Ogenstad.net

Security Stories and Help with Network Documentation

Once upon a time this used to be my blog. For current updates head over to Networklore.

About / Stories / Contact

Buying a Spot in Prison with a Stolen Card

by

This is just sad, according to this article a guy is facing one to two years in jail for hacking. He got caught stealing credit card information and ordering goods which he shipped to his home address. I have two theories of what happened.

  1. He is so stupid he deserves jail time for that too along with his other crime.
  2. He has a brother in jail and has seen Prison Break, now he is about to free his brother.

I think I favor the stupidity theory, to make the prison stay a bit more comfortable I’ll just go ahead and recommend this colorful wallpaper to decorate the cell.

[tags]cyber crime, fraud, stupidity[/tags]

PayPal’s Security Question

by

I was setting up a personal PayPal account today and during registration want me to provide answers to two “secret questions”. This is nothing new and usually I just do what Bruce Schneier talks about it his curse; enter gibberish.

Feeling very clever I press the signup button, the result:

Your information is incomplete or incorrect. Please correct the fields below and try again:

  • You may not enter numbers in your mother’s maiden name.
  • You must enter exactly four numbers or letters for the last four digits of your driver’s license number.

What could possess anyone to do this? This is just plain stupid. PayPal’s password policy forces you to have eight or more characters, but the secret question for your driver’s license doesn’t allow you to have more than four characters.

[tags]security, passwords, authentication[/tags]

The Tale of the Nomadic Web Site – Part 9 – Conclusion

by

Aftermath:

Four months later.

Users had been complaining for a few weeks that the Internet access had been very slow. Kyle Donovan, the sysadmin at Regal-Pens, had informed everyone that they shouldn’t listen to Internet radio during work hours. This didn’t solve the problem, but when someone in management complained, there was talk about upgrading the Internet connection so Kyle didn’t think much about the complaints.

Their Terminal Server had also been slowing down of late and Kyle felt that a working Terminal Server was more important than having a fast Internet connection. He had been troubleshooting the server without finding anything.

Kyle had spoken with a geek friend of his, and agreed with his advice:

“You have to reinstall Windows every once in a while, it gets all clogged up in the registry and stuff. I bet not even Microsoft knows what’s going on in there.”

It shouldn’t be a hardware issue, Kyle thought. Not that many people used the Terminal Server, the whole thing seemed very strange. When Kyle was defragmenting the C: drive for the fifth time he saw something odd; the C: drive had used up 31 Gb of space. Strange, Kyle laughed when he saw that the C:\Windows directory consumed 22 Gb, talk about getting clogged up.

Kyle was sure he would share a laugh with his friend over this. He began by deleting all the blue $NTUninstall$ directories but it didn’t help, so the investigation continued. Finally he found a directory named:

C:\WINDOWS\system32\clients\faxclient\system\w95\

The name didn’t mean much to Kyle but its size was 18 Gb; at first Kyle was very puzzled. The directory held a great amount of pictures and asp files, and as he opened the first one his curiosity was replaced by an uneasy feeling in his stomach. Kyle felt the color withdrawing from his face, after seeing some more he got the taste of warm saliva in his mouth.

He didn’t make it all the way to the toilet but caught some of the puke in his hand, some of it he might have swallowed again but it didn’t stay down there for a long time anyway.

While washing his hands he realized that the pictures were still open on his screen for all to see. Panic seized him and on shaky legs he rushed back to the computer.

Kyle closed all the pictures and deleted the entire faxclient directory, his whole body was shaking. The thought that he might have been to rash crossed his mind, but it’s too late now. A long time after the incident Kyle was still worried that someone would come asking questions about the pictures that had been served on that server. He didn’t want to be accused of destroying evidence, or worse, but no one came.

After getting some coffee and calming down a small bit, Kyle hunted down his installation media for Windows and reinstalled the server. He had problems focusing and the reinstallation took the better part of the night.

During the coming week users thanked Kyle and said that what he’d done had fixed the Internet problem.

Kyle told management that the server had been hacked, but he didn’t mention the rest. Management asked how this could happen and the result was that they purchased a new firewall, which didn’t really solve anything.

The view on IT security that Kyle and his company had was a common one; we have no secrets, who would want to hack us?

