Thursday, November 08, 2007

Do you use e-mail? You use passwords no doubt to log on. People have told you that passwords can be stolen. So what did you do you used a combination of upper case, lower case and god knows what all to come up with a string that you have great difficulty remembering - due to which you need to write it down somewhere. Great now you have your e-mail address secure against password cracking.

Do I need to break your password. I mean if I am a smart attacker I wont bother with that, I will just phish for it and make you provide your password to me on a plate. If you are smart you wont fall for it and you would refuse to provide your password to me. So what else can I do? I can steal your session. I will steal your cookie.

What are cookies, no they are not a sweet tasting dish that someone baked. It is something that websites put on your machine so that the next time you go there, they can find out that it is you. This is how google mail, yahoo mail, hotmail and every other mail works. When you provide an id and password they send a cookie to you which is saved on your machine. Everytime you refresh your page this cookie is sent out which tells them that it is you. You may tell - why the hell I logged on, why does it need a cookie everytime. Good question, but do you think it is possible to for these providers to keep track of every single user that is logged on them. No way. That is how you can log on to multiple machines at once. Even if you log out on one machine, you stay logged on the others. Basically you stay on till the cookie expires.

Coming back, what can I do. I can sniff packets. These cookies are sent without encryption, in plain text. If I see a cookie, I can open it. I can read it, I can do whatever I wish with it. So all I do is I steal the hash information on it. I place it on my browser, and hey, I have your session, I AM YOU. This basically is masquerading. This has been around for ages. I am not saying theoretic stuff, one student in my class actually demonstrated this live. I also went ahead and tried it through virtual machines as I work in a lab where there is just too much network traffic.

It is possible to fix this bug, but no one will because everone uses stateless servers. So do you keep sensitive information in your mail?
Having spent most of my alst 8 months in crazy topics, I decided to get into further crazy topics. I finshed my masters in July. My thesis concerned topics that were posted in the last post on viruses. I have been dabbling around with a lot of stuff currently, and one of them is Virtualization.

What is virtualization - google VMware, XEN, VirtualBox. These are VM products. In effect all these products allow you to run multiple operating systems at the same time. So if you have Windows [Host] you go ahead and install VMware on it and then you can proceed to install any Linux/Windows [guest] machine on top of it. The first OS is called HOST, the second running on top of VM is called the Guest. You could choose to install XEN which is free source, but you will spend 10 days figuring out how to install another OS on top of it.

Great so we have multiple OS running on the same machine, what is the advantage? Performance - well not really I mean if you run one Kernel on a processor it is bad enough, running multiple kernels on your system simultaneously is bound to have less performance. So what is the big deal. Well they claim that virtualization allows you to achieve isolation. The point being that if you have multiple systems infection in one machine cannot spread to another.

Well that is at least what they claim. How much is it true _ I dont know. But personally, how is it possible. For N generations now people have been writing buggy kernel, buggy code and consequentially buggy applications - look at the number of patches that are released. Is it possible that one fine day we are going to turn around and say 'Hey we made new software, it virtualizes everything. The systems are isolated - it is Safe, it is beautiful, use it'. Fat chance, I believe there are bound to be bugs in it. You are running multiple kernels together one on top of another. You say one is insecure, then you go ahead and you put multiple layers of the same crap on top of each other? You got to be kidding me.

So I decided that just to prove a small point I will try to see with a simple network application if there really is any isolation. What I essentially did was I installed two Operating systems. For some reason I like putting Windows OS as the victim OS. I installed BackTrack as another OS. Now they are two different machines, they should be mapped on to totally different regions of memory. They dont have a physical network card, so even that has to be emulated in memory. I made Windows communicate to the network, and started a sniffing program on backtrack. If isolation was achieved as they say, the VM layer should not have let me find the network packets of the other machine. Sure enough, I was on the money. I was able to see every damn packet coming out of Windows XP. And FYI for those who say "you did not get it from the VM layer, you got it from the actual physical card", no, the software does not find any packets that the base OS [host] is sending. Which means obviously it is coming from the VM layer. There goes your claim on isolation. Maybe they intended it to be this way or maybe it is a bug - I dont know. But if the machine cannot sniff packets coming from the Host, it should not sniff packets coming from the other guest as well.

