The #AntivirusConspiracy goes #Mobile

There is a lot of press attention at the moment regarding smartphones like android and the iphone and malicious apps. The disappointing thing about all this is that it appears to be mainly hype from antivirus companies who want a piece of the growing smartphone market pie.

Kaspersky’s mobile research group have discovered and named a ‘trojan’ that sends sms’s to premium rate numbers without the users consent and drains their credit. The trojan is named Trojan-SMS.AndroidOS.FakePlayer (http://www.kaspersky.com/news?id=207576152). The trojan is a app that is made to look like a media player apparently, but asks for access to sms services functionally.

So instead of waiting for the forthcoming kaspersky bloatware that will protect us all from this evil threat (ourselves mainly), we could just pay attention to the services requested by apps and use the built in security functionality to spot ‘trojans’ and not install them.

I predict instead of a few unsuspecting people quickly dismissing the built in security warnings of the android OS and loosing some credit to these trojan apps, thousands will instead give credit to kaspersky to ‘prevent’ it happening and slow their smartphones down, while still being vulnerable to a lot of threats, in the process.

Digg Censorship

It turns out Digg.com has been targeted by a group of user called the DiggPatriots that collaborated to bury posts that did not fit their particular political ideology.

The evidence is quite strong: http://blogs.alternet.org/oleoleolson/2010/08/05/massive-censorship-of-digg-uncovered/

The conservative group used gaming techniques to play the digg algorithm to ensure content they did not like never became popular. Maybe this is just a flaw in the current algorithm, or maybe any fair algorithm is explicitly vulnerable to this attack by consequence of its ‘fair design’.

As if governments censoring people wasn’t a big enough issue at the moment, now people are censoring each other in an attempt to unfairly push their political ideology.

I guess the price of having a free speech medium such as the internet is dealing with the minority of users who wish to bend the system to fit their perspective on things. Hopefully the very nature of being a free and open system will eventually lead to development to protect peoples right to free speech while maintaining openness without the fear of censorship through misuse by a minority.

XSS, default password and geo-location

A researcher has presented a technique at the BlackHat conference that makes uses of XSS, google location data and breaking into routers with default passwords.

A cross site scripting trick is used to get a user who visits a launch page to connect to their router with default credentials and get the wireless mac. It then uses more xss to get the mac into google location service and then sends the geo data data to the initial web server.

This is a good example of using browser vulnerabilities with ajax and javascript. It only works on router with default usernames and password, but apparently most users do not change these, which i can believe.

Presentatino can be seen at: http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-location

Blackberry too secure?

As a result of the AES encryption and VPN-type security implemented on RIM Blackberry devices, a few government’s from the middle east have started banning or threatening to man the blackberry devices.

The thing that jumps out at me most about this is the fact countries like the US and UK have not kicked up such a fuss, and Russia and China did but then suddenly allowed the device into the country. This indicates that the US, UK and now Russia and China are happy they can circumvent the security and encryption of the devices to enable adequate surveillance of emails and messaging somehow. Presumably in collaboration with RIM. It also indicates they are happy with their snooping abilities on all other mobile devices.

The AES encryption cant be broken, so they must be relying on local legislation to request message content from the service providers, instead of using real-time interception and decryption.

Also lets not forget UAE installed a backdoor through a RIM update last year in order to capture emails on the device before they were encrypted for transition over the RIM network.

Aurora: Chinese Military Likely source

Confirming the suspicions of many, they US Congress has confirmed it believes the Chinese Liberation Army was behind the attacks on Google and other large US companies.

Its not that surprising, and the security scene has been suggesting that for a long time.

The only interesting thing to come out of the report was that a air-force base on the island of Hainan in the South China Sea, was the source of that and many attacks.

Coldwar goes wifi

In what i think is super exciting, the US FBI has arrested some russian spies.

In a legal document here , The details can be found.

The cool bit is that it reveals how he spies conversed with Russia using ad-hoc wireless network from drive by vans. Its like something out of a movie. A movie from the 1990’s maybe, but still its interesting.


