Madrock

Kamakailan lamang ako ay tweaking ang aming ADSL 2 + koneksyon sa Internet (pagbabago ng linya pagpapalambing, atbp) at nakamit ang ilang mga mas mabilis bilis sync.

Upang subukan ito ako ay trying sa pag-eehersisiyo kung may sapat na bilis upang umalalay IP TV. Kahit na may isang malaking pagsandig sa pasalunga sa agos bottleneck at internasyonal na link latency, maaari ko lamang impluwensiya kung ano ang maaari ko bang pangasiwaan.

Kaya ang listahan sa ibaba ay kumakatawan sa mga site at mga feed ko natuklasan sa panahon ng pagsubok na ito. Umaasa ako sa mga link patuloy na gagana para sa isang habang kaya ang iba ay maaaring matamasa.

Ang ilan sa mga link ay RTSP (Real Time streaming Protocol) na kung saan ay kailangan ng isang streaming media player. VLC ay isang magandang opsyon na ngunit kailangan mong iugnay ang VLC sa loob ng browser na gamit mo soemthing ang reg hacks sa ibaba ng post na ito.

Live daluyan para sa mga nanonood UEFA Champions League:
Channel 1: http://onlinesports24.com/p2p/channel1.htm
Starsports: http://onlinesports24.com/p2p/starsports.htm
Kasaysayan ng Pelikula
Thriller TV

TvKnob 5 Comedy
TvKnob 7 Movies
TvKnob 9 Pang-edukasyon
TvKnob 10 Lifestyles
ReelGood TV

Western TV
Worm TV 273K

La Locale 441K
KTTV Fox11? 295K
Basta sa TV (sound?) 141K
Medizin TV Deutsch 491K

Cartoon TV
Crime TV
SKY NEWS Marcelo

Fox11 301K
Astro-Line TV
OLELO 53-261K
BFMTV France 348K
MadTV Greece 248K
Masiyahan sa Italya 331K
eTV Italya 273K
Astro-Line TV
OLELO 53-261K
BFMTV France 348K
MadTV Greece 248K
Masiyahan sa Italya 331K
eTV Italya 273K
Digital15 Dom Rep 143K
Cinquestelle Italya 220K
Congo Planet 273K
TV Martí US 273K
AlfaOmegaMovies Romania 192K
Digital15 Dom Rep 143K
Cinquestelle Italya 220K
Congo Planet 273K
TV Martí US 273K
AlfaOmegaMovies Romania 192K
Live1 Russia 232K
Orange Sports 744K
Worm TV 273K
BFM TV 348K
AZTV 247K

TN todo Noticias
Canal 13
BBC Radio sigurado ng channel 1
BBC Radio sigurado ng channel 2
BBC Radio sigurado sa channel 3
Live Talk Radio (Rush Limbaugh, Sean Hanitty, Mark Levin-Suriin Lokal Times-)

VIDEO

SKY NEWS Marcelo
Euro News Pranses TV ENGLISH
CNN International TV
Live Tv Network Canada Pranses
Italya [3] Channel ONE
Live TV Network NBC
Hockey
Pindutin ang TV
Euro News sa Pranses
Music Box Video
NRJ TV Hits Video HI-RES-
NRJ Pop Rock Video
NRJ TV Dance Video
UK Music TV

NRK

Thai channels
Thai TV 7 - http://tvonline.thaicool.com/thaitv/asx/7.asx
Thai TV 5 - http://tv.thai4promotion.com/ch/../asxfile/tv5_56k.asx
Thai TV 11 - http://tv.thai4promotion.com/ch/../asxfile/tv11_56k.asx
TITV - http://tv.thai4promotion.com/ch/../asxfile/itv_128k.asx
Thai TV 3 - http://tvonline.thaicool.com/thaitv/asx/3.asx

MTV ("Brand New")

Thriller TV

http://free-internet-tv.org/

Cartoon Channel

http://62.204.69.103/home_channel?WMcont ... ate = 350000
MMS: / / 62.204.69.103/home_channel? WMcontentbitrate = 350000 & MSWMExt =. asf

Lumang cartoons "> cartoons Channel (gumagana sa isang ipakita sa oras)

AdventureFree.TV
rtsp: / / video3.multicasttech.com/AFTVAdventure3GPP296.sdp

CartoonsFree.TV
rtsp: / / video2.multicasttech.com/AFTVCartoons3GPP296.sdp

ClassicsFree.TV
rtsp: / / video3.multicasttech.com/AFTVClassics3GPP296.sdp

ComedyFree.TV
rtsp: / / video3.multicasttech.com/AFTVComedy3GPP296.sdp

CrimeFree.TV
rtsp: / / video2.multicasttech.com/AFTVCrime3GPP296.sdp

HalloweenFree.TV <
rtsp: / / video3.multicasttech.com/AFTVHalloween3GPP296.sdp

HorrorFree.TV
rtsp: / / video2.multicasttech.com/AFTVHorror3GPP296.sdp

IndyMovies.TV
rtsp: / / video2.multicasttech.com/AFTVIndyMovies3GPP296.sdp

MysteryFree.TV
rtsp: / / video2.multicasttech.com/AFTVMystery3GPP296.sdp

SciFiFree.TV
rtsp: / / video2.multicasttech.com/AFTVSciFi3GPP296.sdp

WesternsFree.TV
rtsp: / / video2.multicasttech.com/AFTVWesterns3GPP296.sdp

EspanaFree.TV
rtsp: / / video3.multicasttech.com/EspanaFree3GPP296.sdp

Ang ilang mga iba pang mga listahan:

http://onlinetv.yamour.com/portal.htm

http://wwitv.com/portal.htm

Radyo

------ VLC_rtsp.reg -------------

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT \ rtsp]
@ = "URL: RealTime streaming Protocol"
"URL Protocol" = ""

[HKEY_CLASSES_ROOT \ rtsp shell \ \ bukas] \ command
@ = "\" C: \ \ Program Files \ \ VideoLAN \ \ VLC \ \ vlc.exe \ "\"% 1 \ ""

--------------------------

------- --------- RTSP_MeditPlayer.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT \ rtsp]
@ = "URL: RealTime streaming Protocol"
"URL Protocol" = ""

[HKEY_CLASSES_ROOT \ rtsp shell \ \ bukas] \ command
@ = "\" C: \ \ Program Files \ \ Media Player Classic \ \ mplayerc.exe \ "\"% 1 \ ""

--------------------------

Ang problema ay natuklasan sa Virtual Machine DOS (VDM) ipinakilala sa 1993 upang suportahan ang 16-bit mga aplikasyon (tunay na mode ng mga aplikasyon para sa 8086). VDM ay batay sa Virtual Mode 8086 (VM86) sa 80386 processors at, bukod sa iba pang mga bagay-bagay, intercepts hardware gawain tulad ng BIOS tawag. Google seguridad kasapi ng koponan Tavis Ormandy ay may natagpuan ng ilang mga kahinaan sa pagpapatupad na ito na payagan ang isang walang karapatan 16-bit programa upang mamanipula ang kernel salansan ng bawat proseso sa pamamagitan ng isang bilang ng mga tricks. Ang potensyal na nagbibigay-daan sa attackers-execute ang code sa sistema ng pribilehiyo na antas.

Bilang karagdagan sa mga unpatched butas sa Internet Explorer, ang isang nai-publish ngayon butas sa Windows ay nagpapahintulot sa mga user na may restricted access sa padamihin ang kanilang mga pribilehiyo sa antas ng sistema ng isang € "at ito ay naniniwala na posible sa lahat ng mga 32-bit mga bersyon ng Windows mula sa Windows NT 3.1 hanggang sa, at kabilang ang Windows 7. Habang ang kahinaan ay malamang na makakaapekto sa mga gumagamit ng bahay sa lamang ng isang menor de edad na paraan, ang administrator ng corporate networks ay malamang na magkaroon ng kanilang mga kamay na ito buong linggo.

Ang problema ay dulot ng flaws sa Virtual Machine DOS (VDM) ipinakilala sa 1993 upang suportahan ang 16-bit mga aplikasyon (tunay na mode ng mga aplikasyon para sa 8086). VDM ay batay sa Virtual Mode 8086 (VM86) sa 80386 processors at, bukod sa iba pang mga bagay-bagay, intercepts hardware gawain tulad ng BIOS tawag. Google seguridad kasapi ng koponan Tavis Ormandy ay may natagpuan ng ilang mga kahinaan sa pagpapatupad na ito na payagan ang isang walang karapatan 16-bit programa upang mamanipula ang kernel salansan ng bawat proseso sa pamamagitan ng isang bilang ng mga tricks. Ang potensyal na nagbibigay-daan sa attackers-execute ang code sa sistema ng pribilehiyo na antas.

