Aerosol

Update: Android Hacking and Security, Part 17: Cracking Android App Binaries Se pare ca a aparut deja Part 17.

https://bitcointalk.org/index.php?topic=895413.100 taci ba nu mai comenta aiurea

"Din motive de siguran??, rug?m to?i utilizatorii platformei BTCXchange.ro s? î?i retrag? toate fondurile, atât FIAT cât ?i BTC (Bitcoin), din contul aferent platformei pân? în data de 19 decembrie 2014 inclusiv ?i s? nu mai tranzac?ioneze", se arat? într-o notificare publicat? mar?i pe site-ul platformei. Îndemnul c?tre utilizatori de a retrage banii a fost reiterat miercuri, reprezentan?ii platformei ad?ugând c? nu mai au acces la server. În momentul de fa??, nu este clar dac? serviciile de tranzac?ionare vor fi reluate sau dac? platforma se va închide definitiv Anun?ul privind întreruperea tranzac?iilor cu bitcoin a venit la doar câteva s?pt?mâni dup? ce procesatorul de pl??i mobile Netopia mobilPay ?i BTCXchange au încheiat un parteneriat pe baza c?ruia cei 6.000 de comercian?i ai Netopia care folosesc sistemul mobilPay pot accepta pl??i în moneda virtual?. Potrivit reprezentan?ilor Netopia, problemele cu care se confrunt? platforma digital? nu vor afecta eventualele tranzac?ii cu bitcoin la comercian?ii parteneri, în contextul în care BTCXchange nu a procesat pân? în prezent nicio astfel de tranzac?ie, transmite CoinDesk. "Planurile ?i interesul nostru în ceea ce prive?te bitcoin sunt mai mari ca oricând. Dorim s? ne pozi?ion?m pe primul loc în regiune în cadrul mi?c?rii bitcoin", a declarat pentru CoinDesk Antonio Eram, directorul general al Netopia. Potrivit datelor BTCXchange, în total 5.165,18 de bitcoin, cu o valoare de circa 8,3 milioane de lei, au fost tranzac?ionate anul acesta pe platforma digital?. Platforma este de?inut? de o persoan? fizic? - Horea Vu?can. Valoarea bitcoin a variat între 250 ?i 3.405,56 lei pe parcursul anului. Joi, moneda virtual? se tranzac?iona la 1.285 lei. Source ======================================================== Eh, asta se intampla doar pentru ca adminsitratorul e un mare zgarcit, oricum programatorul le-o dat grav peste bot, si-a dat demisia si nu le mai da datele (el fiind singurul om ce avea acele date).

Free PDF Merger + (100% discount) Free Thief Assistant (100% discount) Free Activity Timer – Pomodoro Edition (100% discount) Free Silly Family (100% discount) Free Jack Vs Ninjas (100% discount)

Free Easy Access Video Training (100% discount) Free Smart UnInstaller (100% discount) Free Control Your Expenses (100% discount) Free Super Manatee! (100% discount) Free Pet Vet Hospital (100% discount) Free The Witches of Pumpkin Avenue (100% discount)

Free Sergeant Crash (100% discount) Free Swippy Motion (100% discount) Free Dots in the line (100% discount) Free Top Buy (100% discount) Free SWAK! (100% discount) Free Tablik (100% discount) Free Zen Juggling (100% discount) Free PrimeFactor (100% discount) Free Sushi Run! (100% discount) Free Garden Island Plant Village: Grow & Harvest Fruits & Vegetables on your country farm! (100% discount) Free Alyia (100% discount) Free Escape the Hellevator! (100% discount)

APT – Will the current incident response methodologies be effective?

An online "hacktivist" group that calls itself Anonymous has claimed responsibility for hacking into email accounts of Swedish government in response to the seizure of world renowned The Pirate Bay website and server by Swedish police last week. Apart from Sweden government officials, the Anonymous hacktivist group also claimed to have hacked into the government email accounts of Israel, India, Brazil, Argentina, and Mexico, and revealed their email addresses with passwords in plain-text. The Anonymous group also left a message at the end of the leak: The hack was announced by Anonymous group on their official Twitter account. The tweet also shared a link of Pastebin where leaked data has been dumped with the list of the emails. The tweet reads: Last Tuesday, an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — The Pirate Bay went dark from the internet for almost half a day after Swedish Police raided the site's server room in Stockholm and seized several servers and other equipment. The piracy site remained unavailable for several hours, and appeared back online in the late hours with a new URL hosted under the top-level domain for Costa Rica (.cr). However, some torrent users said that the downloads were neither properly working, nor were free of charge, some said that The Pirate Bay service with .cr domain came by a different group, while others referred to it as a scam. At the moment it is unclear how the group got access to the login credentials of several countries government officials and which server they exactly belong. However, this is not first time, Swedish internet giant Telia was attacked on December 12 following The Pirate Bay raid, reported by The Local. At the time, the online services by Telia were affected as well as user connections were disturbed, RT reported. Also a chief security researcher from Kaspersky Lab, David Jacoby, said the attack on Telia was a distributed denial-of-service (DDoS) attack and was likely a response to the seizer of The Pirate Bay in Stockholm by Swedish police. The company also encountered cyber attacks on both December 9 and 10 as well. However, The Pirate Bay has previously been shut down number of times and had its domain seized, prompting the BitTorrent site to change its top level domain many times. Earlier in September, The Pirate Bay claimed that it ran the notorious website on 21 "raid-proof" virtual machines, which means if one location is raided by the police, the site would hardly took few hours to get back in action. Source

