you might want to get the Readability Bookmarklet which works wonders on pages like this (it's a thingy link that you can drag to your browser toolbar so that it becomes a button. Then when you visit a horrible page with horrible markup, you click the button and it will automagically transform the site into a pleasantly readable just-the-article-and-images version--try it out, you'll love it).

[Shibboleet The Annihilator]

On the last 2 Linksys WRT54G routers I had, I was able to change the MAC of the router through the browser GUI for the router. I think it was just 1 or 2 menus in and this was on the stock firmware, no Tomato or DDWRT or anything like that.

[Triple Zero]

But why would you want to change the MAC address of your router?

[pharmakon]

Sorry about all the ads crap on that page, you might want to get the Readability Bookmarklet which works wonders on pages like this (it's a thingy link that you can drag to your browser toolbar so that it becomes a button. Then when you visit a horrible page with horrible markup, you click the button and it will automagically transform the site into a pleasantly readable just-the-article-and-images version--try it out, you'll love it).

You just made my life so much better.

[Remington]

Security Thread: The stuff Security blankets are made of

[Triple Zero]

But why would you want to change the MAC address of your router?

Answering my own question, THIS is why you would want to change the MAC address of your router every couple of months or so:

http://www.samy.pl/mapxss/

Yes that's right, Google made a complete MAC-to-Location database as well during their StreetView project. MAC addresses are more unique and more stable than IP addresses. They're a lot like the serial number of an electronics device (they're not really intended to change, ever).

You also can't easily read them out when someone visits your site (like with IP addresses), in the example above Samy uses an XSS exploit in the router web config interface. These are usually coded pretty badly, so finding an XSS sploit there is not that hard or unlikely. It becomes hard when you want to make it a generic exploit, because then you need to find XSS sploits in the 99% most common routers--which is tedious to do alone, but sounds like a fun weekend pizza+beer hacking project, with 1 or 2 likeminded ppl

However, MAC addresses are completely public data because they're broadcast by every WiFi access point. Have to be, because your WiFi card uses them to tell different access points apart.

So Google using their StreetView project to connect MAC addresses to their respective GPS coordinates is technically a perfectly legal and valid way to combine publicly available data.

That makes this one of the most striking examples I've seen so far of how the combining of publicly available data in a large database on a grand enough scale can indeed bring severe privacy risks.



... too bad you need to go through so much trouble to get people's MAC address, otherwise we'd have a very solid way to track our trolls now

[Triple Zero]

http://www.schneier.com/blog/archives/2010/10/predator_softwa.html

Intelligent Integration Systems (IISi), a small Boston-based software development firm, alleges that their Geospatial Toolkit and Extended SQL Toolkit were pirated by Massachusetts-based Netezza for use by a government client. Subsequent evidence and court proceedings revealed that the "government client" seeking assistance with Predator drones was none other than the Central Intelligence Agency.

IISi is seeking an injunction that would halt the use of their two toolkits by Netezza for three years. Most importantly, IISi alleges in court papers that Netezza used a "hack" version of their software with incomplete targeting functionality in response to rushed CIA deadlines. As a result, Predator drones could be missing their targets by as much as 40 feet.

[Triple Zero]

Computer virus hits US Predator and Reaper drone fleet
http://arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits-drone-fleet.ars

[Cain]

http://redtape.msnbc.msn.com/_news/2011/10/08/8228095-chaos-computer-club-german-govt-software-can-spy-on-citizens

A Germany-based hacker group claims a German government-created Trojan horse program is capable of secretly spying on Web users without their consent.

The group says on its Web site that it obtained and analyzed a piece of software that is supposed to be a "lawful interception" program designed to listen in on Internet-based phone calls as part of a legal wiretap, but its capabilities go far beyond legal bounds.

The program is capable of logging keystrokes, activating Webcams, monitoring Web users' activities and sending mountains of data to government officials, the club said.

To cover its tracks, the data is routed through rented servers located in the U.S., the club alleges.

"To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA," the Club said on its Web site.

The German government has yet to comment on the findings, but already, antivirus companies are reacting to them. Security firm F-Secure will detect and disable the alleged government monitoring software if found on clients' computers, it announced on Saturday.

"Yes, it is possible the Trojan found by CCC is written by the German government. We just can't confirm that," said Mikko Hypponen, F-Secure's chief technology officer, via Twitter.

The program, labeled a "backdoor" because it can open a computer to surreptitious access, targets certain applications for keylogging, including Firefox, Skype, MSN Messenger, ICQ and others, according to F-Secure.

"We do not know who created this backdoor and what it was used for," Hypponen wrote on F-Secure's blog. "(But) We have no reason to suspect CCC's findings."

German courts have long allowed use of a backdoor program known as "Bundestrojan" — "federal Trojan," in English — which permits government investigators to listen in on Skype-based phone calls as part of a legal wiretap order. Skype and other kinds of Internet phone calls that can be encrypted are particularly troubling for law enforcement, because they can be used by suspects to evade wiretaps.

After a court battle in 2008, Bundestrojan was ruled legal as long as it screened only very specific communications — essentially, Internet telephone calls.

But the Chaos Computer Club announced Saturday that it had obtained a copy of what it believed was a copy Bundestrojan, and that the program has capabilities that go far beyond legal wiretapping. In addition to keylogging and screen shots, the software is also capable of remote control and upgrade.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown Trojan is possible in practice – or even desired.... The Trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court," said the club on its site. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case, functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

The club also criticized security measures put in place by programmers of the alleged Trojan. Poor encryption implementation means a malicious third-party could intercept the government communications, or take control of government-infected machines, it said.

That final part is the problem with all backdoor surveillance techniques.  That's how Chinese hackers got into Gmail last year - the NSA requested a back door, and the Chinese hackers used that to get in.

I wouldn't be surprised to discover every developed country in the world was running at least one program like this.