Security Second Thoughts

Moved

2009-01-08T21:40:00.002-05:00

Just wanted to remind anyone that is still following this blog that it has moved a new site. Please update your RSS readers and links so they point at the new site. An RSS feed for the new location can be found here.

This Blog Has Moved

2008-11-30T23:01:00.006-05:00

Hi Everybody,

Over the past few weeks I've been working on revising the www.MatthewNeely.com website. In the process I moved my blog, its new home is www.matthewneely.com/blog/. Please update your RSS readers and links so they point at the new site. An RSS feed for the new location can be found here.

Stop by the new site and let me know what you think!

Cheers,
Matt

Changing for the Better

2008-09-18T23:29:00.004-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Security Alert - Insecure Hotel Locks

2008-06-14T21:54:00.012-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Can Anyone Identify This Lock?

2008-06-14T21:43:00.009-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

M-Commerce Security Tipping Point: SMS Phishing Toolkit in the Wild

2008-06-03T19:23:00.014-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Knitting Project to Protect Your Privacy

2008-05-18T22:00:00.009-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Tool Released to Brute Force Vulnerable SSH Server

2008-05-15T11:18:00.005-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Let the Brute Forcing Begin - Vulnerable SSH Keys Publicly Released

2008-05-14T21:20:00.009-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

New Penetration Testing Webcast by Ed Skoudis

2008-05-14T12:12:00.005-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Critical Ubuntu and Debian Vulnerability

2008-05-13T13:28:00.005-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Twitter

2008-04-28T00:57:00.002-04:00

Its official, I am now a Twit!

A week or so ago I gave in and joined Twitter. After being on it for a week I must admit I am hooked. As cheesy as it sounds I do have a better connection with my friends but I also have a better connection with the security subculture that is starting to us Twitter. That is the real value I see in Twitter.

At Notacon I talked with a bunch of folks regarding how they keep up to date on security. A number of them mentioned they use Twitter for this, two folks even said they stopped RSSing blogs all together and just used Twitter to keep up to date. That is actually the main reason I joined, also Tom and I made a pact to join if the other one did.

For those of you on Twitter here is my profile. Here are some of the security Twits I follow: Agent0x0, Pauldotcom, Martin McKeay, McGreySecurity, Window and Spacerog.

If you are already on Twitter follow me. If you aren't on Twitter give it a try! You might be surprised how useful it can be.

Cheers,
Matt

P.S. The Twitter Fan Wiki is an excellent source if you need a hand getting up and running.

Shout Out

2008-04-26T16:47:00.001-04:00

Shout out to Morningstar at the Shadows and Dust blog.

Cheers,
Matt

Bluetooth Penetration Testing Resources

2008-04-24T20:28:00.004-04:00

Today while doing some research on Bluetooth I came across two site which are packed full of information.

The first is Martin Karger's Evilgenius blog. Martin has a number of excellent posts on Bluetooth and other wireless security topics.

The second is the Bluetooth Penetration Testing Framework. This site has a wealth of information on attacking Bluetooth.

If you are interested in Bluetooth security I recommend you check them out.

Cheers,
Matt

PA Turnpike Making High Energy Weapons!

2008-04-20T22:05:00.004-04:00

On my way out to IKEA this weekend I discovered a secret weapons project sponsored by the PA Turnpike Authority. Along the way I passed many large Yagi antennas on the PA Turnpike. All are pointed towards Canada. Give the size of these antenna I think they are high powered energy weapon systems designed to protect us from our encroaching Canadian overlords.

Now that I have posted this story I know my life is in danger so I will be going into hiding inside a specially crafted tin foil cocoon.

Cheers,
Matt

P.S. I am not responsible for any actions taken by individuals who do not understand humor.

NEO InfoSec Forum Meeting This Wednesday!

2008-04-13T23:28:00.002-04:00

This month's NEO InfoSec Forum meeting is this Wednesday. We have three talks lined up on Nagios, FreeRADIUS and Notacon. Everyone is welcome to attend. Meetings are free and include free pizza! More information on the meeting can be found here.

Cheers,
Matt

Bugtraq Post - Slowly Closing Door Race Condition

2008-04-04T01:22:00.005-04:00

I'm not sure if this is an April Fools joke or not given the orginal release date. Either way on April 1st I)ruid from Computer Academic Underground released an interesting and entertaining security alert on a race condition that can exist with slow closing doors. I especially love the section explaining how to exploit the race condition.

It is always interesting to see what computer security folks come up with when they analyze physical security systems. Matt Blaze has a number of fascinating articles along these lines focusing on the mechanical security features used in locks and safes. I suspect we'll see more alerts like this as the convergence between physical and logical security continues to evolve.

