Archive for August, 2009

Portable apps make portable hacks

Monday, August 31st, 2009

I recently posted an article about the instant message program Pidgin being insecure. However, I think insecure needs to be defined a little bit more. I was watching a recent episode of the TV show Leverage. In the show they have a hacker named Hardison that has incredible hacking skills that would make you cry. Most of his skills are totally impossible TV hacking but I’m still entertained because it doesn’t insult your intelligence. In watching the show though, I’ve found that many of the hacks that are done on the show can be performed on many computer networks because people have such poor security methods. Today, I’m going to talk about the easiest one. Walking in with a USB stick and using a portable application or by booting the computer with a LiveCD.

You may not be sure what I’m talking about but some programs for a computer can be run strictly from a USB stick. These cheap $10 memory sticks can be purchased almost anywhere these days and you can even get them at conventions from people trying to get you to look at their products. Simply delete their data off of it and I give it to my neices and nephews for school and games. Well, you can do more than that.You can buy a new one or one with a small amount of memory and use it to hack a computer.

The process is simple. I’ll explain the process not for hackers but for the techno savvy to understand how to prevent it from happening. Simply pugging a memory stick into a computer and having the portable versions of Wireshark, SIW, tor, RealVNC and winscp gives you all the tools you need to plug into a Windows machine find all the saved passwords and wireless access codes on that computer and scan for ones being input by other computers on that network and send them to your computer offsite without being tracked. Some processes could be scripted with a little work so the USB stick just has to be stuck into the computer and the rest just runs.

The other security threat is a LiveCD. Anyone could make one of these now days with a Linux distribution of choice. All the person needs to do is boot your computer with this LiveCD or LiveUSB stick. Once booted it can have scripts to find everything it needs to find. Learn everything it needs to learn and send it offsite or save directly to some portable drive (even the LiveUSB stick) everything it learned. It’s scary because when they shut the computer down you’d have no idea that you’d been hacked because there would be no log of the attack and everything would boot up as normal the next time.

This is scary stuff. If I’ve heard it once I’ve heard it a million times, “I don’t have anything important enough on my computer for anyone to hack me.” You’d definitely be surprised. Your computer can sometimes give someone all the information they need to assume your identity or attack someone higher up the food chain and make it look like you. I will never forget being a young IT director and getting a Windows NT box hacked and the hackers using it as a jumping off point to 3M. 3M tracked the IP address of the attack back to my company.Learn from me. Don’t let this happen to you. Lock down everything you don’t use on your firewall and in your permissions.

For more information or help with this please feel free to email me at: phillip@banksnetworking.com .

Pidgin insecure and my stupidity

Friday, August 28th, 2009

pidgin.jpgFor quite some time now I’ve been having a problem with my internet chat program Pidgin. It would work for a while and then all of a sudden I’d notice that the whole computer would come to a screeching halt. Resource usage would go up to 100% on a Linux machine. Not unbelievable but not very common for me. So, I figured out the problem was my instant messaging software Pidgin. Upon further investigation I found out that it probably was due to the Facebook plugin that I installed that let Pidgin log into my Facebook account and show me all the people available on Facebook chat.

Months went by without spending the time to find a solution for this until today I finally decided to really get into it because I love having my clients accessible to me through instant message rather than phone calls or texting. I had switch to using Kopete for the most part till I got around to fixing it but don’t like anything as much as Pidgin.

I completely uninstalled Pidgin and re-installed it and didn’t like when I saw my accounts log back in. There was obviously some information left on my computer after I uninstalled the program. First, I hate that! If you make a package, clean up all your crap when I uninstall it. Second, I found where it was saving its extra information. The folder “./purple” in my home folder. That’s not the shocking part though. I looked into the adium.pngdirectory and noticed my biggest screw up ever. I saved my passwords! I never do that and always advise people to never save a passwords on a computer.Within a file called “accounts.xml” were all my username and passwords for my different instant messaging accounts in clear text for anyone who sat down at my computer to look for and see. I ddin’t check this on a Windows PC or on a Mac (Adium on the Mac) yet but knowing that I do use it on these other operating systems I will be more aware. I also realized I use Pidgin’s portable version on my USB stick that I keep on my keychain. I don’t save passwords or accounts there because I use it so rarely but what if you did and lost your keys or USB stick. Your information is out there for anyone to see.

If for any reason you’ve saved a password on your computer delete them. Go into all your programs and empty out that information. A little bit of extra time logging in will save you many untold hours of grief. Many people use the same passwords over and over again. An experienced hacker knows to start first with the passwords he knows and just figure out the usernames. Don’t be a victim to this possible openning in your security.