Archive | July, 2011

Facebook To Start Paying Bug Bounties

Find your website's Achilles' Heel


We’ve covered various stories about companies offering hackers and security researchers bounties for giving them working exploits for their software/website etc. Early runners in the game were – Google Willing To Pay Bounty For Chrome Browser Bugs

Now, 2 years down the road, Facebook has decided it’s a good idea to offer up a $500 bounty for exploits reported to the Facebook security team.

They are claiming they will pay out larger amounts for ‘truly significant’ bugs, but they aren’t qualifying that claim with any guidelines or amounts.

Facebook is going to pay hackers to find problems with its website — just so long as they report them to Facebook’s security team first.

The company is following Google and Mozilla in launching a Web “Bug Bounty” program. For security related bugs — cross site scripting flaws, for example — the company will pay a base rate of $500. If they’re truly significant flaws Facebook will pay more, though company executives won’t say how much.

“In the past we’ve focused on name recognition by putting their name up on our page, sending schwag out and using this an avenue for interviews and the recruiting process,” said Alex Rice, Facebook’s product security lead. “We’re extending that now to start paying out monetary rewards.”

On Friday, Facebook will launch a new Whitehat hacking portal where researchers can sign up for the program and report bugs.

Many hackers go public with the software and website flaws they find to gain prestige. Finding an important bug on a widely used website such as Facebook can help make a journeyman hacker’s career, and going to the press with the issue can make him — or her — famous.

They have always credited people who made discovered of insecurities on the Facebook platform and gifted them with t-shirts and other goodies, but this is the first move Facebook has made towards paying for exploits.

It is true though, finding a serious bug in a prestigious web property like Facebook could make someone famous overnight. I would like to see more bounty programs and those bounty programs paying out larger amounts.

Although I have to say I don’t believe a flaw in a social network would be worth that much on the black market (as opposed to say a zero-day in the latest version of Apache).


But talking about the issue before Facebook has had a chance to patch it, can be risky for Facebook users. In recent years, other companies have started these bug bounty programs to encourage hackers to keep quiet about the problems they find until they are patched.

Google pays between $500 and $3,133.70, depending on the severity of the flaw.

Google started to pay for browser bugs in early 2010, and then in November it expanded the program to cover bugs in its Web properties too.

The Web bug bounty program has helped Google uncover a lot of programming errors in the past eight months, most of which have been in Google’s lesser-known products, a company spokesman said this week.

Google sees its Web program as a big success. “We’re very happy with the success of our vulnerability reward program so far. We’ve already given out $300,000 and have seen a variety of interesting bugs,” the spokesman said in an e-mail message.

Facebook’s security team already engages in a lot of dialogue between security researchers and its own programmers. The company is contacted between 30 and 50 times each week by hackers. Their information leads to an average of about one to three “actionable bugs,” per week, Rice said. Most of these are cross-site scripting or cross-site request forgery issues. These are both very common Web programming errors that could be abused by scammers and cybercrooks to rip off Facebook users.

Google have given out over $300,000 since they started their program in 2010 – initially it was only for Chrome bugs – but they expanded it to cover all of their web properties and they’ve reaped the rewards by being able to fix all kinds of issues.

I foresee Facebook not having to pay out so much, the site is fairly closed and it’s not as expansive as the Google empire. Plus they don’t have any kind of actual software offering like Chrome.

It’s an interesting program though and I hope it leads to Facebook becoming more secure.

Source: Network World


Posted in: Exploits/Vulnerabilities, General Hacking

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- Pompem – Exploit & Vulnerability Finder
- Bug Bounties Reaching $500,000 For iOS Exploits

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,446 views
- AJAX: Is your application secure enough? - 120,207 views
- eEye Launches 0-Day Exploit Tracker - 85,651 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


iViZ On Demand Penetration Testing

Your website & network are Hackable


Introduction

iViZ is the industry’s first company to position themselves as an on-demand penetration testing service for web applications. This is very different from the normal low cost vulnerability assessment services like Qualys, Hackersafe, Hackerguardian etc.  Unlike conventional solutions, iViZ delivers consultant-grade quality with an on-demand experience. iViZ provides a hybrid solution that integrates automation with manual testing by security experts. This results in a cost-effective SaaS model to achieve a very low rate of false positives, manual expert validation, and business logic testing.  The key advantages are high quality, on-demand manageability, high scalability and unmatched service to price value.

iViZ Security is funded by IDG Ventures which also funded companies like Netscape, Baidu, MySpace and F5 amongst several others. iViZ currently has 200+ customers across several verticals including Finance, Telecom, Online Media and E-commerce.

