Nicholson Security

Book Review: Build Your Own Security Lab

The Good

I have had this book on my bookshelf for a few months and recently, due to some textbook changes in my Windows Security class, I decided to read it.  The book covers the usual ground you would expect, network hardware, virtual machines and various OS and network software.

The first chapter talks about getting used Cisco gear, to get IOS experience.  Some information was mentioned about VMware, for installing operating systems to use and virtual networking.

After the first two chapters the author jumps into the various activities you can perform in the security lab.  Each chapter included notes with a little additional information about the topics discussed in each chapter. At the end of each chapter is a list of “Exercises.”

The Bad

I could tell in the first chapter that this book has been sitting on the shelf of the publisher for a while.  I could also tell that the author had a hard time filling the 400+ pages in the book.  When I got to chapter 2 “Building a Software Test Platform” and it mentioned ReactOS, Knoppix-STD, and Virtual PC, I knew things were going to get bad.  The author goes into detail about installing and running ReactOS. More »

Security News Links

• NYC AppSec Infosec Conference Event - Summary
• Myths, Misconceptions, Half-Truths and Lies about Virtualization
• Malware Challenge begins October 1st!
• MindshaRE: WinDbg Introduction
• World’s electrical grids open to attack
• BSQL Hacker - Automated SQL Injection Framework
• After Fake Blogs Come The Fake Forums
• (IN)SECURE Magazine Issue 18
• Fun with WiFu and Bluesniffing
• Maltego 2 and beyond - Part 2
• Modern Exploits - Do You Still Need To Learn Assembly Language (ASM)
• All Roads Lead To Rome

HowTo: Hack your DBT-120 to run in RAW mode.

Dre from TS/SCI Security wrote a post yesterday “Fun with WiFu and Bluesniffing.” In his post he mentioned the lack of clarity on “how to” hack USB Bluetooth dongles due to the number of posts about problems. I posted in the comments that I have a D-Link DBT-120 Wireless Bluetooth 2.0 USB Adapter and hacked it to work in RAW mode. He asked if I could share how I did the hack on my Bluetooth dongle and provide the details. Here are the steps that I used to get my DBT-120 to run in RAW mode using the directions provided by Dr. Gr33n.

DISCLAIMER:
This post is provided for educational and testing purposes only. I am not responsible for any damaged BT adapters. I had issues trying to do this in BackTrack 3 VMware, so I used the USB version for this How-To.

REQUIREMENTS:
bt3final_usb.iso SHA1: 3aceedea0e8e70fff2e7f7a7f3039704014e980f
D-Link DBT-120 Wireless Bluetooth 2.0 USB Adapter I have a DBT-120 Rev. C1

UPDATES: I have been told that this procedure, using the 5x version of software bricks the dongle.  Tom Bicer found a dongle recovery procedure on the Evil Genius blog.  I have read that using the 5x software is a known problem so only follow this procedure if you have the 4x firmware.

DIRECTIONS:
Boot your BackTrack3 environment and after it’s up and running connect your DBT-120. Follow the steps shown below.

CONSOLE:
bt ~ # hciconfig hci0 up
bt ~ # hciconfig hci0
hci0: Type: USB
BD Address: 00:17:9A:2B:45:2C ACL MTU: 0:0 SCO MTU: 0:0
UP RUNNING
RX bytes:217 acl:0 sco:0 events:0 errors:0
TX bytes:169 acl:0 sco:0 commands:12 errors:0
bt ~ # hciconfig hci0 down
bt ~ # dfutool -d hci0 archive dbt-120_backup.dfu
bt ~ # dir
Desktop/ airsnifferdev46bc4.dfu
dbt-120_backup.dfu
bt ~ # hciconfig hci0 up
bt ~ # bccmd psget -s 0×0000 0×02be
USB vendor identifier: 0×0a12 (2578)
bt ~ # bccmd psset -s 0×0000 0×02be 0×0a12
bt ~ # bccmd psget -s 0×0000 0×02be
USB vendor identifier: 0×0a12 (2578)
bt ~ # bccmd psget -s 0×0000 0×02bf
USB product identifier: 0×0001 (1)
bt ~ # bccmd psset -s 0×0000 0×02bf 0×0002
bt ~ # bccmd psget -s 0×0000 0×02bf
USB product identifier: 0×0002 (2)
bt ~ # hciconfig hci0 down
bt ~ # dfutool upgrade airsnifferdev46bc4.dfu
bt ~ # hciconfig hci0 up
bt ~ # hciconfig hci0
hci0: Type: USB
BD Address: 00:17:9A:2B:45:2C ACL MTU: 0:0 SCO MTU: 0:0
UP RUNNING RAW
RX bytes:217 acl:0 sco:0 events:0 errors:0
TX bytes:169 acl:0 sco:0 commands:12 errors:0
bt ~ #


CREDITS:

• Andre Gironda (Dre) from TS/SCI Security I would have never posted this if he didn’t ask for clarification and proof that it was possible.
• Dr Gr33ns from Drgr33ns Blogs, Tutorials and Info. He posted directions and a video showing how to do this. I copied 99.999% of his work. I did this to show proof that his directions do work in my situation using my DBT-120.
• I would also like to thank all the bluetooth hackers that make this possible.

Bluetooth Headset Vulnerabilities Reminder…

As I find another one of my hands-free bluetooth headsets in the washing machine again (yes, again, I think this is #11 or #12) I wanted to remind everyone about the risks associated with using bluetooth devices.

With the new laws here in California that require drivers to use hands-free devices while driving, I’m starting to see more and more people using bluetooth.  I see them on the road, in restaurants, at work (sometimes connected to work phones) and I wonder if the “wireless” freedom is worth the risk that comes with bluetooth.

