Im back to KL.. finally..

I will type more when i have the energy too.. i hope tomorrow.

Sky.. Sky.. please be clear ?

Microsoft Corporation requires users of it's flagship operating system,
Windows XP, to verify the authenticity of their software installation
before downloading patches and updates from Microsoft's website. The
validation tool, called Windows Genuine Advantage (WGA), can easily be
cracked without much trouble. This allows users of pirated copies of
Microsoft Windows to verify their installation and receive the extra
bennies offered from the manufacturer.

Although Microsoft has not confirmed that the crack works, details are well
publicized, and it appears that the crack is popular, at least amongst
nefarious users.

Previously, JavaScript tricks were required to bypass the WGA requirement;
however, now it appears that it's as simple as running the WGA application
in Windows 2000 compatibility mode.

Now tis the season for Veritas and Arcserve ! *smile*

A vulnerability exist in Veritas Backup Exec for Windows, which can be exploited by remote attackers to get unauthorized access. The problem lies with some access validation error within some RPC handlers in "beserver.exe" (port 6106), which can be used by remote attackers to gain "administrator" privileges.


Okay, im goin back to sleep.. To muuch bro...too much ...

Now , since were at the topic of utter dumbness , here is another go at it..

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers — a problem that he said could bring the Internet to its knees.

The filing in US District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman.

Now this is interesting, is this a reality or a farce ? Now if its true, Oh thank you C & I for a whole load of pure , crap !

Where do ya guys get ideas such as this ? How about playing around with someone your size , who "reverse engineered " your product ? Not willing to ? To scared of the super powers ?

Ah Cry Babies !


Read more here

Now this is got to be interesting, A recent Activesync vulnerability reported by a Russian Group.


Microsoft ActiveSync is widely used to synchronies Windows based PDAs
and smartphones with desktop computer. PDA can connect to PC via
COM/USB/IR or LAN. Before synchronization user on PC must setup
"partnership" to allow synchronization. If PDA is protected with
password user on PC should provide password before he can access the
device.

Synchronization over LAN has some design weakness.

1. All data, including initial "authentication", is transmitted in clear
text. This is OK in case COM/USB and other physical protected
communication, but LAN (Wi-Fi in most cases) is very sensitive for
sniffing.
2. Even if PDA is password protected, ActiveSync doesn't ask password in
case of network synchronization. I’m not sure, what is it - security bug
or feature, because password is transmitted in clear text over USB.
3. ActiveSync doesn't use any form of authentication for server (PC) or
client (PDA), so fake server or fake client attack is possible.

Discover Activesync with LAN synchronization allowed

nmap -p 5679 192.168.0.*

Fake server

It is easy to build fake server attack without special software. All you
need are ActiveSync, sniffer and any MitM condition.

1. Install ActiveSync on fake server. Enable network synchronization
2. Realize MitM condition.
3. Launch you favorite sniffer and set filter to save TCP packets on port 5679.
4. Wait for PDA connection.
5. Open sniffer and check second data packet from PDA. At offset 0x14 and 0x18 you can see partnerships ids. Activesync can support up to 2 PC and as you can see, PDA send both IDs in the "handshake"
6. Import template in registry. Change key HKEY_CURRENT_USER\Software\Microsoft\Windows CE Services\Partners\ to sniffed partnership id.
7. Wait for another connection and check ActiveSinc, device should be connected as "guest". Even if you got "Synchronization Error", try to click "Explore" button on the toolbar.

Fake Client

Is very similar to the fake server, but you don't need MitM conditions
to accomplish this attack. All you need it a name of PC and
corresponding "partnership id".

1. Launch your favorite registry editor for Windows Mobile.
2. Navigate to HKLM\Software\Microsoft\Windows CE Services\Partners\P1
3. Create string value PName =
4. Create DWORD value PId =
5. Launch active sync on PDA and try to connect. If everything is ok,
synchronization will occur.

Mitigating factors
1. LAN synchronization disabled by default
2. To implement "fake client" you should know Partnership ID. It’s hard
to guess (2^32), but because ActiveSync accept 2 partnership ID per
connection, actually we need (2^31) connections for bruteforce.

Read More here