Security Bullet In
Communiques from the security front, sir
Thursday 25 September 2008, 5:43 PM
NeoPwn developer gives Linux device pwn details
The developer behind the NeoPwn mobile penetration testing device, 'Gino O', has given details of how support for the phone will work, and how he came up with the concept.
Gino O got back to me with answers to some questions, which I thought ZDNet UK readers may like to see in full:
"Software support is something we are offering to our customers, which will essentially boil down to monthly updates that will come in the form of .deb packages and/or diffs. These will cover any kernel changes, module support, and significant application branch updates.
We are also perpetually scaling the operating system, automation scripts and overall menu and filesystem to keep it up to date and easy to use (point and pwn).
Since Neopwn has just been launched, we can only anticipate the volume of support requests that we will receive relating to issues with the GUI’s, Dialogs, menu system, and automation scripts. I’ve personally been an active support flunky of the BackTrack distribution for quite sometime, and helping ‘newbs’ on the IRC channel and forum everyday for the last year+, my guess is that people will fail to (RTFM) scan the documentation we provide on NeoPwn’s usage.
We do have immediate plans to launch a forum and knowledge base (will be completed this week) for those that purchase NeoPwn.
Regarding hardware support, we offer the same support on the phones themselves as Openmoko offers us at time of purchase. The other devices vary (as in the USB UMTS/HSDPA modems, WLAN cards, etc).
HD Moore (creator of Metasploit) is also collaborating with us in conjunction to his project, ipwn.mobi. Our platforms have a common denominator so we have decided to partner up our projects.
You asked the question: How did I come up with the concept?
Answer: A long time obsession with porting Linux pentesting applications to PDA’s and mobile phones!
About ~3 years ago I got started with Familiar Linux on an iPaq, and always liked having Kismet in my pocket. From there, getting packet injection with the Aircrack suite seemed like mission impossible on a PDA.
Then once reverse engineering started to unfold with some of the HTC’s, I got the Blue Angel to do packet injection - which was very satisfying at the time (although there were driver issues for everything else and I couldn’t use the actual keypad).
I experimented with the HTC Universal, which to some was bulky, but to me one of the best form factors for a smartphone. It has the same wifi card as the Blue Angel, but instead of SDIO it runs on 16 bit slave memory and the driver for it was/is still very unstable.
So low and behold comes the Openmoko Neo Freerunner, with USB host mode and phone capabilities (where the Nokia N800 did not have the latter). The first thing I did was build a custom kernel and module support for the WLAN cards I commonly use. I literally hit this device head on with development, porting many of the commonly used apps found in the BackTrack distro. I’ve picked up some assistants along the way for hardware tasks.
Along the way, I adapted the missing QWERTY handicap and began to develop automation scripts, dialogs and GUI’s for most of the painstaking things that have to be done for hardware and application control from a terminal. A thousand plus hours later: the birth of NeoPwn."
Gino O got back to me with answers to some questions, which I thought ZDNet UK readers may like to see in full:
"Software support is something we are offering to our customers, which will essentially boil down to monthly updates that will come in the form of .deb packages and/or diffs. These will cover any kernel changes, module support, and significant application branch updates.
We are also perpetually scaling the operating system, automation scripts and overall menu and filesystem to keep it up to date and easy to use (point and pwn).
Since Neopwn has just been launched, we can only anticipate the volume of support requests that we will receive relating to issues with the GUI’s, Dialogs, menu system, and automation scripts. I’ve personally been an active support flunky of the BackTrack distribution for quite sometime, and helping ‘newbs’ on the IRC channel and forum everyday for the last year+, my guess is that people will fail to (RTFM) scan the documentation we provide on NeoPwn’s usage.
We do have immediate plans to launch a forum and knowledge base (will be completed this week) for those that purchase NeoPwn.
Regarding hardware support, we offer the same support on the phones themselves as Openmoko offers us at time of purchase. The other devices vary (as in the USB UMTS/HSDPA modems, WLAN cards, etc).
HD Moore (creator of Metasploit) is also collaborating with us in conjunction to his project, ipwn.mobi. Our platforms have a common denominator so we have decided to partner up our projects.
You asked the question: How did I come up with the concept?
Answer: A long time obsession with porting Linux pentesting applications to PDA’s and mobile phones!
About ~3 years ago I got started with Familiar Linux on an iPaq, and always liked having Kismet in my pocket. From there, getting packet injection with the Aircrack suite seemed like mission impossible on a PDA.
Then once reverse engineering started to unfold with some of the HTC’s, I got the Blue Angel to do packet injection - which was very satisfying at the time (although there were driver issues for everything else and I couldn’t use the actual keypad).
I experimented with the HTC Universal, which to some was bulky, but to me one of the best form factors for a smartphone. It has the same wifi card as the Blue Angel, but instead of SDIO it runs on 16 bit slave memory and the driver for it was/is still very unstable.
So low and behold comes the Openmoko Neo Freerunner, with USB host mode and phone capabilities (where the Nokia N800 did not have the latter). The first thing I did was build a custom kernel and module support for the WLAN cards I commonly use. I literally hit this device head on with development, porting many of the commonly used apps found in the BackTrack distro. I’ve picked up some assistants along the way for hardware tasks.
Along the way, I adapted the missing QWERTY handicap and began to develop automation scripts, dialogs and GUI’s for most of the painstaking things that have to be done for hardware and application control from a terminal. A thousand plus hours later: the birth of NeoPwn."
Tuesday 23 September 2008, 4:18 PM
Open source vendor in schools IT supply list
An open source vendor has been made an accredited schools supplier by Becta, the government agency which oversees IT in UK schools.