There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities. The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions 6.0.1 and earlier, according to an advisory released by ICS-CERT. The flaws exists in two separate components of the ProClia software, MDraw30.ocx and Atx45.ocx. “MDraw30.ocx control can be initialized and called by malicious scripts potentially causing buffer overflows, which may allow an attacker to execute code remotely,” the advisory says. The same scenario is true for the vulnerabilities in Atx45.ocx. All of the vulnerabilities can be exploited remotely, and ICS-CERT said that an attacker with relatively low skills would be able to exploit the bugs. There aren’t any known exploits for the vulnerabilities at this point, however. The vendor has pushed out a new version of the ProClima package that contains fixes for the vulnerabilities. “Schneider Electric has released an updated version of the ProClima software, Version 6.1.7, which mitigates these vulnerabilities. Customers are encouraged to download the new version and update their installations. It is important that customers first uninstall the current version,” the ICS-CERT advisory says. The vulnerabilities were reported to Schneider Electric by Ariele Caltabiano, Andrea Micalizzi, and Brian Gorenc through the Zero Day Initiative. Source

Google yesterday announced that it has released the source code for its End-to-End extension for Chrome to open source via GitHub. End-to-End enables Gmail users to encrypt, sign and verify email messages within the Chrome browser, using OpenPGP. “We’ve always believed strongly that End-To-End must be an open source project, and we think that using GitHub will allow us to work together even better with the community,” wrote Stephan Somogyi, Product Manager, Security and Privacy for Google. Google is calling the updated version of End-to-End an alpha version and hopes to get community feedback. This version, however, already includes contributions from Yahoo’s security team. In August during the Black Hat USA conference in Las Vegas, Yahoo CISO Alex Stamos announced that it would enable end-to-end encryption for Yahoo Mail users in addition to announcing a partnership with Google. Yahoo, Google and other companies were implicated on several occasions as being tacitly cooperative with intelligence agencies gathering user data from Internet companies. Both tech giants, as well as many others, have taken great pains to distance themselves from such allegations announcing several initiatives aimed at encrypting web-based services. Yahoo, for example, also announced this summer that it is also working on enabling HSTS on its servers, as well as certificate transparency. HSTS (HTTP strict transport security) allows Web sites to tell users’ browsers that they only want to communicate over an encrypted connection. The certificate transparency concept involves a system of public logs that list all certificates issued by cooperating certificate authorities. It requires the CAs to voluntarily submit their certificates, but it would help protect against attacks such as spoofing Web sites or man-in-the-middle. Google said this version of End-to-End also incorporates fixes for two bugs submitted to its Vulnerability Rewards Program, and it hopes that the alpha will generate for End-to-End’s new crypto library. In addition, Google’s Somogyi said End-to-End isn’t stable enough for release into the Chrome Web Store. “We don’t feel it’s as usable as it needs to be. Indeed, those looking through the source code will see references to our key server, and it should come as no surprise that we’re working on one,” Somogyi said. “Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we’re content with.” End-to-End is based on OpenPGP, which requires less technical understanding to deploy and run, Somogyi said. While End-to-End will be available to anyone, Google acknowledges it’s likely not within the average user’s wheelhouse. “We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection,” Somogyi said. “But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.” Source

Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s been supported in a number of browsers for some time. Mozilla has supported CSP since Firefox 4 and the technology is effective at defending against XSS attacks, but one of the issues with it has been that not many sites have supported it. It’s also difficult to implement properly, experts say. Earlier this year researchers from Northeastern University released a paper on CSP, looking at the question of why it isn’t more widely deployed at this point. Michael Weissbacher, one of the researchers, said that he was surprised CSP wasn’t more widely deployed, because the security benefits are clear. “I looked into CSP deployments because it is effective against XSS and could solve lots of problems with web security,” Weissbacher explained to Threatpost. “So I was surprised to find that only few websites used it, and those who did, didn’t use it fully, marginalizing the benefits. I think it would help the web at large if more websites invest the effort to implement CSP.” For Google, the benefits are clear. Gmail is very high on the list of targets for many kinds of attackers, from run-of-the-mill cybercriminals to APT groups to intelligence services. Gmail’s user base is enormous and includes people from all over the world, some of whom are prime targets themselves. Google has beefed up the security of the service several times in the last couple of years, providing HTTPS as the default connection option, adding a two-step verification option and now adding supporting for CSP. “We know that the safety and reliability of your Gmail is super important to you, which is why we’re always working on security improvements like serving images through secure proxy servers, and requiring HTTPS. Today, Gmail on the desktop is becoming more secure with support for Content Security Policy (CSP),” Danesh Irani of Google wrote in a blog post. “There are many great extensions for Gmail. Unfortunately, there are also some extensions that behave badly, loading code which interferes with your Gmail session, or malware which compromises your email’s security. Gmail’s CSP protects you, by stopping these extensions from loading unsafe code.” XSS attacks are among the more common Web-based attacks, and many popular sites have been found to harbor XSS flaws in the last few years. Attackers can take advantage of these vulnerabilities to load malicious code from a remote site and compromise visitors to a legitimate site. CSP is designed to mitigate these attacks by letting site owners determine which domains can safely load scripts in the browser. Source

Security researchers have discovered a backdoor in Android devices sold by Coolpad, a Chinese smartphone manufacturer. The “CoolReaper” vuln has exposed over 10 million users to potential malicious activity. Palo Alto Networks reckons the malware was “installed and maintained by Coolpad despite objections from customers”. It's common for device manufacturers to install software on top of Google’s Android mobile operating system to provide additional functionality or to customise Android devices. Some mobile carriers install applications that gather data on device performance. But CoolReaper operates well beyond the collection of basic usage data, acting as a true backdoor into Coolpad devices - according to Palo Alto. CoolReaper has been identified on 24 phone models sold by Coolpad. “We expect Android manufacturers to pre-install software onto devices that provide features and keep their applications up to date,” said Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks. “But the CoolReaper backdoor detailed in this report goes well beyond what users might expect, giving Coolpad complete control over the affected devices, hiding the software from antivirus programs, and leaving users unprotected from malicious attackers. We urge the millions of Coolpad users who may be impacted by CoolReaper to inspect their devices for presence of the backdoor and to take measures to protect their data.” CoolReaper is capable of a variety of unfriendly actions including the ability to download, install, or activate any Android application without user consent or notification. It can also clear user data, uninstall existing applications, or disable system applications. Worse yet the malware can push a fake over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications. It can also send or insert arbitrary SMS or MMS messages into the phone or dial arbitrary phone numbers. Finally CoolReaper can upload information about the device, its location, application usage, calling and SMS history to a Coolpad server. Palo Alto’s Unit 42 research arm began investigating what came to be known as CoolReaper following numerous complaints from Coolpad customers in China posted to internet message boards. In November, a researcher working with Wooyun.org identified a vulnerability in the back-end control system for CoolReaper, which made clear how Coolpad itself controls the backdoor in the software. Chinese news site, Aqniu.com, reported some details about the backdoor in late November. Coolpad did not respond to multiple requests for assistance by Palo Alto Networks. The Chinese firm is yet to respond to requests for comment from El Reg. We’ll update this story as and when we hear more. More details on Palo Alto’s research into CoolReaper can be found in a blog post here and CoolReaper: The Coolpad Backdoor a new report from Unit 42 written by Claud Xiao and Ryan Olson. The report contains a list of files to check for in Coolpad devices that may indicate the presence of the CoolReaper backdoor. Source

