Risque Management : Hacks

More daily hacks

Slav — Wed, 26 Sep 2007 08:39:00 GMT

Getting free access to communication services was always one of the primary hacking activities, still is. The recent proliferation of commercial Wi-Fi hotspot networks made them one of the prime targets. Stealing somebody's access by cloning a MAC address or performing a man-in-the-middle attack are well-known techniques. But if there is nobody in the area whose connection is available for stealing?

Nokia to the resque. In some countries (Australia, Indonesia, maybe more) Nokia teamed up with local operators of Wi-Fi hotspot networks to provide free Wi-Fi Internet access to the owners of Nokia N-Series multimedia devices. In Australia, their partner is Azure. The service is available in many locations in Melbourne CBD and also blankets the fun part of Chapel Street in South Yarra - if you're visiting, don't miss the place.

From a user's perspective, the service is same as with any other commercial hotspot - you find the network, associate to Azure, browse anywhere with your Web browser, and you'll be sent to the provider's captive portal. Then you'll see the difference - a "free access for Nokia N series" pictogram. Click on it, and you're logged on. Can browse Internet and place Internet calls with built-in SIP client.

So where's free access in this scenario? Simply put, the provider's authorisation system (that includes the captive portal and some kind of backend) has no way of knowing that I'm using the N Series. I don't know what kind of basic check is conducted by the server - can't figure anything but the MAC address first octets verification - but the onus is basically on me. The good news is that Nokia's product line is great. It gives Mac OS- and Windows-based telephones tun for the money. Symbian OS interface and applications are great, features that inclide full VoIP support (both standards-based and Skype), full support for secure wireless (including support for PEAPv0 that many Windows-centric corporate networks are using - not available in Windows Mobile yet). Prudly proprietary. Free Wi-Fi is a welcome bonus - and a chance to feel like hacker once more.

Other recent observations include some news about Bill Gates. I think BillG isn't @microsoft.com any longer. I mean, the account. End of the era, beggining of another one. Good luck and thanks to Bill.

Zero-knowledge Intrusion: upcoming 2600 article

Slav — Mon, 17 Sep 2007 09:20:00 GMT

Soon 2600 will publish my article on practical NIDS avoidance. As soon as it comes out, it will be on my Web site.

The magazine is quite an interesting reading - sometimes entertaining, sometimes educating, never boring. I'm glad to contribute.

How to stop Skype using ISA server, and why

Slav — Sat, 25 Aug 2007 07:18:00 GMT

Skype is a good example of how defying open standards can result in a better product. H.323, the first attempt at VoIP standard, failed miserably. SIP stands much better chance but there are numerous issues with SIP operator interconnections and crossing organisational perimeter. Skype doesn't have any of these issues: it doesn't interconnect with third parties, using PSTN as the only interface available; and it supports HTTP proxy for connectivity, effectively eliminating difficulties sending voice/video traffic to external parties.

Of course, Skype is scary (as in: buy a firewall, and may it protect you against Skype). It is the perfect backdoor, can only slow down the exploitation of it, and may protect a 0-day - Desclaux Fabrice of EADS does a decent research only to come to wrong conclusions. What's certain - Skype is a perfect target for hacking.

Some security people hate Skype and want to stop it. rootn0de provides a smart way of doing that (see Blocking Skype Using Squid and OpenBSD). Skype doesn't rely on DNS resolution for contacting its supernodes (because Internet DNS resolution may not be available on semi-isolated networks) - so rootn0de configures Squid proxy to block CONNECT tunneling connections to destinations represented by IP address. You cannot even modify the list of supernodes so that DNS resolution will work - so this is a really good hack. It doesn't require OpenBSD.

What about numerous organisations using Microsoft ISA Server as their Internet connection gateway? The solution is even easier. Configure ISA to require Windows integrated authentication and Skype will not work. Just checked - that's fixed recently in Skype for Windows 3.2 hotfix. Back to square one - no easy solution for ISA. You can be creative with Winsock client, or write custom filter, or channel traffic through Squid (defying the purpose of ISA to an extent). Besides, getting arount restriction to use Windows integrated authentication only can be relatively easily worked around - by modifying the client.

Solution, did I say? No. Trying to block Skype on the Internet access gateway is an example of wrong approach taken because of wrong problem definition. Skype is just a videophone with chat, that can also send files - most of potential Skype users on corporate network have Web access that allows chatting, sending files and placing telephone calls. If you don't want users to run software that you don't approve - don't let them by strictly controlling their operating environment (thin client solutions help here). If you don't want them to share information - don't give access, or protect it (RMS solutions help with this). But don't try to cripple the functionality that is already given to the users - they may as well have business need for it.

What the hack!

Slav — Thu, 29 Mar 2007 09:08:00 GMT

Recently I came across a Web site that sells software for predicting American Idol results: DialIdol.com

The idea is really neat: to automate diaing to the voting phone numbers, measure rate of "busy" signal, and make prediction based on that. It works with many TV shows - including Canadian Idol. And it's in true spirit of hacking - commodity technology is used to implement a brilliant heuristic with no harm done.

Well, there is a potential for harm in it. If the software goes out of control (as in: becomes hugely popular), it may pose a denial of service attack on the TV shows. Just like the Morris worm brought down the Internet.

Can the Idol show results be hacked? Obviously you can spoof your caller ID and make a million calls supporting your favourite talent. But you have to pay for the calls, which limits the impact - and avoiding the payment is a crime. Besides, even if you succeed, few will notice, as talents in question tend to be... insignificant.