Bottom Line - Nothing is secure, no operating system can be secure. It is not possible, programmers are not trained to write secure code. It is not possible for us to write secure code. You think you have never used insecure code - how many times did you use the functions - strcpy, gets, scanf, printf .....

Tuesday, November 14, 2006

Most of the Computing magazines should buzz with news about a new hardware that supposedly gives ultimate performance, or the 64 bit computing word. The new software and OS releases should take away rest of the sections. Whatever is left over should definately be taken by benchmarks of devices. Have I missed something? Yes protection against trojans and viruses have been missed by me. One might wonder why? Think twice, this is coming from a person who is spending most of his waking and sleeping hours thinking about what to cook the next time, and some of those hours thinking about malwares and security threats.

Still no answer? Oh come on, isnt it obvious, there is no protection against such things. What does an anti virus do? It protects you from viruses. Which viruses? Known viruses. So what about the ones that are coming up everyday? Well the software vendors say "We give you updates". Yes that is a good answer, except... any ideas?

.. Except that you will have to pray that the person writing the new virus was a fool. Surprised? Well if I can write a virus that does nasty stuff to the FAT table or page fault handlers, or device drivers, I would be a fool not to place the code in it that shuts off the anti virus.

If this has not gotten you up and awake, I doubt anything else will. I used to think shutting off the process would take some skill.. until one of my lab mates showed me her work. Shutting off an anti virus process is child's play and 20 lines worth of code in visual basic as demonstrated by her, much to the amazement of yours truly, and no, my lab is not full of crazy paranoid computer security people, we are just normal humans going about our everyday tasks. Yes, Visual Basic, having the weakest of all programming structures. Visual Basic without the power of Java, or the pointer handling ability of C. If I can write 20 lines of code in what supposedly is Beginners language to shut off McAfee, it should not take more than 40 lines on a powerful programming tool to write something that totally destroys an anti virus process and render it incapable of even starting up next time.

Well if i deleted everything and did not let the anti virus start I would be the joke of the hacker community. Why? Do I really need to turn off and destroy the program? Not really, a simple overwrite of the virus definition database would work. Your anti virus will keep running, but virtually it will be a vegetable. Incapable of finding the Golden ball in an area of 1 metre square.

Or i can be even brainier, I am a new virus, I am not worried about the old definitions, if at all, they only help in keeping out the other viruses, (I will get to why it helps part later). So I will make sure the update never happens. Now we are warming up. No update means no process to detect me and my behaviour.

So why is it helpful to keep other viruses out of the system. Think like a parasite or a leech. One leech sitting on an animal can use its blood for itself. Two leeches will mean the blood dries up faster, three leeches consumes more blood everytime. Now talk about a hundred thousand leeches. What would happen? The machine wont work, and the disturbed user will either constantly crib about how his PC vendor cheated him and gave him a slow system, or wisen up one fine morning and do a format.

So where are we headed towards? When MSDOS reached its summit, the viruses for the DOS had reached scary proportions, with the ability to mutate on will, change its code, cover up all tracks and hook onto any DOS process. Ok, so why am I boring you with old DOS news? Well because I do want to take a minute off and praise Microsoft.

For all the mistakes in their libraries, all the bugs, all known viruses, all known buffer exploits in the Data access components.. oh by the way the trojans being sent on the messenger as links to some funny pictures or 'nice' pictures exploit the Microsoft Data Access Component and start executing any remote code. The first step being infecting your messenger and sending the same link to everyone else on your friend list, thereby very nearly making them your enemies.

... where was I, yes Microsoft. So for all those things, they did something wonderful. They created WINDOWS. Yes, laugh on me like you laugh on a joker for having said that last line. When windows got popular, it replaced all the DOS systems. Everytime you have a new system, you need new programs, new methodologies, and........ guess guess, its not that tough.... NEW VIRUSES!!!

Yes, exactly that happenned, all virus programs got sent back by a time zone. All viruses had to be developed again from scratch. The virus writers had to find exploits and then write viruses. This meant they had to literally go and re invent the wheel.

Having now scared you enough, I shall wrap this jabber jabber up. What we need now is an anti virus that can evade and hide its presence from the destroyers of the computing world. There is a need to adopt virus methodologies to defeat the virus!

Ok, Ok, relax, dont let your Blood pressure shoot so high for that. What I am blabbing about does happen in real life, after all how do you cut a piece of Iron? You need another piece of Iron. What is the concept of a plainclothed policeman. Or what is the utility of an undercover agent inside a smuggling gang?