Ormandy ay din publish ng isang naaangkop na maningning na tagumpay na function sa ilalim ng Windows XP, Windows Server 2003 at 2008, Windows Vista at Windows 7. Kapag sinubok ng Ang H's Associates sa heise Security, ang maningning na tagumpay binuksan ng isang prompt command sa sistema ng konteksto, na kung saan ay ang pinakamataas na antas ng pribilehiyo, sa ilalim ng Windows XP at Windows 7. Walang patch ay naging available, bagaman Ormandy mga ulat na Microsoft ay naka-alam ng butas sa kalagitnaan ng 2009. Ang developer ay nagpasya na-publish ang impormasyon na alintana sapagkat, sa kanyang mga opinyon, diyan ay isang simpleng workaround: upang huwag paganahin ang MS-DOS subsystem.

Ang workaround ay nangangailangan ng mga user upang simulan ang grupo ng patakaran na editor at paganahin ang "maiwasan ang access sa 16-bit mga aplikasyon ng" na opsyon sa Computer Configuration \ Administrative Template \ Windows Components \ Kaangkupan seksyon Application. Kapag nasubok na may mga setting na ito sa pamamagitan ng ang koponan heise Security, ang maningning na tagumpay hindi na nagbigay. Ang mga setting ng reportedly hindi maging sanhi ng anumang malaking problema sa compatibility para sa karamihan sa mga gumagamit habang hindi 16-bit mga aplikasyon ay ginagamit.

I-update - Ang mga opsyon sa itaas ay makukuha lamang sa pamamagitan ng mga patakaran na editor grupo sa Windows 2003 na mga sistema. Ang ilang mga bersyon ng Windows ay hindi isama ang isang grupo ng patakaran na editor. Bilang alternatibo, ang mga gumagamit ay maaari ring lumikha ng isang pagpapatala susi sa ilalim ng \ HKEY_LOCAL_MACHINE \ SOFTWARE \ Patakaran \ Microsoft \ Windows \ AppCompat sa isang D-Word halaga ng VDMDissallowed = 1. Sa ilalim ng Windows XP, upang maiwasan ang sistema mula sa pagiging madaling matukso sa mga maningning na tagumpay, ang mga gumagamit ay maaaring ilagay ang sumusunod na teksto:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Patakaran \ Microsoft \ Windows \ AppCompat]

"VDMDisallowed" = dword: 00000001

sa isang file na tinatawag na vdmdisallow.reg at double click ang file. Windows ay pagkatapos ay awtomatikong i-import ang susi (admin mga karapatan ay kinakailangan upang maisagawa ang aksyon na ito).

I-update ang 2-isang Microsoft ay nakumpirma na ngayon ang mga pribilehiyo pagdami butas sa Windows. Ang kumpanya ay nagsabi na ito ay nagnanais na kumpleto ang imbestigasyon ng kahinaan at pagkatapos ay magpasiya kung, kung paano at kung kailan upang isara ito.

Tingnan din:

• Microsoft Windows NT # GP bitag Handler Nagbibigay-daan sa mga gumagamit upang Lumipat kernel Stack , katiwasayan advisory mula sa Travis Ormandy.

Redmond - Kapag umuulan, ito pours. Lalo na sa Seattle lugar. Tavis Ormandy ay nai-publish na ang buong detalye sa isang pribilehiyo pagdami tadtarin ng lahat ng mga bersyon ng Windows kasama ang Windows 7.

Ang maningning na tagumpay tumatagal ng bentahe ng isang bug sa Windows pagpapatupad ng 'virtual machine DOS' na ginamit upang magpatakbo ng mga programa ng legacy 16-bit. Ang maningning na tagumpay ay maaaring iwasan sa pamamagitan ng paggawa ng VDM 'tampok na' off ngunit ang panganib ng kurso ay sapat na Windows lusers ay hindi alam tungkol sa mga bug at / o abala sa paggawa sa mga 'tampok na' off.

16-bit mga aplikasyon kailangan BIOS suporta; ang Windows kernel ay sumusuporta sa virtual interrupts BIOS nito sa 'Virtual-8086' code mode monitor. Ang code ay ipinatupad sa loob ng dalawang yugto. Ang # GP bitag Handler transitions sa ikalawang yugto kapag CS: EIP faults sa mga tiyak na 'magic' na halaga.

Ang paglipat ay nangangailangan (kasunod sa authentication) ibalik ang konteksto at ang tawag salansan mula sa faulting frame bitag. Ngunit ang proseso ng authentication ay flawed, umaasa na ito ay sa tatlong maling pagpapalagay.

• Pagse-set up ng isang VDM context nangangailangan SeTcbPrivilege. Ang mga hadlang sa pagkuha ng isang VDM konteksto ay maaaring subverted sa pamamagitan ng humihiling ng VDM subsystem NT at pagkatapos ay gumagamit ng CreateRemoteThread () upang magpatakbo ng code sa konteksto ng VDM subsystem. Ang VDM subsystem ay mayroon ng kinakailangang mga set bandila.
• Tawagan ang 3 (walang karapatan) code ay hindi maaaring i-install ang code sa arbitrary segment selectors.Using ang dalawang hindi bababa sa makabuluhang bits ng CS / SS upang makalkula ang mga pribilehiyo ng isang gawain ay hindi gumagana kapag ito ay dumating sa Virtual-8086 mode. Ang 20-bit addressing (sa pamamagitan ng pagdagdag CS <<4 sa 16-bit IP) ay ginagamit din sa mapa papunta sa protektado sa guhit Virtual-8086 address space. Kung CS maaaring itakda sa isang di-makatwirang halaga, at pagkatapos ay ang mga pribilehiyo pagkalkula ay maaaring circumvented.
• Tawagan ang 3 (walang karapatan) code ay hindi maaaring pandayin isang frame.Returns bitag sa user mode ay sa pamamagitan ng IRET. Ang isang hindi wastong konteksto ay maaaring maging sanhi ng IRET mabibigo sa pre-magkasala, na sa turn forges isang bitag frame. At kahit na may address randomisation ito ay mahalaga na gamitin NtQuerySystemInformation () upang makuha ang address ng ikalawang Handler BIOS yugto.

Apektado Systems

bug na ito petsa likod 17 taon at nakakaapekto sa lahat ng mga sistema ng inilabas mula Hulyo 27, 1993 - Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, at Windows 7. Tingnan ang mga link sa ibaba para sa karagdagang detalye.

Tingnan din
MITRE: CVE-2010-0232
Windows plagued sa pamamagitan ng 17-taon gulang na pagdami bug pribilehiyo
NEOPHASIS: bitag Handler Nagbibigay-daan sa mga gumagamit upang Lumipat kernel Stack

Kamakailan lamang na ako ay naging paghihiwalay sa pamamagitan ng ilang ng aking mga lumang libro electronic engineering at natagpuan ang aking sarili sapalarang flicking sa pamamagitan ng punong-guro circuit disenyo at praktikal na elektronika / radyo theory application ng calculus.

tandaan ko ang halaga ng oras na ginugol ko sinusubukan upang makakuha ng iba't-ibang mga batas (Faraday, Coulomb, Kirchhoff, Lenz, oum, atbp) suplado sa aking ulo handa na para sa nakakapanghina pagsusulit sa dulo ng bawat kataga. Ako mabilis na natanto na bilang ko inilipat mula sa radio / electronics sa ang computer sa industriya na ang karamihan ng aking inilapat detalyadong kaalaman ay nawala.

tingin ko ang lumang kasabihan na maluwag ito kung hindi mo gamitin ito, tiyak ay sumasaklaw dito.

Ito got ako-iisip tungkol sa ebolusyon ng computing at ang Internet at kung paano maraming parallels sa pagpapakilala ng koryente sa modernong mundo at kung paano namin isaalang-alang / gamitin sa Internet ngayon.

Mga halimbawa na ang dumating sa isip ay ang mga:

• Elektrisidad ay orihinal na nakalaan lamang sa mga negosyo at ang tunay mayaman
• Elektrisidad ay orihinal magagamit lamang sa ilang mga segment ng mabigat populated na lugar
• Elektrisidad grids, sa sandaling nilikha, na ibinigay mas maraming mga pagkakataon sa pamamahagi, nagpasimula ng mga kalabisan at nadagdagan ang mga customer na maabot sa-turn ibinigay ekonomiya ng iskala sa drive down na mga gastos
• Modern lipunan ay hindi maaaring function nang walang koryente
• Elektrisidad produksyon pamamaraan at ang mga nagresultang polusyon ay nagkaroon ng isang malalim na epekto sa aming mga planeta, kung saan ang produksyon ng mga elektronika consumer at infrastructure na sumusuporta sa hindi pagtatapos ng pagkauhaw ng modernong lipunan para sa mas mabilis, mas tampok mayaman, paraan ng komunikasyon. Ito ay pa rin spiraling sa labas ng kontrol sa pamamagitan ng produksyon ng mga hindi pangkaraniwang mga mataas na antas ng di-recyclable na baywang, mabigat metal at iba pang mga planeta pagsira bi-produkto
• Elektrisidad ay napakahalaga upang manatili sa modernong araw lipunan para sa ilang oras.