Why did we evaluate iViZ On Demand Penetration Testing?

Although there are tons of penetration testing providers and solutions in the market today, iViZ visualized the gap in making penetration testing more proactive and repetitive in a cost effective manner. It has thus adopted the SaaS route which can be a potential disruptor to make penetration testing more affordable without the hassles of tools and costly consultants. Organizations worldwide are evolving at a rapid pace and thus they require a solution which helps them attain speed to market and profitability.

Also today’s market place is primarily focused on cost differentiation. This has led to automation and sub optimal quality with plenty of “me too” service providers. While automated scanning provides benefits like lowered cost and faster time to scan, application penetration testing requires manual intervention to remove false positives and more importantly conduct business logic testing. iViZ seems to have understood early on that pure automation will never be able to indentify complex business logic vulnerabilities in the context of today’s evolving application specially in online and telecom market.

Review Parameters

We evaluated iViZ primarily on 4 key parameters:

  1. User Experience
  2. Quality of Findings
  3. Methodology
  4. Packaging and Pricing

A. User Experience

We had been provided access to https://edge.ivizsecurity.com/ . The portal enables two views: partner and customer. The partner view essentially helps you manage your customer’s pen test. The customer can also login with his credentials and submit a new scan or download a complete report.

Iviz Security Dashboard

The dashboard nicely summarizes the essential info on completed scans and upcoming scans. “Scan in Verification” are the ones which have already passed automated testing and being manually verified for false positives and business logic testing. This hybrid testing is carried out by combining automation of testing with work flow automation and leveraging process engineering on top of it.

The customer dashboard is also clear and concise representing only the vital information without too much clutter of graphs and diagrams.

The interface to submit or schedule new scans has got plenty of options to specify advanced parameters that enhance the quality and performance of testing. Apart from date, time and target you can specify application details like user credentials, path to exclude, depth limit and link limit.

B. Quality of Findings

The key factor which differentiates this SaaS offering for other VA services is the quality of findings. The report section nicely summarizes vulnerability info and critical threats that needs to be fixed urgently. The reports can be viewed online or downloaded in a pdf format. The key thing which has impressed us is every high and critical vulnerability is accompanied by a “Proof of Exploit” – a screenshot depicting the impact of the vulnerability. This goes a long way in making the report meaningful and immense help for the application developers to quickly fix the vulnerability. This also gives the true essence of penetration testing.


Having a proof of exploit with high and critical vulnerability also ensures that these have been manually verified and thus the report is almost “Zero False Positive”. A huge time saver!

C. Scan Methodology

iViZ Penetration Testing Cloud service jumpstarts the scan process without employing consultants or buying expensive tools. Assessments are conducted in the cloud as needed and when requested by the customer. iViZ follows a hybrid approach for its scan methodology:

  1. T0 Testing: Automated Testing using multiple in-house and commercial scanners
  2. T1 Testing: False positives are removed with extensive manual investigation.
  3. T2 Testing:  Business logic verification is carried out with further manual testing using complex attack paths.

The hybrid testing is carried out by combining automation of testing with work flow automation and leveraging process engineering on top of it. In terms of coverage, the service covers OWASP Top 10 and WASC 26 threat classes in premium app testing.

D. Packaging and Pricing

iViZ offers two penetration testing service packages depending on customer business environment – Standard and Premium. Standard Tests are suitable for non critical applications and thus has lesser coverage. Premium is suited for critical applications and thus it provides a deep diagnosis with zero false positive and proof of exploit.  The pricing packages are all subscription based with frequency ranging from half yearly, quarterly, yearly and unlimited.

Conclusion

Overall the service looks pretty impressive. It provides a seamless way to do penetration testing on demand without incurring high cost of tools and consultants. Basically, like the sales force of penetration testing. For partners it provides an easy way to deliver penetration testing much more profitably or even set up a security testing business with zero Capex. However, the primary challenge that iViZ faces is sticking to the quality as the volume scales to thousands of scans.

It’s an interesting service and we shall be keeping an eye on it.


Posted in: Countermeasures

Tags: , , , , , , , , , , ,

Posted in: Countermeasures | Add a Comment
Recent in Countermeasures:
- Bearded – Security Automation Platform
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,207 views
- Password Hasher Firefox Extension - 117,858 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,743 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials

Find your website's Achilles' Heel


NfSpy is a FUSE filesystem written in Python that automatically changes UID and GID to give you full access to any file on an NFS share. Use it to mount an NFS export and act as the owner of every file and directory.

