There are some vulnerabilities that I come across which just make my jaw drop. This is one of them. There is a backdoor in the linux-based firmware that allows you telnet to port 1111 and get a command prompt. The command prompt seems to be associated with the console administration program. This console allows you to run shell commands, in addition to several other functions. There is no password required, and it appears that the default password (as shown from dumping /etc/shadow) is wlan. There is no patch for this vulnerability which appears in select firmware versions. "bob" has confirmed that this is real...

This just goes to show that as much as you try to secure something there is a developer who is out to sabotage you. It also gets to the heart of the whole 0 day issue. You have to assume there is a 0 day in your software... Then, plan accordingly

-PaulDotCom and strandjs

PaulDotCom is very excited to bring you several new webcast series starting next January. The webcasts will be produced, hosted, and performed by the members of PaulDotCom. In addition to the White Hat World webcasts, there will be several different topic-based webcasts that will highlight different areas of information security. The first two are sure to be a "smash hit" as we show you how to improve your skills in the areas of client-side penetration testing and web application assessments (and even avenge the death of your master). Information about each webcast, including the registration links, is below:

Title: Practical Client-Side Exploitation Kung Fu

Description: In this webcast we will explore the tools & techniques needed to perform successful client-side exploitation. Practical methods for information gathering, target selection, and exploit delivery will be covered.

Date: Thursday, January 21, 2010

Time: 2:00 PM - 3:00 PM EST

Sponsor: Core Security Technologies

Register Here: https://www1.gotomeeting.com/register/171250512

Title: Practical Web Application Pen Testing Kung Fu

Description: In this session John & Paul will guide you to performing more successful web application penetration testing. You will learn how to balance automated tools with manual testing, strike vulnerabilities with the highest chance of exploitation, and more!

Date: Tuesday, January 26, 2010

Time: 2:00 PM - 3:00 PM EST

Sponsor: Cenzic

Register Here: https://www1.gotomeeting.com/register/290940024

One of the great eye opening moments for me in the past few years was learning that we are outnumbered. Not only does it appear that there is a non-stop wave of malware and evil sites that are constantly trying to infect our systems, but it seems like our user population is working against us as well by trying to click on every evil link or evil file that they come upon. Because of this it is very easy to feel like the plight of today’s security professional is a grim one. I often say that we are in one of the only professions I know of which is destined to fail. You will have a breach and there will be compromises; you will get called out. In light of this reality I still find that information security professionals are a fairly happy lot. The trade-off for having the cards stacked against us is in that we get to work in on of the coolest fields.

If you don't think so….please get out. There are other people who would love to have your job.

However, I have also realized recently that we are not alone. There is another group of professionals that we work with every day that can help us. Our Administrator brethren are an untapped resource for the information security community. We need to start cross-training with them if we want to stand a chance against the onslaught of attacks and malware that we face on a daily basis.

There are a number of different ways to go about this. There are commercial training options for your systems administrators that are short and to the point. I will be teaching one of these classes online and another in New Orleans in January. Please see the below links for more information.

564 online.

564 in New Orleans with Mechanical Bull and Beads.

However, beyond the commercial options there is something that we should be doing as well. I recommend having weekly brown bag meetings where you can show your systems administrators some cool tricks for ideating an incident and they can show you some neat tricks for understanding the business application process flow of your organization. This tradeoff is beneficial because it illuminates both aspects of an organization, security and day-to-day administration.

Keep in mind that one of the greatest instructors of evil, the great Bastard Operator From Hell, was a Systems Administrator. There is much we can learn from them.

-strandjs

PaulDotCom will be running a Hacklab in Boston at SANS Boston 2009 hosted by strandjs this Friday August 7th from 6:00PM till ???. "Hack Naked" T-shirts will be on sale for $10!

We will be at the:

Hyatt Regency Boston
One Avenue de Lafayette
Boston, Massachusetts, USA 02111
Telephone: 617 912 1234
Fax: 617 451 2198

The even will take place on the fourth floor. This event is open to the public, so come on down and hack some systems. Better yet, bring some cool systems to hack.

That and it is kind of my birthday.

-strandjs

Yes yours truly (Larry, that is) Will be teaching the 6 day SANS Wireless Ethical Hacking, Penetration Testing and Defenses (SANS 617) in Regina, Saskatchewan on March 23 - 28, 2009.