If these real life processes have utilities, then I am sure my nutty ideas will have some utility or the other at some point of time. How nutty are my ideas? Well have you not found that out already?

Tuesday, December 27, 2005

The shift from class X to XI seems phenomenal, and for some of us, the author of this post included, most of the happenings in class were strange and bizzarre, if not totally Greek and Latin. Here i am going down memory lane to tell you one of the funny ones that i witnessed.

Another warm and sultry day it was in Patna, my birthtown, (as several people might start objecting if I called it my hometown). The lunch hour was nearly over and we were walking back towards the classroom.

As we settled in and the lunchboxes disappeared, our Chemistry staff appeared, Mr. K. Lal. Now let me just mention a bit about him, he gave his introduction like this, "Shtudeants my name ij Kelaaal", that really was enough, the backbenchers went off like, "Kelaa, Kelaa", (Kelaa is the name for the fruit 'Banana' in Hindi, Hindi incidentally happens to be the first language i learned, despite Tamil being my Mothertongue). My dear friend Gaurav Mukherjee sitting next to me went "Are iske baad ab Aam(Mango), Amrood(Guava), ke naam se teacher aayenge." (Now we shall have staff with names like Mango and Guava). We soon learned that 'Kela' did not like to expand on the initial beacuse his full name was 'Karu Laal'. Equally funny it would have been.

Coming back to this class, he was teaching us the concepts of Single, Double, Triple bonds in Organic Compounds. The subject under discussion happenned to be Carbon. He said," Carbon haj Single, Double and Tiriple Bonds with other carbon atomj in Organic compunds. There ij no carbon-carbon 4 bond, and as the number of bond between atom incerejes, the dishtance between carbon atom reduces". One of the students said,"How sir?". After this followed a proof of the statement, which i shall never forget. Without much delay i shall describe the display to you, oh, by the way the spellings in the quotes have been done so to exactly match the way he pronounced those words.

He said, "See, suppoje mera ek mitr, e darwaaje se andar aaya (suppose my friend came in from that door). sochiya hamara sar aur uska sar, dono ek ek carbon atom hai (Think that both my head, and his head are carbon atoms). Ab hum usse ek haath mila diye bina apna sar ko hilaye, hum abhi bhi aapko deekh rahe hai (I have stretched out one hand to shake his one hand without moving my position, I am still facing you people and not him). This is carbon carbon single bond, objerve the dishtance between our heads."

Now as it had been warranted, one student asked him to explain how bond radius decreases in case of double bond. He continued, "Ab agar hum dono haath milaye, to humko apna sar ghumaana padega (Now if i shake both hands with him i have to turn), Dekhiye hamara sar bagal mein chala gaya ki nahi? ( See now my head has gone closer to him)". In case i failed to mention he was actually encating everything out, here-he had actually turned to his left with both hands outstretched and was shaking them with an imaginary person.

As it had to be asked, again the question came, "Sir how does it further decrease in triple bond". Since he was already into the foolhardiness he continued, "Aaa, hum jaante the aap ye sawaal poochiyega (I knew one of you would ask this question), objerve, if i now shake one foot also with him, see how my head moves furhter closer to him". At this point without mention i think it can be understood what he did. His right leg went up in the air as if crossing legs with an Imaginary person. And lo 'Kela' was standing on one foot and holding hands and crossing legs with the Air. I guess there is no end to madness, so a person sitting at the back asked, "Sir, why is there no 4 bond?". That was it, I could hardly contain my laughter and I hid my face behind the person in front of me.

Surprisingly, there seemed to be an explanation for this also, "Arre itna bhi nahi samajh mein aata hai (You cant understand this also?), agar hum chautha bhi utha denge to gir nahi jayeenge kaa? (If i lift my fourth then wont i fall down?). Isiliye (That is why)". I dint know whether it was the question or its answer or a combination of all the Rhetorics he had done so far, the entire class erupted in laughter.

The laughter died in a couple of minutes with the Vice Principal coming to have a look on what the world was going on. The class ended soon, but I had just had the most unforgettable day in my school life.

Sunday, October 23, 2005

Yipee!! am going to a college. was my first thought when i boarded the bus 21-h from Adyar bus depo towards my college. This is my ticket to the world, i shall learn new things and most importantly now i have freedom of being in a college, no more school rules is what i was rejoicing at most.

