Archive | June, 2010

iPhone 4 Pre-Order System Exposes Customer Data

Your website & network are Hackable


The big talk over the past weekend was about this, the AT&T system for recording pre-sales records for the new Apple iPad exposed account information. I didn’t think it was a big deal until they did something similar again today with the iPhone 4…the second time in one week – that must be some kind of record?

It seems that people logging in where often greeted by someone else’s details, most likely the system got overloaded and that led to some funky linking of unsychronised database servers. Despite all the problems however AT&T sold out on launch-day! The busiest day in AT&T history so they claim.

Preordering for Apple’s iPhone 4 got off to a rocky start on Tuesday, with long lines, system outages, and an AT&T server that exposed sensitive account information for existing users of the must-have mobile device.

For the second time in less than a week, Gizmodo reported, AT&T was caught exposing private information belonging to Apple customers. The breach came when existing iPhone owners placed advanced orders for the newest iPhone, which is scheduled to go on sale on June 24. After entering their account credentials, certain customers were logged in to accounts belonging to other users, potentially exposing the names, addresses, and phone logs of an unknown number of people, the website said.

The privacy snafu follows a report last week that email addresses for more than 114,000 early adopters of Apple’s iPad were exposed by an overly generous application on AT&T’s website. As a result, email addresses for some of the rich and powerful — including New York Times Co. CEO Janet Robinson, ABC Newswoman Diane Sawyer, film mogul Harvey Weinstein, and New York Mayor Michael Bloomberg — were shared with world+dog.

This story was published today by Gizmodo who has been sharing e-mails their readers have sent in showing the wrong data after logging in.

By the looks of things it’s not slowing down orders or stopping anyone from putting their details in the system, so I hope AT&T does something to rectify it soon.

AT&T representatives didn’t respond to an email seeking comment. Gizmodo shared emails sent by five readers who all recounted the same error.

“I logged in to Att.com in the pre-order frenzy,” a reader named Ethan wrote in one. “I was immediately greeted by someone elses personal information.” Gizmodo included multiple screen shots the publication said belonged to people other than the person who logged in.

Tuesday’s breach came as numerous people reported being unable to complete iPhone 4 preorders. Many who tried to order online received a message reading “There was an error processing your request. Please try again later.” Many customers who tried to order in person were greeted by long lines.

Despite the difficulty, AT&T sold out of launch-day preorders several hours later, with AT&T telling Engadget it “was the busiest online sales day in AT&T history.”

The paranoid amongst us may indeed think there is some mass scale fraud going on and perhaps someone has compromised the AT&T customer records system and is billing other people for iPhones they are taking delivery of.

Well if that’s happening I’m sure the news will come out soon enough unless AT&T manages to sweep it under the carpet.

Either way, if you’re an AT&T customer..I’d be careful if I were you.

Source: The Register


Posted in: Apple, Exploits/Vulnerabilities, Privacy

Tags: , , , , , , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities, Privacy | Add a Comment
Recent in Apple:
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- XcodeGhost iOS Trojan Infected Over 4000 Apps

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,007 views
- Apple Struggling With Security & Malware - 24,138 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,936 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Onapsis Bizploit – ERP Penetration Testing Framework

Your website & network are Hackable


Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.

Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems.

The term “ERP Security” has been so far understood by most of the IT Security and Auditing industries as a synonym of “Segregation of Duties”. While this aspect is absolutely important for the overall security of the Organization’s core business platforms, there are many other threats that are still overlooked and imply much higher levels of risk. Onapsis Bizploit is designed as an academic proof-of-concept that will help the general community to illustrate and understand this kind of risks.

Currently Onapsis Bizploit provides all the features available in the sapyto GPL project, plus several new plugins and connectors focused in the security of SAP business platforms. Updates for other popular ERPs are to be released in the short term.

You can download Bizploit here:

Bizploit v1.00-rc1 for Windows
Bizploit v1.00-rc1 for Linux

Or read more here.


Posted in: Database Hacking, Security Software

Tags: , , , , , , , , , , , , , ,

Posted in: Database Hacking, Security Software | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,620 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,431 views
- SQLBrute – SQL Injection Brute Force Tool - 41,092 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft Installs Firefox Add-on Without Asking During Recent Patch Tuesday

Your website & network are Hackable


It’s not the first time Microsoft has had some issues with Firefox and add-ons they installed on users machines through Windows Update.