Ang internet ay mabilis na naging (ilang would magtaltalan ay naging) mahalaga sa kaligtasan ng buhay sa aming mga modernong lipunan at mga kinakailangan upang magagamit sa lahat ng mga socio-ekonomiyang mga grupo at pagbuo ng mga bansa upang payagan ang mga ito upang lumahok sa mga pandaigdigang ekonomiya.

Ngunit sa kung ano ang gastos?

Kamakailan lamang ako ay naghahanap sa mga kahinaan sa proseso ng pag-aareglo TLS natuklasan huli huling taon.

Mayroong isang hanay ng mga eksperto pandebating ang maningning na tagumpay pamamaraan, mga kasangkapan at kung paano ito ay maaaring maayos (server o client site o pareho). Mula sa kung ano ako may seen pagayon malayo ito ay maaaring prompt ng isang pagbabago sa TLS standard na kitang ipakilala sa isang extension sa mga protocol upang patunayan ang sesyon (session kamay off at sertipiko ng katotohanan).

www.ietf.org

isc.sans.org

• Ang orihinal na paglalarawan (site ay paghihirap mula sa isang epekto Slashdot bilang ko isulat ito)
• Ang buod ng TLSÂ IETF workgroup, at pangako para sa isang susugan protocol
• Marsh Ray's papel
• March Ray's protocol diagram

www.win.tue.nl/hashclash/rogue-ca/

www.sslshopper.com / article-SSL-at-TLS-renegotiation-kahinaan-discovered.html

din ako ng sinusubukan upang mahanap ang ilang mga kasangkapan na maaaring makatulong sa pagsubok para sa mga ito. Tila ang maningning na tagumpay ay nakasalalay sa isang ARP lason o katulad at pagkatapos ng pagpasok payak na teksto sa proseso ng pag-aayos.

Puwede ay isang bagay na maaaring maayos sa paglipas ng panahon bilang mga server at mga kliyente ay patched.

Ito ay isang bagay na maaaring maging kapaki-pakinabang ng pagpunta sa sunog panahon dito sa South Australia. Ito ay isang feed mula sa network ng pamahalaan SA baul radyo.

ay ko makita kung may mga karagdagang mga feed na ito tulad na rin isama ang mga rehiyon at trunks remote na lugar. Ito tunog tulad ng feed Adelaide CBD.

http://audio4.radioreference.com:80/890591256

Pakinggan ang GRN nakatira dito:

Ang mga link ay dumating mula sa http://www.sascan.net.au/?page=onlineScanners

Ang SA Gobyerno Radio Network ay mayroon ding isang paging serbisyo.

http://www.sascan.net.au/?page=grnPaging

Hanapin ang buong listahan ng live audio dito .

Ang ilang mga kagiliw-giliw na mga kaugnay na mga link mula sa site SA scan.

Timog Australya Emergency Serbisyo
South Australian Police (SAPOL)
Timog Australya Ambulansiya Serbisyo (SAAS)
Timog Australya Metropolitan Fire Service (MFS)
South Australia Bansa Fire Service (CFS)
South Australia Estado Emergency Service (SES)

Sinusuri Resources
Aurfscan.com - Australian pag-scan sa forum
Sasruf.net - Timog Australya pag-scan sa forum
Ausfreq.com - Wireless komunikasyon pagmomonitor Panatiko grupo
VicScan.org
Lake Macquarie (NSW) Kinikilatis ang
ACMA Online Search Dalas ng Australya
I-scan Sydney
Radioreference.com
Ang malakas na signal Homepage
Digital mode Audio halimbawa
Butel Kinikilatis Software

Citizen Band (CB) Radio
Australian Citizen Radio sinusubaybayan (ACRM)
Australian Association ng Citizen Radio operator Band
UHF World - Repeater List
CBDomain.com - Australia's # 1 Radio libangan Website

Radio Kagamitang
AJK Komunikasyon

Paki-suporta SA I-scan sa pamamagitan ng paggawa ng isang donasyon sa kanilang PayPal link

Iba pang mga South Australian Online scanners

Adelaide I-scan - Online scanner takip serbisyo ng emergency sa metro area Adelaide - maaaring kailanganin ng Winamp na tumakbo

I-scan Adelaide - Online scanner takip serbisyo ng emergency at Transport SA sa metro area Adelaide.

I-scan Barossa - Online scanner takip serbisyo ng emergency sa Barossa Valley

I-scan SAGRNÂ - Online scanner takip serbisyo ng emergency sa Adelaide lugar at hilagang suburbs

SAGRN Paging Feed 1 - Online SAGRN paging feed

Adelaide Airport - Online feed takip ang lahat ng mga airband frequency na ginagamit sa Adelaide Airport (YPAD)

Iba pang mga Australian Online scanners

Dubbo I-scan - Online scanner sa display takip serbisyo ng emergency sa lugar Dubbo

I-scan Sydney - Online scanner takip ang Campbelltown / Sydney lugar

I-scan Northern NSW - Online scanner sa display takip serbisyo ng emergency sa ulo ang lugar Tweed

I-scan South Coast NSW - Online scanner takip serbisyo ng emergency sa lugar Bega

NSW Online scanner - hindi sigurado kung saan ang isa na ito ay matatagpuan, binabantayan ang mga serbisyo sa emergency rural ng NSW

I-scan ACT - Online scanner sa display takip serbisyo ng emergency sa lugar Canberra

Melbourne Online scanner - Online scanner sa display takip serbisyong pang-emergency sa lugar ng Melbourne

Victoria CFA Online Scanners - Maramihang online scanners takip iba't-ibang bahagi ng Victoria

Bendigo Online scanner - Online scanner takip serbisyong pang-emergency sa lugar Bendigo

Brisbane scanner - Online scanner sa pagsubaybay ng Pulisya sa Brisbane at Gold Coast lugar

Mareeba scanner - Online scanner takip serbisyong pang-emergency sa Mareeba lugar (malapit sa Cairns), maaaring hindi online 24 / 7

Cairns Online scanner - Online scanner takip serbisyong pang-emergency sa lugar Cairns, ay hindi maaring maging online 24 / 7

Live Feed Listing para sa Luzon - Greater Adelaide & Mt matayog Saklaw ng Division

Upang makinig sa isang feed gamit ang online player , pumili ng isang feed sa playlist sa itaas player. Upang pakinggan ang paggamit ng ibang mga paraan tulad ng Windows Media Player, iTunes, Winamp o, piliin ang iyong mga player pagpili at i-click ang icon ng nagsasalita upang simulan ang pakikinig.

Premium Subskrayber ay maaaring magtakda ng kanilang mga default na panlabas na panggitna manlalaro format sa kanilang MyRR Page Personalization .

Feed archives ay matatagpuan sa pamamagitan ng pag-click sa karagdagang mga detalye feed icon para sa bawat feed.

Makinig	Feed	Kategorya	Tagapakinig	Player ang Pinili	Links	Katayuan
	Timog Australya Emergency Serbisyo Fire, Ambulansiya, Rescue, Marine	Kaligtasan ng Publiko	7	Windows Media Player Real Player iTunes Winamp Web Player		Online

Ito ay isang pagtatanghal ko ibinigay sa SCADA seguridad ng ilang panahon ago. orihinal na ito ay na-set para sa tungkol sa 2 oras, bagaman ako nakabasag ng ito sa 2 halves kaya kung pinahihintulutan ng panahon (o ang partisipants wanted mas inforamation), ang backend ng pagtatanghal ay may maraming mga karagdagang mga lugar at patnubay relaing sa SCADA, aparato, ang kapaligiran ng seguridad, atbp .

Tinukoy ko ang mga sumusunod na resulta para sa pagtatanghal:

• Palawakin ang kamalayan at pangangailangan ng seguridad sa loob ng kapaligiran SCADA.
• Pag-unawa ng negosyo papel sa pamamahala / panganib pagkilala proseso.
• Dagdagan ang unawa ng mga panganib na teknolohiya.

Umaasa ako mga tao na mahanap ang mga kagiliw-giliw na mga materyal at kapaki-pakinabang.

SCADA Security Presentation Derek Grocke

Ako ay nagtatrabaho sa SCADA engineering, network disenyo, proyektong pamamahala at seguridad na lugar para sa maraming taon.