Vulnerability Exploited

NFS before version 4 is reliant upon host trust relationships for authentication. The NFS server trusts any client machines to authenticate users and assign the same user IDs (UIDS) that the shared filesystem uses. This works in NIS, NIS+, and LDAP domains, for instance, but only if you know the client machine is not compromised, or faking its identity. This is because the only authentication in the NFS protocol is the passing of the UID and GID (group ID). There are a few things that can be done to enhance the security of NFS, but many of them are incomplete solutions, and even with them implemented, it could still be possible to circumvent the security measures.

Features

  • Use filehandles from packet captures instead of asking mountd.
  • Hide from sysadmins by immediately “unmounting” while retaining access
  • Specify port/protocol for NFS or Mountd if you don’t have access to the portmapper

You can download NfSpy here:

NfSpy.zip

Or read more here.


Posted in: Hacking Tools, Linux Hacking, Network Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Linux Hacking, Network Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,987,507 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,457,981 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 684,331 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


OS X Lion Brings Major Security Overhaul To Apple Users

Find your website's Achilles' Heel


It’s been a long time coming but with the latest release of Max OS X Lion – Apple has really stepped it up in terms of security and pro-active protection.

Just a few months back in May we reported that – Mac Malware is Becoming a Serious Threat and back in march Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari.

With this latest update they have really integrated some very modern security techniques with many claiming this puts them ahead of Windows 7 and Ubuntu in terms of security.

With Wednesday’s release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.

Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.

The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn’t interfere with other OS features.

“It’s a significant improvement, and the best way that I’ve described the level of security in Lion is that it’s Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker’s Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”

There were a couple of blunders back in 2009 when Snow Leopard (commonly known as SL) was released, and of course – Mac OS X Snow Leopard Bundled With Malware Detector.

Back then the security tech bundled with Snow Leopard was incremental at best, there was nothing really new or anything that inspired confidence in us security chaps.

With the latest version of Lion however Apple has put in some really good stuff like full address space layout randomization (ASLR) and even more sandboxing (always a good idea to trap malware in userspace).


Although ASLR made its OS X debut in Leopard, the predecessor to Snow Leopard, its implementation was woefully inadequate because it failed to randomize core parts of the OS, including the heap, stack, and dynamic linker. That meant entire classes of exploits were automatically immune to the protection.

It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn’t properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.

“When they went from Leopard to Snow Leopard, as far as I’m concerned, there really wasn’t any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker’s Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn’t any difference. Now, they’ve made significant changes and it’s going to be harder to exploit.”

What’s more, Lion’s refurbished ASLR has been augmented, so that even if hackers clear that hurdle, they’ll still have to bypass other new protections. Among them is a sandbox design that shields the most vulnerable and vital parts of the computer from attack. Safari, for example, has now been divided into two processes that separate the browser’s user interface and other functions from the part that parses JavaScript, images, and other web content.

Now these changes won’t stop Apple software from being vulnerable to exploits – but it will make it a hell of a lot harder to pull of code execution after getting in.

There are some smart changes to Safari too, which makes surfing a lot safer as one of the biggest attack vectors right now is through browser based exploits (Flash/JavaScript etc).

Even with all of that though, there will still be ways around it (just look at the latest JailBreak) – so as always – be careful Mac users!

Source: The Register


Posted in: Apple

Tags: , , , , , , , , , , , ,

Posted in: Apple | Add a Comment
Recent in Apple:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,035 views
- Apple Struggling With Security & Malware - 24,140 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,969 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


exploitdbee.py – Easily Search For Exploits In BackTrack’s Exploitdb (files.csv).

Find your website's Achilles' Heel


This is a simple Python tool to help you search for exploits in the BackTrack Exploit Database.

Features

  • Search the exploitdb archive
  • Case sensitive & insensitive
  • Change output mode
  • Automatically copy your exploits

Requirements

  • python (tested with python 2.7.1 and 2.5.2)
  • local exploitdb (pre-installed on BackTrack Linux)

Usage

You can download exploitdbee.py v1.0 here:

exploitdbee.py

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- Pompem – Exploit & Vulnerability Finder
- Bug Bounties Reaching $500,000 For iOS Exploits

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,446 views
- AJAX: Is your application secure enough? - 120,207 views
- eEye Launches 0-Day Exploit Tracker - 85,651 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


AnonPlus/Anon+ – The Anonymous Social Network

Find your website's Achilles' Heel


We’ve reported a few times on the Anonymous collective, with the most recent being the rumoured attacks by Anonymous against the Malaysian Government.

