I have finally started working through a few examples from a book I got a while back titled "Fuzzing: Brute Force Vulnerability Discovery" by Michael Sutton, Adam Greene, and Pedram Amini. It is an exciting read. If you added this book, a few good bags of coffee, a copy of "Penetration Tester's Open Source Toolkit, Volume 2" by Chris Hurley, and a copy of "The Monkey Wrench Gang" by Edward Abbey and you just might pee your pants.

I checked out a few fuzzing frameworks that are available and I am going to pass on some criticisms, recommendations, and offer one of my initial attempts at writing a fuzzer.

Spike and Spike Proxy - Spike is a good framework for doing some serious fuzzing. It is considered the industry standard for fuzzing. Spike Proxy, written in python, runs a proxy on your box that you point your browser to, then browse through a site, then fuzz all the arguments that were used. Both are designed to be extended to meet the needs of punishing your target. I messed around with Spike Proxy a little but and found its web interface a bit unintuitive but was impressed at the thoroughness of abuse it gave to my application. In the end I was turned off by its size, lack of documentation, and seeming inability to create reusable components.

Peach - If you are looking for a beefcake, macho, fuzzer like Spike that does allow for creating reusable components then you will like Peach. Version one is included with BackTrack v3, but requires you to write in python. Version 2, which was just released in time for Black Hat 2008, has you write the fuzzer in xml. I spent some time going through an example of fuzzing the wav file format and was pretty impressed with the robustness of this fuzzer. The one main benefit here is that there are components that are capable of attaching to all aspects of the target. For example if you are testing a three tiered system where there is a webserver on one host and a database server on another you can create a monitor to run a debugger on the target webserver process, and a separate monitor to track system stats on the database host. This is really useful when you are running a large number of automated tests on a system and you do in fact crash it or generate some useful error condition. In this situation you are left asking "What test / code path generated this error?". Using peach's monitor agents makes answering this question easy when compared to other frameworks. Additional features include the ability to do kernel level fuzzing, and run fuzzers in parallel.

RFuzz - This is a simple Ruby library that provides you a fuzzable web client, and a framework for running some simple tests against a service generating response statistics along the way. Since I have been interested in doing more testing with metaploit, just met postmodern who is working on a ruby replacement / extension of metasploit called Ronin, and wanting to share flatline's love of ruby on rails, I decided to dive in. This truly is a pretty basic framework. I wrote a simple brute force password cracker for Drupal that only uses its client, ignores its Random Generator, and doesn't use the test harness (see attachment). Basically barely uses the lib. The general ideal with this framework is that you define a web based target, run a bunch of tests using random data, then generate a bunch of statistics on the tests. By looking at the generated statistics you should be able to narrow down your attack vector.

At the end of all this I realized what I really want is a well documented fuzzing framework, with examples, a mutator and random value generator interface, allowing you to feed it some kind of libpcap file (output from tcpdump of wireshark), and that allows you to target specific components of a web application like Drupal with a quick learning curve. I am doubtful of whether this framework exists or not, but plan on continuing looking into GPF (included with backtrack), and OWASP Tools aka WebScarab (this organization is an interesting 501 3c with a non-hierarchical infrastructure).

Until next time,
with /dev/urandom all over your backups,
evoltech

Where art and technology meets, that seems to be the goal of NoiseBridge, a hacker space that just opened up in SF this week. This is defiantly something the HackBloc collective wants to be involved with, and it seems that Mitch Altman (inventor of the TV B GONE) is a main organizer. If anyone from NoiseBridge reads this page, Contact US! we would love to do a lecture on encryption and collaborate!

https://www.noisebridge.net/index.php/NoiseBridge

From AK Vorrat:

On 11. October 2008 we call for an international action day in as many European capital cities as possible and elsewhere around the world to demonstrate against the total retention of telecommunication data and other instruments of surveillance. We would like to recall the remembrance of the historical achievement of civil rights and liberties as a heritage of the Age of Enlightenment and to support the trust in security in our free society. Read More...

e-fense has released helix, i haven't tried it out yet but it seems useful for testing what information your computer is leaving behind

http://www.e-fense.com/helix/

"Helix is a customized distribution of Ubuntu Linux. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special live side for Incident Response and Forensics.

Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques."

Reprint from the BBC:

China has been monitoring and censoring messages sent through the internet service Skype, researchers say.

