Archive for April, 2011

Maybe yet another #BSidesLondon and a big London security conference this autumn #infosec

April 29th, 2011 Comments off

Alec Muffett mentions in his article “The Security Backlog” that there may be another B-Sides later in the year, and we can expect a big London security conference this autumn.

Thanks for linking, Alec.

Categories: Events Tags:

BSidesLondon was a great success

April 21st, 2011 Comments off

I am pleased to present that BSidesLondon was I great success. Awesome technical talks, awesome people, very good conversations there, and most importantly, it was very well organized! I really appreciated it that there was no alcohol allowed, Club-Mate as the “Hacker-drink” was available.

It started by explaining where BSides came from originally (here). As Lenny Zeltser mentions on his blog it is ok to

  • Join a conversation in progress
  • You need to let them into the conversation
  • Introduce yourself
  • Move from group to group
  • Have a business card or even better, a “calling-card” available with your contact details
  • Wear an name-tag

and this went really well.

The first talk after the introduction I attended was “DNS Tunneling: It’s all in the name!” from Arron “finux” Finnon. DNS is usually allowed in corporate or “commercial” environments and it showed some nice ways how to tunnel through DNS (“TXT” records) back out to the internet. He pointed out that some crazy fella even transferred shellcode this way. SysAdmins: Are you watching your DNS traffic?

Chris Rook about "pownerizing"


It went on then with “Jedi Mind tricks For Building Application Security Programmes” by David Rook & Chris Wysopal. We as security aware people, we must not come down with “you must not / do not” explaining to developers what security is. Most importantly we need to explain properly what this all is about. David pointed out that “SQL injection”, “jacking” or “pwnerizing” (see the picture) could be easily mistunderstood by developers, which is true I would say and was quite amusing.

The next one was “Practical Crypto Attacks Against Web Applications” by Justin Clarke. This was about how EBC and CBC works and practical attacks against those. Unfortunately I missed some of his talk, I need to get the slides from somewhere.

Xavier Mertens had his talk about “All your logs are belong to you!”. You can find the slides here. All systems are logging something and most importantly, they are your logs. Dont shy to ask your cloud provider to get logs about the services you are using. I can only agree with him that OSSEC is a great and wonderful open-source tool to analyze your logs automatically. The OSSEC Dashboard looks like a brilliant solution and I have to give that a try!

After the lunch break, Steve Lord was explaining in his talk “Breaking, Entering and Pentesting” the career path of a pentester. Starting as a “Nessus Monkey”, going through various stages and finally ending up as a professional pentester (aka “Jedi Master”) – and not in management. Brilliant talk. Steve was also at DC4420 btw.

Wicked Clown had then his talk about “Breaking out of restricted RDP”. It was good to see that you dont need “restricted” literally and how easy it easy to break out of it. Have a look at his websites for the slides, videos and more information.

David Rook presented then his second talk about “Agnitio: its static analysis, but not as we know it”. Slides are here. If you are into source review then this is something for you, you can find it here.

Manuel Leithner was then presenting “Your money, your media – a DRMtastic Android reverse (re)engineering tutorial”. It points out once again DRM is just “scary” and can be circumvented if you want to.

And the final one was Security YMCA by Chris John Riley, The Suggmeister, Arron “finux” Finnon and Frank Breedijk presenting the developer survey about security in a little bit different way, wan you can see here. It seems that most developers are not security aware – and we must communicate A.S.A.P:

Young man, I was once in your shoes.

I said, I was down and out with the blues.

I felt no man cared ‘ bout se-cu-ri-ty

There’s just too much in-du-vi-du-a-li-ty

That’s when someone came up to me,

And said, young man, take a walk in the street.

I really, want to know what you say

If only I could only un-der-stand you

You must communicate A.S.A.P


Finally, I want to say thank you to Matt Summers (@dive_monkey) for organizing this event. As I mentioned in the intro, perfectly organized, there was nothing missing. Looking forward to the next one.

PPS: Thanks Tomasz!
Categories: Events Tags:

Dedicated IPv6 gateway – way to go deploying IPv6

April 16th, 2011 Comments off

m0n0wall is a good product for running a firewall/gateway on an embedded device. It is based on BSD, very slick and reliable. I was using it a couple of years back, but unfortunately my hardware didnt had wireless integrated, so I had to give it up and get a WRT54GL – running OpenWRT of course.

Until now my IPv6 endpoint was this OpenWRT router, unfortunately it didnt had a full IPv6 firewall integrated – I never seriously tried the 2.6 branch of it, but this would support a proper ip6tables firewall.

When m0n0wall announced version 1.33 there was this “major ipv6 improvements” and I just couldnt resist to try it. The phoneline (not cable unfortunately) is connected to my ISP’s router which is then connected to my OpenWRT wireless router. I really didnt want to put the m0n0wall router (ie. “ipv6 router”) in line, so I decided to install it parallel to the OpenWRT router. The internal port of m0n0wall is connected to the switch on the OpenWRT router and the external to the ISP’s router.

Configuring IPv6 with a Hurricane Electric tunnel was easy going – the only problem I had was that I did not realized IPv6 was already enabled. I misinterpreted the interface configuration details of m0n0wall and expected to see some tunnel information (tunnel-endpoint information). I was wondering why the m0n0wall was always complaining about a duplicate IPv6 (nifty feature!) but then I saw that the same IPv6 was configured on the OpenWRT.

Removing then IPv6 completely from the OpenWRT and rebooting the m0n0wall box did the trick then – voila, IPv6 through a dedicated IPv6 only gateway works like a charm.

Thinking about it, this would be actually a good way to implement IPv6 in the business/enterprise, as this wouldnt cause any downtime, as long you ensure that your resolver doesnt give out IPv6 addresses *g.

Categories: IPv6 Tags:

Enabling IPv6 privacy on an Ubuntu box

April 16th, 2011 Comments off

It was bugging me a bit that my (internal) IPv6 address was a static one, ie. it is forever and ever the same, unlike a dynamic DSL IP. I heard/read somewhere about “IPv6 Privacy Extensions” are dealing with this issue, so I looked into this.

I originally thought – without having read something about it – that the gateway/router (ie. the Router Advertisment Daemon or RAD) has to support this feature, it made kinda sense, as this one is responsible for assigning IPv6 addresses in an IPv6 network. But I was wrong.

I came back to it with this article (in German) how to enable the Privacy Extensions and I learnt very quickly that it is actually the client where this has to be enabled. So on Linux by doing a

net.ipv6.conf.IF.use_tempaddr = 2

in /etc/sysctl.conf whereby “IF” equals the interface name (most likely eth0 or wlan0) followed by a

sysctl -p

enables this for now and makes it even permanent. To enable this actually, you need to shutdown your interface and enable it again, this is the only way how to get a temporary interface. By setting




lets you define how long these temporary addresses are valid. After getting a temporary address, have a look at

ip -6 addr  show

and you should see a line with “scope global temporary dynamic” in it… Thats it! Well done!

You can find more information in the RFC 4941.

PS: I am aware that right now IPv6 Privacy Extensions dont make a big difference as everybody has its own routed /64 range anyway.

Categories: IPv6 Tags: