The Edge of I-Hacked

from MAKE: Blog

One of the frustrating things about traveling is the obligatory pay-wireless that so many hotels and airports provide. If you check your mail at the airport and again at the hotel, it’s pretty easy to run up charges equivalent to a month’s worth of broadband, not to mention that you have to give your credit card to an unknown access provider affiliate.

There are two traditional ways of getting around the captive portal: tunneling IP over DNS and tunneling IP over ICMP.

In most situations, the firewall will be set up to block or proxy all TCP traffic, and all HTTP requests are redirected to the authentication server that wants you to enter a credit card. DNS lookups and ICMP traffic ping, for example are quite often left untouched, however, allowing you to use these services to move data through a remote computer under your control.

The basic setup is the same for both scenarios, and you can use the same server as a DNS and ICMP proxy. All you’ll need is a public DNS server that you can manage and another server with a static IP that you can access remotely. Thomer Gil has written two excellent howtos, one for using NSTX IP-over-DNS, and the other for using ICMPTX IP-over-ICMP. Follow the guides, install and configure the two packages, and you can get free access in a pinch from just about anywhere.

NSTX (IP-over-DNS) HOWTO
ICMPTX (IP-over-ICMP) HOWTO

from Creative Freedom Foundation creativefreedom.org.nz
Join The New Zealand Internet Blackout to protest against the Guilt Upon Accusation law ‘Section 92A‘ that calls for internet disconnection based on accusations of copyright infringement without a trial and without any evidence held up to court scrutiny. This is due to come into effect on February 28th unless immediate action is taken by the National Party.

learn more about the song

Join thousands of New Zealanders already against this law by blacking out your Facebook photo, your websites, your Myspace pages, your Twitter account, in protest against this unjust new law that may come into effect on February 28.

Just use this image (Right-click, Save-As) with the text:”(your name) is blacked out: Stand up against “Guilt Upon Accusation” for New Zealand http://creativefreedom.org.nz/blackout.html”

Via

History of the Internet from PICOL on Vimeo.

from Twitter Blog

This morning we discovered 33 Twitter accounts had been “hacked” including prominent Twitter-ers like Rick Sanchez and Barack Obama who has not been Twittering since becoming the president elect due to transition issues. We immediately locked down the accounts and investigated the issue. Rick, Barack, and others are now back in control of their accounts.

What Happened?

The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.

from Hack a Day

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash. In 2004, a team of Chinese researchers demonstrated creating two different files that had the same MD5 hash. In 2007, another team showed theoretical attacks that took advantage of these collisions. The team focused on SSL certificates signed with MD5 for their exploit.

The first step was doing some broad scans to see what certificate authorities (CA) were issuing MD5 signed certs. They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL.

Having selected their target, the team needed to generate their rogue certificate to transfer the signature to. They employed the processing power of 200 Playstation 3s to get the job done. For this task, it’s the equivalent of 8000 standard CPU cores or $20K of Amazon EC2 time. The task takes ~1-2 days to calculate. The tricky part was knowing the content of the certificate that would be issued by RapidSSL. They needed to predict two variables: the serial number and the timestamp. RapidSSL’s serial numbers were all sequential. From testing, they knew that RapidSSL would always sign six seconds after the order was acknowledged. Knowing these two facts they were able to generate a certificate in advance and then purchase the exact certificate they wanted. They’d purchase certificates to advance the serial number and then buy on the exact time they calculated.

The cert was issued to their particular domain, but since they controlled the content, they changed the flags to make themselves an intermediate certificate authority. That gave them authority to issue any certificate they wanted. All of these ‘valid’ certs were signed using SHA-1.

If you set your clock back to before August 2004, you can try out their live demo site. This time is just a security measure for the example and this would work identically with a certificate that hasn’t expired. There’s a project site and a much more detailed writeup than this.

To fix this vulnerability, all CAs are now using SHA-1 for signing and Microsoft and Firefox will be blacklisting the team’s rogue CA in their browser products.

from BreakingPoint Labs

Taking a page from L0pht Heavy Industries, Alexander Sotirov, Jacob Appelbaum, and a team of researchers whose identities have to remain secret for now are making the theoretical possible this Tuesday at the 25th Chaos Communication Congress in Berlin. The details of their presentation have been heavily censored leading up the event, with only a handful of security researchers, journalists, and collaborators given early access to the materials. Fortunately, I was one of them, and I wanted to take the opportunity to talk about their research, why it is important, and why the pre-conference secrecy is justified.

from OCNET News

Jerry Scroggin, owner-operator of Bayou Internet and Communications, wants the music and film industries to know that he’s not a cop and he doesn’t work for free.