Citizen Lab, a Canadian research group, says it found a database containing thousands of politically sensitive words which had been blocked by China.

The publically available database also displayed personal data on subscribers.

Skype said it had always been open about the filtering of data by Chinese partners, but that it was concerned by breaches in the security of the site.

Citizen Lab researchers, based at the University of Toronto, said they discovered a huge surveillance system which had picked up and stored messages sent through the online telephone and text messaging service.

The database held more than 150,000 messages which included words such as "democracy" and "Tibet" and phrases relating to the banned spiritual movement, Falun Gong.

"These text messages, along with millions of records containing personal information, are stored on insecure publicly accessible web servers," said Citizen Lab's report, entitled "Breaching Trust".

They said that by using one username, it was possible to identify all the people who had sent messages to or received them from the original user.

'Meeting laws'

Skype is operated in China as Tom-Skype, a joint venture involving the American auction site, eBay and Chinese company TOM-Online.

Citizen Lab said it was "clear" that Tom was "engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users".

They asked to what extent Tom Online and Skype were co-operating with the Chinese government in monitoring communications.

But Skype president Josh Silverman said China's monitoring was "common knowledge" and that Tom Online, had "established procedures to meet local laws and regulations".

"These regulations include the requirement to monitor and block instant messages containing certain words deemed offensive by the Chinese authorities," he said.

Mr Silverman said that it had been Tom Online's policy to block certain messages and then delete them and he would be investigating why the policy had changed to allow the company to upload and store those messages.

Although internet use in high in China, the authorities have long prevented citizens from accessing websites which it considers politically sensitive.

Western internet companies such as Google, Microsoft and Yahoo have been criticised by human-rights groups for adhering to China's strict regulations.

Clearly Skype is not a safe service at all.  I would not consider using it for any sort of contact that I didn't mind if anyone in the world heard.

Hackbloc Chat ---> http://hackbloc.org/node/1824

it's done with talkinator, so don't be stupid, if it becomes pointless, we'll just delete it.

Hey everyone,

Just wanted to give a quick update on the status of hackbloc. Right now we are working on trying to get a SILC chat server up and running and HOPEFULLY it will be done by Wenesday evening. We will post instructions on how to log in once we get to that point. This will act as a networking device for fellow browsers to the site.

Also we are working to get a blog system on the site so users can write about random stuff and share it with our world, if we like it it will go on the front page and if it's REALLY good we will put it in the zine.

Lastly we are in the final throes of the next hack this zine. Once it is done you will be able to order copies or pick them up and a friendly infoshop.

We are always open to new ideas if you have suggestions for us, just comment or send us an email.

-Frenzy

Day 3 of the Arse-Elektronika conference is today in San Francisco.  I went to the Arse-Elektronika conference for the first time yesterday and I have to say it was quite stimulating.  From the confrence organizer:

"Critical Perspectives on Sexuality and Pornography in Science and Social Fiction

Taking up where the successful conference in autumn 2007 left off, this year's Arse Elektronika stands under the motto "future" -- and the ways in which the present sees itself reflected in it. Maintaining a broadened perspective on technical development and technology while also putting special emphasis on its social implementation, this year's conference focuses on Science and Social Fiction.

The genre of the "fantastic" is especially well suited to the investigation of the touchy area of sexuality and pornography: actual and assumed developments are frequently depicted positively and approvingly, but just as often with dystopian admonishment. Here the classic, and continuingly valid, themes of modernism represent a clear link between the two aspects: questions of science, research and technologization are of interest, as is the complex surrounding urbanism, artificiality and control (or the loss of control). Depictions of the future, irregardless of the form they take, always address the present as well. Imaginations of the fantastic and the nightmarish give rise to a thematic overlapping of the exotic, the alienating and, of course, the pornographic/sexual as well."

After it is all over I will give a report back.  But if you are in San Francisco today you should go.  It starts at 1 PM.

Learn more at http://www.monochrom.at/arse-elektronika

Citizen_Engineer from citizen engineer on Vimeo.

Dear Friends, Family, and Comrades:

We are the RNC 8: individuals targeted because of our political beliefs and
work organizing for protests at the 2008 Republican National Convention, in
what appears to be the first use of Minnesota’s version of the US Patriot
Act. The 8 of us are currently charged with Conspiracy to Commit Riot in
Furtherance of Terrorism, a 2nd degree felony that carries the possibility of
several years in prison. We are writing to let you know about our situation, to
ask for support, and to offer words of hope.

