Virtualbox virtual machines keep aborting.

If you've been experimenting with different operating systems for a while, or you have some need to run more than one OS on a particular desktop machine, chances are you've been playing around with Oracle Virtualbox due to its ease of use, popular set of features, flexibility, and cost. You've also probably run into the following syndrome (usually while trying to build a new virtual machine):


  • You configure a new virtual machine.
  • You associate a bootable optical disk image with the new VM (for the sake of argument, let's say you're experimenting with the 50 megabyte(!) distro Damn Small Linux …

Read more...

A random USB port in my hotel room.

When I was in DC a couple of weeks ago, I noticed that the lamps in my hotel room had USB ports in them, presumably for plugging in smart devices to recharge in the event that the traveler did not bring a power strip. Most hotels aren't known for offering a surplus of power outlets.

Seeing as how I was back in Washington, DC, called by some The City of Spies, I couldn't help but wonder how such a thing could be used offensively. Let's say I wanted to gig somebody's smartphone with some canned exploits and a malware package …

Read more...

How to move your /boot partition onto removable media.

Part of every traveler's threat model today should include the following scenario:

When you're trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport's security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though …

Read more...

OCZ NIA hacking, now with Python!

Disclaimer the first: I don't know a whole lot about USB or device drivers. Those of you who do will no doubt point and laugh.

Disclaimer the second: Where applicable, I've given credit for and linked to the work of others. I've independently discovered a few things that others have already figured out, so one or two things may not be attributed. In that case, please let me know and I'll put a reference where applicable.

Over the past few weeks I've been playing with my OCZ NIA on and off. My first attempt at getting anything out of it …

Read more...

OCZ Neural Impulse Actuator notes and roll-up post.

While reading the files in /usr/src/linux/Documentation/usb/ I got it in my head to see if anyone else had spent any time reverse engineering the OCZ NIA, or at least had figured out how to get output from it. I spent some time a couple of days ago playing with it on Windbringer (running Gentoo Linux and all I was able to determine in the short time I worked on it was that it successfully registers itself with the Linux kernel's USB subsystem as an USB Human Interface Device (heh). After collecting some information I put the …

Read more...

The OCZ NIA and Linux.

As I mentioned a couple of weeks ago I recieved as a Yule gift an OCZ NIA, a hardware device aimed at gamers which acts as one part EEG and one part biofeedback monitor. The idea behind it, in short, is that the user trains eirself using the included software to generate specific patterns of electrical activity in the brain and facial muscles that the drivers use to trigger certain system events. There's just one thing: there are no Linux drivers.

I love a challenge.

For the record, I'm using Windbringer as my testbed, running Gentoo Linux 2008.0 and …

Read more...

Looks like Windbringer's on the ropes.

I think the USB v2.0 chipset in Windbringer is failing - all USB v1.0 and v1.1 devices I've used work fine, but now the bottommost jack is acting flaky. All storage devices plugged into the bottom are unreliable, and vanish (from the OS' point of view) randomly, leaving stale file handles and hung processes all over the place. I've seen this pattern of behavior before: Once USB fails completely, everything else tends to collapse like a house of cards during flu season.

Stopgap measure: Purchase a USB v2.0 PCMCIA card. Going to do that tonight.

Solution #1 …

Read more...

Situation report from Austin, Texas.

Things have finally slowed down somewhat in Austin, affording me the opportunity to write a long-overdue update. Workdays have been long (averaging thirteen hours out of every twenty-four), which is why I've been quiet lately.

From what I've seen of Austin, it's a pretty nice place. I"m situated a stone's throw from the airport, and within visual distance of the highway system, which has been both relaxing (coming from an urban background) and a pleasant change of pace from the places that I'm usually put up by my employers.

Two nights ago Tiffany (co-worker and fellow foot soldier fighting …

Read more...

Windows Vista bootloader compromised!

A presentation at Black Hat Europe 2007 by security researchers from India has blown the security of the Windows Vista bootloader wide open, and compromised the security model of Microsoft's latest operating system at the lowest levels. Vipin and Nitin Kumar of NV Labs figured out how to write what the popular press is calling a 'bootkit' that runs off of a bootable CD or DVD. The bootkit searches the primary drive for a copy of Windows Vista and executes it while making modifications to the code running in memory transparently - because the OS trusts the 'trusted' bootloader implicitly, it …

Read more...

For the system administrator or parent that has everything, how about a RAT?

'Remote access tool', that is - a little beastie (usually considered malware, though there are legit incarnations of this sort of software) that hides itself inside a workstation and lets someone connect remotely at any time and go through the system and silently monitor what the user is doing. Crackers have been using them for years for recon before an infiltration attempt, but only recently are the white hats finding uses for them. Such as watching what your kids are up to. Presenting Snoopstick, an all in one package for infecting someone's box with a RAT that lets you keep an …

Read more...