On boarding the bus (Sorry hanging into it) i found that the conductor had not even heard the name of my college ever, forget know its bus stop. Well finally i recalled the word karapakkam he dropped me somewhere after half an hour. Then i found that i have to walk on what could be at best termed as a dust bowl for 2 kilometers to reach my college. Oh well the searing heat as already beginning to sap me. No problem i had brought a bottle of water in case.

After walking some distance through woods i finally saw a stucture that could be best described as trying to copy BIG BEN. The walk finally over and my trousers covered with RED dust, i reached the gates of the college. After a few hiccups where a few existing college students gave me frightening looks, i reached the reception. Well so far the exterior looked like BIG BEN and the interior looked like a 5 star hotel. A good start i thought. The receptionist could barely speak English, after i finally communicated what i had come for, i was sent into a seminar room, where there seemed to explicit lack of organisation well i watched the show from the back and then realised that i had to pick up a form and fill it.

The form made us promise things like " I will always wear formal shoes, formal trousers and formal shirt"! Whatt!!! is this college or extension of high school. Anyway i filled the form and reached the front desk. It was then that i noticed that i dint have anyone with me, and the form asked for my Father's signature. The lady at the front desk who i noticed had protruding teeth asked me: "your father has to sign here", for which i replied, "well he is not here." She turned around to a really wise old lady and asked "Maam, he does not have his father with him what do i do?", the 'wise' old lady replied "it is ok, he can go ahead and meet the vice principal". 'I have to meet the vice principal for this?', i thought, then i went out and asked for the Vice principal's office, i was immediately directed there.

On reaching the door i said, "Excuse me sir", a man who seemed more of a dog and less of a human turned his head up and said something which sounded like, "WOOF", "May i come in?", were my next words, he signaled me to come in and as i was half way through he screamed... "Who are you?", "A student sir!", my reply, i was beginning to think this is not going right. "Why are you here", was the next scream, "They asked me to come here and give this form to... ". Before i could finish my words he snatched the form from my hand and read through it and screamed.. "you are not a student, you should say i want to be a student i have come for application". Oops, "sorry sir, i have come for admission i want to be a student". Then after going through the paper he screamed "your father has to sign this, ask him to sign it then bring it here, useless fellow", I said "sir he lives in Bihar, he is a police officer, he did not get holiday". Hearing that he got even more angry and shouted "Then ask your mother to sign it",i replied spontaneously "not possible sir, she is not alive". Hearing that he semed to cool down a bit and said "oh you are living in a hotel here is it", i probably should have nodded my head but alas i chose to say the truth and said, " No sir i am living with my fathers brother.", listening that he seemed to lose his cool again, rather i should say he gained his cool for a short while in between the screams, and shouted "then ask your uncle to sign it",i seemed to have a ready answer, "He has gone to Ahmedabad sir", "then ask your aunt to sign it", "sir she has also gone to Ahmedabad.", ok now the gentleman was getting angry, he screamed "are you livin alone in their house?", i said " no sir my cousin is with me", so he continued screaming ,"then ask your cousin to sign it", after this came the reply from me i think which absolutely was the best, "I could sir but he is 3 years younger than me, so i cant ask him to sign it.". This had done it, i think in all his life he had never seen such replies, he grunted, snorted and finally screamed at the top of his voice "GET OUT I dont want to see your face", i said, "ok sir thank you", with that i picked up my form and came out.

Within two minutes a peon came rushing out, and said, "eei, yenge velieyele vanthe", (why did you come out?) , i said "well he asked me to get out", he laughed and remarked that i had set the record for getting thrown out fastest. And he asked me to go in and said that the gentleman was calling me. upon reaching in the "gentle"man asked "Why did you go out?", i said "you asked me to go out", he was furious and asked "if i ask you to go out you will go out is it?", for which i happily said " yes sir, i will do what you ask me to". Realising that i was a gone case he banged his fists on the table and finally signed my form and gave me the admission, after which i was forwarded to the Principal, whom i later Nicknamed "Luncha", due to a peculiar eating incident". After my meet with the prinicpal was finally over, i walked back home thinking "kya se kya ho gaya, socha nahi tha taqdeer yahan layeegi, college mein jaate school laut aeeyegi".