Archive | July, 2008

Site Guesses Your Gender via Browsing History

Your website & network are Hackable


This is a pretty old issue, but this is an interesting new implementation of an old idea. Using your browser history and by matching your browsing habits the site attempts to guess your gender with a weighting system according to the gender demographics for a list of fairly popular sites.

It’s not super accurate unless you are really stereotypical in your Internet usage habits, and it won’t work if you don’t accept any cookies and flush everything regularly.

One of the problems that’s plagued netizens since the inception of the world wide web that their browsers have a habit of leaking every site they’ve visited in the recent past. A quick stop at Blowupdolls.com, Mysecretbusinessproject.net or any other site is available to any webmaster with rudimentary coding skills.

Now the Mike on Ads blog has harnessed this privacy shortcoming into a tool that tries to predict whether the visitor is male or female. It uses a small piece of Javascript, that siphons a browser’s URL history and then analyzes the sites visited to guess whether the user is a guy or gal.

It’s a pretty neat idea, I like the innovative thoughts involved and I really do wonder how else this could be used.

It could be the next way of harvesting data online, imagine if any of the huge sites like Slashdot, Digg or the likes of Cnet started doing this how much data they could harvest!

It’s unclear how accurate the tool is at guessing a visitor’s sex, although it did pronounce there was a 74 percent chance your reporter was male. More importantly, the tool is a reminder of just how easy it is for webmasters to track the browsing history of their visitors. Even when you turn off Javascript, they have other tricks up their sleeves that are much harder to foil, says Jeremiah Grossman, the CTO of WhiteHat Security, who brought the tool to our attention.

It guessed me as 52% male….so does that mean I’m 48% woman? That’s a little scary.

Like it says in the article though, combine this with some geolocation + some other tricks…and that’s a whole lot of information about a passing surfer.

It’s perfectly viable that sites are already doing this, and no-one would even know.

Time for some NoScript?

*EDIT* – I found some code here that does this kind of history checking.

Source: The Register


Posted in: Exploits/Vulnerabilities, Privacy

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Privacy | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Pass-The-Hash Toolkit v1.4 Released for Download

Your website & network are Hackable


The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

What’s new?

  • Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update)
  • New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds).
  • New -a switch for whosthere/iam: specify addresses to use.
  • New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)
  • genhash now outputs hashes using the LM HASH:NT HASH format

You can download Pass-The-Hash Toolkit v.14 here:

Source

pshtoolkit_v1.4-src.tgz

Windows Binaries

pshtoolkit_v1.4.tgz

Read what’s new? Or read more here.


Posted in: Exploits/Vulnerabilities, Password Cracking, Windows Hacking

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Password Cracking, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Widespread Flaws in Online Banking Systems

Your website & network are Hackable


After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites.

Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can leak information and allow for fairly easy theft of data and credentials.

Online bankers, beware. More than 75 percent of bank Web sites surveyed by a research team had at least one design flaw that could make customers vulnerable to cyber thieves.

University of Michigan computer scientist Atul Prakash and his graduate students Laura Falk and Kevin Borders examined the Web sites of 214 financial institutions in 2006 and found design flaws that, unlike bugs, cannot be fixed with a patch.

The security holes stem from the flow and the layout of these Web sites, according to their study. The flaws include placing log-in boxes and contact information on insecure Web pages as well as failing to keep users on the site they initially visited. Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.

A shocking 75% with flaws! This study is 2 years old but still the results are quite scary and I seriously doubt the architecture of these banks technology platforms has changed that much.

And with 40% of Americans using online banking systems…that’s a lot of people at risk! I’d guess the figures are probably similar for countries with similar broadband penetration and perhaps even high in some places like Korea and Singapore.

About 40 percent of Americans use the Internet for banking, according to a February 2008 survey conducted by Pew Internet. In 2011, 76 percent of online households will bank online, according to Forrester Research.

The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts. The FDIC says computer intrusion, while relatively rare compared with financial crimes like mortgage fraud and check fraud, is a growing problem for banks and their customers.

A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to nearly $16 million in losses in the second quarter of 2007. There were two and a half times more computer intrusions in the second quarter of 2007 compared to the first quarter. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.

536 is not too bad for the number of cases, but still that’s only for a certain segment of people.

There are a list of the main flaws, which are mostly what we would expect to see in the full article.

Source: Livescience (Thanks Navin)


Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


nUbuntu Development Kicking Off Again – Security LiveCD

Your website & network are Hackable


We did mention nUbuntu long ago in our famous 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) article.

After that it stopped development for quite some time, thankfully some new blood has picked it up and development has started again!