A little background: the RNC Welcoming Committee was a group formed in late
2006 upon hearing that the 2008 Republican National Convention would be
descending on Minneapolis-St. Paul where we live, work, and build community.
The Welcoming Committee’s purpose was to serve as an
anarchist/anti-authoritarian organizing body, creating an informational and
logistical framework for radical resistance to the RNC. We spent more than a
year and a half doing outreach, facilitating meetings throughout the country,
and networking folks of all political persuasions who shared a common interest
in voicing dissent in the streets of St. Paul while the GOP’s machine chugged
away inside the convention.

In mid-August the Welcoming Committee opened a “Convergence Center,” a
space for protesters to gather, eat, share resources, and build networks of
solidarity. On Friday, August 29th, 2008, as folks were finishing dinner and
sitting down to a movie the Ramsey County Sheriff’s Department stormed in,
guns   drawn, ordering everyone to the ground. This evening raid resulted in
seized property (mostly literature), and after being cuffed, searched, and
IDed, the 60+ individual inside were released.

The next morning, on Saturday, August 30th, the Sheriff’s department executed
search warrants on three houses, seizing personal and common household items
and arresting the first 5 of us- Monica Bicking, Garrett Fitzgerald, Erik
Oseland, Nathanael Secor, and Eryn Trimmer. Later that day Luce Guillen-Givins
was arrested leaving a public meeting at a park. Rob Czernik and Max Specktor
were arrested on Monday, September 1, bringing the number to its present 8. All
were held on probable cause and released on $10,000 bail on Thursday, September
4, the last day of the RNC.

These arrests were preemptive, targeting known organizers in an attempt to
derail anti-RNC protests before the convention had even begun. Conspiracy
charges expand upon the traditional notion of crime. Instead of condemning
action, the very concept of conspiracy criminalizes thought and camaraderie,
the development of relationships, the willingness to hope that our world might
change and the realization that we can be agents of that change.

Conspiracy charges serve a very particular purpose- to criminalize dissent.
They create a convenient method for incapacitating activists, with the
potential for diverting limited resources towards protracted legal battles and
terrorizing entire communities into silence and inaction. Though not the first
conspiracy case against organizers- not even the first in recent memory- our
case may be precedent-setting. Minnesota’s terrorism statutes have never been
enacted in this way before, and if they win their case against us, they will
only be strengthened as they continue their crusade on ever more widespread
fronts. We view our case as an opportunity to demonstrate community solidarity
in the face of repression, to establish a precedent of successful resistance to
the government’s attempts to destroy our movements.

Right now we are in the very early stages of a legal battle that will require
large sums of money and enormous personal resources. We have already been
overwhelmed by the outpouring of support locally and throughout the country,
and are grateful for everything that people have done for us. We now have a
Twin Cities-based support committee and are developing a national support
network that we feel confident will help us through the coming months. For more
information on the case and how to support us, or to donate, go to
http://RNC8.org

We have been humbled by such an immense initial show of solidarity and are
inspired to turn our attention back to the very issues that motivated us to
organize against the RNC in the first place. What’s happening to us is part
of a much broader and very serious problem. The fact is that we live in a
police state- some people first realized this in the streets of St. Paul during
the convention, but many others live with that reality their whole lives.
People of color, poor and working class people, immigrants, are targeted and
criminalized on a daily basis, and we understand what that context suggests
about the repression the 8 of us face now. Because we are political organizers
who have built solid relationships through our work, because we have various
forms of privilege- some of us through our skin, some through our class, some
through our education- and because we have the resources to invoke a national
network of support, we are lucky, even as we are being targeted.

And so, while we ask for support in whatever form you are able to offer it, and
while we need that support to stay free, we also ask that you think of our case
as a late indicator of the oppressive climate in which we live. The best
solidarity is to keep the struggle going, and we hope that supporting us can be
a small part of broader movements for social change.

For better times and with love,

the RNC 8: 

Monica Bicking, Robert Czernik, Garrett Fitzgerald, Luce Guillen-Givins,
Nathanael Secor, Max Spector, Eryn Timmer, Erik Oseland,