Archive | October, 2006

New Firefox vulnerability – DoS and [DELETED] – UPDATED

Don't let your data go over to the Dark Side!


This has just been posted to Bugtraq.

For now you can test if your version is vulnerable, here. (will cause Firefox to close)

So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.

The code used on the test page and the one submitted to Bugtraq can be found here.

Severity: … not really

Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.


Posted in: Exploits/Vulnerabilities

Tags: , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,046 views
- AJAX: Is your application secure enough? - 119,981 views
- eEye Launches 0-Day Exploit Tracker - 85,451 views

Get 50% off your second year with our 2-year deal!


PMD – Java Source Code Scanner

Cybertroopers storming your ship?


Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner.

PMD scans Java source code and looks for potential problems like:

  • Possible bugs – empty try/catch/finally/switch statements
  • Dead code – unused local variables, parameters and private methods
  • Suboptimal code – wasteful String/StringBuffer usage
  • Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
  • Duplicate code – copied/pasted code means copied/pasted bugs

PMD is integrated with JDeveloper, Eclipse, JEdit, JBuilder, BlueJ, CodeGuide, NetBeans/Sun Java Studio Enterprise/Creator, IntelliJ IDEA, TextPad, Maven, Ant, Gel, JCreator, and Emacs.

You can read more about PMD at the homepage here.

You can download everything from here:

Download PMD


Posted in: Programming, Security Software

Tags: , , , , , , , , , , , , , , , , ,

Posted in: Programming, Security Software | Add a Comment
Recent in Programming:
- YARA – Pattern Matching Tool For Malware Analysis
- american fuzzy lop – Security Oriented Fuzzing Tool
- Twittor – Backdoor Using Twitter For Command & Control

Related Posts:

Most Read in Programming:
- FLARE – Flash Decompiler to Extract ActionScript - 66,304 views
- Modern Exploits – Do You Still Need To Learn Assembly Language (ASM) - 26,494 views
- 4f: The File Format Fuzzing Framework - 23,858 views

Get 50% off your second year with our 2-year deal!


Anti-Spyware Groups Still Require Legislation

Cybertroopers storming your ship?


Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies.

Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to effect in the last 1-2 years seriously..

Now it’s time to look at Spyware?

Even though security technology is improving, spyware legislation is still needed from Congress because many consumers don’t use all the tech tools available to them, antispyware groups said Thursday.

Antispyware groups including the Center for Democracy and Technology (CDT) and StopBadware.org called on Congress to pass antispyware legislation during the last days of the 2006 session. Although some studies show a small decrease in the amount of spyware on PCs, the use of spyware that logs keystrokes seems to be going up, said Ari Schwartz, deputy director of the CDT.

“The issue is everyone’s still making money doing this,” Schwartz said during an antispyware discussion in Washington. Spyware distributors identified by the Federal Trade Commission (FTC) or the CDT can pull in tens of millions of dollars in revenue annually, he added.

It’s true, sad, but true..The developers of spyware and making millions from it every year.

Antispyware technology can work, but 81 percent of home PC users don’t use all three common security tools — antispyware software, antivirus software and firewalls — according to a survey published in December by AOL LLC and the National Cyber Security Alliance (NCSA).

“We still think consumers are not protected,” said Ron Teixeira, the NCSA’s executive director. “If they don’t take these three core measures, it doesn’t matter what we do.”

So what to do?

Source: Computerworld


Posted in: Legal Issues, Malware, Spammers & Scammers

Tags: , , , , , , , , ,

Posted in: Legal Issues, Malware, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,681 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,582 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,592 views

Get 50% off your second year with our 2-year deal!


BobCat SQL Injection Tool based on Data Thief

Cybertroopers storming your ship?


BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to.

The methods that BobCat incorprates are based on those discussed in the following papers:

advanced sql injection
more advanced sql injection
advanced sql injection
manipulating sql server usig sql injection

I suggest if you are interested in SQL injection at all, you read all of the above papers.

BobCat Requirements

  1. Windows OS (Tested on XP SP2)
  2. Access to MS SQL server/MSDE2000 (Tested on MSDE2000)
  3. .Net Framework 2.0

Read more about BobCat here:

Northern Monkee – BobCat

Download BobCat here:

BobCat Alpha 0.3

Some tools to use with BobCat can be found here:

BobCat Tools


Posted in: Database Hacking, Hacking Tools, Web Hacking

Tags: , , , , , , ,

Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 75,961 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,293 views
- SQLBrute – SQL Injection Brute Force Tool - 40,528 views

Get 50% off your second year with our 2-year deal!