Bilang isang resulta ko ay may maraming mga dokumento at mga pamamaraan na ako ay sharing dito. Ito ay ang unang ng maraming mga dokumento na pag-asa ko ang iba pa ay makahanap ng impormasyon at tulong sa iba na naiintindihan at hugis ng kanilang mga diskarte sa mga kapaligiran.

Lokal na file

SCADA Pagtatanghal

Ang isang cool dokumento Akala ko Gusto kong ibahagi. Ito ay nagpapakita ng ilang mga mabuting pag-unawa at nagtatanghal ng ilang mga magandang ideya.

Pangkalahatang mga Tanong

• Paano ang mga gumagamit makakuha ng access sa mga aplikasyon SCADA?
• Layunin sa pag-isahin access sa lahat ng mga pinagkukunan ng impormasyon ng isang € "ibig sabihin na gumawa ng access na magagamit sa lahat ng mga gumagamit sa pamamagitan ng isang solong interface
• Sigurado anumang Ras modem utilized sa loob ng kapaligiran SCADA?
• Ay ang Ras tawag likod tampok utilized?
• Ay ang sapilitan encryption Ras tampok na ginagamit?
• Mayroon pinahihintulutan ang mga gumagamit ng maramihang mga pagtatangka sa authentication sa Ras?
• Nagtataglay ng mga Ras awdit ng tampok ay pinagana?
• Paano ay ma-access sa pagitan ng mga negosyo / corporate network at SCADA network kinokontrol?
• Paano ay ang administrator password kinokontrol?
• Paano ay vendor access sa SCADA network kinokontrol ng isang € "yan password mga pagbabago pagkatapos ng kontrata ay natapos?
• Sigurado SLAâ € ™ s para sa outsourced kasunduan suporta susuriin sa isang pana-panahon na batayan?
• Sigurado kritikal na mga bahagi ng SCADA Network suportado ng isang UPS at ang mga baterya masuri sa isang regular na batayan upang matiyak na sila ay maaasahan?
• Ano ang kapasidad management at monitoring ng mga kritikal na mga sistema ng SCADA network ay ginanap sa (ibig sabihin, CPU paggamit at hard disk drive space)?
• Sigurado legal caption utilized sa panahon ng proseso ng pag-login sa aplikasyon at SCADA kaugnay infrastructure / aparato?
• May isang panghihimasok sistema ng pagtuklas (ID) ay deployed sa loob ng kapaligiran SCADA?
• May seguridad ay isang pagtutok sa loob ng pag-unlad at paglawak ng network SCADA?
• Mayroon bang karagdagang screenings kawani gumanap kapag kawani ay upahan sa trabaho sa loob ng kapaligiran SCADA (kasama ng mga vendor etc)?

Mga Patakaran at Pamamaraan

• Mayroon bang isang tinukoy na diskarte para sa seguridad ng kapaligiran SCADA?
• Sino ang responsable / nananagot para sa seguridad ng pamamahala sa loob ng SCADA kapaligiran? Nagtataglay ng mga pagmamay-ari ng responsibilidad na ito ay malinaw na tinukoy at / o nakasaad sa anumang mga dokumento?
• Mayroon bang anumang mga pana-panahong pagsusuri ng seguridad ng network SCADA gumanap?
• Ano ang mga pamamaraan ay sa lugar upang panghawakan ang pagtatapon ng SCADA media network at mga aparato? Bukod dito, ay may isang proseso sa lugar para sa pagtatapon ng lihim na impormasyon / dokumento?
• Mayroon bang anumang mga patakaran o pamamaraan ng takip ang pagpapakilala ng bagong mga aparato sa kapaligiran SCADA?
• Ano ang pormal na baguhin ang control pamamaraan umiiral para sa kapaligiran SCADA?
• Ba sa isang pormal na plano kalamidad bawing umiiral para sa kapaligiran SCADA?
• Ba sa isang pormal na plano sa negosyo pagpapatuloy umiiral para sa kapaligiran SCADA?
• Huwag pisikal at lohikal pamantayan nang seguridad nang makabuluhang naiiba sa pagitan ng SCADA sites?
• May isang standard operating kapaligiran (SOE) baseline pinakamababang pamantayan ay binuo para sa mga sistema ng pagiging nagpasimula sa kapaligiran SCADA?
• Ano seguridad logs ay pinananatili para sa mga kritikal na computer kagamitan at kung gaano kadalas ang mga logs susuriin?
• Sino ang responsable para sa pagrepaso ng seguridad logs?
• Ang may access sa kaganapan logs ay restriktado?
• Sa pagsisimula ng trabaho, ang mga gumagamit ay ibinigay sa IT seguridad ng impormasyon bilang bahagi ng proseso ng pagtatalaga sa tungkulin? Karagdagan, ang mga gumagamit ay ibinigay sa karagdagang impormasyon tungkol sa mga isyu sa seguridad sa isang pana-panahon na batayan?
• Ano ang mga pamamaraan na umiiral sa monitor dial-sa-access?
• Mayroon ng isang pormal na tinukoy ng backup at bawing pamaraan?
• Sigurado encryption pamamaraan at / o password na ginagamit sa backup na mga teyp?

Pisikal Access

• Paano ay ang pisikal na access sa SCADA terminal kinokontrol?
• Sigurado SCADA control rooms segregated mula sa ibang mga rooms?
• Ano gusali seguridad mayroon sa remote site upang maiwasan ang di-awtorisadong pag-access?
• Ano authentication pamamaraan ay ginagamit sa remote sites na pahintulutan ang isang access ng € "ie card palo?
• Sigurado panlabas na mga bintana sa remotes sites barado?
• Ano ang mga sistema ng alarma ay nagtatrabaho sa remote sites?

Network Security

• Nakarating na ang lahat ng deployed routers ay isinaayos upang matiyak ang pagsasala ng mga komunikasyon na di-awtorisadong o hindi kinakailangan?
• Ano ang trapiko control at monitoring kakayahan ay deployed isang € "ibig sabihin ang lahat ng mga komunikasyon sa mga paglalakbay sa isang central point bago traversing pa sa network.
• Paano ang mga dial-sa mga pasilidad sa SCADA kapaligiran ligtas?
• Paano ay naghihinala o di-pangkaraniwang aktibidad sa SCADA Wan napansin?
• Ano firewall configurations ay magse-set up upang ilayo ang SCADA Wan mula sa Estados network Tubig corporate?
• Sigurado lahat ng susi pagsasala aparato sa network (tulad ng mga routers at mga firewalls) naisaayos upang mag-log ang lahat ng mga pagtatangka upang ma-access ang network? Kung gayon ang mga ito ay susuriin sa isang regular na batayan?
• Nakarating sa mga tampok awdit ng lahat ng mga routers at mga firewalls ay pinagana?
• Ang may access sa kaganapan logs ay restriktado?
• Paano ay ang pamamahala ng mga patches / mainit na mga pag-aayos sa kinokontrol na tungkol sa mga firewalls at routers?
• Ano ang backup at bawing panukala ay sa lugar para sa network ng mga mapagkukunan ng isang € "firewalls at routers?
• May SNMP ay ipinatupad sa mga pangunahing imprastraktura?
• Ay anumang wireless na kagamitan ay deployed sa loob ng SCADA kapaligiran ng isang € "ay ito ay isinaayos sa isang secure na estado?
• Sigurado lahat ng mga default na password tinanggal mula sa SCADA aparato matapos ang pagpapatupad?
• Ang isang pag-unlad na kapaligiran umiiral na subukan ang mga pagbabago bago ang paglawak sa network ng kapaligiran SCADA produksyon?

Workstation Security

• Ano ang mga operating system (bersyon) ay naka-install sa SCADA terminal?
• Nakarating na operating system na antas ng mga password ay aktibo sa lahat ng mga terminal SCADA?
• Ba mga password ay isang walang taning na petsa expiry?
• Ano file at direktoryo ng pahintulot kontrol ay ipinatupad sa SCADA terminal upang rendahan ang di-awtorisadong pag-access sa pamamagitan ng pangkalahatang mga user?
• Ano ang logs ay binuo sa antas ng mga operating system?
• Ang may access sa kaganapan logs ay restriktado?
• Ano ang mga kasangkapan at mga serbisyo sa antas ng mga operating system ay restricted para sa pangkalahatang mga user?
• Sino ang responsable para sa pamamahala ng patch ng SCADA terminal?
• May isang audit tampok na-enable para sa lahat ng mga terminal SCADA?
• Sigurado default na serbisyo na makukuha sa mga operating system na restricted?
• Ay virus proteksyon ipinatupad? Ang software na ito nang mano-mano o awtomatikong ini-update?
• Sigurado namamahagi enable sa SCADA terminal / workstations?
• Sigurado SCADA terminal nai-back up sa isang regular na batayan?
• Ay pagpapatala awdit ng SCADA terminal gumanap?
• Sigurado mga review ng gumagamit at ang kaugnay na mga karapatan access gumanap sa isang regular na batayan?

