|
|
|
Join in LIVE on the Internet Security Policy Forum
|
|
| 09.27.00
09.27.00: Free Live Webcast
Internet Security Policy Forum & Luncheon
U.S. Chamber of Commerce Hall of Flags
Washington, D.C.
In cooperation with the Critical Infrastructure Assurance Office, CXO Media
will be hosting the Internet Security Policy Forum & Luncheon. The Forum
assembles 100 of the top CEOs and CIOs in the United States in an effort to
"raise public awareness of the vulnerabilities of information technology
pertaining to security issues and to contemplate feasible solutions." Lew
McCreary, Editorial Director at CXO Media, will host the forum with Lou
Dobbs, founder of CNNfn.com and CEO of Space.com, serving as moderator.
WEDNESDAY, 09.27.00, 1:00PM
Mudge, Vice President of Research and Development for @stake, will be a
panelist at the Internet Security Policy Forum. Fellow panelists joining
Mudge include John Tritak, Director of the Critical Infrastructure Assurance
Office, Abbie Lundberg, the Editor in Chief of CIO Magazine, Larry Abramson,
a Telecommunications Correspondent for National Public Radio, and
participating via satellite will be Richard Clarke, the National Coordinator
for Security Infrastructure Protection and Counter-Terrorism.
The Internet Policy Forum Webcast is available via two locations:
Webcast 1
Webcast 2
ASK QUESTIONS. GET HEARD!
|
|
L0pht web site to Merge with @stake web site
|
|
| 07.24.00
The L0pht has evolved radically in the 7 years since it was founded.
What started out as a place for a few computer hobbyists to store their
manuals and "recycled" computers became an organization focused on
computer security and privacy. The L0pht has impacted the security of
the most popular hardware, operating systems and applications used
today.
Through our security advisories, tools, and talks at conferences, we
have changed the way many vendors design their systems and respond to
security issues. We have even affected the political environment of our
times. The L0pht has always been about sharing information and getting
people to be more open about security issues. Thus moving towards
actually understanding the problems at hand and becoming able to address
them "before the fact". This is one of the reasons we have supported
full disclosure and sought to inform end users as well as technology
professionals and vendors about security issues.
When the L0pht merged with @stake at the beginning of the year, it was
in an attempt to augment and impart our ideologies and problem solving
methodologies on a much grander scale. We believe we are heading in the
right direction.
Over the next several weeks we will start moving the L0pht, Hacker News
Network, and the @stake web sites into one cohesive unit. We will
continue to provide the useful information that the community has come
to expect from us. It is our belief that this, among other efforts, will
ultimately help us give back to the community in a greater way.
Rest assured, the new web site will continue to provide our research in
the form of security advisories, white papers and tools to the security
community, the way the
L0pht web site always has.
If you have any questions or comments please contact us.
|
|
Rainbow iKey USB Token Advisory
|
|
| 07.20.00
Rainbow
Technologies' iKey 1000 is a portable USB (Universal Serial Bus)
smartcard-like
device providing authentication and digital storage of passwords,
cryptographic
keys, credentials, or other data. This attack requires physical access
to the device circuit board, which can be gained in under 30 seconds with
no special tools and leaving no proof of attack. Administrator
access
to the iKey, using the MKEY (Master Key) password, is normally used for
initialization and configuration, and will allow all private information
stored on the key to
be accessed. By using any number of low-cost, industry-standard device
programmers, the MKEY value can be recovered or changed to a new
user-defined
value. This will allow the attacker to login to the iKey with
administrator
priviledges and access all public and private data.
Full
Details
iSpy,
Proof-of-concept tool for Win9x/NT, source code included
(31kB)
iKey
1000 Schematic .PDF (12kB)
|
|
NetZero Password Advisory
|
|
| 07.18.00
NetZero's password encryption algorithm can be trivially defeated. Weak
local password storage is a common practice but there are good solutions.
The advisory details the vulnerability and suggests better ways of handling
the
local password storage problem.
Full Advisory
|
|
AntiSniff Researchers Version 1-1-1 Release - typecast DNS fix
|
|
| 05.17.00
A cool bug on not properly ensuring variables were cast correctly was
found by sc. His statement that version 1.02 was affected seems to be in error.
In addition, the sample code he provided to various lists was reported
to us not to work. We have not verified the sample code but see the problem
that he points out and are in agreement on the problem. Only the
free researchers version appeared vulnerable.
AntiSniff Download page
|
|
Microsoft Office 2000 Scripting Advisory
|
|
|
Pair of Intel NetStructure Advisories
|
|
|
eToken Private Information Extraction and Physical Attack Advisory
|
|
|
Cartfix Secret Backdoor Patch Tool Released
|
|
| 04.27.00
The shopping cart software
Cart32 contains many serious security vulnerabilities.
