Comments Off

The guys at Pipnotic have taken the challenge to make an MT4 indicator to help the price action trader conquer the currency markets. Specialising in Forex, trading psychology and developing Price Action Pro, the only MT4 indicator the price action trader will ever need, Pipnotic have managed to create a tool that appears to have greatly increased the chances of success in the hands of the disciplined trader. Let’s have a closer look at what they are up to.

For those of you who are unfamiliar with the concept of price action, simply put, it’s the study of the price behaviour for a given financial instrument. Many traders plaster their charts with different types of indicators in an attempt to convince themselves that when all of them are pointing in the same direction, one can simply enter a trade. The problem with this approach is that due to the nature of lagging indicators, by the time they are all lined up, the optimal trade entry has already come and gone, introducing a great deal of risk associated with the given trade. Studying price action is the act and the art of looking at price, and making trading decisions based on recognisable patterns such as levels of support and resistance (e.g. pivots, previous highs/lows, Fibonacci levels).

After having read the Price Action Pro installation and Configuration Guide, one can quickly gauge the nature of what this particular indicator is doing and how it can be used. I have long been interested in challenging programming tasks, and this area in particular seems to be one many have tried to master for years. High Frequency Trading (HFT) is a very large topic and one some of the largest financial institutions in the world invest millions in developing strategies within. Neural Networks (NN) may the the perfect fit for this kind of programming task and perhaps one I may delve a little into in the future.

The guys at Pipnotic are busy with their MT4 indicator and promise more useful functionality. I’ll keep my eye on them and continue to explore this topic for myself.

Thanks for reading.

Share

UTMessan talk on Social Engineering

Posted: 4th April 2012 by sharpe in Social Engineering
Tags:
Comments Off

Conversational Hypnosis is a very fascinating topic, one which has interested me for many years. I have always been interested in knowing how the human mind works, and what it is that motivates us to do act in a certain way. This topic is one I have studied intensely for several years, and one that is very applicable in relatio n to many fields of security. Our thoughts, those we think conciously and subconciously, have a tremendous impact on what we do and who we are. Is it possible to provoke the behaviour of anothers by communicating with them in a specific way? It certainly is, and I will introduce some of the methods I have found to be most effective, via my research within the field of hypnotherapy and social engineering, soon.

I recently gave a talk on the topic of conversational hypnosis at the annual IT Security conference, UTMessan, in Reykjavik. Here are a couple of pictures from the event:

If you have any comments regarding this topic, feel free to send me an email.

References

Share

So recently, after almost a year in development, I finally published my iOS security app called TrustR. Frankly I’m quite surprised that no other security teams beat me to the release of this new type of security app – since it secures the iOS platform in such an obvious and necessary way.

 

For years the media has reported regularly about iOS apps introducing vulnerabilities to the system, exposing personal information or intentionally implementing privacy violating features. A feature to warn users about unsafe apps seemed to me like the perfect addition to the security model. Especially considering how the AppStore technology makes people blindly download all kinds of apps, often mistakenly assuming they can trust these apps as they would trust Apple.

So the features of TrustR has indeed been welcomed and TrustR has already revealed thousands of security problems on customer devices.

 

Security products often neglect the threat of privacy violation in favor of, the more publicity generating, vulnerabilities and malware. This will not be the case with TrustR because of my own personal disgust by the tendency for big corporations to basically steal data behind the back of trusting consumers. It seems to me like an unethical and advanced form of greed that could lead to the death of privacy and subsequently perhaps personal freedom.

Unrestricted Access

For those who haven’t read up on iOS security, the problems usually arise due to the apps unrestricted access to the various data such as:

  •   Address book
  •   Picture folder (often including GPS and timestamps for tracking)
  •   Youtube history
  •   Safari searches
  •   Phone number, email and Unique Device ID
  •   Keyboard cache
  •   Wifi connection logs (Can be used for tracking)

 

A security problem we see quite alot is apps with a http or ftp server vulnerable to directory traversal – such a simple security problem that basically exposes all the information above, to anyone on the network with minor hacker skills.