The latest story is following Google+ banning numerous Anonymous members, they have spawned their own social network called Anon+/Anonplus.

As is normal with these things, it’d hard to say if it really has anything to do with Anonymous or not – the ‘official’ Anonymous Twitter and Blog accounts have not mentioned Anon+ – so make of it what you will.

The story so far is that Anonymous – or someone associated with Anonymous, or someone cynically riding on the back of Anonymous, who knows? – has set up a site that will offer some kind of social network.

According to TechSpot, the idea (and the “Alpha” Website, anonplus.com) arose when Google+ allegedly banned an unknown number of Anonymous members. The Anonplus site is couched in Anonymous’s usual grandiose phraseology – “they will know that we have arrived. There will be no oppression. There will be no more tyranny. We are the people and we are Anonymous.”

Fair enough. Anyone’s got the right to set up a social network if they want, and they have the right to claim to act on behalf of others, regardless of how accurate that claim may be. But the idea of a completely anarchic, “no tyranny, no oppression” (defined in whose terms?) social network offers some interesting self-contradictions to resolve.

I’ll grant that the world of corporate social networks is a nightmare of “tyranny and oppression” – so much so that the success of Facebook and the excitement over Google+ mystifies me.

Facebook bans a Google+ ad at the drop of a hat, but turns into a nearly-immovable object if asked to help deal with abusive commenters (who, for example, infest tribute pages to the dead). Google+ demands an understanding of 37 different privacy statements. Social networks are not just tyrannical, they’re also a “confusopoly” whose success depends on nobody being able to decode the rules they’ve promised to follow.

It’s an interesting concept though and could gain some traction amongst the tin-foil hat wearing, conspiracy theorists on the net. Those who are probably already surfing with Tor and multiple proxies.

As for the rest of us? I’d imagine we’ll be sticking with Facebook, Twitter and Google+.

There are plenty of people out there who are uncomfortable surrendering so much information to large companies like Google and to closed networks like Facebook, but maybe Anon+ is just a joke – who knows really.


Anonymous’s intervention – to me, a much more welcome intervention than the group’s inability to distinguish between targets, slapping the small and mighty with equal abandon and claiming equal credit whether they’ve defeated a flea-bite nobody or a US military operation – may or may not succeed, but it raises an interesting question.

What’s the line separating rules that are necessary for a social network to function from rules that are oppressive; and when does one become the other?

All social interactions are government by rules of some kind. They may be tight or loose, consensual or tyrannical, explicit or implicit, designed or evolved, but the rules exist, whether or not you follow them (or even acknowledge them).

If all you do is hold a conversation with someone, you will follow at least one rule – the two of you will hold the conversation in languages comprehensible to you both. The interaction won’t happen without that minimum rule.

“If we hack something, we publish it” is a rule for Anonymous – written or not. “There will be no tyranny” is a rule of interaction.

And even Anonplus.com must have, at minimum, one rule: “anybody may join”. The group itself has implied a second rule, that nobody be censored or blacked out.

Censorship provides a convenient handle on which I can hang a question about rules: censorship by whom? Sure, it’s clear that “Anonplus” won’t censor the statements or posts of its users – but what of those users who would wish to constrain, censor or silence other users?

Such people exist in every large group – whether they merely seek to shout down dissent or, since this is the Internet, if they seek to silence those they don’t like by hacking their profiles.

But it does say on the site, the network is not just intended for Anonymous members – it’s for everyone. Well everyone that supports the free Internet with no tyranny and no censorship, that seems to be the goal.

You can check out the development forum for Anon+ here:

http://anonplus.presstorm.com/

It seems like Presstorm has something to do with it, with the forum being hosted under their domain, and the announcement post here: Investigative Innovation: Anonymous and Presstorm Present – Anon+.

Source: The Register


Posted in: General News

Tags: , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,427 views
- eEye Launches 0-Day Exploit Tracker - 85,651 views
- Seattle Computer Security Expert Turns Tables On The Police - 44,183 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Mantra Security Toolkit 0.6.1 Released – Browser Based Hacking Framework

Your website & network are Hackable


Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

The software is intended to be lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.


