Archive | April, 2011

Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit

Your website & network are Hackable


So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data loss including user data for millions of users being stolen.

All kinds of personal data was leaked including birth dates, names, e-mail address and it was originally though the hackers had also got hold of user credit card details.

A funny tweet I saw on the matter was “Hello my name is SONY. I like long walks on the beach, DRM, rootkits and losing your cc info.” from @rodolfor.

Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony’s related Qriocity network.

Sony’s stunning admission came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”.

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months

What worries me is how much of their data was stored in plain text, I guess they assumed their system and network was so secure it would not be breached. But still, the important stuff should have been behind some kind of encryption layer and things like passwords should be hashed.

There was an official update from them too on the PlayStation blog here:

Update on PlayStation Network and Qriocity

They did warn users to remain vigilant and provided ways on how to be prepared for credit card. There were some rumours going around that PSN users were seeing $10 debits from the credit cards they had linked to their PlayStation accounts.


Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony’s advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn’t say if its website complied with data-security standards established by the Payment Card Industry.

Sony reminded users located in the US that they’re entitled to receive one credit report per year from each of the three major credit bureaus. The company didn’t offer to pay for any sort of credit monitoring service to help ensure the information it lost isn’t used in identity-theft ruses against its users.

“When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password,” advises a letter that Sony is sending to its users.

The latest news is however that the credit card details are actually encrypted, so they should be safe. The details came from an updated in Q&A format from the PlayStation blog:

Q&A #1 for PlayStation Network and Qriocity Services

Their statement is as follows:

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

So the user data is out there but the credit card data should be safe, even if the table was stolen it’s encrypted – let’s hope the hacker didn’t swipe the keys too.

The case has also triggered a lawsuit with a user of the network suing Sony over the data loss, more from Information Week here:

Sony Sued Over PlayStation Network Hack

Source: The Register


Posted in: Exploits/Vulnerabilities, Legal Issues, Privacy

Tags: , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Legal Issues, Privacy | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,812 views
- AJAX: Is your application secure enough? - 120,264 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri


OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool

Find your website's Achilles' Heel


The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc).

Also, since the http traffic is stored in a MongoDB, the traffic is stored at an object-level, retaining the structure of the parsed traffic.

Features

  • Swing-based UI,
  • Interception capabilities with manual edit, both for TCP and HTTP traffic,
  • Syntax highlightning (html/form-data/http) based on JFlex,
  • Storage of http traffic into MongoDB database,
  • Possibilities to intercept in Fully Qualified mode (like all other http-proxies) OR Non-fully qualified mode. The latter means that interception is performed *after* the host has been parsed, thereby enabling the user to submit non-valid http content.
  • A set of filters to either ignore or process traffic which is routed to the proxy. The ‘ignored’ traffic will be streamed to the endpoint with minimal impact on performance.

Known Issues

  • HTTP-intercept: Some button/checkboxes in the interception window does not work
  • TCP-intercept: The statistics counters are incorrect.

You can download OWASP Hatkit Proxy here:

hatkit_proxy-0.5.1.zip

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,686 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,603 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,821 views

Get protected with Sucuri


Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far

Find your website's Achilles' Heel


There’s been a few big stories in the past few days, one is of course the whole iPhone geo-location data tracking thing – but everyone was too busy checking into Foursquare to complain about that.

The other is that the Sony PlayStation Network (PSN) basically got hacked, owned and raped. It’s still currently down and according to Sony is being completely rebuilt to be more secure, so far it’s been down for 4 days.

The outage of Sony’s PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is “rebuilding” its system to better guard against attacks.

Sony said on Saturday that the outage was caused by an “external intrusion” into the network, but has yet to detail the problem.

The PlayStation Network is used for PlayStation 3 online gaming and sales of software to consoles and the PlayStation Portable. The Qriocity service runs on the same network infrastructure and provides audio and video to Sony consumer electronics products. The latest update, while not explaining the intrusion, pointed towards it being relatively sophisticated.

“Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure,” the company said in a statement. “Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.”

I bet there’s a lot of gaming addicts out there jonesing to get their fix, I’d imagine it’s a top priority for Sony to get this back up and running especially as they were planning to major updates. They haven’t as yet given any kind of indication as to how long it’s going to take them to fix it.

I’d estimate they should be done before the end of this week, more than 7 days down is suicide for this kind of online model.


Sony said it is “working around the clock to bring them both back online,” but didn’t say when they might return. Phone calls to the company’s Tokyo headquarters went unanswered on Sunday.

“We thank you for your patience to date and ask for a little more while we move towards completion of this project,” the statement said.

The outage has left PlayStation 3 owners unable to play online games. Networked gaming, in which gamers collaborate with others in real-time battles, challenges and quests, is very popular and typically enjoyed by millions, especially over the weekend.

I’d imagine we’ll be seeing some kinda of announcement by Sony about this fairly shortly – they can’t be leaving millions of frustrated gamers in the dark. I’d be interested to see some kind of details regarding the intrusion too.

How did they get in? How serious was it? Did they use some kind of mythical 0-day exploit?

From what we know about Sony though, I wouldn’t hold your breath on the details..

Source: Network World


Posted in: General News

Tags: , , , , , , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,440 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,361 views

Get protected with Sucuri


SearchDiggity – GUI Front-End For GoogleDiggity & BingDiggity

Find your website's Achilles' Heel


The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks.

SearchDiggity is a new GUI application that serves as a front-end to both GoogleDiggity and BingDiggity.

GoogleDiggity

With the retirement of Google’s SOAP Search API on September 7, 2009, most of the security utilities available for Google Hacking cease to function, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new MS Windows command line utility designed to help fill that need. GoogleDiggity leverages the Google AJAX API, so it will not get you blocked by Google bot detection while scanning. Also, unlike other Google Hacking tools available, GoogleDiggity actually allows you to specify a Google Custom Search Engine (CSE) id to run Google Hacking vulnerability checks against a customized version of Google that will only return results tailored to your organization.


BingDiggity

BingDiggity is a new command line utility that leverages the new Bing 2.0 API and a newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine. This utility also provides footprinting functionality that allows you to enumerate URLS, hosts, domains, IP-to-virtual host mappings, etc. for target companies.

You can download SearchDiggity v1.0 here:

MSI Installer – searchdiggity.msi
ZIP File – searchdiggity.zip

Or read more here.


Posted in: Hacking Tools, Privacy, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,686 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,603 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,821 views

Get protected with Sucuri


Microsoft Implements Company Policy For Vulnerability Disclosure

Find your website's Achilles' Heel


Microsoft has implemented a new company policy regarding vulnerability disclosure in non-Microsoft products (third-party products). Unsurprisingly they are following the ‘responsible disclosure’ line rather than the ‘full disclosure’ line favoured by the infosec community.

It’s fair enough though, as they say treat others as you wish to be treated. I’m pretty sure Microsoft would much prefer people to report vulnerabilities to them privately and give them adequate time to fix the problem before disclosing publicly.

If you really THAT interested, you can actually download the policy here (MS Word).

Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products.

The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They’re intended to simplify communication among affected parties and reduce the chances that vulnerability reports will result in it being exploited in the wild. Among other things, they require employees to send private notifications to the organization responsible for the vulnerable software, hardware or service and only later publish a public advisory.

“We’re definitely into the idea of no surprises for any of our vendors that we find vulnerabilities in,” said Microsoft Senior Security Strategist Katie Moussouris. “We’re basically following the golden rule for disclosure, and it’s all about protecting customers, because there’s no reason to unnecessarily amplify risk by imposing some sort of one-size-fits-all deadline on things.”