 

Then we see the many privacy violating apps, like recently exposed Path, which stole your entire address book without your permission. The problem was fixed, after a lot of bad press and it now features a popup asking if Path can “steal” your address book. Due to the unclear Path privacy policy regarding the use of data they collect, I for one am going to just stay away from that app.

We also see several examples of the mistake first made by Paypal, who back in the day launched their app without proper check of the server certificate, thereby exposing login information to anyone able to perform a SSL Man In The Middle on the device.

Quite amusing was the recent cross site scripting exploit for Skype – once again exposing the address book and the other private data mentioned above to a remote attacker.

 

Wonderful Malware Apps

The possibility of combining apps with malware is something I find quite fascinating. People carry their iOS devices in and out of office networks and home networks. All of a sudden, after downloading an innocent looking farting app, the phone itself becomes a small trojan horse – with direct access to e.g. open network shares or a portable malware launch platform directed at desktop or server operating systems.
The review process of apps is of course intended to keep out such apps – but the thoroughness of these reviews is not enough to reveal well hidden malicious activity trickered by outside events. That said, you need not worry about malware apps too much at this point.

Thats all for now. Chill out and get TrustR – while its still free ;)

References

Share

sat0ri RCE challenge/crackme – one/two

Posted: 8th January 2012 by sharpe in Challenges
Tags:
Comments Off

I just added challenges one & two, as I’ve had a few requests for these. Additionally, I have included the solutions for them as a separate download just to help you out, should this be necessary.

The two challenges can be downloaded here: Challenges one and two (432)
MD5 (one-and-two.zip) = 5f916c6459ffe8c4ca318c76bd368665

The solutions can be downloaded here: Solutions for one and two (430)
MD5 (solutions-one-and-two.zip) = 93d9ed441dfe7fc91c638ef06e0d1d47

I have been informed (thanks pot) that the download for challenge four is missing. I no longer have the code for this one, so if anyone is has it, please send it in so I can put it up here. Thanks ;)

As always, if you have any questions or comments, please don’t hesitate to post them in the forum.

Thanks!

Regards,
sharpe.

Share

sat0ri RCE challenge/crackme – eleven

Posted: 1st September 2011 by sharpe in Challenges
Tags: ,

Welcome back and thanks for considering challenge number 11. Inspired by my last challenge, I made this one simpler yet more difficult. More of an effort has gone into the encryption, which now uses 4 rotating DWORD keys instead of 1 static DWORD key. It should be more of a challenge. I removed all garbage code as well, so you can focus of the important stuff.

Here are the guidelines:

  • Find the correct key (used for decryption purposes)
  • Find the secret (look in memory)
  • Post feedback and questions in this challenge’s forum

A screen dump of this challenge:

 

It can be downloaded here: Sat0ri RCE challenge/crackme - eleven (542).
MD5 (eleven.zip) = 3164e9e986bcbdd759e6ba78714be3dc

Regards,

sharpe.

Share

European Nopsled Team win DEFCON 19 CTF

Posted: 17th August 2011 by sharpe in CTF
Tags: ,

The annual DEFCON Capture The Flag (CTF) competition is over and the winning team has been crowned, Men of 0×90, The European Nopsled Team.

Team members Rasmus Petersen (RP) (right).

European Nopsled Team win DEFCON 19 CTF

European Nopsled Team win DEFCON 19 CTF

Photograph by Sarid Harper, CSIS

What was the best part about winning the DEFCON CTF?
RP: Doing something you love with the awesome guys from the team, partying afterwards with the guys from Hates Irony and VedaGodz.

Prior to quals, how confident was the European Nopsled Team?
RP: With teams like Hates Irony and Routards, we knew the competition was going to be tough, I was secretly hoping for a 3rd place.

What did you do differently this year compared to last year?
RP: We did even more training and tools.

What are you going to do differently next year?
RP: Even more training and even more tools.

Do you have any comments for the organisers of this years CTF?
RP: Great job guys, we had a blast and thanks for listening to us whenever we experienced problems during the contest.