Below is the advisory (original source):

                    ____      ____     __    __
                   /    \    /    \   |  |  |  |
      ----====####/  /\__\##/  /\  \##|  |##|  |####====----
                 |  |      |  |__|  | |  |  |  |
                 |  |  ___ |   __   | |  |  |  |
------======######\  \/  /#|  |##|  |#|  |##|  |######======------
                   \____/  |__|  |__|  \______/
                                         
              Computer Academic Underground
                  http://www.caughq.org
                    Security Advisory

===============/========================================================
Advisory ID:    CAU-2008-0001
Release Date:   04/01/2008
Title:          Slowly Closing Door Race Condition
Application/OS: Physical Structures
Topic:          Physical structures employing exit doors with locks
          are vulnerable to a race condition.
Vendor Status:  Not Notified
Attributes:     Physical, Race Condition
Advisory URL:   http://www.caughq.org/advisories/CAU-2008-0001.txt
Author/Email:   CAU 
===============/========================================================

Overview
========

Physical structures which employ automatically locking doors to secure
exit points expose a race condition which may allow unauthorized entry.


Impact
======

Malicious outsiders may be able to enter a structure via an exit point.

Exit points may additionally provide an exit from a secure area of the
structure, allowing an outsider entering through the exit point to gain
direct access to the secure area.


Affected Systems
================

Physical structures which employ automatically locking doors at exit
points of the structure.


Technical Explanation
=====================

An exit's lock[1] generally converts a two-way door into a one-way
door, allowing a person to traverse the door's threshold in one
direction but not in the other.  These types of locks are used to
secure exit points of structures so that people may exit via the door
but not re-enter without disabling the lock through force or
authentication.

When a person exits the structure through an exit point which is
secured by such a mechanism, a race condition exists wherein a
malicious outsider may be able to reach the door and enter through it
before it closes and locks itself.

Many doors, especially heavier ones, also employ closing mechanisms[2]
which are designed to cause the door to close slowly so as not to slam
the door shut and damage the door frame, or damage any human appendage
which may be in between the door and it's frame.  Such closing
mechanisms can greatly increase the amount of time that the race
condition exists.


Solution & Recommendations
==========================

1) Always ensure that personnel exiting an exit door wait outside the
door until it has completely closed and locked before walking
away.

2) Employ a double door system such as is used in an air-lock where
the interior door must be secured prior to the exterior door being
allowed to open.


Exploitation
============

First identify the exit point that you want to exploit.  Stand at a
safe distance during a high-traffic time and watch for people to use
the exit point.  Time how long it takes for the door to close and
lock itself when someone traverses the exit point.

Next, identify a safe hiding place near the exit point, preferably
in a direction that would be behind a person exiting the door, but
which is within a distance to the exit point which you could traverse
in under the door's closing time at a brisk pace or run.

Finally, hide in this location during a lower traffic time and wait
for someone to utilize the exit point.  After they have exited the
door and are walking away, run to the door and enter before it has
closed and locked.  Extra points are awarded for a spectacular dive
and/or roll to catch the door at the very last second.


References
==========

[1] http://en.wikipedia.org/wiki/Lock_%28device%29
[2] http://en.wikipedia.org/wiki/Door_closer


Credits & Gr33ts
================

Theodor Geisel, AHA!, NMRC, Uninformed Journal, dc214

Notacon This Weekend

2008-04-03T21:00:00.002-04:00

Tomorrow I'll be heading off the Notacon for the weekend. If anyone else is going to be there and wants to meet up drop me an email or leave a comment.

Cheers,
Matt

Wireless Vulnerabilities and Exploits (WVE) Database

2008-03-31T22:35:00.002-04:00

The Wireless Vulnerabilities and Exploit (WVE) database is a wonderful wireless security resource. The WVE is basically a clearing house for wireless vulnerabilities and exploits. It is similar to the Common Vulnerabilities and Exposure (CVE) database however the WVE focuses on wireless technology. Also the CVE database only tracks vulnerabilities where the WVE database tracks vulnerabilities and the exploits that can be used to attack those vulnerabilities.

When assessing the security of a wireless device this is one of the research tools I use to determine if there are any known weaknesses in that device.

If you have any interest in wireless security I highly recommend you explore the site and monitor it for updates. They even offer an RSS feed of the recent entries.

Cheers,
Matt

The Biggest Paradigm Shift in Mobile Security is...

2008-03-19T22:25:00.001-04:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

OWASP Meeting This Thurseday

2008-03-18T22:13:00.002-04:00

The February OWASP meeting that got canceled has been reschedule to Thursday March 20th. It will be held at the Winking Lizard in Bedford Hts. More information and details on how to register can be found here.

Note: Last I checked the link had not been updated to include the new meeting time. However all the other information is still valid.

