Sunday, July 27, 2008

Sound bytes could now play the devils tune !

The next time you want to download your favorite song (illegally ofcourse :)) from a p2p network or some illegal site, think twice. The latest in malware infection has just been found. According to this report from Kaspersky Lab, there is now a worm to infects your .mp3 files.

From the report, the workings of this worm are as follows:

The worm, which was named Worm.Win32.GetCodec.a, converts mp3 files to the Windows Media Audio (WMA) format (without changing the .mp3 extension) and adds a marker with a link to an infected web page to the converted files. The marker is activated automatically during file playback. It opens an infected page in Internet Explorer where the user is asked to download and install a file which, according to the website, is a codec. If the user agrees to install the file, a Trojan known as Trojan-Proxy.Win32.Agent.arp is downloaded to the computer, giving cybercriminals control of the victim PC.

You can get directly infected by the worm or via an already infected mp3 file downloaded from some malicious site or P2P share. The simple precautions to take against this type of infection are the age-old and time tested ones:

  1. Never run as administrator on your computer. I repeatedly keep hearing that its insane to not be administrator on your own machine. Please note that, if you run as administrator of your own machine, then there is probably another administrator of your machine :). This simple precaution can help mitigate tons of security issues and make attacking your system that more difficult.

  2. Do not install stuff from websites that you do not know or trust i.e. do not randomly click install buttons unless you are absolutely sure.

  3. If you are really crazy about p2p downloading as if your life depends on it, then try using a VMWare to download stuff. This way, in the event of a compromise, atleast your critical data residing on your real system is protected.

Thursday, July 24, 2008

Testing your DNS servers for CERT VU#800113 (or Dan Kaminskys bug)

Here are 2 pointers to diagnostic tools for testing your DNS server against Dan Kaminsky's vulnerability (or CERT VU#800113). Please note that these tools use a very simple test and may not be enough to provide a foolproof assessment of the strength of your DNS server.

[Update] There is also a simple command-line from the same folks at DNS-OARC. Just fire the following command from a command line (ofcourse you need to have dig installed).
dig +short porttest.dns-oarc.net TXT
The first gives out a real cool output. Sample shown below. If you see GREAT as the output it means you are ok against the bug (as far as the tool is concerned).


"Kaminskys DNS bug" drama

If you are reading this article and interested in computer security then you may already know about the blockbuster DNS bug and the whole drama around it. To put the long story short, a major bug in the DNS protocol was discovered around 6 months ago by Dan Kaminsky. To describe the bug simply, the bug makes DNS cache-poisoning attacks a walk in the park (details here). Kaminsky, being a white-hat researcher, responsibly informed all DNS vendors about the bug and wanted to make sure that all the DNS server implementations were patched before he disclosed the bug to the world at Blackhat'08. But, Kaminsky chose to address a press conference a month before the disclosure and hinted about the existence of the bug without giving all the details. This caused a furore in the community about Kaminsky's claims but he managed to convince people (THomas Ptacek of Matasano Chargen in particular) off-line about the importance of the bug by confiding in them with the details and encouraged ISPs to patch the bug as fast as they could before Blackhat. Thomas Ptacek, relaizing his mistake, immediately changed his pitch and started encouraging people to patch as soon as they can.

All was supposedly well, until Halvar Flake made an almost right guess at the bug. This somehow caused panic at Matasano Chargen and they released the full details of the bug before hurriedly pulling back the post. Ofcourse, with feed readers around the world caching his blog, pulling back the post did not do any real good and in their own words "the cat was out of the bag" for sure now. Dan Kaminsky diplomatically handled the disclosures and is now encouraging people to patch the bug as fast as they can. Unfortunately, the disclosure of details has already resulted in sample exploits for Metasploit to come out within the end of the day. Thomas Ptacek, ofcourse has now posted an apology on his blog !