Diogo Mónica once wrote a short computer script that gave him a secret weapon in the war for San Francisco dinner reservations. This was early 2013. The script would periodically scan the popular online reservation service, OpenTable, and drop him an email anytime something interesting opened up—a choice Friday night spot at the House of Prime Rib, for example. But soon, Mónica noticed that he wasn’t getting the tables that had once been available. By the time he’d check the reservation site, his previously open reservation would be booked. And this was happening crazy fast. Like in a matter of seconds. “It’s impossible for a human to do the three forms that are required to do this in under three seconds,” he told WIRED last year. Mónica could draw only one conclusion: He’d been drawn into a bot war. Everyone knows the story of how the world wide web made the internet accessible for everyone, but a lesser known story of the internet’s evolution is how automated code—aka bots—came to quietly take it over. Today, bots account for 56 percent of all of website visits, says Marc Gaffan, CEO of Incapsula, a company that sells online security services. Incapsula recently an an analysis of 20,000 websites to get a snapshot of part of the web, and on smaller websites, it found that bot traffic can run as high as 80 percent. People use scripts to buy gear on eBay and, like Mónica, to snag the best reservations. Last month, the band, Foo Fighters sold tickets for their upcoming tour at box offices only, an attempt to strike back against the bots used by online scalpers. “You should expect to see it on ticket sites, travel sites, dating sites,” Gaffan says. What’s more, a company like Google uses bots to index the entire web, and companies such as IFTTT and Slack give us ways use the web to use bots for good, personalizing our internet and managing the daily informational deluge. But, increasingly, a slice of these online bots are malicious—used to knock websites offline, flood comment sections with spam, or scrape sites and reuse their content without authorization. Gaffan says that about 20 percent of the Web’s traffic comes from these bots. That’s up 10 percent from last year. Often, they’re running on hacked computers. And lately they’ve become more sophisticated. They are better at impersonating Google, or at running in real browsers on hacked computers. And they’ve made big leaps in breaking human-detecting captcha puzzles, Gaffan says. “Essentially there’s been this evolution of bots, where we’ve seen it become easier and more prevalent over the past couple of years,” says Rami Essaid, CEO of Distil Networks, a company that sells bot-blocking software. But despite the rise of these bad bots, there is some good news for the human race. The total percentage of bot-related web traffic is actually down this year from what it was in 2013. Back then it accounted for 60 percent of the traffic, 4 percent more than today. Source

Domain-name overseer ICANN has been hacked and its DNS zone database compromised, the organization has said. Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a "spear phishing" attack, suggesting employees clicked on a link in the messages that took them to a bogus login page – into which staff typed their usernames and passwords, providing hackers with the keys to their work email accounts. No sign of two-factor authentication, then. "The attack resulted in the compromise of the email credentials of several ICANN staff members," ICANN's statement on the matter reads, noting that the attack happened in late November and was discovered a week later. With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization's blog. The CZDS gives authorized parties access to all the zone files of the world's generic top-level domains. It is not possible to alter those zone files from within that system, but the hackers did manage to obtain information on those who are registered with the system, which include many of the administrators of the world's registries and registrars. In an email sent to every CZDS user, ICANN has warned that "the attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password." ICANN notes that the passwords were stored as salted hash values, rather than in plaintext, although the algorithm used is not known. It has since deactivated all pass-phrases and asked users to set new passwords. However, if CZDS users have used the same login details for other systems, the hackers could also gain access to other parts of the internet's basic infrastructure if they can crack the hashes. ICANN says it has found no impact on the other systems. "Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems," it stated. Worrying While the hack is nowhere near the same level as the attack on, say, Sony that has seen gigabytes of sensitive information leaked onto the internet, it will prove extremely embarrassing to ICANN, which hopes to be handed control of the critical IANA contract next year. IANA is the ICANN-run body that manages the heart of the internet's DNS. It also comes as the US government revealed yesterday the process by which updates to the internet's root zone files are done through ICANN. When changing the network addresses for the world's top-level nameservers, the process relies on a secure email from ICANN, or a request sent through a secure web portal, a standard format change request and self-certification that ICANN has followed its own processes. With the email addresses of staff with access to root zone records having been compromised and the hack only noticed a week later, there will be significant concern that had the hackers been luckier or if an IANA staffer - who also use icann.org email addresses - had logged in to the fake site the hackers may have gained access to the system used to make changes at the very top of the internet. ICANN seeks to assure people that it is on top of the situation: "Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures." That security program began when ICANN suffered a problem with CZDS system in April. In that case a number of users were wrongly given admin access to the system. If there is a positive to the news it is that ICANN has matured in how it deals with security. When the organization experienced a critical failure in its application system for new top-level domains in 2012, which caused it to shut down its entire flagship program for several months, it defensively dismissed the issue as a "glitch" and infuriated thousands of companies by providing very limited information about what had happened and when systems would be back up. Source

@jsonwhite tool-ul este postat intr-o varianta mai veche de https://rstforums.com/forum/57993-sqli-hunter_v1-1-a.rst cum sa nu functioneaze, terminati si numai faceti offtopic aiurea. E testat si functioneaza perfect.

am gasit pe net acum ceva timp https://mega.co.nz/#!ZIRhRbyb!oNaSiCt9qzijqklCndlvLrGOxmXHwYmaGhxHK2Rd0DU PM pentru parola. Descarcati si jucati-va doar in sandbox sau VirtualBox