With over a year of inactivity, the latest alpha of nUbuntu 8.04 has finally surfaced.

With this comes many new bug fixes and updates. All of the latest security and penetration tools are included to make this you’re primary pentesting livecd.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Many people ask, “What makes it better than X?”, or “Why should I use this over Y”. Our answer to this question is, we do not think about whether people are using it or not. We are more concerned about the learning process. If you want to try something with a clean interface, fast, and an excellent range of programs please don’t hesitate to download nUbuntu.

You can download nUbuntu 8.04 here:

nUbuntu – 8.04 (x86) (Torrent)
nUbuntu – 8.04 (x86) (Direct)

Or read more here.


Posted in: Hacking Tools, Linux Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Linux Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,815 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,993 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,765 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Exploit for Kaminsky DNS Bug Goes Wild

Your website & network are Hackable


There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild.

To top that, they have already been ported into Metasploit!

I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves that there is no danger..

When Dan Kaminsky disclosed a critical flaw in the net’s address lookup system earlier this month, he said it was crucial internet service providers and other organizations install patches immediately. He wasn’t kidding.

Security researchers have developed two working exploits that poison vulnerable domain name system servers, allowing attackers to redirect unwitting end users to impostor sites. What’s more, the attack code has been added to Metasploit, a penetration testing tool used to test the security of computers and networks. The program, which is maintained by HD Moore, makes it easy for white hats and black hats alike to exploit vulnerable servers.

It’ll be interesting to see the aftermath of this rapid disclosure, these serious flaws don’t usually come out so fast – well not a working exploit and definitely not coded into an easy to use tool like Metasploit!

I wonder how many name servers are currently owned and serving up the wrong records? This could be a boon for phishers.

Some people have complained that Kaminsky’s bug has been shamelessly hyped. We disagree. Should there be widespread exploitation of the flaw, the result would be chaos. Attackers could taint the machines relied on by millions of people. When they typed bankofamerica.com into their browser, they’d have no way of knowing whether they were being directed to the real site or one designed to steal their money. Trust on the internet, as flawed as it may be now, would completely break down.

Currently, the exploits work only on caching servers used by ISPs and other large organizations, but Moore said they could be modified to work against client-side resolvers, which are used on desktop machines. Earlier this month, Microsoft issued an update patching the vulnerability. It was unclear if other OSes are vulnerable.

This is really serious, such DNS caching servers are used by pretty much every single large ISP and large corporate entity.

Better watch where you are surfing…but don’t worry this is the real http://www.darknet.org.uk!

The actual exploits themselves are available here:

CAU-EX-2008-0002.txt & CAU-EX-2008-0003.txt

Source: The Register


Posted in: Exploits/Vulnerabilities, Network Hacking, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


MoocherHunter – Detect & Track Rogue Wifi Users

Your website & network are Hackable


MoocherHunter™ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers. It’s included as part of the OSWA Assistant LiveCD we mentioned quite recently.’

I wanted to mention this tool separately as I think it’s very cool!

MoocherHunter™ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. If they want to mooch from you or use your wireless network for illegal purposes (e.g. warez downloading or illegal filesharing), then they have no choice but to reveal themselves by sending traffic across in order to accomplish their objectives. MoocherHunter™ enables the owner of the wireless network to detect traffic from this unauthorized wireless client (using either MoocherHunter™’s Passive or Active mode) and enables the owner, armed with a laptop and directional antenna, to isolate and track down the source.

Because it is not based on fixed or statically-positioned hardware, MoocherHunter™ allows the user to move freely and walk towards the actual geographical location of the moocher/hacker. In residential and commercial multi-tenant building field trials held in Singapore in March 2008, MoocherHunter™ allowed a single trained operator to geo-locate a wireless moocher with a geographical positional accuracy of as little as 2 meters within an average of 30 minutes.

You can download OSWA Assistant here to get MoocherHunter:

oswa-assistant.iso

Or read more here.


Posted in: Countermeasures, Security Software, Wireless Hacking

Tags: , , , , , , , , , ,

Posted in: Countermeasures, Security Software, Wireless Hacking | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,090 views
- Password Hasher Firefox Extension - 117,773 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,723 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


San Fransisco Mayor Regains Control of the Network

Your website & network are Hackable


In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.

He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the SF government network.

“The first thing I want you to know, Mr. Mayor, is that when you walk out of this room, you will have the computer codes.”

Those words – delivered to Mayor Gavin Newsom by imprisoned city computer tech Terry Childs in a small, fourth-floor room at city jail Monday – signaled the beginning of the end of the weeklong standoff in which San Francisco officials found themselves in the embarrassing position of being locked out of their own computer system.

