/var/log/messages
This section contains the latest news, announcements and thoughts from the MWR InfoSecurity team.
Developer Internship Opportunity
Jan 16, 2012
The development team within MWR create innovative solutions to help clients understand and manage their risk, as well as internal applications that support and enhance the operation of the business.
An opportunity is available for an internship with MWR’s development team this summer (2012). The successful applicant will undertake real work on a new development project and will be expected to take it from early requirements to a working solution by the end of the internship. They will be offered all the help and guidance they need to complete the project as well as a competitive salary.
Distributed Hash Cracking on the Web
Jan 05, 2012
The web is constantly evolving with new technologies being added all the time, creating a platform completely unrecognizable from when the web first began. MWR Labs recently carried out a research project to assess some of these new technologies and the possibilities they bring for helping to solve computationally intensive problems within security.
The main aim behind the project was to try to harness the power of two new technologies in particular, WebGL and WebCL, for retrieving passwords from hashes using a brute force technique. If this proved possible, the secondary aim was to assess how cost effective it would be to retrieve hashes in this way compared to using cloud computing. Let’s start with a brief introduction into these two new technologies…
veripy: New Project to Support the Migration to IPv6
Dec 14, 2011
MWR InfoSecurity is delighted to announce the start of a new project that will see the development of new tools to help support the migration to IPv6.
MWR will be working closely with CPNI on this project, with the primary objective being confidence and assurance in the hardware and software products that are to support IPv6 networking moving forwards.
This confidence will be fundamental to the transition from IPv4 to IPv6 which will be complex, but is critical to the future of networking and IT in general.
The goal of the MWR development project will be to release an open source software tool that can be widely used to test the readiness of equipment to support IPv6 in line with the RIPE 501 specification (http://www.ripe.net/ripe/docs/ripe-501). It is anticipated that additional components will also be released, although details of these will be published during the project.
The project is aiming to publicly release the first version of the tool in March 2012 although, MWR will be engaging with equipment vendors during the project lifecycle to identify how best to support their testing activities in this area.
The home of the project online will be http://veripy.org/ where interested parties will be able to check on the project status and eventually download a copy of the tool for themselves.
During the project input will be sought from a variety of sources and participation in the future development of the tool will be welcomed.
If you are interested in learning more and finding out how you can help please check back to the veripy website which will contain details about how you can participate.
Tell Us Your Incognito Ideas and Win One of 5 Lego Ninjas
Dec 12, 2011
Since the launch of Incognito in 2007 the importance of Windows access tokens have become well understood by the information security community. Their potential for abuse, typically in a post-exploitation environment to achieve privilege escalation is clearly demonstrated by Incognito and its accompanying metasploit module.
The original project aimed to provide a tool in order to accurately assess the risk imposed by windows access tokens. Now widely used by penetration testers during active security assessments the tool achieved what it set out to do. However, there is the feeling that the tools effectiveness could be enhanced with some small updates. These are planned for early 2012 and we are now seeking input from the community on features and bugs they would like to see addressed.
DM your ideas to us @mwrlabs – the best five ideas win a Lego Ninja!
How to find Android 0day in no time
Dec 02, 2011
Today we are releasing WebContentResolver, an Android assessment tool which allows you to find Content-Provider vulnerabilities in no time. A Content-Provider is one of Androids IPC endpoints; it is commonly used to implement data storage in applications and to offer access to this data to other applications on the device. The Android browser bookmarks or Android contacts list are just two examples for Content-Providers implemented on every Android. Unfortunately these Content-Providers are often riddled with vulnerabilities which allow third party applications or compromised applications to gain access to sensitive data. Regularly we find vulnerabilities, such as directory traversal or SQL injection in providers installed as part of the Android system or by third party applications. As these issues are similar to issues that are commonly found in web applications it would be desirable to test Content-Providers in the same way web applications are tested. This will allow us to leverage the current skill set of web application tester and the currently available tool set for web application testing. This is exactly what WebContentResolver does. This blog post will walk you through an example on how to use WebContentResolver. For this example we use the new Google Galaxy Nexus phone with Android 4.0.
A taste of Finland - T2 2011
Nov 04, 2011
Once again we headed to Helsinki for T2 2011, with MWR’s own Alex Plaskett presenting his innovative research on Windows Phone 7; it was going to make for an exciting couple of days. His talk was well received by the audience and was particularly topical, with the recent business agreement between Nokia and Microsoft to deliver Nokia phones with Windows Phone OS.
USB Fuzzing for the Masses
Jul 14, 2011
We began our USB research at MWR Labs approximately 3 years ago with the intention of quantifying risk associated with the use of this type of technology. The primary focus of this research was to attack the software that handles USB input, such as USB device drivers, which are implemented within commonly used operating systems. We wanted to understand whether there was a problem that our clients should be worrying about and if so how big it was. We also knew that it was important to detect and report exploitable vulnerabilities and not just denial of service conditions which are clearly not always as significant when you have a degree of physical access.
Over the past 3 years we have developed the methods we use for identifying vulnerabilities in USB software and have used these to identify a number of vulnerabilities in different platforms, including both Linux and Microsoft Windows. More importantly, we identified that any environment where a USB port is exposed should be reviewed as there are lots of potential vulnerabilities lurking below the surface of any Operating System, just waiting to be found. We have also realised that this isn’t an area of research that we can investigate on our own and a wider effort within the community is required. Therefore, we have decided to share some of the methods and techniques that we have successfully used to discover and exploit vulnerabilities in USB software so that a wider effort can be utilised to continue research in this area.
Debuggable Apps in Android Market
Jul 07, 2011
Whilst doing Android application security reviews for our clients MWR repeatedly identify Android applications that are shipped with debugging enabled. However, even without also performing an in depth assessment of the Dalvik VM debugging implementation this was assumed to be a high risk issue and on we report as such to our clients. This opinion was always based on the assumption that any application could initialise the debugging connection and use this to gain full access to the debuggable Java process.
A brief assessment of the most popular free Apps in the Android Market revealed that about 5% of these Apps are shipped with debugging enabled. In order to demonstrate the impact of this prevalent issue we decided to work on Proof-of-Concept exploit.
To the victor goes the gold, to the loser ...
Jun 30, 2011
To those who competed it is either congratulations or commiserations depending on how successful your team was. To those who didn’t you can but dream of a chance to compete next year. No matter how your team did it is fair to say that this year’s HackFu was a great success. The aim of this year’s contest was to unlock the secret of Hacker Island by exploring the high seas in search of gold. As the sun finally sets over the now fabled Hacker Island we are looking for the next generation of security consultants to join the team at MWR. We are now accepting applications from anyone who wishes to put themselves forward for an exciting role as a Junior Security Consultant. To be considered for this role you must:
- be eligible to work in the UK
- be able to commute to the Basingstoke area
- submit answers to the following two challenges from this year’s HackFu
- submit a CV and covering letter to recruitment2011@mwrinfosecurity.com
The Google Android Update Dilemma
May 18, 2011
Recently researchers from the University of Ulm demonstrated a problem which affects hundreds of millions of Android users. The vulnerability itself is fairly common and technically comparativly easy to fix. However the main problem lies in Google’s update mechanism for Android phones.