Security Companies Fight Against Microsoft Security Center

Cybertroopers storming your ship?


No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it?

Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate.

The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and other companies want Microsoft to change Vista so their products can easily replace the operating system’s built-in Windows Security Center on the desktop. But Microsoft is resisting the call.

Microsoft was locking down the kernel too, how are other security companies supposed to survive?!

“By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security,” Bruce McCorkendale, a chief engineer at Symantec, said in an interview. “How do we trust that Microsoft knows what all the important things about security are to warn users about?”

Windows Security Center, introduced with Windows XP Service Pack 2, pops up on desktops to alert PC owners if their firewall, virus protection and other security tools need attention. The version in the Vista update, set for broad release in January, will add new categories and management tools.

Microsoft better be careful unless they want another antitrust case to brew…I’ve heard they will open up the Vista Kernel to certain companies though, will report more on that later.

Source: News.com


Posted in: General News, Security Software

Tags: , , , , , , , , , ,

Posted in: General News, Security Software | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,365 views
- eEye Launches 0-Day Exploit Tracker - 85,451 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,608 views

Get 50% off your second year with our 2-year deal!


ARPWatch-NG ARP Flooding/Spoofing Protection/Detection

Don't let your data go over to the Dark Side!


If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/.

ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included.

It can be used it to monitor for unknown (and as such, likely to be intruder’s) mac adresses or somebody messing around with your ARP/DNS tables.

There have been quite a few fixes lately, so it’s recommended of course to get the latest version!

arpwatch NG 1.5:

try to report error on startup better _ arp.dat _ ethercodes.dat [FIXED]

arpwatch NG 1.4:

try to report _all anomalities via the report function _not syslog [FIXED]

mode 2 _ make action list parseable [FIXED]

further static’fy local functions in arpwatch.c [FIXED]

ethercodes updated from nmap-4.11 and removed old ones [UPDATED]

arpwatch NG 1.2:

on make install also install man-pages [FIXED]

ethercodes updated from nmap-4.00 [UPDATED]

You can download the latest version of ARPWatch here.


Posted in: Countermeasures, Network Hacking, Security Software

Tags: , , , , , , , , , , , , , , ,

Posted in: Countermeasures, Network Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx
- Defence In Depth For Web Applications

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,981 views
- Password Hasher Firefox Extension - 117,687 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,695 views

Get 50% off your second year with our 2-year deal!


Tracking Users Via the Browser Cache

Cybertroopers storming your ship?


An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files.

So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could..

Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of information. A JavaScript .js file resource which is generated dynamically when requested can have embedded a unique tracking ID and can live permanently in your browser’s cache when sent with the right HTTP cache-control headers. This JavaScript file can then be called by pages. The script is never re-requested, and hence keeps the unique ID, and it can call resources on the server-side to track you. They just need to associate this unique ID once with your account (when you login first time after the ID was created), and they can set cookies back again later and track you anyway. The result is that you can be tracked uniquely even past the point where you clear your cookies (i.e., as if you never cleared your cookies to generate fresh ones).

You can view a live demo here.

This is a demonstration of how a person’s web-browser can be tagged and tracked using a unique identifier which lives in the web browser’s cache for a very long time (using HTTP cache control headers and browsers’ use of conditional GET requests). This serves the same purpose as using a cookie to track people. However popular web browsers lack finer cache disposal controls (compared to cookie disposal), and this is something which needs to be looked into. No private information is collected in this example. It has been tested on Firefox, IE6, Konqueror and Epiphany. I don’t know about the IE7 versions or Safari.

Source: Mukund


Posted in: Privacy, Web Hacking

Tags: , , , , , , , ,

Posted in: Privacy, Web Hacking | Add a Comment
Recent in Privacy:
- Recon-ng – Web Reconnaissance Framework
- IPGeoLocation – Retrieve IP Geolocation Information
- The Panama Papers Leak – What You Need To Know

Related Posts:

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 179,877 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,365 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 122,451 views

Get 50% off your second year with our 2-year deal!


LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

Don't let your data go over to the Dark Side!


LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project.