Scroggin, who sells Internet access to between 10,000 and 12,000 customers in Louisiana, heard the news on Friday that the Recording Industry Association of America RIAA has opted out of suing individuals for pirating music. Instead, the group representing the four largest music labels is forging partnerships with Internet service providers and asking them to crack down on suspected file sharers.

According to Scroggin, if RIAA representatives ask the help of his ISP, they had better bring their checkbook–and leave the legal threats at home. CNET News obtained a copy of the RIAA’s new notice to ISPs here. Scroggin said that he receives several notices each month with requests that he remove suspected file sharers from his network. Each time, he gets such a notice from an entertainment company, he sends the same reply.

“I ask for their billing address,” Scroggin said. “Usually, I never hear back.”

Scroggin’s case underscores a potential obstacle for the RIAA’s plan to enlist the help of ISPs. Small companies like his are innocent bystanders in the music industry’s war on copyright infringement. Nonetheless, they are asked to help enforce copyright law free of charge. Many of them can’t afford it, he said. Significant resources must be devoted to chasing down suspected file sharers and there’s a real cost to that. After talking to Scroggin, it sounds as if the entertainment sector might also have taken a heavy-handed approach to dealing with ISPs in the past and there might be some bad blood built up.

“They have the right to protect their songs or music or pictures,” Scroggin said. “But they don’t have the right to tell me I have to be the one protecting it. I don’t want anyone doing anything illegal on my network, but we don’t work for free.”

from technewsworld.com

The Internet Explorer browser is under attack, and Microsoft has yet to figure out how to solve the problem. A vulnerability in the browser, along with the code to exploit it, were released in the wild shortly after the company issued its latest batch of patches.

from HiR Information Report:

Combining SSH Tunneling with web proxies is one of the more advanced ways to get past a web filter. You can increase your odds of being able to contact your SSH Server by running it on ports that are more likely to be allowed outbound access: 53 DNS and 443 https are good examples. If you’re using a router or firewall at home, you might be able to do this with Port Address Translation or Port Forwarding.

Great read — make sure to check out parts 1-4 in the series too!

from The Register

A juvenile hacker with a reputation for stirring up trouble in online gaming groups has admitted to multiple computer felonies, including cyber attacks that overwhelmed his victims with massive amounts of data and the placing of hoax emergency phone calls that elicited visits by heavily armed police teams.

Known by the online handle of Dshocker, the 17-year-old Massachusetts hacker also admitted he breached multiple corporate computer systems, called in bomb threats and engaged in credit card fraud. The defendant, who was identified only by the initials N.H., pleaded guilty to charges in court documents that included one count each of computer fraud and interstate threats and four counts of wire fraud.

Dshocker is best known in hacker and gaming circles as the miscreant said to have perpetrated a series of attacks on members of myg0t, an online confederation dedicated to cheating and disrupting play in online games such as Counter Strike. He also unleashed attacks on other well-known hackers, according to online accounts.

According to federal prosecutors in Boston, Dshocker has since 2005 controlled “several” botnets comprising “tens of thousand [sic] of infected computers” used to carry out distributed denial of service (DDoS) attacks on his victims. In January, he turned his attention to a practice known as “swatting,” in which he made hoax 911 calls that falsely reported violent crimes were underway. On at least several occasions, the calls prompted visits by armed police.

To fool police, Dshocker spoofed his phone number so it appeared to originate from a victim who was located thousands of miles away. He obtained the victims’ numbers and addresses by breaking into the computer systems of their internet service providers and accessing subscriber records. Charter Communications, Road Runner, and Comcast are among the ISPs he broke into.

One call falsely reporting a violent crime in progress was made in March to the police department in Seattle. Another in April was made to police in Roswell, Georgia. Both calls originated from a phone located in Dshocker’s home town of Worcester, Massachusetts. He also phoned in a false bomb threat at one school and the presence of an armed gunman at another.

Dshocker didn’t limit his illegal hacking to settling grudges with fellow gamers. From 2005 to earlier this year, he used stolen credit card information to make fraudulent purchases. He also managed to gain free internet access by stealing proprietary software from a large, unnamed electronics company and then using it to modify his cable modem.

Dshocker agreed to the imposition of an 11-month sentence of juvenile detention. Had he been tried as an adult, he could have faced a maximum of 10 years in prison and a fine of $250,000. ®