Back in October of last year, Mozilla forcefully disabled a .NET add-on as it was causing ‘instability’ rather a security/vulnerability issue. I did notice the issue with my own Firefox and also noticed that Microsoft likes to install their add-ons with NO uninstall button, which is dodgy in my books.

If they did it in IE, it wouldn’t be so bad as it’s their own product and if people choose to use it they have the rights to update it. But pushing their badly written add-ons into a 3rd party browser and not even giving people the change to uninstall them? That’s just wrong.

Microsoft has silently slipped a Firefox extension onto user machines via an automatic software update. Again.

This week, as part of its regular Patch Tuesday, Redmond released an update for its various browser toolbars, and as Ars Technica noticed, this update also installed an entire add-on for Internet Explorer and an extension for Mozilla Firefox – without asking users. Ars was unable to identify the installs, but Microsoft now tells The Reg that the update was installing the latest version of its Bing toolbar on machines that were running the older Windows Live Toolbar or MSN Toolbar.

The company says it has now, um, updated the update, and the silent toolbar install no longer occurs. The company calls the silent install “a bug.”

“We discovered a bug in the latest update that was installing the Firefox extension for users with the Windows Live Toolbar and MSN Toolbar (specifically people who have not upgraded to the latest version of the Bing Bar),” the company tells us. “We fixed the update so that going forward folks who still have only the older Windows Live Toolbar or MSN Toolbar will not see this behavior anymore.”

Oh so now a silent install is a bug? Usually people label it as spyware or malware. With the kind of marketshare Bing currently has – I’m really not surprised Microsoft is resorting to these kind of tactics.

The worst part seems to be, may users have removed it by following the Technet instructions…and it just keeps coming back and silently reinstalling itself!

But then it’s a risk you take, if you are using a Microsoft OS…you have to deal with this kind of behaviour. You can’t even escape their crapware by using a 3rd party browser!

The company apologizes for any inconvenience this may have caused.

Microsoft says that the update was supposed to include only its Search Enhancement Pack, a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. The Pack, the company says, enables certain toolbar features, such as the search suggestions drop down. The update was originally tagged with the Search Enhancement Pack label, but it also installed the Bing toolbar on certain machines.

The update was marked “important,” not “optional.” And Firefox users at MozillaZone weren’t too happy about the silent extension install. “I am still annoyed that Microsoft thinks it is ok to arbitrarily tack on something to my FF browser WITHOUT asking, and worst of all, disabling the Uninstall button! Why do they keep doing stupid things like that?!” says one posted.

Users were similarly peeved a year ago, when a service pack for the .NET Framework silently pushed a Firefox add-on. This add-on – Microsoft .NET Framework Assistant – enabled .NET apps to be installed with one click. It also shipped with a disabled uninstall button.

Seems like Microsoft are making a lot of excuses this time and why on earth is the update marked as important and not optional? Surely if it’s just a browser search add-on it should be optional, it’s not a security flaw so for most people it’s certainly not important.

Another reason why people who care switch to Linux, I wouldn’t say Linux or Mac…because Apple have a tendency to do the exact same thing with iTunes and QuickTime.

Source: The Register


Posted in: General News, Windows Hacking

Tags: , , , , , , , , , , , ,

Posted in: General News, Windows Hacking | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,405 views
- eEye Launches 0-Day Exploit Tracker - 85,579 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,994 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD

Your website & network are Hackable


The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

It’s been quite a while since the latest fairly major update of SamuraiWTF (around a year ago).

This is quite a major release with the integration of metasploit, target applications and tons of tool updates. It is now DVD sized as it has out grown the CD release.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed.

You can download SamuraiWTF v0.8 here:

samurai-0.8.iso

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,138 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,436,608 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,268 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Microsoft Patches At Least 34 Bugs Including Pwn2Own Vulnerability

Your website & network are Hackable


What a massive mother-load of patches Microsoft has unleashed on this month patching more than 34 security vulnerabilities including the fairly high profile vulnerability exploited at the Pwn2Own contest earlier this year in April.

Good news as long as all the average Internet users actually use Windows Update and install the latest patches, which somehow I find extremely unlikely. It’s also good news for corporates stuck using Microsoft solutions as long as they have a good patch management solution for their network.

Microsoft on Tuesday patched at least 34 security holes in a wide range of software, including a bug in its Internet Explorer browser that fetched a researcher $10,000 at a hacker contest in April. In all, Microsoft released 10 bulletins, three of which were rated “critical” because they allowed attackers to remotely install malware on victim machines. Other affected products include Windows, Office, Internet Information Services, and SharePoint.