The policy (MS Word document here) applies to all Microsoft employees, whether they find vulnerabilities during their personal time or as part of their official duties. The procedures are intended to move away from the doctrine of “responsible disclosure,” which many people in security circles came to resent because it suggested all who disagreed with it were somehow behaving improperly.

It’s interesting to see a company really showing the public at large how they intend to deal with finding vulnerabilities in other peoples software. Google has published a similar (but MUCH less detailed) policy regarding disclosure.

Google will generally give 60 days before they publish a vulnerability publicly, a lot of people give up trying to contact vendors after a few bounced or unreplied e-mails and just post the details on mailing lists like Bugtraq or Full-disclosure.

What will be fascinating is to see what kind of vulnerabilities Microsoft will publish, it’ll give us some idea as to which products and what types of software they are looking at.


Under the policy, Microsoft employees who discover vulnerabilities will report them privately to the third-party organizations responsible. Encrypted email is the favored medium, but only after the employee has identified the right third-party person to receive the report. The reports should include crash dump information, proofs of concept or exploit code, root cause analysis, and other technical details.

“Any vulnerability information provided to the vendor is not intended for public use, but for the vendor’s use to identify and remediate the vulnerability,” the policy states.

For the first time, Microsoft will begin publishing advisories about the vulnerabilities its employees have discovered – preferably only after the security hole has been patched. Microsoft may also issue advisories if it learns the bug is being exploited, or in cases where it receives no response from the third party.

The policy appears to be the first time a company has said publicly exactly when and how it will report vulnerabilities in the products of its peers, partners and competitors. In July, Google’s security team issued a less detailed policy that said members would generally give companies 60 days to patch vulnerabilities before making them known publicly.

Microsoft has yet to implement a bug-bounty program that compensates researchers for their time and expertise in reporting vulnerabilities in its products. Google and Mozilla have paid rewards for years. Security firm Tipping Point has pledged to make vulnerabilities public six months after reporting them privately.

The focus for everyone seems to ‘protecting the end user’ – why the shift in focus? I’m not entirely sure, but it’s not a bad thing.

You can read the Google Policy here:

Rebooting Responsible Disclosure: a focus on protecting end users

Perhaps Microsoft took a leaf from the Google book after all.

Source: The Register


Posted in: Legal Issues, Windows Hacking

Tags: , , , , , , , ,

Posted in: Legal Issues, Windows Hacking | Add a Comment
Recent in Legal Issues:
- Criminal Rings Hijacking Unused IPv4 Address Spaces
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,722 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,661 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,635 views

Get protected with Sucuri


BodgeIt Store – Vulnerable Web Application For Penetration Testing

Find your website's Achilles' Heel


There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features

  • Easy to install – just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up

There is also a ‘scoring’ page where you can see various hacking challenges and whether you have completed them or not.


Install

All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.

Then point your browser at (for example) http://localhost:8080/bodgeit

The author recommends Zed Attack Proxy to get you started.

You can download BodgeIt Store here:

bodgeit.1.1.0.zip

Or read more here.


Posted in: Exploits/Vulnerabilities, Programming, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,812 views
- AJAX: Is your application secure enough? - 120,264 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri


Adobe Patches Latest Flash Zero Day Vulnerability

Your website & network are Hackable


There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious.

They don’t have a great reputation for testing their software before releasing (the latest 10.2.x versions seem to be causing a LOT of problems on Firefox), so we’ll just have to hope it’s a good patch. They promised the patch for another deadly 0-day back in March, roughly about a month ago.

At least it’s patched now and I truly hope that the latest version also stabilises Flash Player for Firefox.

Adobe today patched a critical vulnerability in Flash Player that the company said criminals were already exploiting with malicious Microsoft Word and Excel documents. On Monday, Adobe acknowledged the bug , said exploits were circulating, and promised to fix the flaw with an emergency update.

Today’s update was Adobe’s second rush patch in less than four weeks. The new version, Flash Player 10.2.159.1, is available for Windows, Mac, Linux and Solaris. Missing from that list is Android, the Google mobile operating system that also runs Flash. A fix for the same flaw will be issued to Android users no later than the week of April 25, said Adobe.