Most of you know that bluetooth hacking isn’t anything new.  We all remember reading about celebrities cell phones getting hacked, and having all the contacts and SMS messages stolen.  What I don’t think we all remember is that were are all at risk too.  With smartphones and PDA’s becoming cheaper, everyone is getting one.  I see teenagers to soccer moms with Blackberry’s.  I see students and business professionals with iPhones.  Now you don’t need a smartphone to have all your contacts and SMS data stolen.  Any cell phone with bluetooth enabled is open for attack.  What smartphones adds is the access to more sensitive and private data.  All that useful information you keep on your smartphone or PDA?  Well if you have bluetooth enabled it might be open to attack.

So as I sit here wondering if I am going to go and get another bluetooth headset, I’m thinking about about what I use it for and what the pro’s and con’s will be if I switched to a wired headset.  Oh, and if you think that the only risk is someone stealing SMS messages from your spouse or you mom’s phone number, watch this clip.  That cool bluetooth headset is also a bug that can broadcast everything you say and hear even when your not on a call.  All I have to say is forget Big Brother worry about that innocent looking guy with the backpack and PDA.

httpv://www.youtube.com/watch?v=1c-jzYAH2gw

I would like to know how many of you enable bluetooth and if your worried about privacy or data theft?  Please post your thoughts and ideas in the comments.

Security News Links for 9/14

• What impact will the financial industry meltdown have on the security industry?
• VMWorld 2008: “Introducing Cisco’s Virtual Switch for VMware ESX”…
• VMWorld 2008: Forecast For VMware? Cloudy…Weep For Security?
• Virtually excited about virtual IPS
• SQL injection taints BusinessWeek.com
• (Cancelled) / Clickjacking - OWASP AppSec Talk
• “You can’t get the toothpaste back in the tube, so deal.”
• The Fallacy of Complete and Accurate Risk Quantification
• MindshaRE: Live Analysis Markup
• I used to know what you watched, on YouTube

10 things Gov. Sarah Palin has taught us about E-mail?

• When creating a free email account it’s OK to lie.  Never give your real information to anyone asking for it online unless its required.
• Use a strong password.  Find out how long you can make your password, what characters are valid, and use something like KeePass Password Safe to manage your passwords.
• After you create the email account and create a strong password, save the false information you entered in your password manager.  That way if you change your password, but don’t save it in your safe, you have the false information you need to reset the password.
• Never use your email account for anything other then public communication.  Don’t forget once you hit send, you have no control over what others do with your email.
• Never leave email on the server.  Either download it to a computer or delete it.  Why would an attacker go after your computer, when they can attack your email.  Ever do a search in your mailbox for keywords like “password”, “login”, or other sensitive information?  You will be shocked what you might find. More »
  

Security News Links for 9/7

Here are this weeks Security News Links for the week of 9/7.

• “Statement of fees” malware
• SCADA Exploit Gets Metasploited
• WASC Web Application Security Statistics 2007
• Risk Managers Are Just Like Security People
• reDuh - TCP Redirection over HTTP
• Improving Google Chrome
• Rogue SF sysadmin may cost city over $1m
• CSRF Vulnerability in Twitter Allows Forced Following
• Brief: Hackers defaced collider site, say reports

A lot of good information was released this week.  Since the point of my Security News Links is to be brief I left a lot out.  I would like to know what you think about my Security News Links series and if you have any feedback on any of the news links posted.

What security programs would be on your dream Live-CD?

I was going to write a post about Samurai Web Testing Framework but someone already beat me to it.  It’s a good post so I wanted to pass along the link.  I really hate seeing the same topic covered the same way over and over again.

Instead I am going to talk a little about the idea of making your own Security Live-CD.  Samurai WTF was the first Live-CD I have used that was built on Ubuntu.  I have been using Ubuntu since 5.04 and was really happy to see a familiar GUI.  I noticed that all Samurai WTF was essentially, is Ubuntu with a bunch of cool web pen-testing programs preloaded and Firefox preloaded with some cool web pen-testing add-on’s and the best themed Live-CD bar none.

This got me thinking about an article I read earlier this week at Linux.com about a program called Ubuntu Customization Kit (UCK).  With UCK you can take an existing install of Ubuntu, Kubuntu, Edubuntu or Xubuntu and create your own pre-configured Ubuntu Live-CD.  Just like Samurai WTF and even BackTrack (except BT uses Slax).

More »

New Addition: Security News Links for the week of 8/31

I read a lot of security news feeds during the week.  So I thought it would be a nice addition to post a link list fo the posts I found interesting from the previous week.  My goal will be to collect a brief list of links and them posted every Sunday morning.  I want it to be something you can read through quickly while having your morning coffee.  Please post a comment and let me know what you think about this new addition and the links posted.

• Rethinking the Desktop Model
• Google Chrome
• Let’s fix the Web
• Google Chrome DoS
• Best, Good, Standard Practices
• What do we call Twit Spam?
• Got Chrome?
• Zombie network explosion
• The Hidden Cost of Freeware: a Mind Changed

Book Review: Secure Your Network for Free (Syngress)

Last week I was visiting the local library with my family and decided to check out the computer books section. I wasn’t surprised when I only found about 30 books most of which were out of date. I would like to pretend all the good recent books were out on loan but I wasn’t sure. I was able to find a book that peak my interest.

Secure Your Network for Free by Eric Seagren.  As you can probably tell from the title the book discusses Network Security using free, in most cases this means Open Source programs. On the title is grabs your attention by listing Nmap, Wireshark, Snort, Nessus, and MRTG.

More »