The IE update fixes a vulnerability that fetched Peter Vreugdenhil, a researcher with Netherlands-based Vreugdenhil Research, $10,000 during the Pwn2Own contest at the CanSecWest security conference in Vancouver. He was able to take full control of the Windows 7 machine despite protections known as DEP, or data execution prevention, and ASLR, or address space layout randomization.

It’s pretty rare there’s 3 critical vulnerabilities in one shot, but well we are talking about Microsoft aren’t we. They seem to getting their act together when it comes to patching, perhaps the pressure from Firefox fixing things so quickly is getting to them.

Even Safari is kicking their ass when it comes to fixing problems. But that’s the inherent problem with Microsoft, they have so many projects and platforms, so much spaghetti code and legacy issues it prevents them from releasing stable patches in a timely manner.

They are designed to mitigate the severity of software bugs by randomizing the memory locations of code and preventing code loaded into memory from being able to be executed. Vreugdenhil was able to bypass those protections by combining two separate vulnerabilities.

The Microsoft fixes came the day after Apple fixed almost 50 vulnerabilities in its Safari browser, including a decade-old history leak that still plagues all other browsers. Microsoft has a summary here.

Safari also unleashed a massive update this past Monday including fixing the history leak we wrote about recently.

There’s also a very details report from SANS here detailing each patch, the relevant KB article and CVE number.

June 2010 Microsoft Black Tuesday Summary

Source: The Register


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,031 views
- AJAX: Is your application secure enough? - 120,159 views
- eEye Launches 0-Day Exploit Tracker - 85,579 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool

Your website & network are Hackable


Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist.

Usage

You can view a demo of the tool enumerating Facebook sub-domains on Youtube here:

Facebook and Knock v.1.2

Knock works on Linux, Windows and MAC OSX with a python version 2.6.x (or minor).

Requirements

  • Python version 2.6.x or minor.
  • A wordlist

You can download Knock v1.3b here:

Knock v1.3 BETA

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- dnmap – Distributed Nmap Framework
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,982,138 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,436,608 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 681,268 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


FTC Cracks Down On Spyware Seller CyberSpy Software

Your website & network are Hackable


Well this case has taken a while but the FTC won in the end and reached a settlement two years after halting the company from selling it’s “100 per cent undetectable” commercial keylogging application.

It’s interesting to see court cases that venture into the grey area of ethics, I think the main problem stemmed from the information CyberSpy provided along with it’s software. They gave instructions on how to covertly send the application via e-mail and disguise it as an image attachment or an innocuous piece of software.

The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling “100 percent undetectable” keylogging software.

Under the terms of the settlement, announced Wednesday, CyberSpy can keep selling its RemoteSpy spyware but must take new steps to prevent it from being misused or advertised as a tool for spying on someone else’s computer.

To prevent its program from being used illegally, CyberSpy must make changes to it to prevent surreptitious installation, and “encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers,” the FTC said in a statement.

The FTC sued CyberSpy in November 2008 in an effort to get it to change its business practices.

The final verdict is CyberSpy can continue selling it’s software as that itself is illegal, but they must take precautions to prevent it from being misused or abused and they can no longer advertise it as a tool for spying on others.

This is why ethical cases are a little odd, they can continue selling the exact same software with the same functions – they just have to market it differently and not give people instructions which enable them to spy on others.

Not like people can’t find the same info elsewhere.

CyberSpy used to advertise its product as a tool that let users “secretly and covertly monitor and record PC’s without the need of physical access.”

Today, it’s billed as a tool that lets users spy on their own PCs — in order to keep tabs on children or employees.

The company previously had provided detailed instructions on how to attach a RemoteSpy executable file to an e-mail message, disguised as a photo or legitimate file attachment, the FTC said.

Today, CyberSpy simply advises users to do a Google search on compressing executable attachments, if they want to send RemoteSpy to their own computer and keep it from being blocked by e-mail filters.

CyberSpy have shifted their marketing slightly and now promote the tool as something to spy on your own computers (on your kids/employees etc.) – which is still highly questionable, but not illegal.

They also now include a disclaimer on the RemoteSpy page which states:

Notice: Installing computer monitoring tools on computers you do not own or do not have permission to monitor may violate local, state or federal law.