SCADA Application Security

• Ano ang mga username at password na kinakailangan ng SCADA application?
• Sigurado session time out tampok activated?
• Sigurado kumplikadong mga password ipapatupad na ma-access ang SCADA application?
• Sigurado mga review ng gumagamit at ang kaugnay na mga karapatan access gumanap sa isang regular na batayan?

System pagtagos Pagsubok

• Internal pagtagos pagsubok
• Panlabas na pagtagos pagsubok
• Password lakas pagsusulit

Pagbabago sa network SCADA

• Mangyaring magbigay / listahan ng lahat ng mga potensyal na mga pagbabago ay maituturing na ang network SCADA.

Mga Pamamaraan

• Corporate Information Protection
• Security Management
• Impormasyon Classification
• Pisikal na (at Environmental) Security
• Tauhan Security
• Security Awareness training
• Security insidente Response
• Security Pagsubaybay
• Network Security
• PC / Workstation Security
• Suporta at pagpapatakbo Security Related
• Encryption at pagiging kompidensiyal ng Impormasyon
• Authorization Kontrol
• Identification at authentication mekanismo
• Systems Life Cycle Security
• Business Continuity Planning
• Media Security
• Third Party Services

Typical concerns and points discussion:

• Inbound and out Bound FTP
• Suggest use of DMZ
• Suggest use of Secure FTP
• Suggest use of restricted secure IP addresses / tunnelling
• Suggest use of private feeds

Modem issues used with dial in services

• No dial back
• No Authentication
• No Secure ID
• Possibly automated scripts used, so hard coded usernames and passwords used.
• Internet sharing may be turned on, allowing routing via workstations.

Increased data security and integrity considerations

• Data backups
• System redundancy
• Site and content filtering
• Virus protection
• Standard system procurement (discounts and spares)
• Network and services redundancy
• Network monitoring
• Service availability monitoring
• Internal controls
• Vendor / external service supplier
• Capacity management
• Change management system
• Asset management system
• Telecommunication and telephony bulk cost discounting
• Etc.

Use and support for corporate application considerations

• Email
• Intranet
• Internet
• Corporate virus protection
• Asset management
• Change management
• Project management
• Performance / capacity management
• Reduction of Cost
• Use of corporate applications
• Reduction of manual processes

Other things to keep in mind:

• SCADA monitoring system must be isolated from network errors and systems events. This will prevent SCADA operational systems being effected by network or corporate system issues / outages.
• Review Network topology to ensure internal and external vulnerabilities are not currently being and cannot be abused.
• Review of router configurations
• Use of change management system
• Review remote dial in systems
• Firewall SCADA systems off from corporate applications
• Uncontrolled networks and systems within the SCADA environment will compromise the corporate environments integrity and security.
• Determine if systems used within SCADA are built to a standard operating environment.

Some Nmap examples I thought I would post.

Scanning past Watchguard Firewalls: nmap -sS -iL targetlist.txt -P0 -sV -T4

Verbose Scan: nmap -v <target IP>

This option scans all reserved TCP ports on the target machine. The -v option enables verbose mode.

nmap -sS -O <target IP>/24

Launches a stealth SYN scan against each machine that is up out of the 256 IPs on “class C†sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.

nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127

Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.

nmap -v -iR 100000 -PN -p 80

Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -PN since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.

nmap -PN -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20

This scans 4096 IPs for any web servers (without pinging them) and saves the output in grepable and XML formats.

Instead of limiting ourselves to scanning just one target., let's broaden our horizon's to bigger and better things. In example 2 we used our IP address to base a scan against. Using that address again we can get a look at numerous targets in our “community”. At the command line type the following (substituting a valid address of your choice of course):

nmap -sT -O 206.212.15.0-50

What this does is instruct nmap to scan every host between the IP addresses of 206.212.15.0 and 206.212.15.50. If you happen to find many interesting feedback results from this or a larger scale scan then you can always pipe the output into your choice of a human readable file or a machine parsable file for future reference by issuing the following option:

To create a human readable output file issue the -oN<textfile name> command into your nmap string so that it would look similar to this:

nmap -sT -O -oN sample.txt 206.212.15.0-50

Rather have a machine parsable file? Enter the -oM <textfile name> to pipe the output into a machine parsable file:

nmap -sT -O -oM sample.txt 206.212.15.0-50

*Back when I was becoming aquatinted with all the nmap options, I ran my first large scale scan against 250 consecutive machines using an arbitrary number ( nmap -sX -O -oN sample.txt XXX.XXX.XXX.0-250). To my great surprise I was confronted with 250 up and running virgin Linux machines. Another reason why Linux enthusiasts should NEVER become bored.

-I This is a handy little call that activates nmap's TCP reverse ident scanning option. This divulges information that gives the username that owns available processes. Let's take a look (Note that the host has to be running ident). At the command line issue this command against your target, in this case our default Eve running Linux:

-iR Use this command to instruct nmap to scan random hosts for you.

-p Port range option allows you to pick what port or ports you wish nmap to scan against.

-v Use verbosity to display more output data. Use twice (-v -v) for maximum verbosity.

-h Displays a quick reference of nmap's calls

Now that we have looked at nmap's three basic usage types and some of it's other options, let's mix and match them.

nmap -v -v -sS -O 209.212.53.50-100

This instructs nmap to use a maximum amount of verbosity to run a stealth scan and OS detection against all machines between IP addresses 209.212.53.50 and 209.212.53.100. This command will also require root privileges due to both the -sS and -O calls. Of course this will display a very overwhelming amount of data so let's log our results into a human readable file for future reference:

nmap -v -v -sS -O -oN sample.txt 209.212.53.50-100

Now let's make nmap run a stealth scan and instruct it to look only for machines offering http and ftp services between the addresses of 209.212.53.50 and 209.212.53.100. Once again we will log the output (I'ma log junkie) for future reference into a human readable file called ftphttpscan.txt:

nmap -sS -p 23,80 -oN ftphttpscan.txt 209.212.53.50-100

Remember the -iR option mentioned previously? Let's use it to take a random sampling of Internet web servers using the verbatim example from nmap's man page:

nmap -sS -iR -p 80

Last but certainly not least, while gleaning information, don't forget to nmap yourself. Just type at the command line: nmap 127.0.0.1 This is especially useful and recommended if you're a newcomer to Linux and connected to the Internet via DSL or cable modem.

I was reading some posts on the Full-disclosure mailing list and came across the some posts relating to WPA hacking (WPA attack improved to 1min). After spending hundreds of hours using the AIR tools to crack WEP encryption and looking into networks as part of my previous job, I was very interested to see how things are progressing.

The thread mentioned the paper “ A Practical Message Falsification Attack on WPA ” posted on http://bit.ly/8qwQt .

It was a coincidence as I was only taking to one of the executives at work about how easy WEP is to crack and what you can do/discover once you are in.

I hope you enjoy the paper.

—– Update —–

Once this was posted I received many message s and a few more links for the post.

So here thet are:

http://www.youtube.com/watch?v=ZeCVkWMUSzE

http://www.crn.com.au/News/154177,researchers-crack-wpa-encryption-in-60-seconds.aspx

http://www.renderlab.net/projects/WPA-tables/
http://205.127.87.136:6969/torrents /wpa_psk-h1kari_renderman.torrent?95896A255A82D1FE8B6A2BFFC098B735058B30D7
http://www.churchofwifi.org/Project_Display.asp?PID=90
http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf – Though will only help with TKIP

Thanks to

Oliver from ethicalhack.org

Michael from SA Government

Tim from CQR Consulting

—– End Update ——

This is an article I found on the Phone Losers site I thought I would copy here so I can give it a go at some stage.

How To Hijack Fast Food Drive-Thru Frequencies

A few years back, some friends and I were messing around with a Taco Bell’s drive-thru frequencies. RijilV and isotek showed me how easy it was to hijack the frequencies of just about any fast food restaurant with a very simple mod to a ham radio. The radios they used were Yaesu VX-5 and VX-7 models. We had a few weeks of occasional fun, sitting a few parking lots away and saying all kinds of horrible things to potential fast food customers. For the most part, I didn’t record any of it. But you can find a few clips of our fast food hijinks if you scroll down on the PLA Sound Clips Archive page .

