Archive | June, 2006

Botnets and Phishing Numbers Increasing Despite Crackdown

Your website & network are Hackable


Botnets and organises cybercrime is getting more prevalent, it seems it’s increasing exponentially despire crackdowns by the US governments and other organisations.

The criminals are getting more advanced, phishing scams are getting more realistic, technically trojans are getting more effective and the groups are getting really organised.

Cybercrooks are organizing better and moving to more sophisticated tactics to get their hands on confidential data and turn PCs of unwitting users into bots, representatives from the U.S. Department of Justice and the U.S. Air Force Office of Special Investigations said in separate presentations here at the Computer Security Institute’s NetSec event this week.

Law enforcement has had increased successes in catching, prosecuting and convicting phishers and bot herders over the past couple of years. However, catching the bad guys is getting tougher as the criminals become more professional, the representatives said.

The success rate has increased, but the incident rate has increased even higher.

Cybercriminals are often after data they can turn into cash, such as credit card numbers or even trade secrets. “If you have a smaller botnet and you combine that with targeted, really sophisticated social engineering tactics, you’re going to be potentially a lot more successful,” Whitmore said.

The military has seen a rise in such attacks over the last couple of years, Whitmore said. The attackers know what organizations work together, which generals would be involved and what issues they would talk about, she said. It’s “incredibly disturbing, because those are the kinds of things that should be kept somewhat secret,” she said.

The money is in attacking the consumers now, it might be for your credit card details or just your bandwidth to launch DDoS attacks as a way of extorting money from companies.

Either way it seems the paradigm has truly shifted, and attacking corporates is not the way to get the big money.

Source: CNET


Posted in: Countermeasures, Malware, Phishing

Tags: , , , , , , , ,

Posted in: Countermeasures, Malware, Phishing | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,161 views
- Password Hasher Firefox Extension - 117,807 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,734 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


FireMaster 2.1 – A Firefox Master Password Recovery Tool

Your website & network are Hackable


FireMaster version 2.1 has been released with its new features and new speed.

Firemaster is the Firefox master password recovery tool. If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost signon information. It uses various methods such as dictionary, hybrid and brute force techniques to recover the master password from the firefox key database file.

Since its initial release in Jan 1, 2006 its speed has increased exponentially and currently it is operating at a speed of 50,000 passwords/sec to 100,000 passwords/sec depending upon low end or high end machine.

How it Works?

There is no way to recover the master password as it is not stored at all. Firemaster uses the same technique which has been used by firefox to check if the master password is correct, but in more optimized way. The entire operation goes like this.

  • Firemaster generates passwords on the fly through various methods.
  • Then it computes the hash of the password using known algorithm.
  • Next this password hash is used to decrypt the known encrypted string for which plain text ( i.e. “password-check” ) is known.
  • Now if the decrypted string matches with known plain text ( i.e. “password-check” ) then the generated password is the master password.

Firefox stores the details about encrypted string, salt, algorithm and version information in key database file key3.db in the user’s profile directory. So you can just copy this key3.db to different directory and specify the corresponding path to Firemaster. You can also copy this key3.db to any other high end machine for faster recovery operation.

More details are available here:

FireMaster


Posted in: Hacking Tools, Password Cracking

Tags: , , , , ,

Posted in: Hacking Tools, Password Cracking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,325 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,437,271 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,363 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Google’s Orkut Hit by Data Stealing Worm – Mw.Orc

Find your website's Achilles' Heel


So just a few days about there was a new MSN Worm – BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention.

And of course plenty of nasty Trojans.

A new Internet worm capable of stealing bank details and other personal data from users is circulating via Orkut, Google Inc.’s social networking service, a computer security company warned on Monday.

Instant-messaging service provider FaceTime Communications said its software security lab had detected the spread of the electronic virus, the third such threat to disseminate itself via messages posted on Orkut users personal Web pages.

Google’s service, while available globally, is wildly popular among Brazilians which make up the bulk of its users.

The malicious program, dubbed by FaceTime as “MW.Orc,” works its way onto users’ personal computers when they click on infected links on Orkut scrapbook pages. The link is followed by a message in Portuguese that entices the user to click.

It seems this is not the first time Orkut has been hit, this one however goes after personal details of a more valuable nature.

Once the link is activated, a file is uploaded to the PC, according to a description of how the worm works contained in a statement by the Foster City, California-based company.

When infected Orkut users using Microsoft Corp.’s widely used Windows XP operating system to find personal files on their PCs through their “My Computer” icon, that triggers an e-mail back to the creator of MW.Orc creator filled with personal information stored on the PC, FaceTime said.

The earlier attempt seemed to be more of a phishing affair.

The new threat to Orkut follows an earlier worm, Banker-BWD, which was uncovered by Sophos, an anti-virus company.

That malicious software also disseminated itself through Orkut’s scrapbook pages, but automatically transferred the victims to fake Web pages of banks in order to entice the users to enter personal data that can then be stolen by the hackers.

