Up to one billion RFID access cards could be affected by hack

Posted on March 31st, 2008 in News, Security, Technology News by Gil Kreslavsky

On the heels of two independent research teams demonstrating hacks of the Mifare Classic RFID chip algorithm, the Dutch government has issued a public warning about the security of access keys based on it. The minister of interior affairs, in a letter to parliament, wrote that there are plans for government institutions to take “additional security measures to safeguard security.”

It is no laughing matter, as the technology is used by transit operators in London, Boston, and the Netherlands. It is also used in access cards in numerous other organizations around the world.

Excerpt from PC World:

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

  • German researchers Karsten Nohl and Henryk Plötz have published a paper on how to crack the chip’s encryption (pdf)
  • Bart Jacobs, an information security professor, have released the video which I have embedded above.

The video demonstrates how cryptography could be retrieved from readers attached to access control infrastructure or even sniffed simply by walking pass a Mifare RFID card holder. Duplicate cards are then cloned to gain unauthorized entry. What is really scary is the ease with which the attacks are successfully executed.

The interesting thing here is that manufacturer, NXP Semiconductors, has quickly announced that there is a new version of the Mifare chip called the Mifare Plus with enhanced security – 128-bit encryption over the original 48-bit, to be exact.

The pertinent question here is why wasn’t the Mifare Plus introduced earlier? Now, it is not known how much this enhanced card will eventually cost, but reports say that the original Mifare Classic sold for less than a single dollar. Hence, the low cost of the Mifare Classic might have been a factor here.

Remove VirusProtect spyware

Posted on March 9th, 2008 in Virus by Gil Kreslavsky

Press Ctrl+Alt+Delete and Kill processes
VirusProtect 3.9.exe
VirusProtect_3.9.exe
VirusProtect 3.8.exe
Go to c:program files search for virusprotect
And delete all folders virusprotect 3.9 or 3.8
Go to start >regedit
Find and delete the following registry keys.