Easy Macro Recorder is a tool that helps automate repetitive tasks by allowing you to record and playback keyboard and mouse macros. This giveaway has no free program updates or free tech support, must be installed during giveaway time period, and is for home/personal use only. Get Easy Macro Recorder with free lifetime upgrades if you want free updates, free tech support, business + home use, and ability to install/reinstall whenever you want. Sale ends in 2 days 19 hrs 06 mins Download

ABBYY PDF Transformer+ is a top-rated PDF editor, convertor, and creator. Features of ABBYY PDF Transformer+ include ability to edit regular and scanned PDFs (turn PDFs into editable and searchable formats with the original layout and formatting retained); ability to convert PDFs to other file formats such as DOCX, XLSX, PPTX, RTF, HTML, EPUB, CSV, and ODT while retaining original content, layout, and formatting; and ability to create PDFs out of other file formats. Best of all, ABBYY PDF Transformer+ includes ABBYY’s world renown OCR technology… so there is no PDF you can’t handle. Get it now! Sale ends in 19 hrs 06 mins Download

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables and firewalld on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD) and libpcap. SPA is essentially next generation port knocking (more on this below). The design decisions that guide the development of fwknop can be found in the blog post "Single Packet Authorization: The fwknop Approach". Download | latest release: 2.6.5 Tutorial Documentation Features Source Code (github) Code Coverage (for the 2.6.5 release) Mailing List You can clone the fwknop git repository as follows from github: $ git clone https://www.github.com/mrash/fwknop fwknop.git Cloning into 'fwknop.git'... remote: Counting objects: 5275, done. remote: Compressing objects: 100% (1603/1603), done. remote: Total 5275 (delta 3672), reused 5155 (delta 3552) Receiving objects: 100% (5275/5275), 2.07 MiB | 3.96 MiB/s, done. Resolving deltas: 100% (3672/3672), done. SPA requires only a single encrypted packet in order to communicate various pieces of information including desired access through a firewall policy and/or complete commands to execute on the target system. By using a firewall to maintain a "default drop" stance, the main application of fwknop is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. With fwknop deployed, anyone using nmap to look for SSHD can't even tell that it is listening - it makes no difference if they want to run a password cracker against SSHD or even if they have a 0-day exploit. The authorization server passively sniffs SPA packets via libcap and hence there is no "server" to which to connect in the traditional sense. Access to a protected service is only granted after an authenticated, properly decrypted, and non-replayed packet is monitored from an fwknop client (see the following network diagram; the SSH session can only take place after the SPA packet is sniffed): http://www.cipherdyne.org/images/fwknop_tutorial_network_diagram.png/img] Single Packet Authorization retains the benefits of Port Knocking (i.e. service protection behind a default-drop packet filter), but has the advantages listed below over over Port Knocking. For a complete treatment of all fwknop design goals, see the fwknop tutorial. SPA can utilize asymmetric ciphers for encryption SPA is authenticated with an HMAC in the encrypt-then-authenticate model SPA packets are non-replayable SPA cannot be broken by trivial sequence busting attacks SPA only sends a single packet over the network SPA is much faster fwknop started out as a Port Knocking implementation in 2004, and at that time it was the first tool to combine traditional encrypted port knocking with passive OS fingerprinting. This made it possible to do things like only allow, say, Linux-2.4/2.6 systems to connect to your SSH daemon. However, if you are still using the port knocking mode in fwknop, I strongly recommend that you switch to the Single Packet Authorization mode.

