hacking – Page 4

LiveJournal Needs To Tighten Security

Hmm… as part of my ongoing work with Abnib v3.0, I’ve noticed a couple of interesting little quirks in the way that LiveJournal handles security for “friends only” and “private” posts. In fact, I’m pretty sure I’ve found a way to – for any given user – produce a list of the times, dates, and URLs of all posts made by anybody – even ones to which I don’t have access. Not terribly disturbing news, as I still can’t get access to the content of the posts or even the comments to them, but it’s an “opening” – a “way in” – which could potentially lead to a full-blown exploit.

For example, I can tell you that there is a post on Andy’s blog that I’m not allowed to read, that he wrote on the 17th of Januaryat about quarter past four in the afternoon (I hope you don’t mind me using you as my “guinea pig”, Andy – you’re the first person I came to who had a “recent” private post).

The numbers near the end of LiveJournal post URLs are supposed to be semi-random to prevent people from just “guessing” their way to posts, but it turns out this isn’t necessary. I’ve e-mailed LiveJournal to try to explain their flaw to them, but as I can’t be arsed to debug it myself (hey: not my weblog at risk, here), I don’t know yet how much of a priority they’ll make it.

Ho hum.

Edit: Further investigations have revealed that I can easily get the title (but not the content or the comments) of any LiveJournal post, including protected ones. For obvious reasons, I’ve now stopped using my friends’ weblogs as testbeds, and I’ve set up a couple of “play” accounts to try things out with. I wonder if I can get the content of posts? That’d be an interesting challenge.

An Interview With Gary McKinnon

There’s a stunning interview you can listen to on BBC World Service with Gary McKinnon, the Briton who hacked into US military and research computers in order to hunt for evidence of UFO activity. In the interview he talks about how he did it, what he found, and how he was caught, as well as his feelings over the fact that he may be extradited to the US for up to a 70 year prison sentence for something which, in the UK, he couldn’t get more than four years. It’s well worth listening to. You’ll want a copy of Real Alternative installed (like Real Player, except good).

More Geeky Fun – Hack Security Cameras

This was one of my most-popular articles in 2005. If you enjoyed it, you might also enjoy:

The Ten Weirdest Sex Toys I’ve ever seen (2009)!
A dirty-looking calendar I found at work (2011).
My beliefs about why it’s wrong to lie to children about Santa (2009), complete with pictures of naughty elves.
An argument I had (2011) with the Office of National Statistics about nonmonogamy and the census.
Open Source Shaving (2009).

Here’s a giggle – somebody’s found a cleverly crafted Google search string that will reveal the (unprotected) web interfaces of a particular kind of Panasonic web-capable security camera. Just point a web browser at http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22, then select one of the cameras (you might have to try a few before you get a working one). If you get a motorised one, you can even remotely control it! Here’s some I found earlier:

Update 17th August 2011: fixed broken link to Panasonic website!

A Demonstration Of The Next Generation Of ‘Phishing’ Attacks

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[further content was recovered on 13 October 2018]

If you’ve been on the internet for any length of time at all, you’ll probably have come across the concept of a phishing [wikipedia] attack, or even been the target of one. The idea is that Joe Naughty sends you an e-mail, pretending to be your bank, credit card company, or whatever, and when you click the link in the e-mail it takes you to your bank’s web site. Or that’s what you think, anyway. Actually, you’re at Joe Naughty’s web site, and it just looks like your bank’s web site. And so he tries to trick you into giving him your bank details, so he can rob you blind.

I was recently the target of such an attack (one related to the CitiBank browser-bar scam [bbc news]). In this particular attack, the fake site tries to trick you into thinking it is the real site by making your Internet Explorer address bar ‘disappear’, and then replaces it with a picture of an Internet Explorer browser bar saying that you’re on the real site.

I decided that this was a particularly crude hack, and that I could do better. And …

Royal Welsh Show

I’m writing this from the (badly-protected: just had to go to a page with a particularly funky JavaScript to break out of their front-end browser) BBC Wales bus at the Royal Welsh Show, where Alex and I are working on behalf of SmartData.

Suppose I’d better get back to work and let these kiddies have the ‘net connection back…

Claire’s Back

=o)

Last night was fun. After spending most of a day hacking into the BBC’s weather centre (I wanted a weather forecast XML stream, but couldn’t find a free one, so with Kit’s help I stole one instead), he, Claire (recently returned) and I went down to the beach after midnight with a bottle of Caern O’Moor Bramble Wine and enjoyed the first cool air the town has seen in most of a week.

I had a weird dream last night. Apparently, so did Kit. Must’ve been something in the wine.

Cool Thing Of The Day

Cool And Interesting Thing Of The Day To Do At The University Of Wales, Aberystwyth, #41:

Discover a major security flaw in the university network, that provides any user with half a brain, a computer in their room, some practice, and a lot of patience, the means to get the password of anybody else on your local workgroup, leaving them exposed to malicious attacks, e-mail theft, use of their print quota, and all kinds of other problems. It’s such a serious problem that I’m not going to go into further detail here, in case this e-mail gets into the hands of somebody on the network. Later, discover that this loophole has already been discovered and is abused by at least one third year student. I’ve arranged for John (who aided me in discovering the problem) and I to meet with network services management to inform them of the problem – simply because we feel threatened by it

The ‘cool and interesting things’ were originally published to a location at which my “friends back home” could read them, during the first few months of my time at the University of Wales, Aberystwyth, which I started in September 1999. It proved to be particularly popular, and so now it is immortalised through the medium of my weblog.