Finally we decided to capture a bit of our FCC violations on video. But instead of capturing actual customers being harassed by us as they placed an order, I drove through the Taco Bell drive-thru myself with a video camera sitting on the dashboard. As I attempted to place my order, RijilV informed me of some crazy new Taco Bell policies and a manager immediately rushed out to explain to me that I wasn’t actually talking to an employee. Here is that video:

After spending several years on Google Video and YouTube, it’s been watched approximately 20,000 times. And of those 20,000 people who have viewed it, approximately all of them have emailed me and asked me what kind of radio we used and how can they use a radio to do the same thing. So in the spirit of April 1st and in order to quell the number of emails sent to me and posts on the PLA Forums asking the same thing, I’ve decided to write this tutorial to help those people out.

But I’m not going to explain how to modify a Yaesu VX5 or a Yaesu VX7. A simple Google search will show you how to modify these ham radios. The problem with these mods is that, even though they’re fairly simple, you have to buy the radios which could cost you anywhere from $200 – $400. Then, after removing a couple solder points, you have to learn how to use it, you have to look up fast food frequency lists , you have to understand the difference between the transmit frequencies and the receive frequencies and you have to scroll through PL tones using trial and error to find the correct one.

Or how about we do this a different way. A way that uses a couple items that you might already have in your home. You can easily modify most old CB radios in a way that will allow them to transmit directly to drive-thru frequencies. You won’t have to scroll through hundreds of possible drive-thru frequencies, because a CB radio’s channels line up in exactly the same way as most drive-thru’s channels, only at a higher frequency. How do you get your CB radio to run at a higher frequency? A simple replacement of the crystal inside, with a 6.5536 MHz crystal. This triples the megahertz that are broadcast on and there is no learning required. You just take the modified CB radio to a fast food restaurant and start broadcasting to the customers.

“But RBCP, I don’t have a 6.5536 MHz crystal lying around my house,†you might be whining at this point. But this isn’t true. Just about any house has several 6.5536 MHz crystals in them if you know where to look. This just happens to be the exact same crystal that you can find in electric heaters, hair dryers, electric stoves, curling irons, electric hot water heaters, irons, and toasters. These crystals are in just about any item that has heated coils and are used to control the frequency of the heating elements so that they don’t burn your house down.

So for this modification you need…

• 1 CB radio. It has to be a 40 channel CB radio with a digital display, which includes just about any CB radio manufactured after the mid 1980’s. The old 23 channel CBs from the 1970’s will not work. It can even be a walkie talkie CB radio. If you don’t have one, you can find one at Goodwill or a yard sale for probably less than $10.
• 1 toaster. (Or other item with heating elements inside.) A toaster is the most ideal to use, because it’s almost guaranteed to have the crystal inside of it. It’s more common to find curling irons and hair dryers that don’t. Again, it should be a toaster manufactured within the past 20 years or so. Before that they didn’t have crystal requirements for toaster manufacturers. (And incidentally, there were a lot more electrical house fires back then.) Goodwill will probably have a toaster for less than $10.
• 1 soldering iron and solder. Don’t worry if you don’t have soldering experience. It’s actually pretty easy. Click here for a soldering tutorial . You can purchase a soldering iron at Radio Shack or Sears for about $10.
• A few screwdrivers

Even if you have to buy all these materials, you’re only out $30. That’sa lot better than the $300 you might end up spending on a Yaesu radio. And some of you might already have all these items so you don’t have to pay anything. Ask a friend or a relative if they’ve got an old toaster or CB radio lying around that they don’t need.

First you’ll want to take apart your toaster. This isn’t too hard. Just flip it upside down and start removing the screws. You’ll probably need to pull off the plastic lever and knobs before you remove the top of the toaster. Once you have the top off, you’ll see a green or brown circuit board inside.

Flip the circuit board down and you’ll see all the components on the other side, including the 6.5536 MHz crystal. The crystal is silver and will have 6.5 stamped on the side of it. In the picture below, I’ve used an arrow to show you where it’s located.

The crystal is likely in a different spot in other toasters, but it’s hard to mistake for any other electronic component. The crystal will have some form of 6.5 stamped on the side of it. In my toaster, it showed 6.55-12. While the official frequency needed is 6.5536 MHz, anything within 1.6 megahertz will work. So don’t worry if your crystal just says 6.5 or 6.50 – it’s all the same for our purposes.

It’s kind of hard to see what I’m doing in the picture above, but I’m heating up the leads on the crystal from underneath with my soldering iron to melt the solder, and I’m pulling on the crystal from above with a pair of needle nose pliers. It only takes a few seconds to get the crystal out of the toaster.

Now that the crystal is out of your toaster, throw your toaster away! Do not attempt to use it once the crystal is removed. Remember, the crystal is in there for safety and using your toaster without the crystal could burn your toast and/or start a kitchen fire. It’s likely your toaster won’t even turn on with the missing crystal, but please don’t even try. Just throw it away.

As I mentioned before, just about any brand and model of CB radio will work, as long as it has the digital display on it. Which means, just about any CB radio manufactured after the mid 1980’s. These are the kinds of CB radios whose frequencies are controlled by a single crystal inside of them. For my mod, I used a Radio Shack TRC-207 walkie talkie CB radio, which is pictured above. I prefer using a walkie talkie CB radio because it doesn’t requiring sticking a huge CB antenna on the roof of my car which might be noticed if a fast food employee starts looking around the parking lot for the culprits.

Taking apart your CB radio is just as easy as taking apart the toaster. Remove the screws and pop it open. You may or may not have to lift up the circuit board inside to find the crystal inside. In my particular model, the crystal actually plugged into a socket so I didn’t need to even desolder the old crystal. I just pulled it out with my fingers and then plugged in the new 6.55 MHz crystal. I don’t know how common this is, because in other CB radios that I’ve modified the crystal was soldered to the circuit board, just like in the toaster.

Put your CB back together and test it to make sure it’s working. You’re finished! Obviously, you won’t be able to talk on normal CB channels anymore since your CB is transmitting and receiving at a much higher frequency now. But who cares, CB channels are lame anyway. Let’s hop in the car and drive to our nearest fast food establishment to test it out.

Sit near the drive-thru and wait for a customer to pull up. While the customer is talking to the drive-thru speaker, start flipping through your channels until you hear them talking. I’ve found that most drive thrus end up being somewhere in the 16 – 25 channel range. I’ve never found one above channel 30 and only a few on channels 1 through 15. It all depends on how their drive-thru is set up and what frequencies they’re using. Anyway, push down your talk button and start talking to the customer.

The cool thing about using a CB radio to transmit on drive-thru frequencies is that a CB is designed to work for several miles. The headsets that those fast food people wear are only designed to work for about 100 feet. So you can easily overpower the employees, even if you’re several parking lots away. In fact, you may be inadvertently screwing with several other drive-thrus in town without even knowing it. This is more likely when you’re using the kind of CB radio that’s supposed to be installed in a car. Those usually run on 5 watts and can cover an entire city. This is another reason I like to use my walkie talkie. It’s lucky if it will work for even a mile, so I’m only harassing one restaurant at a time.

If you found this tutorial useful, you might also enjoy the video I’ve made on the same subject. It includes much of the same information in this tutorial, but also includes actual footage of us messing with a drive-thru with this CB mod. Enjoy!

You might also enjoy our original Taco Bell Takeover video , our Happy Birthday drive-thru video and our Drive-Thru Shenanigans video .

PLA TV: Hijacking Fast Food Frequencies [9:12m]: Download (4913)

Local Copy

The below lines can be placed into Google to find hidden cams on the net.

http://www.google.com.au/search?q=inurl:†ViewerFrame?Mode=

http://www.google.com.au/search?q=intitle:Axis 2400 video server

http://www.google.com.au/search?q=inurl:/view.shtml

http://www.google.com.au/search?q=intitle:†Live View / – AXIS†| inurl:view/view.shtml^

http://www.google.com.au/search?q=inurl:ViewerFrame?Mode=

http://www.google.com.au/search?q=inurl:ViewerFrame?Mode=Refresh

http://www.google.com.au/search?q=inurl:axis-cgi/jpg

http://www.google.com.au/search?q=inurl:axis-cgi/mjpg (motion-JPEG)

http://www.google.com.au/search?q=inurl:view/indexFrame.shtml

http://www.google.com.au/search?q=inurl:view/index.shtml

http://www.google.com.au/search?q=inurl:view/view.shtml

http://www.google.com.au/search?q=liveapplet

http://www.google.com.au/search?q=intitle:†live view†intitle:axis

http://www.google.com.au/search?q=intitle:liveapplet

http://www.google.com.au/search?q=allintitle:†Network Camera NetworkCameraâ€
http://www.google.com.au/search?q=intitle:axis intitle:†video serverâ€
http://www.google.com.au/search?q=intitle:liveapplet inurl:LvAppl
http://www.google.com.au/search?q=intitle:†EvoCam†inurl:†webcam.htmlâ€
http://www.google.com.au/search?q=intitle:†Live NetSnap Cam-Server feedâ€
http://www.google.com.au/search?q=intitle:†Live View / – AXISâ€
http://www.google.com.au/search?q=intitle:†Live View / – AXIS 206Mâ€
http://www.google.com.au/search?q=intitle:†Live View / – AXIS 206Wâ€
http://www.google.com.au/search?q=intitle:†Live View / – AXIS 210″
http://www.google.com.au/search?q=inurl:indexFrame.shtml Axis