People are getting pretty handy with all this HTML worm business, I’m impressed.

Source: Reuters


Posted in: Malware, Web Hacking

Tags: , , , , , , , , ,

Posted in: Malware, Web Hacking | Add a Comment
Recent in Malware:
- Cuckoo Sandbox – Automated Malware Analysis System
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,517 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,638 views
- US considers banning DRM rootkits – Sony BMG - 44,988 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Yersinia 0.7 Released with 802.1x Support – Layer 2 Attack Framework

Your website & network are Hackable


Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

It’s a very useful for any network based penetration testing or vulnerability assessment. There isn’t many tools working on Layer 2 and this is ‘the’ one.

Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):

  • Spanning Tree Protocol (STP).
  • Cisco Discovery Protocol (CDP).
  • Dynamic Trunking Protocol (DTP).
  • Dynamic Host Configuration Protocol (DHCP).
  • Hot Standby Router Protocol (HSRP).
  • 802.1q.
  • Inter-Switch Link Protocol (ISL).
  • VLAN Trunking Protocol (VTP).

Details of the attacks here.

Yersinia version 0.7 with 802.1x support has just been release, in addition to this lots of bugfixes and a new GTK interface.

The entire core has been redeveloped to support easy addition of new protocols and attacks, and with the new GTK interface the tool is ready for the masses.

You can download it directly here:

Yersinia 0.7


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,325 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,437,271 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,363 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


3Com’s TippingPoint Finds New IE Vulnerabilities

Find your website's Achilles' Heel


What? New vulnerabilities in Internet Explorer?

You can hack Internet Exploder Explorer? Never!

3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI).

The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with administrative rights.

Sounds a bit like an advert for TippingPoint to me.

Under the ZDI, 3Com rewards researchers who, while keeping the vulnerabilities confidential, alert 3Com to these vulnerabilities.

3Com can in turn alert the software vendor so that a patch can be prepared, while IPS prepares the security filter and distributes it to customers.

Interesting initiative though.

Source: The Star


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- ERTS – Exploit Reliability Testing System
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,041 views
- AJAX: Is your application secure enough? - 120,161 views
- eEye Launches 0-Day Exploit Tracker - 85,581 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Money Lost Due to Cybercrime Down Again This Year!

Your website & network are Hackable


It seems even though vendors are pushing their snakeoil harder than ever, the actual figures show that the money lost due to cybercrime has decreased every year for the last four years!

Perhaps people are finally getting more secure, it’s not suprising with the advent of cheaper and easier to use intrusion detection and intrusion prevention systems.

For the fourth straight year, the financial losses incurred by businesses due to incidents such as computer break-ins have fallen, according to the 2006 annual survey by the Computer Security Institute and the FBI. Robert Richardson, editorial director at the CSI, discussed the survey’s findings in a presentation at the CSI NetSec conference here Wednesday.

Respondents in the 2005 survey reported an average of $204,000 in cybercrime losses, Richardson said. This year, that’s down to $168,000, about an 18 percent drop, he added. Compared with 2004, the average loss is down 68 percent.

The threats themselves haven’t really changed, so the ‘risk landscape’ is the same. Just the monetary loss has decreased.

Most important, perhaps, the 615 U.S. CSI members who responded to this year’s survey reported fewer security incidents. Viruses, laptop theft and insider abuse of Net access are still the most reported threats, but all have decreased compared with last year.

“The danger of insiders may be somewhat overstated, according to the survey group,” Richardson said. About a third of respondents said they had no losses at all due to insider threats, another 29 percent said less than one-fifth of overall losses came from insider threats.

I would definitely put it down to consistent and more widespread use of security technologies as well as general awareness and understanding being higher. I would agree with the following statement that nowadays it’s more likely the consumers are losing more money.

The businesses have already tightened themselves up.

When it comes to cybercrime losses, consumers might be bearing the brunt of them, and they are not covered by the survey, Richardson suggested. “Consumers are the low-hanging fruit,” he said. Costs related to identity theft, for example, fall largely back onto the consumer, he added, even if it did start with a data breach at an enterprise.

So as users we must be careful too.

Source: News.com


Posted in: General Hacking, Legal Issues

Tags: , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,937 views
- Hack Tools/Exploits - 626,326 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 434,374 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SinFP v2.00 Released – Next Generation OS Detection Tool

Your website & network are Hackable


OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with only 1 test giving the OS reliably in most cases).

New for 2.00:

  • complete rewrite
  • sinfp.db completely reworked
  • new tests based on comparison between probe and response (TCP seq/ack comparison, IP ID value comparison)
  • new matching algorithm, works like a search engine (a problem of finding intersection, by applying a deformation mask on keywords) much more efficient than in 1.xx branch
  • possibility to manually pass a matching mask to change at will the matching algorithm
  • passive fingerprinting much more acurate thanks to new matching algorithm
  • possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
  • match IPv6 signatures against IPv4 ones
  • API changes, not compatible with 1.xx version anymore
  • DB schema changes, not compatible with 1.xx version anymore
  • many bugfixes

To read more you can check out the SinFP Homepage.

