nCircle The Lens Blog: February 2007 Archives

That Solaris telnet vulnerability that was announced back on February 12, yeah, there's a worm for it. No surprise there. But what I'm really wondering is if we can still call it a 'zero-day' vulnerability. Shouldn't it be a 'sixteen-day' vulnerability now?

This is a list of default credentials for various infrastructure devices. There are lots of lists like this out there. Now ask yourself, why is this useful to anyone? It's useful because people don't change the default credentials. A more interesting question is, perhaps, why are there default credentials at all? Why is it possible for me to set up a functioning system with credentials that are not specified by me. This is changing...yet it's still a problem, and perhaps a bigger one when you intersect it with virtualization. Go check out the VMTN appliances. Here's a whole new breed of ready-built systems with default credentials.

The title of this piece at SC Magazine is "Phishing attack use Google Maps, IP addresses to obtain victim location." I got this headline in my RSS reader and thought it sounded interesting. Let me sum up the relevant points for you:

- Attackers are spreading keylogging malware via a fake new report.
- The malware can determine and report the victim's IP address.
- The IP address can be used to determine the user's location.
- Google maps will display the user's location if you enter it.
- This information can then be used for identity theft.

So, the breaking news is that computers have IP addresses? Or is it that malware can find them? Or perhaps that IPs just might indicate physical location?! No no, wait, it's that Google maps produces highly accurate visualizations of a location from a full or even partial address!!!??? When will the madness stop!?

Now you might be wondering, as am I, exactly how the physical location is being used for identity theft. These sorts of connections from the virtual world to the concrete world are interesting. Are they showing up and going through people's garbage? Are they using the address to submit fraudulent credit card applications? Are they tailoring spam to the location? We'll just have to wait for the hard-hitting follow-up article.

Somewhere there's someone who hasn't heard about this little Microsoft Voice Recognition issue. It seems that the term "shout hacking" has been surfaced as a label for such activity. Please, collectively, let us shun this name. It's not just a bit silly, but also inaccurate. First of all, no shouting need be involved. A whisper, if sufficiently audible, would be enough. More importantly, perhaps, there is no 'hacking' involved here. It's a feature, doing what it's supposed to do. You tell it to shutdown, it shuts down. If someone comes up with an audio sequence that's inaudible to humans, but causes the Vista box to load a trojan from a remote host, now that would be a hack. Or an audio file that launches itself via voice command, creating a sort of audio LAND attack...

Don't get me wrong. This is nifty and funny, but let's not give it a silly name.