As if Sony Pictures didn't have enough on its plate, now former employees have launched a class-action lawsuit against the Hollywood giant over the parlous state of its security – and to recoup the damage hackers have allegedly caused them. It comes as people claiming to have hacked the movie studio's servers today made bizarre threats against showings of Sony Pictures' North Korea-poking comedy flick The Interview – including references to 2001's September 11 attacks. A whole load of new files stolen from Sony's systems by the miscreants have also been leaked via file-sharing networks. That adds to the tens of gigabytes of sensitive records – from employees' salaries, addresses and emails to credit card numbers, scripts and unreleased movies – obtained from Sony Pictures computers by hackers and dumped online. The two lead plaintiffs in the class-action lawsuit against Sony Pictures are revealed in legal paperwork [PDF] obtained today by The Reg. Michael Corona left Sony seven years ago and claims he and his wife and child have had attempts made to steal their identities based on personal information leaked from Sony. The other plaintiff, Christina Mathis, left Sony in 2002 but claims to have suffered the same fate due to this Sony ransacking. The lawsuit, filed on Monday in the central distract of California, claims that Sony should have known that it was a target for hackers, particularly in light of the 2011 PlayStation Network (PSN) breach which shut its servers down for nearly two months and led to the widespread plundering of gamers' personal information. Sony offered $15m to clear up that mess, and the lawyers in this latest case are seeking $1,000 compensation for each former employee who has had their details leaked, which given over 47,000 social security numbers have been released could add up to a hefty sum. The PSN hack, and plenty of other besides in other companies, show that Sony should have been more security conscious, the plaintiffs' lawyers argue. Even after such major breaches, the company was still storing critical information in plain text and without proper encryption, and Sony management made a business decision not to invest in proper security mechanisms, despite repeated warnings from IT staff, the suit claims. Once the scale of this latest hack was uncovered, Sony management warned in an email to employees on December 2 that all and any data given to the company was at risk. The biz set staffers up with credit and identity protection the next day. But it was only on December 12, and after increasing complaints from former staff, that Sony offered the same services to some ex-employees. The suit also points out that Sony didn't stint on countermeasures to the latest leak, seemingly using Amazon Web Services to spam out false data on torrents and trying to shut down torrenting sites seeding swiped files. It also hired a high-priced lawyer to threaten the press if they dug into the network breach. “AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services," a spokeswoman for Amazon told El Reg. "In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS.” The plantiff's legal firm, Keller Rohrback in Seattle, didn’t return calls at time of going to press, but is assumed to be looking for further former employees to sign up and sue their old bosses for compensation. Meanwhile, on Monday Sony Pictures' chief executive and chairman Michael Lynton held a series of 20-minute meetings with groups of staff to appraise them of progress in dealing with the attacks and to reassure them about the future. "This won't take us down," he promised, the LA Times reports. "You should not be worried about the future of this studio. I am incredibly sorry that you've had to go through this." Co-chairman Amy Pascal also addressed the meeting, apologizing for insensitive comments she made in private emails that have since been leaked. "It is your incredible efforts and perseverance that will get us through this," she said. Source

Google is proposing to warn people their data is at risk every time they visit websites that do not use the "HTTPS" system. Many sites have adopted the secure version of the basic web protocol to help safeguard data. The proposal was made by the Google developers working on the search firm's Chrome browser. Security experts broadly welcomed the proposal but said it could cause confusion initially. Scrambled data The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser. If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security". Continue reading the main story Paul Mutton Netcraft The team said it was odd that browsers currently did nothing to warn people when their data was unprotected. HTTPS uses well-established cryptographic systems to scramble data as it travels from a user's computer to a website and back again. The team said warnings were needed because it was known that cyber thieves and government agencies were abusing insecure connections to steal data or spy on people. Rik Ferguson, a senior analyst at security firm Trend Micro, said warning people when they were using an insecure connection was "a good idea". Website operators might need help adopting the HTTPS system, say experts Letting people know when their connection to a website is insecure could drive sites to adopt more secure protocols, he said. Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. 'Headache' Paul Mutton, a security analyst at web monitoring firm Netcraft, also welcomed the proposal, saying it was "bizarre" that an unencrypted HTTP connection gave rise to no warnings at all. Many may resent the cost in time and money required to adopt the technology, he said, even though projects exist to make it easier and free for website administrators to use HTTPS. The Google proposal was also floated on discussion boards for other browsers and received guarded support from the Mozilla team behind the Firefox browser and those involved with Opera. Many large websites and services, including Twitter, Yahoo, Facebook and GMail, already use HTTPS by default. In addition, since September Google has prioritised HTTPS sites in its search rankings. Source

A 17 year-old Londoner has pleaded guilty to a series of denial-of-service attacks against internet exchanges and the Spamhaus anti-spam service last year. The teenager – who we cannot name for legal reasons – also admitted money laundering and possessing indecent images. faces a sentencing hearing on 9 January, a police statement confirmed: Juveniles – persons aged under 18 – appearing before youth courts receive automatic anonymity under English law. The case went through London's Camberwell Green Youth Court. The teenager was arrested and prosecuted following a series of DDoS attacks aimed at Spamhaus and content distribution network CloudFlare that ultimately affected the operation of internet exchanges. Hackers used DNS reflection to amplify the DDoS attack. Peak traffic volumes exceeded 300 Gbps, marking the assault out as the biggest DDoSes ever. Despite this massive volume the attack failed to break the internet's backbone, contrary to many early reports, as we reported at the time. Other arrests were made in the case. These and other circumstances mean it’s unlikely that the 17 year-old acted alone. Source

