Upgrading TrueCrypt

On March 19, 2007, TrueCrypt version 4.3 is released. There are many new features, improvements and bug fixes in this release, so I think it is the time to upgrade my installation.

I downloaded the TrueCrypt package, but they only provide for OpenSUSE 10.2 system. Last time I used the RPM version, it complained about kernel mismatch. But this time it didn't complain.

Unfortunately, I already have TrueCrypt installed from source package. So I need to remove that first before I install the newer version. To make matter worse, the TrueCrypt package doesn't come with uninstaller, I need to read the installer script and reverse the installation process to create an uninstallation script. This uninstalation script is very simple : it will remove three files that have been installed by the installation script.

Without further talk, you can download the uninstaller script here.

To remove your previous TrueCrypt that you compile yourself, just type the following command :

# ./remove-truecrypt.sh

And you're done.

Computer Virtualization in Java

Researchers at Oxford have built an x86 emulator that runs purely on Java, making it ideal for security researchers who want to analyze and archive viruses, host honeypots and defend themselves against buggy or malicious software without hosing their machines. The JPC also emulates a host of other environments, giving technophiles the ability to play Asteroids and other software that's sat on shelves for years collecting dust.

Here are several key features of JPC :

• Cross-Platform

JPC is completely implemented in Java, so it works seamlessly across all major computing platforms, including Windows, Linux and MacOS. JPC even works on non-x86 based hardware like ARM and SPARC.

• Secure

JPC comes with the assured security of being run entirely within the Java sandbox. This means that the emulated hardware is completely isolated from the underlying hardware and cannot damage or interfere with it in any way.

• Flexible

With JPC, you have complete configuration control with virtual peripherals and software libraries. And if you mess up, you only mess up your virtual PC. Just delete your disk images and start again.

Ferret : A Data Seepage Tool

David Maynor from Errata Security has just released a tool called Ferret for data seepage at BlackHat DC 2007.

According to the Ferret's page, data seepage are bits of benign data that people willingly broadcast to the world (as opposed to "leakage", which is data people want to hide from the world).

Examples of data seepage is what happens when you power-on your computer. It will broadcast to the world a list the list of WiFi access-points you've got cached on your computer, the previous IP address you used (requested by DHCP), your NetBIOS name, your login ID, and a list of servers (via NetBIOS request) you want connections to.

You can get Ferret here.

Learning Security using DamnVulnerableLinux

If you want to learn security by doing the actual "hacking", there is a good news for you.

Thorsten Schneider of the International Institute for Training, Assessment, and Certification (IITAC) and Secure Software Engineering (S²e) in cooperation with Kryshaam from the French Reverse Engineering Team has released Damn Vulnerable Linux (DVL).

Here is the description about DVL :

Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop -- it's a learning tool for security students.

DVL is a live CD available as a 150MB ISO. It's based on the popular mini-Linux distribution Damn Small Linux (DSL), not only for its minimal size, but also for the fact that DSL uses a 2.4 kernel, which makes it easier to offer vulnerable elements that might not work under the 2.6 kernel. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.

You will also get the video tutorials about DVL overview and the first lesson on buffer overflow. But you have to download them because they don't come with the distro.

At this moment the site can't be accessed, it seems that their system experiences technical problems.

I am looking forward for their next releases that will include so many wonderful tools such as Metasploit and of course more tutorials would be great.

Tool to Steal Browser History

pdp has designed a new tool to steal browser history, it's called Noscript HScan. The interesting thing about this tool is it doesn't need Javascript to be turn-on.

Up until now we thought that by disabling Javascript, we'll be safe. But apparently, that's no longer sufficient, now we need to disable CSS too. :D

Nessus 3.2 beta available for testing

Tenable has released Nessus 3.1.2 for Linux, FreeBSD and Solaris which is a beta version of the upcoming Nessus 3.2.

Nessus 3.2 contains the following new features :

- Experimental IPv6 support
- Improved bandwidth throttling
- Extended nessusd.rules to add support for ports and plugins
- New command 'nessuscmd' which lets you do a quick command-line scan
- Improved NASL engine
- Easy-update : Nessus can now update its own engine by doing /opt/nessus/sbin/nessus-update

Tenable explains more about these new features in its blog entry.

Secunia Releases Software Inspector

Feature Overview :

• Detects insecure versions of applications installed
• Verifies that all Microsoft patches are applied
• Assists you in updating your system and applications
• Runs through your browser. No installation or download is required.
  

The Secunia Software Inspector covers the most common/popular end user applications:

• Internet browsers
• Internet browser plugins
• Instant messaging clients
• Email clients
• Media players
• Operating systems

You can find it here.

Nessus 3.0.5

Tenable Network Security has released Nessus version 3.0.5. It fixes several "features" available in the 3.0.4 version. The fixes include :

• Faster startup time, especially on laptops
• Improved the performance of the SYN port scanner
• Fixed a memory leak in the Mac OS X client
• Vista compatibility improved
• Various minor bugs fixed in the NASL engine
• Better chasing of zombie processes

You can read more information about this in Tenable Blog.

0trace : A Tool to Trace Behind The Firewall

Michal Zalewski has just released a new security tool called 0trace. Here is a brief description about it :

This tool enables the user to perform hop enumeration ("traceroute") within an established TCP connection, such as a HTTP or SMTP session.

This is opposed to sending stray packets, as traceroute-type tools usually do.

Here is the benefit of using the mechanism applied by 0trace "such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table)".

But it also has limitations. According to the announcement information, the tool will not produce interesting results in the following situations:

• Target's firewall drops all outgoing ICMP messages,
• Target's firewall does TTL or full-packet rewriting,
• There's an application layer proxy / load balancer in the way (Akamai, in-house LBs, etc),
• There's no notable layer 3 infrastructure behind the firewall.

You can get more information about this from LWN article.