This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Ducati Motorcycle Default Password Vulnerability.

There's an interesting vulnerability writeup at osvdb.org detailing how to gain unauthorized access to a Ducati Motorcycle using the default ignition password.  Apparently by default the ignition password is set to the last 4 digits of the motorcycle's VIN number.

Guide to Malicious Linux/Unix Commands

UbuntuGuide.org has an excellent guide to Malicious Linux/Unix Commands which may be observed on live systems or honeypots.

Not only is it a good idea to monitor logs for attempts at using these commands, but it may also be a good idea to test your honeypot (especially if it's a virtual machine) to see if these commands will damage/destroy your honeypot.

Below is a current copy of the guide.  It has already dissapeared from the Ubuntu forums, so I felt it would be a good idea to archive "just in case".


"Listening" to a Password Cracker

I used the P22.com Music Text Composition Generator to create music using attempted usernames and passwords I gathered during just one cracking attempt at my honeypot.  The music is recorded at 2400 BPM using Lead 8 (bass + lead).
I feel the music has an electrifying video game feel to it.  The purpose of this video is to raise online security awareness.  I hope you enjoy it!


YouTube Link

Solar Activity could cause severe issues

From http://www.spaceweather.com/

STRONG SOLAR ACTIVITY: Having already unleashed two X-flares since Sept. 22nd, sunspot AR1302 appears ready for more. The active region has a complex "beta-gamma-delta" magnetic field that harbors energy for strong M- and X-class eruptions. Flares from AR1302 will become increasingly geoeffective as the sunspot turns toward Earth in the days ahead.

Strong solar activity could potentially cause severe disruptions in power grids world-wide, should a solar storm be observed similar to the one from 1859, in which "Telegraph systems all over Europe and North America failed, in some cases even shocking telegraph operators. Telegraph pylons threw sparks and telegraph paper spontaneously caught fire."

More password analysis

As more passwords are processed by my honeypot, I've decided to publish the password list in "cloud" format in addition to the raw data.  I feel this visualization is rather insightful, and shows interesting trends in password attempts.

Password Cloud

Interestingly enough is the fact that the most attempted password is "branburica".  A Google Search does not yield much info.

Password Cracker Analysis

Well I'm excited to say that just after a day of running Project Picnic Basket, I've already had someone stumble upon my SSH server and crack the password.

This was clearly an unintelligent cracker, which kept trying to crack the password after successfully cracking it.

I have taken the passwords which were used in the cracking attempt and dumped them into a nice Google Docs spreadsheet: Project Picnic Basket Cracked Passwords

Is your password on there?

I will update the list as I receive more crack attempts.

Research Project - Project Picnic Basket

I've decided to start a second research project called Project Picnic Basket.

This is of course a reference to Yogi Bear's crazed attempts to obtain any and all picnic baskets.  I have setup a SSH honeypot with a weak root password.  The honeypot has no access to my internal network, and is actually a virtualized Linux system using Kippo.

I've also setup a spam honeypot on this blog site using Project Honey Pot.

I will post any interesting results as I get them.

Introducing the Scam Fund!

I have decided to begin tracking how much scammers are offering to "give" to me, and how much money in transaction fees are requested to obtain said funds.

Currently, I have been promised over 20 million US Dollars.

Please check out the Scam Fund page, which will be updated regularly.

Scam Fund

Anonymous Plans 'Day of Vengeance' to Protest Execution, Arrests

A massive cyber attack is planned for tomorrow, September 24.  If your business could be a possible target, you might want to review your Disaster Recovery and Continuity of Operations plans, and be ready to enact them this weekend...

From PCMag:
To avenge the Wednesday execution of Troy Davis, hacktivist group Anonymous has added the Atlanta Police Department to its list of targets for a nationwide cyber attack scheduled for this Saturday, September 24.
...
On Wednesday, Anonymous announced a "Day of Vengeance" starting at noon ET this Saturday, when aligned hackers would launch cyberattacks on targets like "Wall Street, corrupt banking institutions, and the New York City Police Department."


 Read more at PCMag

Abandoning the Client-Server Model

Once every two weeks, I will try to write an in-depth blog post on an interesting topic within the security community.  My first topic is why the client-server model should be abandoned for antivirus and host intrusion detection/prevention.

It always seems that malware creators are always 1 step ahead of the security community.  Their methods for deploying and updating sophisticated botnets seems to be ever evolving, while the security community lags behind in technology.


Research Project: To Catch a Scammer

My first featured research project on this site will be "To Catch a Scammer".  I'm sure you've heard of NBC's To Catch a Predator.

The idea behind this research project is to examine internet scams and frauds, such as Advance Fee Fraud aka Nigerian 419 scam, auction scams, stock scams, etc.

I am currently researching the techniques used by Advance Fee Fraud scammers.

Surely this will be filled with fun.  I'm already conversing with one of the scammers, and will be uploading some rather interesting findings soon.

Emergency Adobe Flash Patch Today

Good Morning!

Today we will be treated to an emergency patch for Adobe Flash.
Prenotification: Security Update for Flash Player

Keep an eye on Adobe's security bulletins page for the patch.

Apparently this patch will address zero-day vulnerabilities which are currently being exploited.

Happy Patching!

A little note on Password Strength

I've always wondered why organizations encourage such strict, hard to remember, password combinations, ultimately resulting in the user being forced to write down the password, making the password less secure.

xkcd, a web comic, defines the problem perfectly...xkcd: Password Strength

Welcome

Welcome to Caffeine Security. Here you will find a daily dose of interesting security articles, news clips, white papers, and research.

Computer Security...Cyber Security...Information Assurance...whatever you call it, you know the purpose. Protect computer systems and networks from pretty much everything, including malicious users, clueless users, and even mother nature herself!

Each day I will try to post one security-related news item.

At least once every other week I will be posting some of my thoughts and my own research in the computer security/cyber security/information assurance field.

So why Caffeine Security? Obviously we're not trying for protect the secret formula to our favorite soft drinks... but if you're like me, you probably consume large quantities of caffeine just to keep you going in today's stressful security world.

Enjoy, and try to have a little fun!