Detecting Firmware Infection : Prelim start@Google's VIRUSTOTAL

1.   The severity in cases where firmware is already infected at the time of first purchase by the user is now being realized over the years. Be it the Dell server case , Seagate firmware case , Equation Group , Proof of Concept for even Macs , NSA revelations by Snowden and the list is pretty long to workout.Over various discussions and forums I read across I could never get any kind of implementing a solution to detect a threat at the firmware level not before I read about about the first such attempt via Google VirusTotal.

2.   Google’s VirusTotal service has come-out with a new tool that analyzes firmware, the low-level code that bridges a computer’s hardware and operating system at startup. The new tool will label firmware images as either legitimate or suspicious. It can also extract certificates attached to firmware and if there are other executable files inside of it. The tool can extract portable executables (PEs) inside firmware since these could sometimes be a source of malicious behavior. 

“These executables are extracted and submitted individually to VirusTotal, such that the user can eventually see a report for each one of them and perhaps get a notion of whether there is something fishy in their BIOS image,” Santos wrote. 

3.   It will now be possible for people to extract their own firmware and submit it to VirusTotal, which has the potential to create a database of various firmware images that could contribute to research into bad ones. 

4.    No details could be fetched across of how it actually works.But happy about there being a kind of first.More options wil arise after this circulates around and we have a secure eco-system of web.

DD-WRT : Linux based Alternative OpenSource Firmware

1.   After we have heard and seen over last few years the rise of Open Source and their imminent threat to Mac and Windows!!!!,now I read about  , a Linux based alternative Open Source firmware suitable for a great variety of WLAN routers and embedded systems.

2.    This open-source firmware was developed for specific router models and is used as a replacement for the factory default firmware. This modification lifts restrictions built-in to the default firmware, providing advanced capabilities to make Internet and Home Network more controllable and versatile.Manufacturers develop routers for non-technical users in mind, making them simple and easy to use, while limiting their effectiveness as a web-access gateway. DD-WRT transforms a personal-class router with limited functionality into a powerful, multi-use, business-class router. With DD-WRT, a router's enterprise potential can be unlocked at a home user's price.

3.    The advantages offered are bought out below :

    - Stability of running a linux-based, non-proprietary firmware.
    - VPN (Virtual Private Network) passthrough capabilities.
    - Software support for the SD-Card hardware modification.
    - Advanced QoS (Quality of Service) controls for bandwidth allocation.
    - NAT (Network Address Translation) support.
    - Cycle router from the Administration settings.
    - Built-in DNS caching
    - Configure the router as a Wi-Fi hotspot using the integrated Chillispot          
    - Radius Authentication for additional wireless security.
    - VLAN (Virtual Local Area Network) Support.
    - Create unique SSIDs (service set identifiers) when using multiple routers.

4.   But it is not a win win situation always,while flashing a router with DD-WRT is highly beneficial , the risks that are involved can sometimes outweigh the benefits . Flashing a router with DD-WRT can be risky and when done improperly, it may "brick" the router. For devices mainly used for private purposes, DD-WRT is freely available. Platforms used for commercial purposes require a paid license. Compared to the freely available version, the professional version also allows for configuration of the WLAN parameters, thus opening up the opportunity of creating e.g. reliable and powerful network infrastructures. Special demands can be fulfilled by specifically tailored versions of DD-WRT.

Single malicious document can expose your whole LAN via ur trusted MFD

1.   "Imagination is the key to Success" in the world of IT....specially applicable to the world of cyber crime....this one i read at one of my fav news feed destinations at http://thehackernews.com...now when we keep covering up the PCs with ideas like antivirus/anti-malware and all sorts of anti's and virus'cides....this thing has come up fresh.....attack the LAN after altering the firmware of the masoom MFD ie multifunction device.Sequence of the main article at http://thehackernews.com is produced below :

- At Chaos Communications Congress (28C3) 

- Ang Cui presents Print Me If You Dare

- He explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers

- He showed how he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. 

- Performed two demonstrations 

- In the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet.

- In the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall.

- Actually found a method to exploit the firmware update capability of certain Xerox MFPs to upload his crafted PostScript code. 

- Was able to run code to dump memory from the printer. This could allow an attacker to grab passwords for the administration interface or access or print PIN-protected documents.

2.  So now start taking care of your firmware updates of your MFDs......

3.  More at http://thehackernews.com.

WiFi at home : Take precautions

1. Accessing WiFi at home is no more limited to tech geeks as the simple configuration has made it accessible to even a layman who hardly has any know how of how it works and what are the dangers floating around if he goes with the default settings.The two year back case of a hacker emailing from an open WiFi account in Mumbai reflects the deep dangers associated with such mishaps.Following are a set of desirable config changes any WiFi account holder at home and office whould take care of while configuring.....

Step 1: Change the default password

Step: 2: Change the default IP address

Step 3: Disable the DHCP service

DHCP (Dynamic Host Configuration Protocol) enables remote computers connected to the router to obtain an IP address and join the network without needing to know the IP and router address information. This is a simple and effective way of keeping intruders away. As far as possible, set up the computers on your network with static IP addresses. If you still want to use DHCP to make your own configuration easier, restrict the number of DHCP IP users to the number of computers on your network. For example, if you have five laptops running on the network, limit the DHCP IP addresses to 5 from the default 50.

Step 4: Restrict the network mode

Step 5: Change the default SSID

Step 6: Opt for WPA2 or PSK security over WEP

Step 7: Enable the MAC Filter

Step 8: Use the router’s firewall

Step 9: Use Internet Access Policies

Step 10: Disable remote administration

Step 11: Switch off the router when not in use

Step 12: Disconnect the Internet when not needed

Step 13: Position your router carefully

Step 14: Update the router firmware

Step 15: Scan for signal leaks from time to time

2. Also check out here.Thanks http://www.freealldown.com