Cheers,
Matt

Been Speaking, Looking for Feedback

2008-03-15T23:37:00.001-04:00

I've been doing a lot of public speaking recently. The past two Wednesdays I gave workshops on how to use NetStumbler and Kismet to find wireless networks, and last Friday I gave a talk covering the risks related to m-commerce. If any of my readers attended these talks and have comments on ways to improve them please let me know by posting suggestions in the comments section, you can even post them anonymously if you like. I am always interested in improving my presentations so any feedback is greatly appreciated!

Cheers,
Matt

Free Wireless Security Training In Cleveland

2008-02-28T21:40:00.005-05:00

In March I will be holding a free lecture and lab on locating and securing wireless networks. During this lab participants will learn basic information about 802.11 networks, how to find wireless access points using NetStumbler and Kismet and tips on securing 802.11 network. This is a two hour class that will include both a lecture and hands-on lab.

Thanks to Baldwin-Wallace's generous donation of their networking and computer lab this class is FREE to all NEO Info Sec Forum members!

There is a catch. Seating is limited and only open to NEO Info Sec Forum members. So if you are not a NEO Info Sec Forum member go over to the site and register. Once your registration has been confirmed let the person who activated your account know you want to take the wireless class.

Cheers,
Matt

Tonight's OWASP Meeting Has Been Canceled

2008-02-27T13:32:00.004-05:00

I just got word that tonight's OWASP meeting has been canceled. Rumor has it the meeting will be rescheduled to a future date.

Cheers,
Matt

Presenting at the Next Northern Ohio Infragard Meeting

2008-02-26T20:45:00.004-05:00

I'm happy to announce that I will be presenting "An Overview of Risks Related to M-Commerce" at the March 14th Infragard meeting in Cleveland. This talk will give a highlevel overview of various m-commerce solutions, discuss the associated risks and examine ways to mitigate these risks.

This meeting is free and open to the public. Anyone interested in attending can learn more and register at this link.

Cheers,
Matt

Cleveland OWASP Meeting Wednesday February 27th

2008-02-22T19:23:00.004-05:00

UPDATE: This meeting has been canceled and will be rescheduled to a future date.

Looks like the Cleveland chapter of OWASP is getting back on track! The next meeting is going to be at the Winking Lizard in Bedford Hts this coming Wednesday, February 27th. Meetings are free and open to anyone interested in web application security.

This meeting will cover:
Are you ready for D-Day?
Web App Review or Firewall?
What is a Web App Firewall?
OWASP #3 - Malicious File Execution

Did I mention FREE BEER and food (thanks to the folks at Applicure and SecureState)?

Location:
Winking Lizard
25380 Miles Road, Bedford, OH 44128

If you are interested in attending, please send an email with the subject "I'm there" and the body "I'll be there!" to dkennedy@securestate.com.

Cheers,
Matt

ShmooCon Bound!

2008-02-14T21:55:00.003-05:00

Bright and early tomorrow morning Meagan and I are heading off to ShmooCon! If anyone else is going to be there and wants to meet up drop me an email or leave a comment.

Cheers,
Matt

How Secure Are Your Wireless Headset and Other Wireless Device?

2008-02-11T22:17:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Verizon Dropping CDMA for GSM?

2008-02-10T12:42:00.002-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

A Chinese Cross Key Lock

2008-02-07T22:32:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

AMPS Network Decommission Could Impact Alarm Monitoring

2008-01-30T23:49:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

What Does a Port Scan Look Like?

2008-01-30T20:32:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Have a Humorous Security Story to Share?

2008-01-28T00:25:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

The Problem with SIM Dependent M-Commerce in the U.S.

2008-01-26T00:25:00.001-05:00

his blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

New Cellphone Worm in the Wild – SymbOS/Beselo

2008-01-23T23:00:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Cleveland Security Groups

2008-01-22T22:06:00.005-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

NEO InfoSec M-Commerce Talk

2008-01-17T15:30:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

24C3 Videos Posted

2008-01-12T22:38:00.001-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Giving an M-Commerce Presentation This Wednesday in Cleveland

2008-01-12T22:24:00.002-05:00

This blog has been moved to a new site. This post can now be found here. Please update your bookmarks and links.

Welcome!

2008-01-08T00:53:00.002-05:00

Actually this is no longer my "new blog". This blog has moved here.

------------------------------------------------------------------------------------------------------

Hello everybody and welcome to my blog!

I created this blog as a brainstorming area for me to share and flush out idea related to my current research projects. Eventually the material posted here will be rolled up into talks, research papers and articles that will be posted on my, not yet completed, website.

I have many areas of interest but recently my research has been focusing on wireless security, security convergence, penetration testing and security data visualization. So stay tuned for posts related these and other security topics.

I plan to post at least every Sunday.

Thank you for visiting.

Cheers,
Matt