As this is the first time Wireless Ethical Hacking, Penetration Testing and Defenses is being offered in Saskatchewan it is anticipated to fill quickly. Seats are Limited! Register by Feb 11, 2009 to save $375. Use our referral link to register! Tell 'em Larry form PaulDotCom sent you!

Why should you attend this course now? With the economic downturn
affecting all of us in North America, there has been a significant
increase in people exploiting network vulnerabilities, especially
wireless vulnerabilities. This course will give you the tools to combat
these efforts for your organization.

Hope to see you there!

- L

The PaulDotCom TV video feed lives on! I just know that everyone was dying to have the latest videos from PaulDotCom available on your iPods and iPhones, so I've updated the feed with the latest four spectacular videos from the PaulDotCom crew. They include:

• Make the Switch: Danny - Larry and I were talking one day last week about the number of listeners that have given us much of the same feedback. They all stated something along the lines of, "I used to listen to Security Now!, but now I listen to PaulDotCom Security Weekly". So, on the last podcast we asked real listeners to record their own switch commercials (audio only). I've added a bit of flavor (thanks to iMovie) and created this video of our first submission (Thanks Danny!).
• Set Your Router On Fire! SANS SEC 535 - We have created a promotion video for the SANS course I authored called "SEC535 - Network Security Projects Using Hacked Wireless Routers". Sign up for this course today!
• The Destruction Files - Paul & Larry have some fun busting up some old computer equipment. Sun monitor, take 2, network sniffer, and a Cisco switch all fall victim to Paul's new sledge...
• Where's Twitchy? - So many of you have written to ask us the age old question, "Where's Twitchy?". This video provides you with the answer...

Video Feeds:

All of these videos are also available on our PaulDotCom YouTube Site. Look for more videos to come!

PaulDotCom

All:

We have created a promotion video for the SANS course I authored called "SEC535 - Network Security Projects Using Hacked Wireless Routers":

Sign up for this course today:

SANS Orlando (Comes with your very own copy of Linksys WRT54G Ultimate Hacking by Paul Asadoorian and Larry Pesce!

If you are interested in this course and cannot attend the Orlando conference please contact me (paul /at/ pauldotcom.com) for more information.

PaulDotCom

General Excitement

The course has been written, w00t! The one day embedded device, OpenWrt, Linksys WRT54GL hacking extravaganza is complete! I am so excited to teach this course, and can't wait to start showing students how to hack embedded devices. The first time students rip open the packaging on a fresh, band new, WRT54GL, and then gratutiously violate the warranty will truly be a treat!

Current Offerings

I wanted to inform everyone that the September 11th and September 25th offerings of this coruse are still on for OSHEAN and Tech Collective members. The September 11th offering is just about full, however registrations will be accepted soon for the September 25th course. Check the Tech Collective and OSHEAN web sites for more information.

The September 25th course at SANS NS2007 in Las Vegas has been cancelled. It was a tough day to give a course (on the last day of all the 6-day tracks), but it means that people felt committed to their 6-day tracks, so at least thats a good thing :) However, we are one for a new offering on Friday January 11, 2008 in New Orleans! More information can be found here:

SECURITY 535, Embedded Device Hacking, Friday, January 11, 2008 : 9am - 5pm, Paul Asadoorian, Defensive Intuition

New Course Description

A new course description has been posted with more extensive information about the course, and more importantly why you would want or need to hack embedded devices. You can find it here:

SEC535 - Embedded Device Hacking

It really captures the heart of the course, and explains some benefits of using embedded devices for various networking and security problem solving tasks. The reasons include low cost, low engery, small footprint, a minimalistic approach to computing, and "Remoteness". So, go check it out!

PaulDotCom

All:

I would like to announce some upcoming course that we are teaching through the SANS Institute:

• Stay Sharp: Defeating Rogue Access Points North Kingstown, RI Wednesday, July 25, 2007, 8:30 AM - 11:30 AM, Instructor: Larry Pesce
• Stay Sharp: Google Hacking and Defense North Kingstown, RI Wednesday, August 29, 2007, 8:30 AM - 11:30 AM, Instructor: Larry Pesce
• SEC535 Embedded Device Hacking, SANS NS 2007, Las Vegas, Friday, September 28, 2007 : 9am - 5pm (Includes a WRT54GL Wireless Router!), Instructor: Paul Asadoorian

You can register for SANS training via our click-through at http://pauldotcom.com/sans/

Hope to see you there!

PaulDotCom