You can download SinFP directly here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,325 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,437,271 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,363 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft got Defaced

Your website & network are Hackable


No, it wasn’t Microsoft.com, still, a very cool hack.

Microsoft France suffered an attack by a Turkish group, going by the handle of TiTHacK. You can check TiTHacK ‘profile’ over at Zone-H. By the looks of things, he has been really busy today.

At the time of this writing, the site still hasn’t been fixed. However, and just to be sure you’ll check it, you can use this mirror to see the defacement at Microsoft’s site.

Can we expect some new exploit to emerge?


Posted in: Web Hacking, Windows Hacking

Tags: , , , , , ,

Posted in: Web Hacking, Windows Hacking | Add a Comment
Recent in Web Hacking:
- DMitry – Deepmagic Information Gathering Tool
- TeamViewer Hacked? It Certainly Looks Like It
- Wfuzz – Web Application Brute Forcer

Related Posts:

Most Read in Web Hacking:
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,363 views
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 311,746 views
- Download youtube.com videos? - 156,528 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Kevin Mitnick Interview on Social Engineering

Your website & network are Hackable


There’s a good interview with Kevin Mitnick on Social Engineering.

Well afterall, that is where his skill lies, not in technical hacking.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement.

In his days on the wrong side of the law, Mitnick used so-called social-engineering techniques to fool users into handing over sensitive information. Rather than overt technical hacks, he was able to convince employees to hand over information that enabled him to hack systems, while redirecting telephone signals to avoid detection by the authorities.

As always the answer to social engineering is education!

Are you seeing any new attack methods?
Mitnick: They use the same methods they always have–using a ruse to deceive, influence or trick people into revealing information that benefits the attackers. These attacks are initiated, and in a lot of cases, the victim doesn’t realize. Social engineering plays a large part in the propagation of spyware. Usually, attacks are blended, exploiting technological vulnerabilities and social engineering.

What can businesses do to safeguard themselves?
Mitnick: Businesses should train people to try to recognize possible attacks.

The interview is a good read anyway, do check it out. You can also check out Mitnicks book on Social Engineering, The Art of Deception:

Source: News.com


Posted in: Social Engineering

Tags: , , , , , ,

Posted in: Social Engineering | Add a Comment
Recent in Social Engineering:
- Phishing Frenzy – E-mail Phishing Framework
- FSFlow – A Social Engineering Call Flow Application
- Source Code Hosting Service Code Spaces Deleted By Hacker

Related Posts:

Most Read in Social Engineering:
- How to get Ops and takeover a channel on IRC Hack Hacking - 180,046 views
- Domain Stealing or How to Hijack a Domain - 44,868 views
- Michael Jackon Spam/Malware – RIP The King Of Pop - 25,559 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


British Workers Love to Snoop Salary Info, Personal Notes & Colleagues Data

Find your website's Achilles' Heel


Well I would say this was true for office workers everywhere, not particularly just Brits.

But well the British are an inquisitive nation, so this doesn’t surprise me at all.

Nearly a quarter (22 per cent) of UK employees admit to having illegally accessed sensitive data such as salary details from their firms employer’s IT systems. More than half (54 per cent) of 2,200 adults polled during a YouGov survey said they’d forgo any scruples to do the same, given half a chance, according to a Microsoft sponsored survey that points to a culture of internal snooping and casual identity theft in offices across Britain.

Survey respondents said that HR and payroll information was the most popular target (36 per cent), followed by their manager’s personal notes (28 per cent) and their colleagues’ data (25 per cent). Given the chance, six per cent said they would pinch a colleague’s password.

Unsuprisingly also, guys are the bigger portion of the snoopers.

Blokes expressed a greater willingness than their female counterparts to risk dismissal by stealing confidential data. More than a quarter (27 per cent) of blokes said they’d swiped confidential information compared to 16 per cent of women. Workers in London and Scotland (25 per cent) were the most likely to offend, with the most honest workers living in the Midlands (18 per cent).

People would also be willing to access files from previous employers, if they still could.

A third (33 per cent) of respondents said they’d be prepared to access confidential files from previous employers if they still had access. Microsoft, which sponsored the research, said the YouGov survey illustrated the importance of controlling users accounts on IT systems while ensuring that there is a process in place to disable accounts once workers move onto other jobs

What is the moral here?

Make sure proper privelege segregation is in place, file share access controls, granual ACLs..

And have a proper hire and fire process for adding/disabling/deleting accounts.

The last thing you want is rogue accounts hanging around that give ex-employees (especially disgruntled ones) access to anything on your network.

Source: The Register


Posted in: General News, Privacy

Tags: , , , , , , , , ,

Posted in: General News, Privacy | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,406 views
- eEye Launches 0-Day Exploit Tracker - 85,581 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,998 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95