Adobe will patch the popular PDF viewer Adobe Reader that same week. The Flash vulnerability also exists in Reader and the more advanced Acrobat because both include code that renders Flash content embedded in PDF files. Although initial attacks were launched using malicious Word attachments, hackers later expanded the campaign to include malformed Excel files, according to Mila Parkour, the independent security researcher who reported the Flash flaw to Adobe.

Parkour, who has been tracking the attacks for more than a week, has published information about them on her Contagio Malware Dump blog.

There’s no patch yet for the Android version of Flash, but Adobe has promised it will be pushed out by April 25th (next Monday). Incidentally they will also be patching PDF Viewer and Adobe Reader next week as they both render Flash and are also vulnerable to this exploit.

So Flash content embedded in PDF files is a viable vector for infection using this vulnerability, in the wild both Word and Excel files were being used (with embedded Flash files) to exploit the vulnerability.


Some of the earliest messages in the attack tried to get recipients to open the attached Word or Excel files by claiming they offered information on China’s antitrust laws, or a purported Japanese nuclear weapons program. Later messages were more mundane, and posed as corporate reorganization plans or new company contact lists.

Parkour also traced the resulting malware’s “phone-home” communications to a server registered in China, and noted that some of the malicious Word and Excel documents had been originally crafted in Chinese.

Google updated its Chrome browser — which includes a copy of Flash Player — Thursday, fixing not only the Adobe bug but a trio of critical vulnerabilities in the browser’s hardware acceleration technology. Like Internet Explorer and Firefox, Chrome taps the computer’s graphics processor (GPU) to handle some page composition and rendering tasks.

Google usually tags as “critical” only those bugs that attackers could use to escape the browser’s “sandbox,” an anti-exploit technology designed to prevent malicious code from escaping the browser.

Users running other browsers can download the patched version of Flash Player from Adobe’s site.

Google also updated Chrome recently with this Flash Player update and 3 other critical vulnerabilities related to the hardware acceleration in the browser.

I wonder how long it will be until the next critical 0-day vulnerability in Adobe Flash Player is exposed? Perhaps we’ll see another one in May.

And don’t forget to follow us on Twitter @THEdarknet to keep up with other interesting stories as they break.

Source: Network World


Posted in: Exploits/Vulnerabilities, General Hacking

Tags: , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,812 views
- AJAX: Is your application secure enough? - 120,264 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri


sqlmap 0.9 Released – Automatic Blind SQL Injection Tool

Find your website's Achilles' Heel


It’s been a while since we’ve written about sqlmap, the last time was when 0.7 was released back in July 2009 – sqlmap 0.7 Released – Automatic SQL Injection Tool.

Well sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine.

For those that aren’t familiar with the tool, sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


New Features/Changes

  • Rewritten SQL injection detection engine (Bernardo and Miroslav).
  • Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
  • Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
  • Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
  • Implemented support for Firebird (Bernardo and Miroslav).
  • Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
  • Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
  • Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
  • Added support to fetch unicode data (Bernardo and Miroslav).
  • Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
  • Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
  • Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
  • Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

The complete changelog is available for viewing here.

You can also download the user manual here [PDF] – sqlmap README

You can download sqlmap 0.9 here:

sqlmap-0.9.tar.gz

Or read more here.


Posted in: Database Hacking, Hacking Tools

Tags: , , , , , , , ,

Posted in: Database Hacking, Hacking Tools | Add a Comment
Recent in Database Hacking:
- DBPwAudit – Database Password Auditing Tool
- VTech Hack – Over 7 Million Records Leaked (Children & Parents)
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 77,215 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,520 views
- SQLBrute – SQL Injection Brute Force Tool - 41,440 views

Get protected with Sucuri


Microsoft Unleashes Record Breaking Patch Tuesday – April 2011

Your website & network are Hackable


We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program.

