Articles & Presentations

Thursday, March 28, 2013

(C) BSides Austin a HUGE success and spawns additional effort - Hackers in Uganda




2 years ago I hounded the director of CODE 2600 to allow BSides Texas events (DFW, Austin & San Antonio) show his movie at our awesome Cons. He agreed and the rest is history as they say.

At the BSides DFW post Con reception I had a discussion with Jeremy on the efforts of Johnny Long and Hackers for Charity and thought it would make a good documentary. Our own HFC supporter and Austinite @Spridel11 (Justin Brown) was in attendance and I introduced the two and they talked.

A short 4 months later at BSides Austin's CODE 2600 movie showing, also the following day during the Con, Jeremy made the following announcement. Roughly stated:

'We are pleased to announce Zerchak Films and 'Hackers for Charity' have officially launched 'Hackers in Uganda' KickStarter to raise $15,000 to help fund a documentary of the impact and efforts of Hackers for Charity on the people and country of Uganda.'

I am proud to have been a part of this and look forward to seeing what comes out of this endeavor. We need films like CODE 2600 and 'Hackers in Uganda' in order for people to truly understand the Information Security and Hacker communities and the good we do.

Hackers are not bad, just curious, and we help people just like anyone else. We are the good of our community and help to find flaws in systems before the criminal element does, we are the good guys and gals of the Information Technology community.

So PLEASE support the Kickastarter "Hackers in Uganda” effort and let's make this movie and a difference. There are lots of good stuff you can get as a part of your donation, so take a look.

Hackers in Uganda website

Hackers for Charity website


CODE 2600 website


#InfoSec #HFC #HackersinUganda

Wednesday, March 27, 2013

(W) Amazon leaking data found by one Thoughtful Hacker in July 2012




Recent press by Rapid7 on Amazon S3 Buckets leaking data was first shared with me by my partner Ian. In June/July of last year he was working on a side project and found some disturbing information with me.

I wanted to share his findings as Rapid7 missed something. Here is his comments to me.

"OK, here are some additional details that I didn't see touched upon. I've been keeping this one quiet within the community, but since Rapid7 broke it, might as well...

Back in June of last year I was working with an Amazon EC2 instance and something caught my eye. I made a mental note to come back and check it out. I did later and found a whopper.

In EC2 you can create additional S3 drives. When you go through that process, you can select a "public" image to use. Just by scrolling through the list, some of these looked like they shouldn't have been public. I later came back and started examining them manually. The first one I tried was pretty significant. Let's just say it was a company that has a fondness for a type of dog and the color red. 'Nuff said. There were tons of email addresses, SSH keys, and so forth all over this.

So I went to work writing a utility for scraping called Snoop.py so I could pull out and analyze more of this stuff and see what the common thread was. As you found, there is lots of stuff exposed on there that shouldn't be.

Now, here's where it gets really interesting.

I found that most, but NOT ALL, of the "public" drives were configured as "public". That is, there was a clear subset that were NOT marked as being public. And I found a really easy way of seeing this in the Amazon portal. Here's how it works. If you go to the S3 side of the house and go to the option where you can see all public images in a list, take a copy of that list. Now, go to where you would create a new drive and attach an image. Take a copy of that, and compare. Back in July through probably September, if you did this you would have a discrepancy -- you could attach to more drives that weren't yours than you could see on the public list. And, these were the most, let's say, juicy.

I let some folks know and made attempts to contact others. At some point, sometime around or after September, it seems those "extra" drives disappeared from view and things went back to normal.

Although clearly people still are leaking data. But I suspect, but have no hard proof, that there was something else wrong in the cloud."

Ian and I got side tracked with malware work, but planned to get back to it. Since Rapid7 released the info,it only seemed right to release this info.

Got leaky storage?

Rapid 7 article on data leaking S3 buckets

#InfoSec #Amazon