security – rich text https://www.lafferty.ca Rich Lafferty's OLD blog Fri, 16 May 2008 18:16:53 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.2 Exploiting NIC firmware https://www.lafferty.ca/2008/05/16/exploiting-nic-firmware/ Fri, 16 May 2008 18:16:53 +0000 http://www.lafferty.ca/?p=920 From Ben Laurie: Bypass the firewall by bypassing everything but the PCI bus.

]]>
USENIX has made its full conference proceedings available… https://www.lafferty.ca/2008/03/13/usenix-conference-proceedings/ Thu, 13 Mar 2008 14:03:05 +0000 http://www.lafferty.ca/2008/03/13/usenix-conference-proceedings/ USENIX logoUSENIX has made its full conference proceedings available to the public. USENIX, the Advanced Computing Systems Organization, holds many, many technical conferences each year, primarily on system and network administration and security, including LISA, the Large Installation System Administration conference. Previously, access to the conference proceedings required a USENIX membership.

]]>
Social engineering with USB keys https://www.lafferty.ca/2007/04/26/social-engineering-with-usb-keys/ https://www.lafferty.ca/2007/04/26/social-engineering-with-usb-keys/#comments Thu, 26 Apr 2007 16:28:25 +0000 http://www.lafferty.ca/2007/04/26/social-engineering-with-usb-keys/ A comment on a Reg story about USB-key malware led to a great story from about a year ago about a tiger team hired to audit a credit union, who launched a successful social-engineering attack dropping trojan-infected USB keys around the parking lot:

Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.

Full article: Social Engineering, the USB Way.

(Speaking of USB keys: humping dogs.)

]]>
https://www.lafferty.ca/2007/04/26/social-engineering-with-usb-keys/feed/ 1
Nifty keypad attack https://www.lafferty.ca/2005/11/21/nifty-keypad-attack/ https://www.lafferty.ca/2005/11/21/nifty-keypad-attack/#comments Mon, 21 Nov 2005 09:07:00 +0000 What do you do if you want to steal someone’s door code, bank card PIN, safe combination, etc., when you can’t watch them enter it, and checking fingerprints afterwards is too inconvenient? Just take a thermal image after they’ve left.

]]>
https://www.lafferty.ca/2005/11/21/nifty-keypad-attack/feed/ 3
Secure FTP backwards through a firewall https://www.lafferty.ca/2005/02/11/secure-ftp-backwards-through-a-firewall/ https://www.lafferty.ca/2005/02/11/secure-ftp-backwards-through-a-firewall/#comments Fri, 11 Feb 2005 10:02:00 +0000 Hoping the lazyweb can come up with a reasonably elegant solution to
a securing-FTP problem I’ve run into.

I have a setup like so:

   [ftp-server]---[broker]---|firewall|====[ftp-client]
   ^^^^^^^^^^^^^^^^^^^^^^^^^^          ^^^^^^^^^^^^^^^^
            intranet                        internet

I need to establish an FTP session from the ftp client to the ftp
server. —- is intranet, ==== is internet. broker is a machine
under my control. firewall will allow any outgoing connection and
will not allow any incoming connection. The FTP control and data channel
must not travel over the Internet plaintext, but plaintext from
broker to ftp-server is acceptable.

Using FTP is part of the specification. ftp-server will
only accept an FTP connection.

What can I do to make this work? In any circumstance other than FTP,
I’d ssh from broker to ftp-client and set up a reverse
(-R) tunnel from ftp-client back to ftp-server, but that
won’t work with FTP because of the data channel.

The less-than-elegant solutions I’ve come up with are:

  1. SSH out from broker to ftp-client, forwarding a port
    on ftp-client back to port 22 on broker. On
    ftp-client, ssh back through that tunnel back to broker
    with ‘ssh -D’, which sets up a SOCKS proxy tunnel in the right direction
    (beginning at ftp-client and connecting out from broker)
    Then use tsocks to SOCKS-ify the ftp client, and connect in passive mode
    “directly” to ftp-server from ftp-client, letting tsocks
    handle setting up the data channel’s tunnels as necessary.

  2. Build a ppp-over-ssh VPN between broker and
    ftp-client, initiated from broker.

Anything obvious I’m missing?

]]>
https://www.lafferty.ca/2005/02/11/secure-ftp-backwards-through-a-firewall/feed/ 6