That’s a good thing because it’s had some horribly effective vulnerabilities revealed lately. It managed to package up a massive bundle of patches for 64 vulnerabilities in Windows, Office and a few other software packages.

So if you’re running any Windows installations anywhere, make sure you get your Windows Update on ASAP and get those patches downloaded.

Microsoft has patched a record 64 vulnerabilities in Windows, Office and five other software packages, many of which allowed attackers to remotely install malware on end user machines.

The most important fixes addressed a vulnerability in the Internet Explorer browser that was exploited in last month’s Pwn2Own contest. Although details were kept confidential, hackers have begun exploiting the critical flaw in real-world attacks, Microsoft warned. The use-after-free vulnerability affects versions 8 and earlier of the Microsoft browser.

The other top priority should be updates that patch critical vulnerabilities in the way Windows handles networking requests using the SMB, or Server Message Block, protocol. By sending malformed packets, attackers can remotely install malware on vulnerable machines with no user interaction required.

Researchers have warned that the flaw could be exploited to install self-replicating worms in much the way a similar vulnerability from 2008 did. Even after Microsoft issued an emergency patch for the flaw, it still opened the door to the Conficker Worm, which commandeered millions of machines.

If you remember back in March we reported on Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari, they’ve fixed that flaw – which has been exploited in the wild.

I think Pwn2Own does play an important role in the security industry and really helps get some nasty bugs patched up. Of course I don’t think any of us are using Internet Explorer anyway…but still – a lot of people are.

Even on this site 18.3% of visitors are still using some version of IE (with the majority using 8, then 7 then 9 with 6 thankfully in 4th place).


The monster patch batch also included relief for another flaw in all supported versions of Windows that Google has said was being exploited by “politically motivated” attackers against activists. The MS11-026 update fixes the way Windows parses webpages containing MIME-formatted content.

Microsoft also introduced two tools that are designed to thwart malware attacks. One extends a protection known as Office File Validation to older versions of Office. The feature, which was previously available only to users of Office 2010, helps users to identify malicious Office files by scanning and validating them before they are opened.

The second tool is an update to the winload.exe component that helps flag device drivers that have been booby-trapped to install malware.

The patches were released in 17 bulletins, nine of which carried a rating of “critical,” a designation typically reserved for vulnerabilities that can be remotely exploited to install malware or expose sensitive user data. The remaining eight bulletins were rated “important.”

If you just wanna get down to the details of the patches and what was released, you can read the summary from Microsoft here:

April 2011 Security Bulletin Release

Also check this out:

Assessing the risk of the April security updates

And of course SANS always has a useful recap:

April 2011 Microsoft Black Tuesday Summary

Source: The Register


Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software, Windows Hacking

Tags: , , , , , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software, Windows Hacking | Add a Comment
Recent in Countermeasures:
- Bearded – Security Automation Platform
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,264 views
- Password Hasher Firefox Extension - 117,881 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,751 views

Get protected with Sucuri


RawCap – Free Command Line Packet/Network Sniffer For Windows (Raw Sockets)

Your website & network are Hackable


RawCap is a free command line network sniffer for Windows that uses raw sockets.

Features

  • Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
  • RawCap.exe is just 17 kB
  • No external libraries or DLL’s needed other than .NET Framework 2.0
  • No installation required, just download RawCap.exe and sniff
  • Can sniff most interface types, including WiFi and PPP interfaces
  • Minimal memory and CPU load
  • Reliable and simple to use

Raw sockets limitations in Vista and Win7

Due to current limitations in the raw sockets implementations for Windows Vista and Windows 7 we suggest running RawCap on Windows XP. The main problem with raw socket sniffing in Vista and Win7 is that you might not receive either incoming packets (Win7) or outgoing packets (Vista).

You can download RawCap here:

RawCap.exe

Or read more here.


Posted in: Hacking Tools, Network Hacking, Windows Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,686 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,603 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,821 views

Get protected with Sucuri