Wired has a story out of DefCon picturing Blackberries as the perfect backdoor into your corporate network. Since many cop orations inherently trust the blackberry straight in through their firewalls, it might be worth a read.

The program, called proxy, has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail. Once installed, it causes the Blackberry to call back to the attacker’s system in the background, opening a communications channel between the attacker and the company’s internal network.

Details are sketchy, and I can’t find the mentioned “documents on its website” or get to their website at all, but the fact that he says he’ll release the app in the next week or so doesn’t make me feel all warm and fuzzy.

Blackberry a Juicy Hacker Target [Wired]

The guys at Black Hat are demonstrating some interesting attacks against the device drivers for the wireless card in a MacBook Pro:

The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system.

This highlights an emerging trend of attacks against device drivers. Should attacks like this become a trend I suspect we’ll see the following:

• Wireless Cards Hit First: Many attacks focused on Wireless cards, and not just because they are remotely accessible. The fact that there’s only a couple of chipset manufacturers will make attacks easier. Especially considering this:
  

  After the demo, Ellch … will talk about a new tool he’s developing that can remotely scan and figure out the chipset and driver version of a wireless device on a target computer. So far, Ellch said the tool currently recognizes 13 different wireless device drivers, breaking them down by operating system and firmware version.

  “I’m getting this tool to the point where it can tell you not only how many people in a room are running, say, Centrino or Broadcom devices, but that ‘x’ number are running them on a Windows box with a specific version of the driver,” Ellch said. “The userful thing for that information is that if you have a device driver exploit and it’s version-specific, you could tweak [the exploit] before you launch it.”

• Homogenous Environments Hit Hardest: As demonstrated Macs will be easier targets, But think about other homogenous environments: Corporate networks whole use all the same PCs (or maybe just all the same nibs), ISPs that use all the same kind of DSL/Cable Modems, etc…
• Mitigates Slow to Come: There won’t be patches coming out of Windows Update for many of these. Expect longer windows of vulnerability and traditional mitigations like firewalls to prove ineffective.

So what do we do? Assuming the attack involves over running a buffer, some sort of kernel-level buffer overflow protection in a Host Intrusion Prevention-type product seems to be in order. The whole article is worth a read. Share your thoughts by leaving a comment below.

Hijacking a Macbook in 60 Seconds or Less [Security Fix]

Managing Firewalls is at the core of any information security program. If you haven’t done it or mananged it, you will one day. The guys at secmanager have a Top 10 list that has some good foundational rules:

2. Use a stealth Rule at the top of the rule base…

4. Keep the rulebase as simple as possible…

I’d like to add one to their list:

11. Have an documented, auditable change management process for every rule you have in place. When your boss asks, “Why is that rule there and what will break if we remove it?” You don’t want your answer to be, “I don’t know.”

Top Ten Tips for Managing Your Firewall [secmanager]