Now, one can blame Halvar Flake and Thomas Ptacek for disclosing the bug. One can also blame Thomas Ptacek for breaking Dan Kaminskys trust. But if you are a security researcher, you know very well that you may not be the first one to discover the bug. Blackhats aka evil hackers, dont care about disclosing the bugs they find. They just use them !! So i believe that these discloures may atleast force lazy ISP's to patch their systems sooner. If that will really happen is something that remains to be seen. My guess is that inspite of all this drama, there will be DNS servers which will still never get patched and will be sitting ducks ready to be exploited. It will be interesting to see if hackers are able capitalize on this bug and use it for real damage.

If you want to test your DNS servers resilience to this attack, you can use the small "Check my DNS" widget on Dan Kaminsky's site (www.doxpara.com). It may be interesting to note that DJBDNS is not affected by this bug because of its sound design. Read Bruce Scheniers article for his praise of its design and the importance of thinking about security while development and not as an add-on.

Tuesday, July 22, 2008

Design of the Batpod !

Batman: The Dark Knight was released to theatres across US on 18 July 2008 and it was a rocker. I watched the IMAX version of the movie on the second day after its release and it was well worth the money. I think it was the Joker (Heath Ledger) who made this movie the hit that it became. The film had everything to offer right from cool stunts, cool gizmos, great graphics and stunning cinematography. This was probably the best movie of the first half of 2008 for me.

Batman is known for his cool gizmos and machinery and this movie offered no less in that respect. The coolest gadget that batman had this time was his Batpod. At first glance, the Batpod looked completely undrivable. How the hell did Batman (or his stuntmen) drive this thing in the movie?


Firstly here a good photo borrowed from this site:



I also found these few interesting paragraphs on its design :

From this:

The vehicle has
no handlebars, but shields for the shoulders that allow for steering.
It was also difficult to keep balance on the huge 508 millimeter tires,
with engines in both hubs of each wheel. Not only that, the driver has
to lie belly down on either side of the tank, balanced on two foot pegs
spaced 3 ½ feet apart.

From this:
Despite its curious mechanics, this is a drivable vehicle. Flanking the
Batpod behind the front wheel are two elevated stirrup like devices
which the stunt driver, Jean-Pierre Goy, places his arms into and
steers the vehicle using his shoulders. The engines are located within
each wheel hub, seemingly reminiscent of the electric motor integrated
into every wheel of MIT Media Lab’s CityCar. According to the LA Times, this attitude laden design was conceived by Nathan Crowley and built by Chris Corbould.

Neat stuff !

Monday, July 7, 2008

On predicting futures

You read it right. Its 'futures' and not 'future'. As historians and futurists would likewise agree, there is only one history but many futures. To put the remaining post in perspective, the post was prompted by an article on wired called 5 Things Wired Pronounced Dead Prematurely. From the article,
Web browsers (March 1997) Push media was about to supersede browsers. Or not. If we could push this claim from the archives, we would. (Original Article)
Its not so important that they got this wrong but the larger point being that, as humans we are very bad at predicting future events. As Nassim Taleb (author of The Black Swan) puts it, the future is non-linear and thus any attempts to predict it with the available knowledge and available trends is futile. This point chimes in with the earlier point of there being one history and many futures. The main idea behind these arguments is that, there are some unpredictable events that can completely change the course of progress.

I believe the browsers could not be obsoleted by push media for the following reasons:
  1. Emergence of Firefox and its wonderful plugin framework
  2. Emergence of blogging
  3. Syndication of content via protocols like RSS
  4. Emergence of Web 2.0 (stuff like Ajax, Web Services etc)
  5. Google's efforts to turn the browser into a "operating system" by providing critical business software from within the browser.
What we see more often today is that push has merged itself into the browser instead of obsoleting it.

Sunday, July 6, 2008

A fun javascript flipbook

Getting bored with my work, i tried doing something completely useless this weekend :). I had some photos taken in burst mode during my trip to La Jolla in San Diego County, California. So i stitched them together using javascript to create a flip book effect. You can check out the demo and the accompanying javascript on my website here. Enjoy !

Unfortunately, i could not put up the demo here as blogspot does not accept stuff within the <script> tags.