LAPSE targets the following Web application vulnerabilities:

  • Parameter manipulation
  • SQL injections
  • Header manipulation
  • Cross-site scripting
  • Cookie poisoning
  • HTTP splitting
  • Command-line parameters
  • Path traversal

What should you do to avoid these vulnerabilities in your code? How do we protect Web applications from exploits? The proper way to deal with these types of attacks is by sanitizing the tainted input. Please refer to the OWASP guide to find out more about Web application security.

If you are interested in auditing a Java Web application, LAPSE helps you in the following ways:

  • Identify taint sources
  • Identify taint sinks
  • Find paths between sources and sinks

LAPSE is inspired by existing lightweight security auditing tools such as RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE addresses vulnerabilities in Web applications. LAPSE is not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process. Those looking for more comprehensive tools are encouraged to look at some of the tools produced by Fortify or Secure Software.

Read more about LAPSE HERE.

You can download LAPSE here:

LAPSE: Web Application Security Scanner for Java


Posted in: Programming, Security Software, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Programming, Security Software, Web Hacking | Add a Comment
Recent in Programming:
- YARA – Pattern Matching Tool For Malware Analysis
- american fuzzy lop – Security Oriented Fuzzing Tool
- Twittor – Backdoor Using Twitter For Command & Control

Related Posts:

Most Read in Programming:
- FLARE – Flash Decompiler to Extract ActionScript - 66,304 views
- Modern Exploits – Do You Still Need To Learn Assembly Language (ASM) - 26,494 views
- 4f: The File Format Fuzzing Framework - 23,858 views

Get 50% off your second year with our 2-year deal!


The Top 5 Causes of Data Loss

Don't let your data go over to the Dark Side!


An interesting enough article, but if you work in infosec you could probably guess the topics anyway.

In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific prevention strategies for each.

“The single, most effective weapon in the battle against today’s data theft is education,” said Sean Heather, executive director, U.S. Chamber of Commerce.

  1. Storage of Magnetic Stripe Data – The most common cause of data breaches occurs when a merchant or service provider stores sensitive information encoded on the card’s magnetic stripe in violation of the PCI Data Security Standard. This can occur because a number of point-of-sale systems improperly store this data, and the merchant may not be aware of it.
  2. Missing or Outdated Security Patches – In this scenario, hackers are able penetrate a merchant or service provider’s systems because they have not installed up-to-date security patches, leaving their systems vulnerable to intrusion.
  3. Use of Vendor Supplied Default Settings and Passwords – In many cases, merchants receive POS hardware or software from outside vendors who install them using default settings and passwords that are often widely known to hackers and easy to guess.
  4. SQL Injection – Criminals use this technique to exploit Web-based applications for coding vulnerabilities and to attack a merchant’s Internet applications (e.g. shopping carts).
  5. Unnecessary and Vulnerable Services on Servers – Servers are often shipped by vendors with unnecessary services and applications that are enabled, although the user may not be aware of it. Because the services may not be required, security patches and upgrades may be ignored and the merchant system exposed to attack.

Did you get them right?

Source: Aviransplace


Posted in: General Hacking

Tags: , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,359 views
- Hack Tools/Exploits - 620,498 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,858 views

Get 50% off your second year with our 2-year deal!


Odysseus Proxy for MITM Attacks Testing Security of Web Applications.

Don't let your data go over to the Dark Side!


Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission.

Odysseus Proxy

For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server.

As data is transmitted between the two nodes, Odysseus decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.

Features

  • Multi-threaded native Win32 executable – The use of native Window code, combined with extensive multi-threading, means that Odysseus is fast. Speed was a primary development objective.
  • No external dependencies – Everything needed to intercept web requests (apart from a browser configured to use Odysseus as a proxy :) is included in the distribution archive. No additional downloads or installations are required.
  • Flexible & configurable – A wealth of configuration options means Odysseus should be flexible enough to meet the needs of nearly any web based application assessment.
  • Low desktop profile – Odysseus doesn’t clutter your desktop with redundant windows. A simple System Tray icon is all that is needed to access it’s many features. The various components of Odysseus appear and disappear as configured, or instructed, by the user.

Odysseus Proxy

You can download Odysseus here.

Change log is here and FAQ here.


Posted in: Hacking Tools, Security Software, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Security Software, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,685 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,841 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,797 views

Get 50% off your second year with our 2-year deal!