Comments for Perimeter Grid

Comment on Hotel Internet and ISP Paywalls by garcia

garcia — Fri, 03 Sep 2010 18:55:09 +0000

Hi, I followed your instructions with wireshark (& alfa external modem). It is not working. Do you have more detailed instructions or a step by step video? Probably I am doing something wrong. Thanks

Comment on WPAD: Internet Explorer’s Worst Feature by Ryan G

Ryan G — Wed, 18 Aug 2010 16:59:52 +0000

Thanks so much for explaining more on the wpad. I have been battling this “connecting to wpad.localdomain” login box in IE for a while now, not really understanding what wpad is and does. This article explained it in perfect detail in order for me to continue on with my development. As it was, the connection box would pop up 3 times for every web page load or httpRequest that was being made.

Thank you for saving what hair I haven’t pulled out yet.

Comment on DefCon 18 Schedule by World Wide News Flash

World Wide News Flash — Sat, 31 Jul 2010 02:39:03 +0000

DefCon 18 Schedule | Perimeter Grid…

I found your entry interesting do I’ve added a Trackback to it on my weblog …

Comment on DefCon 18 Schedule by Amanda Demetrio

Amanda Demetrio — Tue, 27 Jul 2010 21:12:47 +0000

Hi Grant, Im not finding your e-mail, so I will talk to you here. My name is Amanda and I´m a reporter from Folha de S. Paulo (www.folha.com.br), the biggest brazilian newspaper. We are working on a story about the Black Hat Conference and we´d love to talk to you a little bit about it. Are you avaiable? We can do this by e-mail or over the phone. Whatever it´s best. My e-mail is amanda.demetrio@grupofolha.com.br. Thank you =)

Comment on DefCon 18 Schedule by Matt

Matt — Tue, 27 Jul 2010 19:44:50 +0000

Thanks! This will be very helpful.

Comment on DefCon 18 Schedule by Anjela Bugher

Anjela Bugher — Tue, 27 Jul 2010 16:25:43 +0000

Clarifying and attributing: I used Xeon's calendar from this post on the defcon forums as a jumping-off point. Thanks, Xeon!

Comment on Checks: The Most Dangerous Transaction by Vickie Tisdale

Vickie Tisdale — Tue, 04 May 2010 05:52:32 +0000

Many people who think nothing of handing over their credit card or writing a check when at a store or restaurant hesitate to use the same card online, regardless of communication protections.so people should more warn about their credit card when they use in restaurant,shopping and another work.

Comment on WPAD: Internet Explorer’s Worst Feature by Chris

Chris — Thu, 22 Apr 2010 22:24:48 +0000

Not sure how this is any more serious than someone attempting a basic man-in-the-middle attack using ARP poisoning or DNS poisening…

I did it the other day to my wife’s computer with Cain and Able, noticing that she was looking at more shoes to buy… Didn’t need to hijack her WPAD queries or DNS lookups to accomplish this task.

What WPAD does provide is the ability to have users dynamically find a proxy server. And the users don’t have to know anything about manually configuring (and enabling/disabling) a hard coded proxy server.

Security, as you obviously know, is a balance between functionality and safety. The only truly secure client is one that is turned off…

So this is really just another example of where it is up to the individual/management to determine if the risk of web hijacking outweighs the cost of manually managing the proxy configuration.

From my experience the WPAD feature is not used because of a general lack of knowledge and understanding on the technology. After all, it’s easy to slam in a proxy server with GPO’s…

Comment on Checks: The Most Dangerous Transaction by Charlie

Charlie — Wed, 24 Feb 2010 02:00:58 +0000

Just to relate my own recent experience: I dropped a check in the mail (at an official blue US mailbox in fact) – a large check of $8000 to pay off a car loan. All of a sudden, I started to see large withdrawls out of my checking account to places I had never heard of before. Obviously, I went to the bank right away and they were very good about closing my account and restoring the lost money. It took perhaps ten days or so. The sum of the missing money (done in a couple of transactions to different accounts) was nearly exactly equal to the amount of the large check I had written, which had never been received by the bank that had the car loan.
The guy who works at the bank heard a rumor that the mailbox I mailed the check at was vandalized and mail was taken.
So, yes, checks are scary things!

Comment on Checks: The Most Dangerous Transaction by Grant Bugher

Grant Bugher — Mon, 22 Feb 2010 03:38:01 +0000

Kenneth,

Essentially, they just print out a check with your routing & account numbers on it, print “Signature on file” for the signature line, and give it to their bank. The bank then has your bank debit your account and put the money into theirs. These days it’s usually done electronically rather than by “printing” anything.

Since I originally made this post, it’s gotten a little harder, as the bank issuing the draft is now liable for fraud, rather than the bank paying it. You still have the fundamental problem that the money is already gone and you have to get it back, but at least banks are putting more effort into preventing the fraud as they’ve started to lose their own money to it. There’s a statement from the FTC here that tells a bit more about how it works.