These include a backdoor password
and embedded URLs that allow anonymous users to change the administrator
password and execute shell commands on the web server. Cerberus
Information Security issued an
advisory detailing these problems. We have issued a patch because we
think this problem is so serious that it deserves an immediate fix. It
is
unknown when the vendor will fix these problems.
Executable
Patch
Source Code
|
|
CRYPTOCard PalmToken PIN Extraction Advisory
|
|
| 04.10.00
CRYPTOCard's CRYPTOAdmin software is a challenge/response user
authentication administration system. The PT-1 token,
which runs on a PalmOS device, generates the one-time-password response. A
PalmOS .PDB file is created for each user and
loaded onto their Palm device. By gaining access to the .PDB file, the
legitimate user's PIN can be determined through a series
of DES decrypts-and-compares. Using the demonstration tool below, the PIN
can be determined in under 5 minutes on a
Pentium III 450MHz.
CRYPTOCard Corporation was extremely responsive to our advisory
submission.
Their comments and recommendations are
included.
Full Details
DeCRYPTO,
Proof-of-concept tool for Win9x (71kB)
|
|
TBA, The PalmOS Wardialer Is Now Available
|
|
| 03.24.00
After 2 years of blood, sweat, and tears, @Stake and L0pht Heavy Industries
proudly present TBA, the outcome of Project BootyCall. TBA is the
first
wardialer for the PalmOS platform. No more using a desktop or laptop for
scanning. Using a Palm device with a modem, you can wardial from anywhere a
phone line is available - throw it in a phone can to retrieve later, toss
it up in the ceiling during a security audit - the possibilities are
endless.
TBA is fully-featured, fully d0pe, and best of all, fully free!
Full Details
|
|
Advisory on Microsoft Clipart Gallery attachements
|
|
| 03.06.00
ClipArt Gallery (CAG.EXE) that comes with Microsoft Office 2000
processes ".CIL" files for installation of clipart from the Internet. The
CIL format is not handled properly by CAG.EXE and one of the internal
fields
in the file presents a buffer overflow condition, allowing arbitrary code
to
be executed by an attacker. The attacker would place a malicious CIL file
on a website, or in an email, causing the target to import the CIL file.
The
file will be opened without prompting as the CIL file format does not
require
confirmation for open after download. This issue requires NO active
scripting
to exploit, and is NOT regulated by Internet Explorer 'security zones'.
Full Details
|
|
Anarchy on the Web on The Connection radio show
|
|
| 02.11.00
Mudge and Weld Pond will be on The Connection radio show with host
Christopher Lydon today. Also on the chow are David Clark from MIT and
Mark Rasch, a former federal prosecuter. The program airs 11:06 to noon on
Friday 2/11/00 on WBUR, 90.9 in Boston. Check the
Connection
Stations to see if it is syndicated in your city. The program should
also be
available online streamed.
The
Anarchy on the Web Connection
|
|
Answers to all your @Stake Merger Questions
|
|
| 01.25.00
We created an L0pht/@Stake merger FAQ to answer many of the
questions we
have been receiving about the merger.
L0pht/@Stake Merger FAQ
|
|
Article on L0pht Merging with @Stake
|
|
|
Remote Root lpd Vulnerability in RedHat Linux
|
|
| 01.08.00
Dildog ain't slowing down for a second and has released his 2nd
Linux vulnerability for the week. This one allows a user who can print to
a RedHat Linux print server to execute code remotely as root. RedHat has a
patch.
Full Details
|
| 01.06.00
With news that is sure to shake up both the computer underground and the
computer security services market, the L0pht is very excited to
announce our merger with
@Stake.
"The opportunity to join the first and only independent 'pure play' in the
field of Internet security consulting is perfect for the L0pht," according
to Mudge, now @Stake's VP of R&D.; "@Stake's vendor neutrality, combined
with open lines of communication to the full spectrum of people dealing
with online security, allows us to remain true to our roots - security
research and execution which shatters industry myths and builds a totally
new standard."
Press Release
News:
Tech Heavyweights Join
Hackers, MSNBC
Hackers Become Security Consultants, AP
The Hackers and the Suits: A Made-for-the-Media Story , The
Industry Standard
|
|
PamSlam Advisory on Red Hat Linux pam vulnerability
|
|
| 01.04.00
A local root vulnerability exists in Linux in the pam authentication
module. Dildog has written source code to demonstrate the problem.
Both 'pam' and 'userhelper' (a setuid binary that comes with the
'usermode-1.15' rpm) follow .. paths. Since pam_start calls down to
_pam_add_handler(), it will dlopen any file on disk. 'userhelper'
being setuid means it will run as root.
RedHat has a patch for this problem.
Full Details
|
MORE NEWS...
|