Please note this is a purely fictional story, any names found here are made up. I’ve written this because I like writing, if someone reads it and enjoy it: great. If they get more conscious about security, that’s a bonus. If you have feedback or comments on the story please share them.

Links of Interest:

Computer Security Awareness videos

Security Awareness for Ma, Pa and the Corporate Clueless

[tags]security, stories, fiction, security awareness[/tags]

How-to Change Fonts in SYDI

by

I got an email from a user asking if I could change fonts in SYDI. My answer to him was; you change them.

There are two ways of doing this in SYDI both of them are easy.

The first way is to edit the script source. Open up SYDI-Server.vbs in a text editor and scroll down a bit to this section;

strFontBodyText = “Arial”
strFontHeading1 = “Trebuchet MS”
strFontHeading2 = “Trebuchet MS”
strFontHeading3 = “Trebuchet MS”
strFontHeading4 = “Trebuchet MS”
strFontTitle = “Trebuchet MS”
strFontTOC1 = “Trebuchet MS”
strFontTOC2 = “Trebuchet MS”
strFontTOC3 = “Trebuchet MS”
strFontHeader = “Arial”
strFontFooter = “Arial”

Just change the font names to what you want. If you don’t want to get your hands dirty by touching the code there is a fancier way of doing this too.

If you’ve used the help menu, cscript.exe sydi-server.vbs –h, you might have seen the –T option. What the Template (-T) option does is that it uses a Word Template file .dot and uses the settings from that file when writing the report for SYDI. The .dot file you choose to use can be one of your company’s template files or you can create a template just for SYDI.

To get started, run SYDI against your machine to create a word document. When the report is created, go to the Format drop down and choose “Styles and Formatting”. I’m using an English version of Word 2003 but it should be similar in other versions. From the Styles and Formatting section, change show to “Formatting in Use”. Now you can see the different formats used in the report.

Create a new word document, go the Styles and Formatting section, show “All Styles” and scroll down to Body Text, right click and select Modify, change the font to the one you want. I’ll just change the Body Text now but you can change all the ones found in “Formatting in Use” from the SYDI report.

Choose File, Save As. Change the Save as Type to “Document Template (*.dot)” and save the file as C:\SYDI\template.dot (or to your favorite directory).

To test your new template:

Cscript.exe sydi-server.vbs –TC:\sydi\template.dot

Hint: If you save the template in its default location you don’t need to specify the path when using –T.

If you’re having trouble implementing this or anything else related to SYDI, don’t hesitate to contact me.

[tags]sydi, network documentation, system administration, software, inventory[/tags]

The Tale of the Nomadic Web Site – Part 8

by

After having made sure everything worked in his demo site, n3m0 issued the sql injection and uploaded his nomad.asp script. For n3m0 the results were like hearing a beautiful song.

C:\WINDOWS\System32

0wned, the feeling still made n3m0 feel giggly, though this time it might have been because of lack of sleep. After penetrating the walls his focus went on to control. n3m0 began documenting the network, it had three servers. One Exchange server running IIS with OWA, this was the server he had first gained access to through the ShowRoom.Asp application. The second server was a Domain Controller which also acted as a file and print server. n3m0 chose the third server to host the website, it was a Windows Server 2003 box acting as a Terminal Server.

The server had 3 Gb of RAM, two 73 Gb SCSI disks set up in a RAID 1 mirror, only 13 Gb were used. Perfect, n3m0 found a suitable directory where his client would place the files and verified that the directory wasn’t part of any backup selection.

Regal-Pens used a firewall with a web interface, n3m0 was able to gain access with the help of a default password list. Later he also found the password in a text file located in kdonovan’s home directory; kdonovan was a member of the Domain Admins group which had prompted him to take a look. n3m0 opened up a random port for the web access and one to manage the server.

After some cleanup work he bid the network farewell and closed his connections.

Two days later the phone rang again.

“Hello” n3m0 answered.
“Why hello there,” said the distorted voice, “how are things progressing?”
“It’s done” n3m0 said.
“Excellent! What a good boy you are.”
“Uhm, what? Yes, I’m pretty good. So when will I get paid?”
“How do you want to transfer the money?”
“What, you’re not going to give them to me personally?” n3m0 asked.
“That’s not likely to happen, no.” The caller didn’t sound impressed.
“You don’t by any chance play online poker?”
“I guess I could learn.” n3m0 smiled.

[tags]security, stories, fiction[/tags]