Project Goals

  • Create an ecosystem for hackers based on browser
  • To bring the attention of security people to the potential of a browser based security platform
  • Provide easy to use and portable platform for demonstrating common web based attacks( read training )
  • To associate with other security tools/products to make a better environment.

You can download Mantra 0.6.1 here:

Linux 32-bit – Mantra Security Toolkit – Gandiva.tar.bz2
Windows – OWASP Mantra Security Toolkit – Gandiva.exe

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,987,507 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,457,981 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 684,331 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


French Company Intego Release First iPhone Malware Scanner

Your website & network are Hackable


This is quite an interesting story as it’s very closely related to the story we published earlier this week – Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild. Hot on the tail of that news is the first-ever malware scanning app for iOS devices (iPhone/iPad etc) from a French security company called Intego.

The odd thing is the app can’t scan the filesystem of the device due to the iOS sandbox – but it can scan remotely hosted files (e-mail attachments, files in your Dropbox account and on on).

It’ll be interesting to see what kind of response this app gets and if people will be interested in purchasing it.

A French security company known for its Mac OS X antivirus software today released the first malware-scanning app for the iPhone and iPad and iPod Touch. Intego’s VirusBarrier for iOS has been approved by Apple, and debuted on the App Store Tuesday for $2.99.

Because iOS prevents the program from accessing the file system or conducting automatic or scheduled scans — as do virtually all Mac and Windows antivirus software — VirusBarrier must be manually engaged, and then scans only file attachments and files on remote servers, said Peter James, a spokesman for Intego.

“Because of the sandbox, you can’t scan the file system,” said James. “Since you don’t see the iOS file system, the only things you can scan are attachments sent by email or files in, say, your Dropbox folder.”

Unlike software written for Android — such as Lookout, from the San Francisco-based company by the same name — VirusBarrier cannot scan apps for possible infection. When an email attachment is received by the iPhone, iPad or iPod Touch, the user can intercede by calling on VirusBarrier, which then scans the file for possible infection before the file is opened or forwarded to others.

“We’ve had enterprise customers say that although they know you can’t do a full system scan of an iPhone, they don’t like the fact that files go through these devices and end up on a Mac or Windows PC,” said James. “They want their users to be able to check that an attachment is safe.”

It also can’t scan apps for possible infection, which is kind of weak – but I guess it’s supportive of the walled garden approach implemented by Apple. Seen as though all official apps are vetted by Apple there shouldn’t be any infections anyway (unless the user executed a JailBreak their device).

Symantec did make some kind of push into the iOS market in October 2010, but I’m not sure what came of it – Symantec Expands Security Products To Cover Android & iOS.

With the whole model Apple is running on the iOS platform – there honestly isn’t that many vectors for attack.


He characterized VirusBarrier for iOS as a way for iPhone and iPad users to prevent their hardware from spreading malware. “You don’t want your iPhone becoming a ‘Typhoid Mary,'” James said.

VirusBarrier for iOS can scan email attachments in a variety of formats, including Microsoft’s Word, Excel and PowerPoint; PDF documents; JavaScript files; and Windows executables, those files tagged with the .exe extension. It can also scan files in a Dropbox folder, those stored on MobileMe’s iDisk, or files downloaded via the iOS version of Safari. The scanning engine and signatures — the digital “fingerprints” used to detect malware — in VirusBarrier for iOS are identical to those used by Intego’s Mac OS X product line.

VirusBarrier for iOS lets iPhone and iPad users run on-demand scans of email attachments before those files are opened or forwarded.

“It’s important that people understand what [VirusBarrier] can and cannot do,” said James, pointing to the malware scanner’s limitations. “Although there is no malware written for iOS today, if attackers do try to exploit the [recent] PDF vulnerability, this is something we can scan for.”

James was referring to the still-unpatched vulnerability in iOS that can be exploited through a malicious PDF document, one of two bugs used last week to “jailbreak” an iPhone , iPad or iPod Touch. VirusBarrier for iOS can be downloaded to an iPhone, iPad or iPod Touch from Apple’s App Store. It requires iOS 4.0 or later.

You can check out the app on Apple’s App Store here:

VirusBarrier By Intego

Basically the purpose of the app seems to more towards halting malware application on the iPhone – rather than preventing the device itself getting infected. You can read a lot more about it on the App Store description.

Source: Network World


Posted in: Apple, Countermeasures, Malware, Security Software

Tags: , , , , , , , , ,

Posted in: Apple, Countermeasures, Malware, Security Software | Add a Comment
Recent in Apple:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,035 views
- Apple Struggling With Security & Malware - 24,140 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,969 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


WPScan – WordPress Security/Vulnerability Scanner

Your website & network are Hackable


WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

Features

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on version) (todo)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Requirements

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

The full README is available here.

