T-Online and the unusual way to get security
8(!) month ago a vulnerability was discovered in the ADSL-WiFi-Router “Speedport W700V” manufactured by Siemens, allowing remote users to access the web interface of the router remotely. Funnily enough the router shows the default password at the login screen. The router is given away for free with a contract with the German Internet Provider T-Online (German Telekom). A firmware update already exists fixing the hole. Some days ago, users of T-Online discovered that they couldn’t make connections on TCP-port 8085 anymore.
Here is the clue: T-Online admitted that they are blocking port 8085 for outgoing connections by now, but affecting only T-Online users. 
An auction site for vulnerabilities
What’s the security business about? Plenty of people sit in dark rooms and search software for vulnerabilities. When they discover one, they normally inform the software vendor about it and after that make it available to the public. The vendor releases a patch, the exploit gets published to the net. What does the security analyst get for it? Nothing but a bit of fame.
That’s supposed to change. Started on Tuesday, the first official* marketplace for security flaws opened. If you discover a vulnerability, you can register at WabiSabiLabi and sell it there in an auction or for a fixed price. The sellers and buyers must verify themselves, so no script kiddies bad guys may buy an exploit there. Of course one may ask it this is morally ok? I came to the conclusion that it is, because the software vendors then spent the money they saved by dropping quality and security checks of their software, so it should be zero in sum. And the guys sitting in their dark rooms get what they deserve.
* of course there has been a market for vulnerabilities in the underground for a long time
Phishing phishers and tracing their identities
Two fellow students of IT-Security at my university recently came up with an idea [paper] on catching phishers and tracing their identities. The idea is quite simple:
1.) collect some recent phishing sites, e.g. from Google or Microsoft
2.) create user credentials such as name, bank, account number, TANs etc. (e.g. from wordlists, dictionaries)
3.) send these special credentials (called ‘phoneytokens’) to the phishing sites
When the phisher[s] now visit the bank site and enter a phoneytoken, it is detected by the system and the phisher is being redirected to a honeypot system (called ‘phoneypot’) instead of the real banking application. This phoneypot looks like the real banking application and can collect data about the phisher, revealing organizational structures of the phishing system and hopefully the phisher himself.
Talks with German banks are currently in progress, let’s see how this will work in practice. I’ll keep you up to date.
If you have any input, you can write to the authors mentioned in the paper or to me, of course.
see you, cordney*
current workspace
Posted by cordney* in Q, development on April 28, 2007
A nice saturday afternoon, sun is shining, 26°C outside and myself is working… 
btw: if you know a working solution for the trac ticket spam problem, say having a barrier for spam robots to create and comment tickets, please let me know! Having the ticket section disabled although it could be really helpful in collecting bugs is not very amusing.
Getting Windows XP [continued]
Posted by cordney* in development, study on April 23, 2007
Yes, it’s true. I have to get Windows for developing purposes. One of my courses in the 4th semester require the AVR Studio IDE, which requires Windows XP. In “Embedded Processors” we are going to program an Atmel microcontroller to play the well known song “Frere Jacque”.
Luckily my university takes part in the MSDNAA developer program which gives you free access to operating systems, IDEs and other stuff from Microsoft. So here we go: Drop by at the office with a study attestation and get your login data. Then simply download the iso and burn it. “What, a 404kB exe file? What the hell?” Yes, they have their own installer, really! So what do you do with an exe file if you don’t own Windows? Fire up Darwine! Thanks to Mike, who builds Darwine snapshots regularly and offers them for download I now have the installer working and downloading a mysterious de_win_xp_pro_w_sp2.sdc file. “What the hell is sdc?” Next step in the installer is extracting the file, so let’s see if we get a burnable iso for BootCamp.
To be continued…
[continue]
Coming home from buying food I found my MacBook at full fan speed telling me that the start volume is full. Great! And WinHelper crashed. Even greater! But the installer is still open and tells me to click to install the product. So let’s see if we have an iso now.
Yey! An iso file! What a heck to just get Windows, no mentioning of installing and RUNNING it! Yak!
[/continue]