Showing posts with label Physical Security. Show all posts
Showing posts with label Physical Security. Show all posts

Friday, May 30, 2008

physical access pwns you again...China +1

unconfirmed but completely believable:

"Government officials are not confirming a report that Chinese officials may have secretly copied the contents of a government laptop computer during a December visit to China by Commerce Secretary Carlos Gutierrez.

Commerce Secretary Carlos Gutierrez’s visit to China has raised security questions.

The Associated Press said an investigation into the suspected incident also involved whether China used the information to try to hack into Commerce computers.

The AP cited officials and industry experts as sources for the story, which said the surreptitious copying is believed to have occurred when a laptop belonging to someone in the U.S. trade delegation was left unattended.

When asked whether the Commerce Department is looking into the matter, spokesman Richard Mills said, “We take security seriously, and as we learn of concerns about security, we look into them.”

This kind of stuff has been going on for years to businessmen, and who's to blame them if some jackass leaves a laptop unattended.

http://edition.cnn.com/2008/US/05/29/china.hackers/
http://www.thedarkvisitor.com/2008/05/lose-a-laptopget-hacked-sigh/
http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php
/
/
No comments , ,

Tuesday, March 4, 2008

Firewire port == owned

"A security consultant (Adam Boileau) based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows' password protection code, which is stored there, and render it ineffective."

Very cool, of course most people know that if you have physical access to a computer its essentially yours anyway. The idea was originally presented in 2006 at Ruxcon, and now the code is released...now where did i put that firewire cable...

Article Link: http://www.smh.com.au/news/security/hack-into-a-windows-pc--no-password-needed/2008/03/04/1204402423638.html

Code Link: http://storm.net.nz/projects/16
/
/
No comments , ,

Thursday, February 7, 2008

Why "sticky" port security is dumb when your physical security sucks

If you havent heard of POPI Security... now you can:

P = Physical
O = Operational (OPSEC)
P = Personnel
I = Information(INFOSEC)

all that whiz bang pop a shell with metasploit and dump your mom's PII stuff falls into the "I" and they go up in order of ease, cost & complexity. For example, throwing a rock through a window and climbing into an office is in the "P" and cheap where a TEMPEST attack is in "I "and usually not cheap and requires a high degree of technical ability. Hopefully that makes sense.

Anyway, all that leads to the "no shit there I was" story of doing the onsite assessment. We roll in and get told there is "Sticky Port Security" on the switches. Begrudgingly we had given them our MAC addresses prior to the assessment so they could reserve us some IP space in the DHCP pool. So we set our IPs to the static ones they said we would have and nothing. A few phone calls later, still nothing.

Eventually we try plugging into empty network drops and setting things to DHCP, viola... IP address (not ones we were assigned) and connectivity. so much for port security, not much good when you leave hot open drops.

The "sticky" part of the security was a pain because we had 4 laptops and only 2 hot drops and the switch would only allow one IP per port. Thankfully, two networked printers were in the room, printing the printer's configuration (giving us its MAC) and SMAC for windows we had the other two laptops up and running. Yes, a simple 4 port router that clones MAC addresses would have worked too, but we didnt bring one.

Getting reverse shells back to our Linux hosts in VMware will be for another post, but we made it happen using VMware NATing & Fpipe.

Anyway, I mention physical security because:
1-we negated the port security by changing our MAC address and unplugging the printer from the network
2-because they didnt turn off ports that were unused we were handed IP addresses on the LAN
3-if the objective had been to just get "access" to the LAN we were done in 20 minutes
4-because of the open drops, 5 minutes and a wifi router and we could have had all the internal access we needed.

Just something to think about when you my smile smugly and tell people you have port security on your switches and your physical security sucks.
/
/
No comments , , , , ,
Subscribe to: Posts (Atom)

Copyright 2023 © Carnal0wnage Blog