zundel

Saturday 49

Black net ops

Filed under: Computers, Security — Tags: , , , , , , — zundel @ pm

Fascinating reading.

Anonymous cracking and publishing the email of Aaron Barr, Greg Hoglund, and HBGary has turned up all sorts of useful information. And Ars has done a very god job analyzing it and reporting.
Nothing unknown or unsuspected, but useful confirmation.

Black ops: how HBGary wrote backdoors for the government

Why you don’t want to use Outlook, ever.

The target user would preview a specially crafted e-mail message in Outlook that took advantage of an Outlook preview pane vulnerability to execute a bit of code in the background. This code would install a kernel driver, one operating at the lowest and most trusted level of the operating system […].

When installed in a target machine, the rootkit could record every keystroke that a user typed, linking it up to a Web browser history. This made it easy to see usernames, passwords, and other data being entered into websites; all of this information could be silently “exfiltrated” right through even the pickiest personal firewall.

“This is ideal because it’s trivial to remotely seed C&C messages into any networked Windows host,” noted Hoglund, “even if the host in question has full Windows firewalling enabled.”

HBGary stockpiled and sold zero-day exploits. Nice people.
Most experts try to help the community fix security vulnerabilities. These guys were finding them and selling them.

These guys were not very good. Anonymous penetrated them easily. And often seem really juvenile, like they wanted to be James Bond. (Shades of Ollie North.) Yet they sold ready exploits to defense contractors working for the government. Defense procurement is as sophisticated as ever. But also, most systems are easily compromised.

If you need security, don’t use anything these guys mentioned.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: