Security consultant hijacks plane's navigation system

A security consultant has demonstrated a successful hack of the plane's navigation system using a custom built android app which could transmit navigation signals to the plane's control system thereby compromising the entire navigation system of the aircraft. It's as if you could control the entire navigation of the plane from the android app. 

Quote : - By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircraft by making virtual planes "dance to his tune."

More Here

Obfuscating .Net Assemblies and more..

Smart Assembly – “The powerful and user-friendly solution for .NET assemblies' efficient merging, pruning, obfuscation and automatic exception reporting for easy post-deployment debugging.”

Identity and Authentication

A superb article highlighting why identity and authentication must remain distinct. I picked it up from Bruce Schneier’s blog.

Follow the link

Hackers create rougue CA certificate using MD5 collisions

I Love the way they have hacked it. A group of hackers/researches have found success in forging digital certificates trusted by ‘modern’ web browsers using a cluster of PS3 game consoles! wow!!

The research also shows a significant weakness in the MD5 algorithm currently used by 6 CAs to issue certificates.

This also means that they have managed to break the secure ‘SSL’.

I loved it. Follow the link.

Schneier on Mumbai

Schneier talks about security w.r.t the Mumbai attacks.

http://www.schneier.com/blog/archives/2008/12/lessons_from_mu.html

Verisign's Extended Validation SSL Certificate

What is Extended Validation SSL ?

Extended Validation SSL Certificates give high-security Web browsers information to clearly identify a Web site’s organizational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organization name listed in the certificate and the Certificate Authority (VeriSign, for example). Firefox 3 also supports Extended Validation SSL. Other browsers are expected to offer Extended Validation visibility in upcoming releases. Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates.

- Source of the above can be found here

This can be clearly noticed in IE 7 and 8 Beta when an SSL Encrypted transfer is going on. Eg. a user signing into hotmail, a user sending his credit card information to a website. etc..(transactions/sessions which use SSL)

Also, check out the Verisign EV SSL Demo

Software Engineering with VSTS

 

 

 

I'm reading this book called 'Software Engineering with Visual Studio Team System' by Sam Guckenheimer. To say the least, It's not letting me sleep. This book looks tiny though but is humongous in it's content and specifically the application lifecycle management automation through VSTS. VSTS is the best thing to happen to MS technology developers for a long time.. The best part is how the book guides you with Agile methodologies and CMMI practises using VSTS.

Some Links..

The Visual Studio 2008 Team Suite

Video of Sam Guckenheimer talking about VSTS

Software Development methodologies and Visual Studio Team System

The interesting thing which caught my attention was security testing through VSTS. Sam talks about using a fault model base on vulnerabilites observed on other systems, and a series of attacks to exploit the vulnerabilites. He also gives references to published attack patterns which are helpful in identifying the vast majority of vulnerabilites. His reference includes James A. Whittaker and Herbert H. Thompson's book, 'How to break software security: Effective Techniques for Security Testing (Boston: Addison-Wesley,2004). (which has around 19 attack patterns that are standard approaches to hacking systems).
Now, There's a lot of stuff for security from microsoft, for instance the trustworthy computing initiative, SD3 and SDL , Security best practises etc..
I'm wondering if there was an SDL approach inside Visual Studio Team System.. (may be as a part of ALM), What an invaluable feature it would have been..!!

System.Security.Cryptography

Complete .Net Cryptography Classes,Interfaces and Enumerations listing from MSDN. Wanted to keep this live on my blog for future references.. Also Check out this article on MSDN [Protecting Private Data with Cryptography Namespaces of the .Net Framework]

Cool MS Security Videos

Check out the  Microsoft  Hello Secure World web site. They have some cool videos on

• RMS Architecture
• Symmetric Keys
• Digital Signatures
• Cross Site Request Forgery
• Hashing
• ASP.Net SQL Injection

SQL Injection Attacks

Often, the SQL Injection payload is designed in a generic manner to impact on more SQL Databases and Database Servers. The Security loophole in most cases lie in poor design of Data Access Code. Although it can be argued that there is much more to it than securing Data Access Code, I'm talking about the majority of such an attack and how imperative it is to secure the Data Access Code.
The impact of an SQL Injection Attack can be on
- The Database ( contents of the DB are compromised )
- The Users (malware injected directly,Users do not know because they trust this website )
The SDL aka Trustworthy computing Security Development Lifecycle ( a process that Microsoft has adopted for the development of software that needs to withstand malicious attack ) is a good thing to adapt and follow.
"Microsoft's experience indicates that the SDL is effective at reducing the incidence of security vulnerabilities. Initial implementation of the SDL (in Windows Server 2003, SQL Server 2000 Service Pack 3, and Exchange 2000 Server Service Pack 3) resulted in significant improvements in software security, and subsequent software versions, reflecting enhancements to SDL, appear to be showing further improvements in software security" - SDL Conclusion from MS.
Now, a quick look at Securing your Data Access Code, Referred from MSDN SDL Blog and Micheal Howard's Blog(Co-Author of Writing Secure Code).
Use the following in you Data Access Code:
1] SQL Parameterized queries
2] Stored Procedures
3] SQL Execute Only Permission
These are not mere recommendations, They are Requirements!!. More on the nitty-gritty of these techniques can be viewed on the SDL Blog, Micheal Howard's Blog and on the MS Security Research site.
One might argue that SQL Injection Attacks are also mainly due to 'N00b' Developers. This might be partly so. Periodic training for Developers,Testers,Security Analysts on current security issues , best practices from SDL etc is very imperative here. Training is also a strict requirement in the SDL. Afterall, Knowledge is Power, Knowing is dangerous, Knowing is everything...