Google Summer of Code 2009

Monday, March 23. 2009
The Honeynet Project was selected for this year's Google Summer of Code. If you are a student and interested in participating in the program, please take a look at http://www.honeynet.org/gsoc. There you will find all information about the projects related to the Honeynet Project. Google will begin accepting applications from students beginning today, thus you need to be quick...

Learning more about RFI Attacks

Saturday, March 21. 2009
As part of the work at our lab we started to work on methods to learn more about remote file inclusion (RFI) attacks. The Internet Storm Center has developed a web-based honeypot which is available in a beta version. This honeypot can be used to collect information about different kinds of attacks, but requires the participant to install and maintain a honeypot on his own. For example, it is possible to deploy this honeypot on a OpenWrt router.
Since we are aiming only at RFI attacks, an easier approach is to redirect incoming malicious request to a central honeypot which then aggregates the information. Jan already blogged about this idea, this posting is meant to spread the word.

You can help us by using the following .htaccess file on your web server:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{QUERY_STRING} (.+=http:\/\/.+)
RewriteRule ^(.+)$ http://link.informatik.uni-mannheim.de/$1?%1 [R,NC] 
The script checks if the incoming request looks like an RFI attack (RewriteCond) and then redirects this request to one of our honeypots (RewriteRule). Please let us know if you have any questions or ideas.

Blog of the FORWARD Project

Friday, March 20. 2009
admin
One of the projects I am involved in is FORWARD:
FORWARD is an initiative by the European Commission to promote the collaboration and partnership between Academia and Industry in their common goal of protecting Information and Communication Technology (ICT) infrastructures. Communication networks and computers are under constant Cyber-threats from malicious users and organizations that use viruses, worms, spyware, botnets, spam, and phishing, to harm the European citizens and organizations.

The FORWARD initiative aims at identifying, networking, and coordinating the multiple research efforts that are underway in the area of Cyber-threats defenses, and leveraging these efforts with other activities to build secure and trusted ICT systems and infrastructures.

A complete overview of the FORWARD project is available at http://www.ict-forward.eu/. The project is funded as part of the European Community's Seventh Framework Programme. Since some time, the project also maintains a blog, which is located at http://blogs.ict-forward.eu/forward/. There you can find the latest updates and an overview of the current project activity. Check it out and comment on the project, we would love to get your feedback!

CanSec / PWN2OWN contest

Thursday, March 19. 2009
admin
It has been some time since my last blog entry, I've been busy with my thesis. My defense is at the end of next month - finally getting ready with everything :)

This week I am in Vancouver for CanSec, I taught a course about honeypots on Monday. Now I'm enjoying the conference, the agenda is pretty cool this year! The main focus of yesterday was on mobile phones, most of the presentations dealt with smartphones like the iPhone or the Android platform. Sniffing keystrokes via a laser microphone or a voltmeter is next, really looking forward to that presentation.

CanSec also has a new edition of the PWN2OWN contest. This year, the main focus of the contest is web browsers and mobile phones. On the first day, several browsers were 0wned, Nils even managed to exploit three different browsers. Below is a screenshot of the scoreboard taken in the afternoon - Julien then managed to compromise the machine and afterwards Nils scored for the third time:

Interestingly, nobody attacked the smartphones - perhaps we see some attacks during day 2 and 3.