67dc0736-075a-4647-95f5-d5421b838fed
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler67dc0736-075a-4647-95f5-d5421b838fed
c7cd9e83-3bf6-47f8-b2e2-b114c96c1888
SoftwareMicrosoftWindowsCurrentVersionExplorerSharedTaskSchedulerc7cd9e83-3bf6-47f8-b2e2-b114c96c1888
aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe
SoftwareMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduleraaad3a22-1c07-45f5-bfb3-e9a8c3b382fe
13EDA0D4-F00D-43B9-8EF2-6313909D3143
47906C8A-7A72-45A8-AA59-0CEC20BD3B36
114B82D9-FBBF-4CED-8DDC-B42DCF85E18E
SoftwareMicrosoftInternet ExplorerToolbar13EDA0D4-F00D-43B9-8EF2-6313909D3143
SoftwareMicrosoftInternet ExplorerToolbar47906C8A-7A72-45A8-AA59-0CEC20BD3B36
SoftwareMicrosoftInternet ExplorerToolbar114B82D9-FBBF-4CED-8DDC-B42DCF85E18E
3e0cee63-f8bc-4485-a745-cc01b2a0e9d9
SoftwareMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler3e0cee63-f8bc-4485-a745-cc01b2a0e9d9
8b87dcc7-9b89-4205-aa82-076b2a1edfe0
c0ca766d-060c-48e1-b536-205e321bd174
MicrosoftWindowsCurrentVersionApp PathsVirusProtect 3.9.exe 3.9
VirusProtect 3.9
D2F6E4C0-349A-4A64-A773-C14661D5A9E4
FE2D4E30-10F9-4F16-B2D9-4D7A02F0AF34
F761F695-FD28-42D3-A669-C3FC8309A6F8
BD94CBD6-0B47-4327-8192-23BA274F7FD3
B20B249C-97C3-43F4-A560-A2C5239FBC50
A71C08E5-E038-4672-943F-B386DE479944
9A44471D-1B69-4834-881C-E8E85D198186
91335813-BFA8-493C-9ED5-E76A4F65F093
90E25318-2612-48DB-AD52-4D64B1E79368
7D93B305-D932-45FF-B484-B96BAF433B18
7060E07A-79A7-492E-8716-685840C41D3A
582ECCC8-C5BC-4EC4-8B0A-40274533088F
559FB885-1610-4359-B22F-CE0A0C7B1220
4A878A6E-E373-4F79-9B72-F6E3B6573FA4
477C7CD6-CAAD-43F5-96FB-C8F0F580F7E2
1FCE299D-2509-4156-8F35-737685DA33D6
0BD06CA9-D39D-470C-AD69-40B2D20ED44E
CFAFA83C-855B-4E3D-92B9-A587995B675A
E770F739-2968-4ED9-A63C-DC1938DC82A2
D7F73787-6206-4BBA-BDC0-7CFA9940DBCB
AE2AEED0-BE1B-4BA2-826E-20D1991081B8
A65F98DD-2360-468C-B76E-B1B84C0D547C
A63B46AD-96A7-4A2C-BD8F-8CD097E1593A
A1F8CD95-CFB3-43D1-A956-63441CC058C1
A1922071-390C-418D-916D-91209E95D286
8D42769F-07D8-494D-AAB4-AA1652C541FA
77DCE805-C8CE-48AA-A47F-BFA6CC7704B3
65C1361C-E696-4AF0-9E21-81910193F352
631E9E48-B066-43DA-92AC-6DADF61B173B
4E6E21EC-9D72-4164-8A53-74786A467872
44A923CA-F430-4F85-9F84-5153ECDB882E
2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245
1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68
0979850F-6C3E-4294-B225-B3D3C4A6F2A1
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler8b87dcc7-9b89-4205-aa82-076b2a1edfe0
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSchedulerc0ca766d-060c-48e1-b536-205e321bd174
dec5caa7-8045-495c-8034-35aff489fedf
d8b937a4-cdad-497b-a872-8da7c4c3ef6f
A1259BC7-68B1-4CCA-9294-C180A713E1F7
E856E05E-1B91-4339-9EFC-9A3308CB5491
17A1DBB5-DAD8-4E78-BF7E-9BE4B965408B
FF5137B5-C506-4D9B-8682-E0BE4675B899
6F6D1C90-7BEE-4A15-8DAB-9C37A643FD3A
D17CFF74-A19C-4C36-821A-E074E4F889CA
075a465d-0af2-4b79-8db3-2fda0fd8d74c
9b7958db-d4ef-4879-8044-e156a58c1a61
95ed0779-42e8-41d3-a2e3-01691fb2fd5d
b585105c-0e84-4ef0-9c6a-fbe134a72945
76fbb79c-2ec6-4962-a324-fd4362588e1c
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler?75a465d-0af2-4b79-8db3-2fda0fd8d74c
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler9b7958db-d4ef-4879-8044-e156a58c1a61
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler95ed0779-42e8-41d3-a2e3-01691fb2fd5d
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSchedulerb585105c-0e84-4ef0-9c6a-fbe134a72945
SoftwareMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler76fbb79c-2ec6-4962-a324-fd4362588e1c
3ae12a89-2063-409b-87f2-f809a6e76862
e221f0dc-2696-4b2e-bd63-25b33dc19b6e
b0883848-1466-4470-a418-3fe7d36694b9
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler3ae12a89-2063-409b-87f2-f809a6e76862
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSchedulere221f0dc-2696-4b2e-bd63-25b33dc19b6e
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSchedulerb0883848-1466-4470-a418-3fe7d36694b9
MicrosoftWindowsCurrentVersionApp PathsVirusProtect 3.8.exe 3.8
d653e105-3e53-480a-b129-54d957d174bb
8373a2e0-bdd0-42bd-b4ec-ba5451eb6607
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSchedulerd653e105-3e53-480a-b129-54d957d174bb
SoftwareMicrosoftInternet ExplorerURLSearchHooks8373a2e0-bdd0-42bd-b4ec-ba5451eb6607
SOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler8373a2e0-bdd0-42bd-b4ec-ba5451eb6607
VirusProtect 3.8
MicrosoftWindowsCurrentVersionApp PathsVirusProtect 3.8.exe
3B8E549E-0C73-4AAB-8939-5EA2ED102CC6
F2F8C877-B06C-4B5E-95E7-AACFC9E8219D
E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6
D91E9F36-9E44-44AB-803C-0D941FDA7988
D8EC2704-B249-4495-A7A4-A90857BDDF4D
D7C0DF6C-91FF-48BD-AD98-E35769394138
CE92A296-3142-493C-B64E-6ED73EAFB9AE
C269F4C1-7558-4DFC-9FB6-4C149B482586
A35F8FAC-755D-4F90-A5D3-F7E18D9EB100
9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A
972F0BE3-976F-40B8-8EB4-88A25987416E
63667718-EBF2-4CAB-B1E8-994D41589C24
5B8BED0F-5F18-4051-9908-C5C569A1AAE9
5146B43E-B36D-4A2A-B617-CC05CC500150
45FBEFBF-E8B6-44A5-B0A1-A143E1A74816
40E563B2-61B2-4215-819A-A7E24CF8AA3E
21688E5D-A895-4B60-B127-B76607420334
3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea

Unregister and delete VirusProtec process files
Unregister by running regsvr32 /u file that and file name
Example: regsvr32 /u c:windowswindows32 fsehfcu.dll

emlkdvo.dll-removed_skip
qhcvdw.dll
fsehfcu.dll
emlkdvo.dll
bdzzzcl.dll
ecxwp.dll
tvtpwp.dll
ncrjf.dll
wowlze.dll
vtssp.dll
pmspl.dll
VirusProtect 3.9.url
VirusProtect 3.9 Website.lnk
Uninstall VirusProtect 3.9.lnk
VirusProtect 3.9.lnk
VirusProtect 3.9.exe
VirusProtect_3.9.exe
VirusProtect 3.9
ymmzwd.dll
monem.dll
wxinptv.dll
ivrllc.dll
uglgs.dll
chzbi.dll
wygomd.dll
rldyt.dll
ucmbegr.dll
moywh.dll
vpccw.dll
gusur.dll
ryxrho.dll
Uninstall VirusProtect 3.8.lnk
VirusProtect 3.8
fftktmk.dll
vp.dat
Uninstall AntiVirGear 3.8.lnk
VirusProtect 3.8.lnk
VirusProtect 3.8 Website.lnk
VirusProtect 3.8url
VirusProtect 3.8.exe

Related Blogs

Recovering single mailbox from snapshot using NetApp SMBR

Posted on March 6th, 2008 in Excahnge 2003, Guides, NetApp, SMBR by Gil Kreslavsky

Attached step by step guide .
How to recover single mail /mailbox using NetApp SMBR

Recovering Single Mailbox From Snapshot SMBR

Recovering single mailbox from snapshot using NetApp SMBR In order to recover single mail, or mailbox. Access server or where SMBR is installed. Go to computer manger. Go to SnapDrive>Disks Presses right click on Disks, and press connect disk. 1. Press Next 2. Fill \\10.0.0.102\exchange01$\~snapshot\eloginfo__mtlexch01__recent\data\ Chose relevant LUN and press Next 3. Press Next 4. Assign drive letter and press Next. 5. Select ISCSI initiator and press Next 6. Select ingroop management type and press next. 7. Press Finish. 8. In the end you should see mapped disk under computer management >Snap Drive>Disks 9.Go to mapped drive , chose desired mailbox store and press double click on .edb file 10. NetApp SMBR wizard will open. Confirm log file and chose Temporary files path and press OK. The wizard will scan edb file and show you all mailboxes . 11. Press File and chose destination for recovery it can be PST file o direct to other mailbox. We chose “Open Target Exchange Server” 12. Now you can drag and mail/calendar/task or notes items to destination mailbox.