http://www.google.com.au/search?q=inurl:†MultiCameraFrame?Mode=Motionâ€

http://www.google.com.au/search?q=intitle:start inurl:cgistart
http://www.google.com.au/search?q=intitle:†WJ-NT104 Main Pageâ€
http://www.google.com.au/search?q=intext:†MOBOTIX M1″ intext:†Open Menuâ€
http://www.google.com.au/search?q=intext:†MOBOTIX M10″ intext:†Open Menuâ€
http://www.google.com.au/search?q=intext:†MOBOTIX D10″ intext:†Open Menuâ€
http://www.google.com.au/search?q=intitle:snc-z20 inurl:home/
http://www.google.com.au/search?q=intitle:snc-cs3 inurl:home/
http://www.google.com.au/search?q=intitle:snc-rz30 inurl:home/
http://www.google.com.au/search?q=intitle:†sony network camera snc-p1″
http://www.google.com.au/search?q=intitle:†sony network camera snc-m1″
http://www.google.com.au/search?q=site:.viewnetcam.com -www.viewnetcam.com
http://www.google.com.au/search?q=intitle:†Toshiba Network Camera†user login
http://www.google.com.au/search?q=intitle:†netcam live imageâ€
http://www.google.com.au/search?q=intitle:†i-Catcher Console – Web Monitorâ€
http://www.google.com.au/search?q=inurl:viewerframe?mode= changing room
http://www.google.com.au/search?q=inurl:view index/shtml/home
http://www.google.com.au/search?q=inurl-’your frame?mode=motion’

http://www.google.com.au/search?q=inurl.†viewframe?mode=refreshâ€

http://www.google.com.au/search?q=sex inurl:/view/shtml

http://www.google.com.au/search?q=inural:view

http://www.google.com.au/search?q=inurl:viewerframe?mode=home

http://www.google.com.au/search?q=axis hacks
http://www.google.com.au/search?q=“inurl:†view from?mode=refreshâ€

http://www.google.com.au/search?q=/view/index.shtml.msn

http://www.google.com.au/search?q=†nurl:viewerframe?mode=refreshâ€

http://www.google.com.au/search?q=inurl:†viewerframe?mode=†naked
http://www.google.com.au/search?q=inurl:/view.index.shtml adult
http://www.google.com.au/search?q=inurl:†viewerframe? mode= refreshâ€
http://www.google.com.au/search?q=site:www.scribd.com inurl†viewframe?mode=refreshâ€
http://www.google.com.au/search?q=inurl:†viewerframe?mode=†live webcams

http://www.google.com.au/search?q=inurl:†view/index.shtml

http://www.google.com.au/search?q=reset mobotix camera
http://www.google.com.au/search?q=inurl: view

http://www.google.com.au/search?q=url:viewerframe?=mode

http://www.google.com.au/search?q=inurl:/view/shtml school

http://www.google.com.au/search?q=inurl::viewerframe?mode†refresh

http://www.google.com.au/search?q=inurl:view:/shtml porn
http://www.google.com.au/search?q=“inurl: /shtmlâ€
http://www.google.com.au/search?q=inurl:†viewerframe?mode motion†motion

A link to others http://peep.ontheweb.nl/

From Pentestmonkey.net , this is a great list of SQL Injection cheat sheets.

• Oracle
• MSSQL
• MySQL
• PostgreSQL
• Ingres
• DB2
• Informix

Some more Links:

SQL Injection Attacks by Example

Pangolin – Automatic SQL Injection Tool

SQL Injection Attacks Exploiting Unverified User Data Input

SQL Injection Cheat Sheet

Hi,

I'm looking at some of the techniques used to lockdown the Iphone, Samsung, Sony and HDC mobile phones. I hope others find the links useful.

Iphone

Lock down the information on your iPhone and iPod touch

http://www.touchtip.com/iphone-and-ipod-touch/lock-down-the-information-on-your-iphone-and-ipod-touch/

iPhone's PIM lockdown

http://forum.brighthand.com/showthread.php?t=264166&page=2

Apple 'wise' to lock down iPhone software

http://www.itnews.com.au/News/44505,apple-wise-to-lock-down-iphone-software.aspx

iPhone lockdown to boost on-demand servic es

http://www.pcmag.co.uk/vnunet/news/2194973/iphone-lockdown-benefits-firms

Wired's Easy-Peasy iPhone Lockdown Checklist

http://www.tuaw.com/2007/09/28/wireds-easy-peasy-iphone-lockdown-checklist/

Gartner: iPhone 2.0 cuts business mustard

http://news.cnet.com/8301-1001_3-10016270-92.html

3G iPhone: The business perspectiv e

http://news.cnet.com/3G-iPhone-The-business-perspective/2100-1041_3-6243471.html

What IT staff can do if the CEO gets an iPhone

http://www.infoworld.com/article/07/07/24/What-to-do-if-the-CEO-gets-an-iPhone_1.html

Iphone Hacking

http://www.9to5mac.com/hacked-iphoneOS-beats-Apple%27s-Updated-OS-hands-down-23459856

Iphone Enterprise

http://www.apple.com/iphone/enterprise/

http://www.apple.com/iphone/enterprise/integration.html

New Specification to Lock Down Mobile Phones

http://www.cio.com/article/24369/New_Specification_to_Lock_Down_Mobile_Phones

Samsung

Sony

HDC

———– Advertisement ———-
RapidRepair.com RapidRepair.com is dedicated to the service, repair, and modification of ALL iPod, iPhone, Zune, and other small electronic devices.

I'm looking at the Microsoft OCS server and other SIP integration environments. So I thought I would put the links here for others who were interested. I am also considering the issues associated with Mitel VoIP and OCS integration.

It would be interesting if the Microsoft OCS could seamlessly allow the use of soft phones and the Mitel VoIP system. I assume a trunk needs to be setup between the two… Anyway something to look at.

http://communicationsserverteam.com/archive/2008/05/23/196.aspx

Office Communications Server 2007 VoIP Test Set

OCS Testing Tool

Connect Mitel and OCS2007

Mitel 3300 & OCS – Ring on deskphone and softphone

Connecting Mitel 3300cx and OCS

VOIP – MITEL 3300 SIP TRUNK TO OCS 2007

OCS 2007 Best Practices Analyzer

Hi,

I have been putting some secure application developmen t documents together recently and have found some good general tutorials and guidelines which I thought I would post here.

Best Practices

• The Ten Most Critical Web Application Security Vulnerabilities, 2004 Update, The Open Web Application Security Project. URL: http://www.owasp.org/documentation/topten
• A Guide to Building Secure Web Applications, The Open Web Application Security Project. URL: http://www.owasp.org/documentation/guide
• Improving Web Application Security: Threats and Countermeasures, Microsoft MSDN. URL: http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnnetsec/html/ThreatCounter.asp
• Authentication in ASP.NET: .NET Security Guidance, Microsoft MSDN. URL: http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnbda/html/authaspdotnet.asp
• Session Fixation Vulnerability in Web-Based Applications, ACROS Security. http://www.acros.si/papers/session_fixation.pdf
• Writing Secure Code, Michael Howard and David LeBlanc, Microsoft Press.
• Threat Modelling, Window Snyder, Microsoft Press.
• 10 Things You Shouldn't Do with SQL Server (Data Access Developer “Don'ts”) http://www.dotnetjunkies.ddj.com/Article/86F0988E-FED4-414F-BA2E-D01D953C11BE.dcik
• Ten dos and don'ts for secure coding http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1172049,00.html
• Cross Site Scripting http://www.cert.org/archive/pdf/cross_site_scripting.pdf http://www.acunetix.com/websitesecurity/cross-site-scripting.htm
• The Cross Site Scripting (XSS) FAQ http://www.cgisecurity.com/articles/xss-faq.shtml
• XSS (Cross Site Scripting) Cheat Sheet http://ha.ckers.org/xss.html
• SQL Injection Cheat Sheet http://ha.ckers.org/blog/20070315/sql-injection-cheat-sheet/

Other Resources

• AusCERT is the national Computer Emergency Response Team for Australia http://www.auscert.org.au/
• SANS Institute http://www.sans.org/free_resources.php

EFT devices and systems differ depending on hardware vendor, country and bank / payment aggregator.
Below is a list of things you may like to consider. This list is off the top of my head so it is probably not complete.