Document Title: =============== Morfy CMS v1.05 - Command Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1367 https://github.com/Awilum/monstra-cms/issues/351 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185 CVE-ID: ======= CVE-2014-9185 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1367 Common Vulnerability Scoring System: ==================================== 6.2 Product & Service Introduction: =============================== Morfy is a flat file CMS, this means there is no administration backend and database to deal with. You simply create .md files in the `content` folder and that becomes a page. To run Morfy you simple need PHP 5.3.0 or higher with PHP`s Multibyte String module. Operation system: Unix, Linux, Windows, Mac OS. Webserver: Apache with Mod Rewrite or Ngnix with Rewrite Module. (Copy of the Vendor Homepage: http://morfy.monstra.org/documentation ) Abstract Advisory Information: ============================== An independent Vulnerability Laboratory Researcher discovered a remote command execution vulnerability in the official Morfy v1.05 Content Management System. Vulnerability Disclosure Timeline: ================================== 2014-11-02: Researcher Notification & Coordination (Paulos Yibelo) 2014-12-10: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== GNU GPL License Product: Morfy - Content Management System 1.05 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A command execution web vulnerability has been discovered in the official Morfy v1.05 Content Management System. The vulnerability allows an attacker to unauthorized execution system specific commands that compromises the online web-application or connected dbms. The vulnerability is located in the site_url parameter of the default content management system install.php file. Remote attackers are able to execute system specific commands to compromise the application by usage of malicious requests that run through the vulnerable site_url value. The request method to inject the code is POST via Add. The security risk of the vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.2. Exploitation of the web vulnerability requires no privileged application user account or user interaction. Successful exploitation of the command execution vulnerability results in content management system compromise. Request Method(s): [+] POST Vulnerable Module(s): [+] Install Vulnerable File(s): [+] install.php Vulnerable Parameter(s): [+] site_url Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without user interaction or privileged application user account. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the security vulnerability ... 1. Download the morfy content management system 2. Use the default and access the installation file (install.php) 3. Inject the following payload `website.com}','yibelo'=> eval("system('dir');"),` (as website url) by usage of the Add function 4. Then navigate to site.com/config.php which shall get executed because that will result site_url'='website.com}','yibelo'=>eval("system('dir');"),//', 5. Successful reproduce of the security vulnerability! Vulnerable Source: install.php < config.php ./install.php Line 57 $post_site_url = isset($_POST['site_url']) ? $_POST['site_url'] : ''; ./install.php Line 64-77 file_put_contents('config.php', "<?php return array( 'site_url' => '{$post_site_url}', 'site_charset' => 'UTF-8', 'site_timezone' => '{$post_site_timezone}', 'site_theme' => 'default', 'site_title' => '{$post_site_title}', 'site_description' => '{$post_site_description}', 'site_keywords' => '{$post_site_keywords}', 'email' => '{$post_email}', 'plugins' => array( 'markdown', 'sitemap', ), );"); Reference(s): http://morfy.127.0.0.1:8080/install.php http://morfy.127.0.0.1:8080/config.php Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure restriction in the config.php file that requests the vulnerable site_url value. Encode and parse the vulnerable site_url in the add input field of the installation module (install.php). Restrict the input fields and disallow special chars to prevent system specific command executions. Security Risk: ============== The security risk of the remote command execution vulnerability in the php engine of the web-application is estimated as high. (CVSS 6.2) Credits & Authors: ================== Paulos Yibelo [Independent Vulnerability Researcher] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source