What are your expectations for next year?
RP: Do our very best

Any last minute advice for teams hoping to qualify next year?
RP: Start training

Share

sat0ri RCE challenge/crackme – ten

Posted: 9th August 2011 by sharpe in Challenges
Tags: , ,
Comments Off

OK, here we are again with a new series of challenges, which will start with number 10. This one isn’t that difficult but it requires that you consider new options. I left half of this challenge easy to help you along, so you can solve this one two ways, the tough way and the easier way. Here’s a tip: read all the code, there isn’t much.

Here are the guidelines:

  • Find the number of Nerf darts
  • Find the hash (it’s a number)
  • Generate the valid MD5 like so: MD5(<number of darts>:<valid hash>)
  • Enter the MD5 and press the “Unlock” button to decrypt the code
  • Press the “Go” button to see if you got it right.
  • Verify your hash here: http://blog.sat0ri.com/challenges/ten/verify.php?hash=<your hash value>

OR

  • Decrypt the code (you’re such a brute!)
  • Verify your hash here: http://blog.sat0ri.com/challenges/ten/verify.php?hash=<your hash value>
  • Post feedback and questions in this challenge’s forum

A screen dump of this challenge:

 

It can be downloaded here: Sat0ri RCE challenge/crackme - ten (536).
MD5 (ten.zip) = c88761b22d92d9a689bf6888cab6cf05

Regards,
sharpe.

Share
Comments Off

Summary

Sarid Harper has discovered a vulnerability in File Expert for Android, which can be exploited by malicious users to gain knowledge of sensitive information.

Input passed to the “path” parameter in “/webapps/file/listing” is not properly sanitised before being used to display files and directories. This can be exploited to list arbitrary directories and files via directory traversal attacks.

Affected Versions

This vulnerability is confirmed in the following versions:

  • The vulnerability is confirmed in versions 3.0.4, 3.0.5, and 3.0.6

Other versions may also be affected.

Screen Dumps

The following screen dump illustrates this issue:

Resolution

Upgrade to the latest version and grant access to trusted users only.

Time-line

  • Vulnerability identified: 09.04.11
  • Vendor informed: 16.04.11
  • Vendor response: 17.04.11
  • Vendor fix: 16.07.11

Credits

Vulnerability identified by Sarid Harper of CSIS Security Group.

References

Share

File Expert File Deletion Vulnerability

Posted: 16th July 2011 by sharpe in Vulnerabilities
Tags:
Comments Off

Summary

Sarid Harper has discovered a vulnerability in File Expert for Android, which can be exploited by malicious users to delete files residing outside the FTP root.

The vulnerability is caused by an error in the way FTP “DELE” requests are handled. This can be exploited to escape the FTP root and delete arbitrary files on the affected system by using the “../” character sequence.

Affected Versions

This vulnerability is confirmed in the following version:

  • The vulnerability is confirmed in version 3.0.4 and 3.0.5.

Other versions may also be affected.

Screen Dumps

The following screen dump illustrates this issue:

Resolution

Upgrade to the latest version and grant access to trusted users only.

Time-line

  • Vulnerability identified: 19.04.11
  • Vendor informed: 19.04.11
  • Vendor response: 19.11.10
  • Vendor fix: 16.06.11

Credits

Vulnerability identified by Sarid Harper of CSIS Security Group.

References

Share
Comments Off

Summary

Sarid Harper has discovered a vulnerability in Outlook, which can be exploited by malicious, anonymous individuals to cause a DoS (Denial of Service).

The vulnerability is caused as a result of the improper handling of email file attachments with no extension. This can be exploited to cause a DoS by tricking a user into clicking on an attachment with no file extension in the reading pane.

Affected Versions

This vulnerability is confirmed in the following version:

  • Microsoft Outlook 2007 (12.0.6539.5000) SP2 MSO (12.0.6545.5004)

Other versions may also be affected.

Screen Dumps

The following screen dumps illustrates this issue:

 

Resolution

Turn off the reading pane.

Time-line

  • Vulnerability identified: 03.09.10
  • Vendor informed: 19.11.10
  • Vendor response: 24.11.10
  • Vendor fix: Currently unavailable

Credits

Vulnerability identified by Sarid Harper of CSIS Security Group.

References

Share