Childs – whom some have described as a friendly, hard worker at the city Technology Department, and others have labeled an over-the-top control freak – has been sitting in jail since July 13 on $5 million bail, after being arrested for reconfiguring key passwords in the city’s computer system.

He handed the details over without too much trouble or persuasion by the looks of it, I guess he realised he was actually in quite serious trouble and he should comply or face a stiff sentence.

He might the right choice I think.

A team of code crackers brought in from Cisco Systems had been working around the clock to try to decipher Childs’ codes, but with only marginal success.

“It wasn’t cheap and I just couldn’t see us keep spending that kind of money,” Newsom said.

Then, out of the blue, Childs’ lawyer, Erin Crane, called the mayor’s office Monday afternoon, offering a jailhouse meeting.

Childs, according to the lawyer, was ready to give up the codes – but only to the mayor, who had gone out of his way in his public comments not to portray Childs as some sort of monster.

Newsom didn’t hesitate. Without asking the city attorney for an opinion or giving a heads up to police or the district attorney, he was at the Hall of Justice in half an hour.

Well at least we can have faith in our Cisco equipment, even the Cisco guys themselves can’t crack it so there’s no backdoor!

It’ll be interesting to see how this case develops and what happens to Mr Childs after this.

Source: SFGate


Posted in: General Hacking, Legal Issues, Network Hacking

Tags: , , , , , , , , , , ,

Posted in: General Hacking, Legal Issues, Network Hacking | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,118 views
- Hack Tools/Exploits - 624,422 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,488 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


TSGrinder – Brute Force Terminal Services Server

Your website & network are Hackable


This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.

TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.

TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337” conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.

You can download TSGrinder 2.0.3 here:


tsgrinder-2.03.zip

Note that the tool requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:

roboclient.zip

Or read more here.


Posted in: Hacking Tools, Password Cracking, Windows Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Password Cracking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,815 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,993 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,765 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


San Fransisco Officials Locked Out of Their Own Network

Your website & network are Hackable


Another disgruntled IT worked causing mayhem, remember the guy that destroyed all the medical records?

He got a pretty hefty sentence, now we have another who has locked everyone out of the new ‘state of the art’ computer network in San Fransisco – he’s on a $5 million dollar bail so I’d say he’s in big trouble too.

A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.

Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city’s new FiberWAN (Wide Area Network), where records such as officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings are stored.

He was pretty well paid it seems and he must have had top level access to the entire WAN infrastructure as he has managed to lock everyone out. Thankfully the system is still running and there appears to have been no damage so far but that doesn’t mean he doesn’t have some backdoor or logic bomb that can wipe out all the records and data.

I think the Government and the law enforcement guys need to handle this very carefully.

Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn’t work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.

He was taken into custody Sunday. City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system.

Childs has worked for the city for about five years. One official with knowledge of the case said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him.

“They weren’t able to do it – this was kind of his insurance policy,” said the official, speaking on condition of anonymity because the attempted firing was a personnel matter.

Seems like he was trying to play the get out of jail free card…I’m not sure it’ll work though. I’d say he’s heading for big trouble…and however secure it is if they have physical access to the systems it’s only a matter of time before they crack his passwords and regain control of the system.

Then Mr. Childs your power play is finished and you are looking at a few years of having your backdoor cracked..

Source: SFGate


Posted in: Legal Issues, Network Hacking

Tags: , , , , , , ,

Posted in: Legal Issues, Network Hacking | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,699 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,615 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Zodiac – DNS Protocol Monitoring and Spoofing Tool

Your website & network are Hackable


Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.

Features

  • sniffing on all kinds of configured devices (Ethernet, PPP, …)
  • capturing and decoding nearly all types of DNS packets, including packet decompression
  • ncurses driven text based frontend with interactive commandline and multiple windows
  • threaded design allow more flexibility when adding your own features
  • clean code, commented and tested just fine, ready for you to extend
  • internal DNS packet filtering allows installation of pseudo DNS filters you can “select()” on a large set of DNS packet construction primitives
  • DNS name server versioning using BIND version requests
  • DNS local spoofing, answering DNS queries on your LAN before the remote NS
  • DNS jizz spoofing, exploiting a weakness within old BIND versions
  • DNS ID spoofing, exploiting a weakness within the DNS protocol itself

You can download Zodiac 0.4.9 here:

zodiac-0.4.9.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,735 views
- AJAX: Is your application secure enough? - 120,090 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95