There is a record number of people hacking up a storm here at the Labb tonight!
Author: Laboratory B
Rap News 6 – Wikileaks’ Cablegate: the truth is out there
Cool Graffiti Printer
It’s so cool! Such a good idea! Paint/hack the planet!!!! [Link Here]
DD-WRT, I Know Where You Live
Oh goody! DD-WRT routers potentially vulnerable to a DNS rebinding attack. Not to mention disclosing internal network information at ‘/Info.live.htm’. [Link Here]
Using default private keys to decrypt SSL streams
An old but hugely overlooked issue. Many appliance vendors ship their units with a default private key for SSL communications. Even if you reissue a new certificate, your appliance could still be using the same private key as everyone else’s.. and it’s typically bundled within the firmware packages publicly distributed by the application vendor. This affects everything from DD-WRT to enterprise class VPN appliances, tape libraries, and firewalls.
Well, someone has finally begun cataloguing these into a searchable database:
http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/
Just lookup the device in question, point the lookup tool to a running appliance, or feed it a packet capture or live network interface and it will provide any known private keys. Once the private key is obtained, you can decrypt the SSL stream with tshark:
tshark -nn -t ad -r <pcap_file> -o ssl.keys_list:<HTTPS_server_IP>,443,http,”<private_key.pem>” -V -R http
December 2010 Microsoft Black Tuesday Summary
SANS Internet Storm Centers Summary of Black Tuesday updates from the Microsoft Beast. [Link Here]
Pwn Plug Wireless = Evil AP in a power brick!
Oh yes! Karmetasploit, wepbuster, aircrack, and kismet on a Sheevaplug microserver!
http://www.pwnieexpress.com/
JavaScript Obfuscation of an IE 0day
ms10_xxx_ie_css_clip with AV bypass? Yeah, you’re on the pwnie express.
http://grep8000.blogspot.com/2010/12/javascript-obfuscation-of-metasploit.html
Meterpreter scripts for RunAs privilege escalation & other mischief
Digital Forensics Comes to VT Police
7 Days Newspaper publish an cover story article last week about the developing digital forensics culture in Vermont. [LINK HERE]