Edison Chan Sex Scandal. Lesson to be learned!

Last week, the hottest news was seems to be Edison Chan Sex Scandal. TV news, newspapers and various magazines were reporting on it. Colleagues in the office and people in the coffee shop were also talking about it.

For the benefit of those who do not know about this news, photographs of Edison Chan(famous Hong Kong actor) in bed with several top female actresses and singers were circulated in the Internet. According to reports, those photographs were illegally copied from Edison's laptop while it was being serviced. Rumours that the culprit had attempt to blackmail Edison's management company but failed.

I decided to highlight this scandal because i think that there are afew lessons that people can learned from it. As mention previously in my blog ("Mobile Warrior - Part 1, Disk Encryption" by AhTan), everyone should encrypt their important data in their computers. Beside sexy pictures, sensitive documents (such as company proposal, financial data) and personal information (such as Bank accounts number) should be properly encrypted.

Beside properly encrypting your important data, those data should also be properly backup (previous acticle "Mobile Warrior- Part 2: Backup, Backup"). With important data properly encrypted and backup, you will not have much worries that your data be stolen or lost when sending your laptop for servicing.

There were also reports that several spoofed and virus emails, claiming to contain Edison's sex photo, were found "tricking" curious users to download malware. Those emails contains links to "Edison's Sex pictures", which actually lead to websites containing malwares. Those "malicious" links were also found in online forums discussing on Edison's scandal.

Curiosity killed the cat, this is not the first time "hackers" are using "famous" topics (e.g Paris Hilton Sex video, Asian Tsunami video) to trick users to download malware. So be careful when trying to download files from untrusted source.

Related Reports:
- Sex scandal rocks Hong Kong
- AusCERT National Alerts - Tsunami Warning Fraudulent E-mails and Malicious Web Sites

Is your port being probed?

Nmap recently released version 4.5. It is their 10th anniversary since released in 1997. The new version comes with a new traceroute feature. There is also has a new OS fingerprinting detection engine and a new scripting engine. There is an addition of the ZeNmap (an GUI for Nmap) and the new port disposition explanations.

Beside introducing the new version of Nmap, i was recently been asked "Can we detect or prevent Nmap scanning?". I think many people (with security knowledge) will know that a proper Intrustion Detection / Protection System (IDS/IPS) can easily detect any scanning activities. A properly configured firewall can prevent a system from being scanned.

But frankly, Nmap scanning is quite harmless to your system. It is merely for reconnaissance on the system. If anyone who do not wish to implement a full IDS/IPS but still wanted to detect Nmap scanning, a progam named Port Scan Attack Detector (PSAD) will be useful.

PSAD is a lightweight network IDS that works on major Linux platform. It can detect port scan and other suspicious traffic. It is not able to do packet defragmentation and tcp stream reassembly like a full network IDS, but it incorporates many of the TCP, UDP, and ICMP signatures and able to detect advanced port scans (e.g SYN, FIN, XMAS). It can also work with iptable to block any detected traffic.

Related Sites:
- Nmap 4.5
- psad - Intrusion Detection with iptables

What is WIFI..?? - WLAN Part 1

Recently my friend ask about getting and securing a wireless Access Point (AP). So i think i should share some of my knowledge on Wireless Local Area Network (WLAN).



802.11 Standard
Some people might be asking, "Which is more secure? 802.11a, b, g or n?", "Which stardard should your access point support?"
IEEE 802.11 is a set of standards for wireless LAN. It define protocol used in the data link layer. The difference between various standard (802.11a, b, g, n) are mainly on the Frequency, the Data rate and the Range. You should get the AP that support the latest as it will normally be backward compatible with older protocol. But be careful on those AP that uses protocol that is still under "draft". As those "draft" protocol, various vendors may implement them differently. Network card and AP from different vendors may not be compatible.

-802.11a (release on 1999)
Frequency 5 GHz
Data Rate 54 Mbit/s
Range estimated 35m

-802.11b (release on 1999)
Frequency 2.4 GHz
Data Rate 11 Mbit/s
Range estimated 38m

-802.11g (release on 2003)
Frequency 2.4 GHz
Data Rate 54 Mbit/s
Range estimated 38m

- 802.11n (draft)
Frequency 2.4 GHz or 5 GHz
Data Rate 300 Mbit/s
Range estimated 70m

WIFI Encryption
So what are the different encryption type (WEP, WPA, WPA2, Dynamic WEP)? Which is more secured?
It is always recommended to use the latest encryption method (WPA2). But if not possible (latest method not supported), you should never leave your WLAN running without any encryption. Even weak WEP is better than nothing.

-Wired Equivalent Privacy (WEP)
WEP uses the stream cipher RC4 for confidentiality (encryption) and the CRC-32 checksum for integrity. It can be configured to use between 64 to 128bit. It can be easily cracked within minutes and was replaced by Wi-Fi Protected Access.

-Dynamic WEP
WEP keys change dynamically. It could change a user’s WEP key every few minutes. But with new wireless hacking technique, hacker can actively inject packets into a wireless LAN and cracked Dynamic WEP keys in minutes.

-Wi-Fi Protected Access (WPA)
It comes with two flavors of WPA: enterprise and personal. Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user. Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase. In PSK mode, security depends on the strength and secrecy of the passphrase

Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger initialization vector, this provides greatly improved protection against, and effectively defeats, the well-known key recovery attacks on WEP

-Wi-Fi Protected Access 2 (WPA2)
WPA2 support CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) encryption mechanism based on the Advanced Encryption Standard (AES). It is the implementation of the full 802.11i standard.

After sharing on the basic of WLAN, i will discuss more on the basic in securing WLAN setup in the next blog (part 2) and demostrate how easily WEP and WPA can be cracked in my future blog.

Black Tuesday but no patch for Excel vulnerability???

Yesterday, Microsoft had released their monthly security updates with eleven patches. There were six patches for Windows OS (from Windows 2K to XP, some even for Vista). One patch for Internet Explorer and four patches for various Office products. Among the 11 patches, 6 were classified as critical and 5 were important. Most of the vulnerabilities had the ability of remote code execution. Patching them were highly recommended.

There isn't any surprise to see so many "critical" patches from Microsoft's monthly "Black Tuesday". I was surprised when there wasn't any patch for the Excel vulnerability that was announce by Microsoft last month (refer to previous blog "Vulnerability in Microsoft Excel..." - Jan 17). This vulnerability was consider "critical" as a attacker can specially crafted an Excel file that trigger a memory corruption error and execute arbitrary code on the target system.

Looking at the Knowledge Base (KB) numbers that were patched this month, it seems that Microsoft have alot of backlogs to clear as they are still patching October vulnerability KB942695.

Related Reports:
- Microsoft Security Bulletin Summary for February 2008

- Microsoft Security Advisory (947563), Vulnerability in Microsoft Excel Could Allow Remote Code Execution

How to get into IT security?

I was reading a very interest column "Skills for the Future by Don Parker," http://www.securityfocus.com/columnists/464/1

It reflected a lot of the security folks that I knew including myself on the road being a IT security professional.

There were not many formal courses, firewall then is still in its toolkit level. Checkpoint Firewall-1 was just starting out. Kiddies were not so simple.

Things had changed so much and entries are much easier but the fundamentals are still the same. It takes the same hard work and attitude to be good any fields, IT security or not.

Well, you can trying getting into IT security but you will need more than just some CCSA or CISSP to know your stuff. So start getting down your nose to the floor and understand those packets flying around.

Sorry, not the red packets for Chinese New Year. Cheers.