Sirius Corporation announced on Monday that it had achieved accreditation, after being the all clear by OCG Buying Solutions, which looks after procurement for the government.
John Spencer, Head of Education at Sirius said: "We are pleased to have shown that open source software is ready for educational institutions and that Sirius has the resources to support its increasing use."
Eleven other suppliers were also accredited, OCG Buying Solutions announced on Tuesday. These were Academia Ltd, Civica Services Ltd, European Electronique, Insight Direct (UK) Ltd, Joskos Solutions Ltd, Pugh Computers Ltd, Ramesys (e-business services) Ltd, RM plc, SCC, Trustmarque Solutions, and Viglen Limited.
Novell was not accredited, although it had previously been in the running, and had not got back to me at the time of writing.
Sirius Corporation announced on Monday that it had achieved accreditation, after being the all clear by OCG Buying Solutions, which looks after procurement for the government.
John Spencer, Head of Education at Sirius said: "We are pleased to have shown that open source software is ready for educational institutions and that Sirius has the resources to support its increasing use."
Eleven other suppliers were also accredited, OCG Buying Solutions announced on Tuesday. These were Academia Ltd, Civica Services Ltd, European Electronique, Insight Direct (UK) Ltd, Joskos Solutions Ltd, Pugh Computers Ltd, Ramesys (e-business services) Ltd, RM plc, SCC, Trustmarque Solutions, and Viglen Limited.
Novell was not accredited, although it had previously been in the running, and had not got back to me at the time of writing.
Monday 22 September 2008, 5:43 PM
Microsoft's Windows marketing saga continues
Microsoft is trying to improve sales of Windows with it's "I'm a PC" ad campaign, and it's enlisted some strange help.
Microsoft dropped its two frankly baffling ads starring comedians Jerry Seinfeld and Bill Gates, in which nothing really seemed to happen and no product or product line were mentioned (maybe it was some oblique reference to 'Waiting for Godot' -- 'Waiting for Vienna', perhaps?) Now everybody's favourite technology giant is attempting to rebrand itself by, well, using Apple's own pejorative tagline for Microsoft.
One of the ways Microsoft has tried to spice up the PC is to have comedian Steve Ballmer reprise his famous "Monkey Boy" routine. The result... well, see for yourself.
PC World is also running an amusing story that several images posted on Microsoft's website for it's "I'm a PC" campaign were created using... a Mac.
Is it just me, or is Microsoft shooting own goal after own goal on this one?
Microsoft dropped its two frankly baffling ads starring comedians Jerry Seinfeld and Bill Gates, in which nothing really seemed to happen and no product or product line were mentioned (maybe it was some oblique reference to 'Waiting for Godot' -- 'Waiting for Vienna', perhaps?) Now everybody's favourite technology giant is attempting to rebrand itself by, well, using Apple's own pejorative tagline for Microsoft.
One of the ways Microsoft has tried to spice up the PC is to have comedian Steve Ballmer reprise his famous "Monkey Boy" routine. The result... well, see for yourself.
PC World is also running an amusing story that several images posted on Microsoft's website for it's "I'm a PC" campaign were created using... a Mac.
Is it just me, or is Microsoft shooting own goal after own goal on this one?
Friday 19 September 2008, 5:05 PM
Cisco acquires Jabber
Networking giant Cisco has acquired open standards IM company Jabber, Cisco announced on Friday.
Cisco plans to "embed presence and messaging services 'in the network'", and to incorporate the technology into its existing IM product.
Cisco plans to "embed presence and messaging services 'in the network'", and to incorporate the technology into its existing IM product.
Wednesday 10 September 2008, 5:28 PM
Trend Micro gives false positive details
Trend Micro has given out details of two anti-virus signatures sent out last week that caused Windows DLL files to be quarantined.
The false positive identification of Windows systems files by Trend Micro Internet Security began at 4.30pm BST on 4 September with signature 5.521.50. The false positive affected Trend Micro users in Germany and Norway.
When Trend Micro tried to correct the issue, this inadvertently casued more damage, according to Rik Ferguson, Trend Micro's senior security adviser in the UK.
At 2.00am BST on 5 September Trend Micro sent out signature 5.525.50 to try to correct the original issue. The new signature affected even more users, in France, Turkey, the UK and Poland. Signature 5.527.50, sent out at 12.15, then corrected the issue -- for users whose systems still worked. The problem with quarantining systems files is that this is liable to make systems not work.
Trend Micro technical support has advice for users whose systems have fallen down, said Ferguson.
Feguson told me that the problem had been caused by more generic anti-virus signatures.
"It's one of the ways anti-virus vendors are looking at the huge rise in the number of variants of individual pattern files," said Ferguson.
The false positive identification of Windows systems files by Trend Micro Internet Security began at 4.30pm BST on 4 September with signature 5.521.50. The false positive affected Trend Micro users in Germany and Norway.
When Trend Micro tried to correct the issue, this inadvertently casued more damage, according to Rik Ferguson, Trend Micro's senior security adviser in the UK.
At 2.00am BST on 5 September Trend Micro sent out signature 5.525.50 to try to correct the original issue. The new signature affected even more users, in France, Turkey, the UK and Poland. Signature 5.527.50, sent out at 12.15, then corrected the issue -- for users whose systems still worked. The problem with quarantining systems files is that this is liable to make systems not work.
Trend Micro technical support has advice for users whose systems have fallen down, said Ferguson.
Feguson told me that the problem had been caused by more generic anti-virus signatures.
"It's one of the ways anti-virus vendors are looking at the huge rise in the number of variants of individual pattern files," said Ferguson.
Previous