On January 20, 2010, law-enforcement agents,
a c t i n g pursuant t o j u d i c i a l orders,
performed video s u r v e i l l a n c e on a coffee
shop l o c a t e d near the i n t e r s e c t i o n of 47t h
S t r e e t and 8t h Avenue i n Manhattan, New York
(the "Coffee Shop"). CHAPMAN was seated
near the window of t h e Coffee Shop and had
w i t h her a bag (the "Tote Bag"). After
approximately ten minutes, I observed a
minivan pass by the window o f t h e Coffee
Shop. Based on my conversations w i th
another law-enforcement agent, I know t h at
Russian Government O f f i c i a l #1 has been
observed d r i v i n g the minivan, recognized by
i t s license p l a t e , on a number o f occasions
subsequent t o January 20, 2010. As p a r t of
the s u r v e i l l a n c e operation, law-enforcement
agents u t i l i z e d a commercially a v a i l a b le
t o o l t h a t can detect the presence of
w i r e l e s s networks. The agents detected the
presence of a p a r t i c u l a r network (the "AD
HOC NETWORK") w i t h two associated MAC
5
addresses ("MAC ADDRESS A" and "MAC ADDRESS
B"). Based on my t r a i n i n g , experience, and
p a r t i c i p a t i o n i n t h i s i n v e s t i g a t i o n , I
b e l i e v e t h a t on January 20, CHAPMAN (from
the Coffee Shop) and Russian Government
O f f i c i a l #1 (from the minivan) used t h e ir
l a p t o p computers (which bore "MAC ADDRESS A"
and- "MAC ADDRESS B") t o c r e a t e the AD HOC
NETWORK and t o use i t t o communicate w i th
one another.
b.

The use of steganography is really interesting too. I would like to see what public websites they used to host the steg’d up images on.

I am kinda surprised that they dont use more advanced techniques than ah-hoc networks though. But i guess they just use what works and is available off the shelf to them.

network #neutrality and Islam

I have been reading into the stories surrounding the blocking of access to web sites that someone in the Pakistan Telecommunications Authority has deemed insulting.

Its a crazy situation to read about, as the way things work in Pakistan and other Islam oriented countries are largely alien to us in the west. Or at least me anyway.

I never talk negatively about any country, group of people, or especially religion, as its irresponsible to judge a group of people on a few of their members actions. But, i am not sure what to make of the Pakistan Telecommunications Authority. As a supporter of network neutrality and a supporter of free speech, and especially the freedom to follow any belief system you wish, i find myself conflicted with this. As in the case it seems the PTA is saying Islam is incompatible with network neutrality.

In the west we have the battle of capitalism (music/film companies) and neutrality, and in the east we have the battle of Islam and neutrality. And it looks like Islam is wining a lot easier than capitalism.

I can understand the motives of a greedy creative company, but i cant see the motives of the PTA. Are they trying to protect the citizens of Pakistan, please someone in government, or something else?

SU1X tool updates

Ive been busy updating the SU1X wireless windows deployment tool that i maintain.

See: https://sourceforge.net/projects/su1x/

Janet are creating a presence on thier website for it: http://www.ja.net/services/authentication-and-authorisation/janet-roaming/su1x.html

The documentation has also been updated and includes a case study and user guide.

Case study link: http://lsayregj.swan.ac.uk/su1x/su1x_case_study.pdf
User Guide link: http://lsayregj.swan.ac.uk/su1x/SU1X_User_Guide-v104.pdf
(Downloads will also be available on the JRS SU1X web page – follow menu link on http://www.ja.net/roaming)

There is also documentation for easy deployment of iPhones.

SU1X features now include:
– Automation of configuration of a PEAP wireless connection on XP(SP3),Vita and Win 7
– Can set EAP credentials without additional user interaction (avoids tooltip bubble)
– Installation of a certificate (silent)
– Checks for WPA2 compatibility and falls back to a WPA profile
– Third party supplicant check
– SSID removal and priority setting
– Support tab: (checks: adapter, wzc service, profile presence, IP)
– Outputs check results to user with tooltip and/or to file
– Printer tab to add/remove networked printer

If you get time to test or contribute that would be great.

Swansea used the tool all last year for our eduroam wireless network with excellent results.

I can feel my legs again

2 Days after the Welsh Castles Relay race i can finally feel my legs again. Only problem is now they ache.

Anyway, i have made good progress with the SU1X 802.1X deployment tool i develop. I have added suport to add a network printer and also, most importantly, i have managed to get it to use the WLANAPI cal to set the EAP credentials for a wireless profile. So the tool can now set the users wireless credentials without the need to clicking on the well designed ‘bubble’ that pops on on windows.

Im hoping this will reduce the support load from people who do not see the bubble appear, and fail to click it.

OK i gotta remeber to blog!

A lot has happened since my last blog. THe DEBill is now the DEAct 😦 very sad.

I need to get into the habit of blogging more regular, once a week i think should be enough.

I have lost interest in politics, as it is a flawed system. I know the lib dems are the biggest hope for change, but i wont be holding my breath.

I have managed to get a paper accepted in the KES2010 conference.

I have been to a few meetings regarding things like wireless roaming and authentication, as well as presenting at the Gregynog conference.

I need to get my thoughts down in this blog more often to help organise things better in my pea brain.