Looking at the products and relationships us usually a good start.

Things to consider:

• Card skimming methods
• Some EFT POS devices restrict the connection of a skimmer
• Review levels of associated fraud
• Review devices and EFT methods
• Review terminal identification (merchant and customer)
• Manual processing. (internal and external)
• eCommerce products
• PC based software
• Dedicated server services (Nobil, etc.)
• Web based engine (Custom objects, Web pop-ups, etc)
• Authorisation / identification methods (Merchant and customer)
• TCPIP session hijacking / session spoofing
• Direct Debit as well as Credit Cards.
• Swift (methods and controls)
• Telegraphic transfer (methods and controls)
• Payment aggregator relationships (eg. Payment Tech, manual processing, cheque scanning, etc.)
• Internet banking facilities (attack / penetration,  Certificate registration / management, ISP SLA's, etc.)
• Implementation of Smart Card and / or alternative customer recognition devices.
• Outsourcing and associated risks / service level agreements
• Payment processing
• Payment clearance
• Payment switching
• Reporting (segregation of merchant / customers / aggregators / partners / local / international)
• Fraud detection and reporting
• 3rd party acquiring risks
• Single merchant ID many businesses
• Allows moneys to be laundered if the payment aggregator does not place appropriate controls on the merchant.
• Encryption used
• Internet / trusted partner / inter-bank / extranet
• Private and / or public certificates
• Single use certificates
• Client side certificates
• Remittance advice processes and controls.
• EFT disaster recovery and manual fall back procedures (associated security and reconciliation risks)
• Trusted partner relationships, SLA's, liabilities and risks.
• EFT regulatory / legal requirements (inter-bank and government)
• Refund processing / authorisation. (policies, procedures, controls, etc.)
• CVV, CVV-2 / CVC-2 processing and management. (http://www.atlanticpayment.com/CVV.htm)
• Fraud detection mechanism (neural networks, inter-bank / department customer checks, etc)
• Supported card schemes (AMEX/Visa/Mastercard/Discover/etc )
• Review EFT floor limits (corporate and SME merchants)
• Review the ability to withhold merchant settlement until the presence of fraud has been determined.
• Review customer identification details. Such as (This varies around the world depending on local regulations / privacy laws)
• Review real-time and batched processing methods and controls (sequence numbers, access to raw data, etc.)
• Review processing with and without expiry dates. (exception controls and policies)
• Review exception / fraud reports.
• Review payment store and forward policies and procedures.
• Review Pre-Auth and Completion controls.
• Token based payment (eCash, etc)
• Merchant reconciliation, reporting methods and controls (paper, Internet, email, PDF, Fax, etc.) and associated security.
• Real time gross settlement policies, procedures and controls. (IT and amounts)
• Card issuing policies and procedures. (customer ID checks, etc)
• Banking infrastructure (ingress / egress) controls and security. (Web, partner, payment switches, outsourced infrastructure, monitoring / reporting.)
• Use of Internet technologies for inter-bank transfers and remote equipment.
• Physical security and controls of devices, ATM,s, line encryptors, etc.

I was asked some time ago what sort of things may be considered when looking at Internet Banking.

Below is a list of things which could be considered. It was just a brain dump and as such may not be complete.

Don't underestimate the value of standard for your infrastructure, website configuration,  database engine configuration/architecture,staging environment and development/QA environments.

Some thoughts:

• Many don't lock accounts after X failed logins, this is normally done for good customer service, but leaves the system vulnerable.

- And all the other things expected for a remote login session (forced password changes, aging, etc))
- Tools such as Brutus may be use to brute force hack authenticated sessions.

• Many allow session sequence numbers to be incremented, allowing an authenticated user to view other customer session.

- These may be server side, client side, cookie based, etc.
- Get someone to check the development methodologies and the code being used.
- Database query strings can be placed into test entry fields, allowing table dumps to browser.
- Check all pages served are secure and contain user authentication flags.

• Customer data may not be segregated, this needs to be checked.
• Customer data should not reside on the Web Server.

• Authentication databases / system data should not reside on the webserver.
• The databases should reside on a private/semi-private network.

- A different segment to the main banking system.

• Webserver should be dual homed or equivalent (some VLAN techniques are good)

- Separate private and public network cards, monitoring/backup/administration
- Infrastructure set-up to explicitly deny inbound/outbound ports, private IP & monitoring escaping from the network.

• At all data segregation points ensure rules are in place which appreciates the traffic though that point.

• All customer data where possible should be sourced from a secure back-end database.

- This may be a staging environment. ie no the main banking system.
- This usually allows for transactions to appear real time to the customer.
- Many transactions may be batched in reality. (internal or external to the bank)

• Ensure suitable rules have been set-up on firewalls.

- There should be inbound and outbound rules on firewalls and filtering routers.

• Don't allow any infrastructure on the front end to allow remote administrative connections. (telnet, etc.)

- Use the serial console port to connect to a server or back-end terminal server.

• Look for the segregation / staging of online customer content from main banking systems

• Ensure that a separate development / QA / production environment system and suitable process is in place.

• Services not used by the system are active

- These should be disabled.

• Port scan of the supporting infrastructure (routers /switches) and server(s).

- Investigate the reasons for all open ports.

• Don't use the main gateway for trusted partner access (clearing / RAS / etc.)
• Do all that standard IIS checks and NT checks (Sample scripts, change management, patching methodologies, etc.)
• Ensure denial of service precaution have been taken into account for all infrastructure and server equipment.
• Check the adequacy of the escalation procedures used.

- Look for real-time monitoring and alerting.
- Look for responsibility matrix.
- Look for ownership of issues.

• Consider upstream carrier(s) vulnerability (denial of service, IP spoofing, DNS hacking, etc)
• Consider social engineering of customer, administrative, partner accounts / systems / infrastructure.

- Helpdesk procedures and policies and/or alternate technologies (Caller ID, Gateway IP, etc.).

• Use dynamic passwords where possible (SecureID, TACACS, etc.).
• Use encrypted tunnelling where needed (IPSec, Firewall 1, etc)
• Consider looking at other customer authentication methods to enhance existing methods.

- Digital cert, IP address locked to account, etc.
- Consider use of CVV or CVN for bank issued cards.

• Consider how passwords are distributed /changed for customers.

- Plain text email, telephone, etc.
- Can passwords be changed online?

• Is additional authentication used between sections of the services once authenticated?
• Consider what the customer has access to once authenticated.

- Look at SWIFT, RTGS, inter-bank transfers, access to credit cards, etc.
- If an attacker does get in, what can the do?

• Use techniques to ensure pages, customer details are not cached at ISP, or client system.

- These are flags that can be set within pages.
- Normally SSL is cached, but some proxy vendors have been playing with techniques to do so.
- Caching of SSL pages on the client system can be turned on on some browsers.
- May banks use a Java (or similar) applet for all customer interaction, restricting all caching issues.

• Ensure paper based and on-line liability clauses are available are address all effected areas.
• Ensure within the customer sign-up process banking liability is reduced.

- I've seen statements like “use this system at your own risk, responsibility for any liability or claim will NOT……”
- Not very customer focused, but that's what their legal department recommended.

All of the above can effect the security and/or operation of an on-line banking system.

Other things to consider:

• External development and support of the application.
• Ownership and management of the hardware/applications
• Publishing points for new content (internal/private/trusted network or Internet)
• Topology of front end.  ie Security Architecture document should be in place and managed appropriately.
• Are limited AP tests performed whenever changes are made to the environment? ie integrated AP into Change management process.
• Database access. Is it buffered or is it live to the core banking systems.
• What facilities are provided? Direct debit + Credit Card + SWIFT + ……. Consider different scenarios for your attack depending on the feature.
• What other services are shared within the network segment that the Internet Banking service is running. Can this be used to compromise the Internet Banking site. eg. different support/business/development organisations with differing security strategies/profiles.
• Consider all external supporting services within you AP. Look at internal/external DNS poisoning opportunities, mail relay, etc. What IPS's do they use has the ISP any opportunity to access systems or supporting services which may affect Internet Banking.
• Depending on the size of the Bank, many organisation do not use the same support groups for infrastructure and the application. As a result external connections to the infrastructure may be provided for an external support organisation to administer the infrastructure.
• Look at the business and user authentication methods and paths (client side certs, secure ID, SMART Card, etc). Consider two factor authentication and modern user identification methods. eg. what is your favourite food in addition to normal usernames and passwords. Do system administration staff use dynamic passwords (secureID, etc)?
• See if the Internet Banking application sends email to users which may contain interesting information.
• Better access to the application can generally be gained after access to the system. ie get an legitimate account on the system. I have found that some sample/administration screens have been restricted to authenticated users only.
• Consider social engineering the Help desk to have an account password reset.