Document Title: =============== Jease CMS v2.11 - Persistent UI Web Vulnerability References (Source): ==================== [url]http://www.vulnerability-lab.com/get_content.php?id=1373[/url] Release Date: ============= 2014-12-12 Vulnerability Laboratory ID (VL-ID): ==================================== 1373 Common Vulnerability Scoring System: ==================================== 3.7 Product & Service Introduction: =============================== Jease is an Open Source Content-Management-System which is driven by the power of Java. Jease means `Java with Ease`, so Jease promises to keep simple things simple and the hard things (j)easy. Content-Management with Jease. Jease is built on top of the most advanced open-source technologies existing in the Java-community. Jease glues these technologies together to provide an outstanding productive development experience by combining the safety and ide-/compiler-support of Java with the turn-around-times of scripting languages. (Copy of the Vendor Homepage: [url=http://www.jease.org/]The Java CMS with Ease | Jease[/url] ) Abstract Advisory Information: ============================== The independent Vulnerability Laboratory Researcher (Manideep K.) discovered a persistent input validation web vulnerability in the Jease 2.11 CMS. Vulnerability Disclosure Timeline: ================================== 2014-12-12: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Jease Product: Jease - Content Management System 2.11 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side input validation web vulnerability has been discovered in the official Jease v2.11 Content Management System. The vulnerability allows an attacker to inject own script code as payload to the application-side of the vulnerable service function. The vulnerability is located in the content values of the create function. Local attackers with low privileged application user accounts are able to manipulate the content input values by usage of the create functions. The execution of the persistent script code occurs in the view browser module of the content management system. The attack vector is persistent on the application-side and the request method to inject is POST. The issue allows to transfer persistent malicious script codes to the frontend service. The security risk of the application-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.7. Exploitation of the application-side web vulnerability requires a low privileged web-application user account and low user interaction. Successful exploitation of the vulnerability results in persistent phishing mails, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Module(s): [+] Create Vulnerable Parameter(s): [+] content Affected Module(s): [+] View - Browser Service Proof of Concept (PoC): ======================= The persistent input validation web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce: 1. Install the Content Management System 2. Open online service to interact (link - [url]http://jease.127.0.0.1:8080/login?file&auth[/url] 3. Click to include on any entry (Alternatively, you can create one and reproduce) and enter the following parameters in the Content section Note: (Select the plaintext option present at the end of the content box) 4. Enter “ <script>alert(document.cookie)</script> ” or “ <script>alert(document.cookie)</script> ” in the box and press view in browser option Note: the request got saved and is now persistent included to the browser module service 5. Successful reproduce of the vulnerability! Security Risk: ============== The security risk of the persistent input validation web vulnerability in the Jease CMS is estimated as medium. (CVSS 3.7) Credits & Authors: ================== Manideep K. - Information Security Researcher [[url]https://in.linkedin.com/in/manideepk][/url] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: [url=http://www.vulnerability-lab.com]Vulnerability Lab - VULNERABILITY RESEARCH LABORATORY[/url] - [url=http://www.vuln-lab.com]Vulnerability Lab - VULNERABILITY RESEARCH LABORATORY[/url] - [url=http://www.evolution-sec.com]Evolution Security " PenetrationTesting & IT-Security Services" | EVOLUTION SECURITY PENTESTING [DE|EU][/url] Contact: [email]admin@vulnerability-lab.com[/email] - [email]research@vulnerability-lab.com[/email] - [email]admin@evolution-sec.com[/email] Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or [email]research@vulnerability-lab.com[/email]) to get a permission. Copyright © 2014 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: [url=http://www.vulnerability-lab.com]Vulnerability Lab - VULNERABILITY RESEARCH LABORATORY[/url] CONTACT: [email]research@vulnerability-lab.com[/email] PGP KEY: [url]http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt[/url] Source

Document Title: =============== Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1372 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334 CVE-ID: ======= CVE-2014-9334 Release Date: ============= 2014-12-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1372 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== This WordPress plugin will add the necessary data to the WordPress article feeds so that they can be picked up and processed correctly by the Bird Feeder Mint Pepper, without requiring any changes to any core WordPress files. This plug-in serves one purpose and that is to tweet published posts. It doesn`t do anything other then tweet. It tweets in this format: [your message] [post title] [short url].On the options page you will have to enter your twitter username and password. You can also configure your message there.If you try to publish a bunch of posts quickly Bird Feeder url shortening service will not handle them and result un-expected tweets. (Copy of the Vendor Homepage: https://wordpress.org/plugins/bird-feeder/ ) Abstract Advisory Information: ============================== The independent Vulnerability Laboratory Researcher (Manideep K.) discovered a cross site request forgery issue and a cross site vulnerability in the bird feeder v2.1 wordpress plugin. Vulnerability Disclosure Timeline: ================================== 2014-11-06: Author Notification (Manideep K.) 2014-11-20: WP Team action taken by closing the plugin and service 2014-12-09: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Wordpress Product: Bird Feeder - Wordpress Plugin (Web-Application) 1.2.3 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A cross site request forgery issue and cross site scripting vulnerability has been discovered in the Bird Feeder v1.2.3 Plugin. The plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a special crafted URL created by a remote attacker (via spear phishing/social engineering), the attacker can insert arbitrary script code into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin`s cookies etc. Proof of Concept (PoC): ======================= You can use the following exploit code to exploit the vulnerability. For testing - you can just save it as .html and then get it clicked with an logged in administrator (by social engineering/spear phishing techniques) and see exploit in action. Almost majority of the fields are vulnerable to CSRF + XSS attack <html> <body> <form action="http://localhost/wordpress/wp-admin/options-general.php?page=bird-feeder" method="POST"> <input type="hidden" name="user" value="csrf/xss testing " /> <input type="hidden" name="password" value="csrf/xss testing" /> <input type="hidden" name="message" value="" /> <input type="hidden" name="update" value="Update" /> <input type="submit" value="Submit request" /> </form> </body> </html> Solution - Fix & Patch: ======================= 2014-11-20: WP Team action taken by closing the plugin and service Security Risk: ============== The security risk of the cross site request forgery and cross site scripting web vulnerability are estimated as medium. (CVSS 3.6) Credits & Authors: ================== Manideep K. - Information Security Researcher [https://in.linkedin.com/in/manideepk] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source