It’s a fraud that requires some setup time — i.e. you need to set up a fake business, get some bank accounts, process some legitimate drafts, and then commit the fraud. You can’t (anymore!) just go to a web site, enter somebody’s account number, and take all the money out. Checking account numbers are, however, still much riskier to give out than credit card numbers, and it’s still a much bigger pain to get the money back.

Comment on Checks: The Most Dangerous Transaction by kenneth

kenneth — Sat, 20 Feb 2010 09:10:34 +0000

i dont really get this, how can someone remove money from my account with just the routing number and account number…its making me nervous because ihave given no less than six people this info

Comment on Anonymity with TOR and its limits by Pete

Pete — Fri, 05 Feb 2010 12:31:43 +0000

Thanks for the info.
My paranoia flag just went up.
After all, you would be paranoid too if everyone was out to get you!

Comment on WPAD: Internet Explorer’s Worst Feature by Grant Bugher

Grant Bugher — Tue, 26 Jan 2010 21:10:51 +0000

I’m not quite sure what sort of attacks against IE “over SSL” you mean. There have, in the past, been attacks against browsers by embedding faulty strings designed to cause buffer overruns directly into the X.509 certificate — the only defenses against these are running a fully-patched browsers (to my knowledge, there are no known attacks of this type that still work on current versions of any major browser) and being cautious as to what you browse to. If you mean simply being attacked by an SSL site (e.g. embedded malware), it’s once again the same mitigations — avoid sites that are often malicious (e.g. warez) and use a current browser. The only thing SSL affects is that network-based IDS systems will not protect you in the case of an SSL site, since they can’t read the encrypted traffic — you’re reliant on host-based protection like anti-virus or anti-spyware software on your own computer. Of course, most people aren’t browsing behind a NIDS anyway, so this is no change unless you’re in a corporate environment.

On the other hand, if you mean attacks not against IE but against SSL itself, such as Moxie’s SSLSniff, they’re hard to detect. One thing that helps is actually opening and verifying the certificate — just because the padlock icon is there doesn’t mean you’re communicating with what you think you’re communicating with. Most of the time attackers don’t forge an entire certificate, just the domain name, so everything else may look wrong (or the certificate may be for * rather than a specific domain.) Once again, use a current, fully-patched browser, as this protects you from null-byte certificates (which actually may look perfect if you inspect them.) And most importantly of all, don’t use insecure wireless networks. Attacks like SSLSniff rely on being a man-in-the-middle — that is, an attacker must be able not just to read your communication but also to modify it. This means either he has to control a router between you and the website you’re talking to, or he has to be on a wireless network with you. The only safe thing to do on an insecure (open or WEP) wireless network is to VPN to a secure network. Anything else is vulnerable.

Comment on WPAD: Internet Explorer’s Worst Feature by Tom

Tom — Tue, 26 Jan 2010 20:45:47 +0000

I understand the countermeasures for IE attacks, but how can you detect an attack against Internet Explorer over SSL?

Comment on BlackHat 2008, Day 1 by cipcipcia

cipcipcia — Mon, 25 Jan 2010 18:22:32 +0000

how can I add to bookrmark your blog? would you like to visit mine? regards!

Comment on SMB Reflection Made Way Too Easy by The Doom of Client-Side Wireless Network Security | Matthias Vallentin

The Doom of Client-Side Wireless Network Security | Matthias Vallentin — Thu, 17 Dec 2009 17:38:13 +0000

[...] if the victim happens to use Internet Explorer, a weakness in Microsoft’s SMB file sharing authentication protocol can be exploited to own the [...]

Comment on BlackHat 2009, Day 1 by blackhatguide

blackhatguide — Mon, 12 Oct 2009 22:26:54 +0000

Hey, great work with the blog! lovin it mate let me know if you want to partner up with my blog as well! =]

Comment on Secure P2P for Pirates by A. peer

A. peer — Mon, 21 Sep 2009 07:45:15 +0000

The fake files is a non-issue, in fact if someone download a file, and its not what he wanted, he wont seed it and report the fake to avoid others to download it.

The torrent of choice must always be the one with the most seeds, not with the most leechers.

he might even report bad quality etc, pointing out the waste of time, problem is, people dont really read before downloading, automating the verifcation could help.

Comment on Checks: The Most Dangerous Transaction by Bonnie

Bonnie — Thu, 03 Sep 2009 16:44:51 +0000

I am 62 years old and have used checks since I was 18 years old.
I never had a problem.
I don’t use credit cards and don’t want any. I simply do not trust any credit card issurer.
I had a debit card until recently when there was fraudulant activity on my account, in spite of how careful I was using it.
The bank said they would send me a new debit card which I said I don’t want.
I will only use an ATM card now so I can get some money out of my account.
I do agree with your last tip to keep as little as possible in
your account.
I’ll keep cash on hand in spite of people telling me it is dangerous.
I have never had my purse stolen, but I sure have had thieves invade my bank account using my debit card !

Comment on BlackHat 2009, Day 2 by Peter Wells

Peter Wells — Fri, 14 Aug 2009 01:55:46 +0000

Every time someone comes up with a scam, we find ways to fight back. It was quite ingenious, I have to admit! But we got ‘em, and the game goes on.

–Peter
peter@tunecore.com