Source: Network World


Posted in: Legal Issues, Malware, Privacy

Tags: , , , , , , , , , , ,

Posted in: Legal Issues, Malware, Privacy | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,706 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,636 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,628 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


sectool – Security Audit Tool & IDS

Find your website's Achilles' Heel


sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Security Levels

  1. Naive – pretty basic and short set of tests
  2. Desktop – set of tests prepared to run on box not connected to internet
  3. Network – standard client machine connected to internet
  4. Server – network server
  5. Paranoid – bunch of tests for paranoid admins

The tests print several type of messages during their execution. “Warning” and “Error” messages are used to inform about discovered security risks.

  • warning – something that admin should know about
  • error – issues that should be fixed

Then there are another two messages: “Hint” and “Info”. These two are not print by default, so they need to be turned on.

  • hint – helps to find a way how to resolve discovered issue
  • info – provides information what does the test do at the moment

Test Results

Every test run is finished with one of these results:

  • PASS – Everything went OK, no security risks were discovered
  • WARNING – only warning messages were print
  • ERROR – at least one security issue was discovered
  • FAIL – internal test problem appears, test can’t be run

You can download sectool here:

sectool-0.9.4.tar.bz2

Or read more here.


Posted in: Countermeasures, Security Software

Tags: , , , , , , , , , ,

Posted in: Countermeasures, Security Software | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,159 views
- Password Hasher Firefox Extension - 117,807 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,733 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


iPhone Security Flaw – Using a PIN Won’t Protect Your Data

Your website & network are Hackable


Now it wasn’t long ago when the first malicious iPhone worm appeared in the wild and well generally since the boom of the device people have looking at the security measures.

Huge sales are made to corporates touting the security, privacy and encryption features of the iPhone OS. The latest discovery is that using a PIN on your iPhone 3GS really doesn’t protect you from anything as long as the person has physical access to your phone.

But then the same thing goes for desktop/laptop computers too, if someone has physical access you’re done for.

Using a four-digit PIN to lock your iPhone doesn’t really protect your data, security and IT blogger Bernd Marienfeldt has discovered. In an article describing the iPhone’s business security framework, Marienfeldt has found a “data protection vulnerability” in Apple’s iPhone 3GS.

Marienfeldt, working with security expert Jim Herbeck, has been able to reproduce the vulnerability on at least three non jail-broken iPhone 3GS handsets with different iPhone OS versions installed (including the latest). All tested iPhones were protected with a four-digit PIN.

In Marienfeldt’s own words:

“The unprotected iPhone 3GS mounting is “limited” to the DCIM folder under Ubuntu < 10.04 LTS, Apple Macintosh, Windows 2000 SP2 and Windows 7. The way Ubuntu Lucid Lynx handles the iPhone 3GS [6,7,8] allows to get more content (please do make sure that the native Ubuntu system is fully up to date, e.g. "apt-get update, "apt-get upgrade" - any virtualization based solution will not work as described). I used the Alternate CD with x86 and AMD64 on different hardware."

I guess with phones/embedded system we expected the user data to a little more secure and well we guessed wrongly. With a total of 33.75 million iPhones sold up to Q4 2009 that’s a staggering amount of vulnerable devices out there.

Another issue is Apple haven’t as yet worked out what the problem is, they’ve given some vague mentions of “race conditions” or “a pairing issues” but haven’t been able to reproduce it so far.

Other people have had varying success in exploiting the flaw, it seems to depend on the actual iPhone itself rather than anything else.

Basically, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user’s data–including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The “hacker” has read/write access to the iPhone, and the hack leaves no trace.

According to Marienfeldt, “The allowed write access could also lead into triggering a buffer overflow.” A buffer overflow could allow full write access, and full write access could potentially lead to the attacker being able to make phone calls (as far as we know, the attacker can access all of your data but they can’t make any phone calls…how reassuring).

Marienfeldt points out that this is especially an issue for corporate/business users, who “rely on the expectation that their iPhone 3GS’s whole content is protected by encryption with a passcode based authentication in place to unlock it.”

Apple has been notified of the flaw, but has yet to correct it (or give a timeline for the correction).

I hope Apple can address this phone and give a proper breakdown and explanation of why this happens, there must be some technical explanation for it and why it occurs in their so called ‘secure’ implementation.

You can read the original blog post here:

iPhone business security framework

Source: Network World


Posted in: Apple, Exploits/Vulnerabilities, Privacy

Tags: , , , , , , , , , , , , , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities, Privacy | Add a Comment
Recent in Apple:
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- XcodeGhost iOS Trojan Infected Over 4000 Apps

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,007 views
- Apple Struggling With Security & Malware - 24,138 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,936 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95