You can download WPScan by checking it out from the SVN repository on Google Code:

Or you can read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool
- Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities
- UFONet – Open Redirect DDoS Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,987,507 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,457,981 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 684,331 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild

Find your website's Achilles' Heel


Well everyone has been waiting for a Jailbreak for the iPad 2 with the latest version of iOS – it happened and only hours later the malformed PDF files that were used in the exploit were circulating the Internet.

It’s not the first time this has happened, last time jailbreakme did the same thing back in August 2010 – Dangerous iPhone iOS JailBreak Exploit Goes Public.

The exploit is quite a nasty one, and the irony is this time – only users that have applied the Jailbreak then the additional ‘PDF Patcher 2’ software (from Cydia) are safe from this. Users running the vanilla version of iOS are actually at risk.

Hours after developers revealed they had exploited bugs in Apple’s iOS to “jailbreak” iPhones and iPads, German government security authorities warned that one of the flaws could be put to malicious use.

Malformed files that exploit the vulnerability have been publicly posted on the Internet. Late Wednesday, Germany’s Federal Office for Information Security, known by its German-language initials of BSI for “Bundesamt fuer Sicherheit in der Informationstechnik,” warned citizens that the iOS bug could be used by criminals to hijack iPhones, iPads and iPod Touches.

“Even clicking a crafted PDF document or surfing to a website with the PDF documents are sufficient to infect the mobile device with malicious software,” the BSI said in a translation of the German-language alert .

PDF files that successfully exploit the vulnerability are available on the Web, according to Mikko Hypponen, chief research officer of Helsinki-based antivirus company F-Secure. And those PDFs could be used by miscreants to hack iOS devices simply by luring users to malicious sites, said Andrew Storms, director of security operations at nCircle Security.

iPhone and iPad users steered to a malicious PDF — via a link embedded in an email, for instance — would not receive any warning or be required to take additional action.

I hope Apple gets their act together and pushes out the patch for this ASAP as I foresee some kind of iPhone/iPad targeted worm coming out of this fairly shortly.

It took them 10 days to patch a similar pair of exploits back in August 2010 so we should be expecting a patch by the end of this week (mid-July sometime).

The worrying part when it comes to business/agencies/government etc – is that these exploits could be used to target specific individuals of importance. All you need to know is the e-mail address they access on their iPhone/iPad and do a bit of social engineering and you’re in.


The BSI warning came just hours after a group of developers released an updated version of JailbreakMe, a tool that hacks iOS so iPhone and iPad users can install software not sanctioned by Apple.

Those developers exploited a pair of vulnerabilities, including one in the font parsing of the PDF viewer integrated with the iOS version of Safari, and another that bypassed anti-malware defenses such as ASLR (address space layout randomization). Wednesday, security experts said that the same vulnerabilities, particularly the one exploitable through malicious PDF files, could be used by criminals to hijack Apple’s popular iPhone and iPad.

“They’re certainly a threat, and would be easy to make malicious,” said Charlie Miller, a noted Mac OS X and iOS vulnerability researcher who works for Denver-based Accuvant.

Miller also speculated that Apple would quickly patch the vulnerabilities, perhaps even faster than last year when it faced a similar situation. In August 2010, Apple patched a pair of bugs used by JailbreakMe 2.0 just 10 days after the tool’s release. News of JailbreakMe 3.0’s impending release had leaked several days before Wednesday’s official launch, noted Miller, and should have given Apple even more warning.

Yesterday’s BSI alert was similar to one it issued last August after JailbreakMe 2.0 appeared.On Thursday, Apple said it would fix the flaws.

Of course the ‘developer’ version of iOS 5.0 is already out and I guess someone people are using this, most iPhone/iPad users have been waiting for that major update – but I’m guessing Apple will have to push a patch out for this before the 5.x major release.

There’s another interesting and relevant article on this topic here:

The problem with doing – and not doing – an iPhone jailbreak

It’ll be interesting to see what comes of this and if any kind of iPhone/iPad chaos is going to occur due to these exploits.

Source: Network World


Posted in: Apple, Exploits/Vulnerabilities

Tags: , , , , , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities | Add a Comment
Recent in Apple:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,035 views
- Apple Struggling With Security & Malware - 24,140 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,969 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95