Archive | 2013

Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests

Cybertroopers storming your ship?


This is a pretty sad case, and one which I’m sure all of us have followed since it first started. Surprisingly it hasn’t gotten a whole lot of media attention, but then this legal precedent sticks it to the man and has some consequences regarding the infosec industry – and who would want to publicize that right?

For those not familiar with the case and what went down, what Weev did was access a publicly available API and retrieved a bunch of publicly readable data.

Yah that’s it basically, but according to the US legal system and their interpretation of the CFAA (Computer Fraud and Abuse Act) – this deserves some fairly serious jail time.

Andrew Auernheimer, a member of the grey-hat hacking collective Goatse Security, has been sent down for three years and five months in the slammer after he helped leak users’ private email addresses via a flaw in AT&T’s servers.

Auernheimer, known online as Weev, received his sentence wearing shackles after he tried to bring a mobile phone into the courtroom. After completing his term he will have to pay over $72,000 in restitution to AT&T and undergo three years of supervised release.

“I didn’t come here today to ask for forgiveness,” Auernheimer told US District Judge Susan Wigenton, Bloomberg reports. “The Internet is bigger than any law can contain. Many, many governments that have attempted to restrict the freedoms of the Internet have ended up toppled.”

In 2010, Auernheimer found a flaw in a public-facing AT&T server that could be used, via the iPad’s integrated circuit card identifier (ICC-ID), to uncover the names and email addresses of 114,067 early adopters of Apple’s 3G-equipped fondleslab. His colleague Daniel Spitler wrote a PHP script called “iPad 3G Account Slurper” to harvest the data, and then handed it over to online magazine Gawker.

The data caused huge embarrassment to AT&T and Apple, since it included the personal emails of then-White House Chief of Staff Rahm Emanuel, New York Mayor Michael Bloomberg, film mogul Harvey Weinstein, and several high-ranking US Army officials. AT&T fixed the flaw, and there’s no evidence Auernheimer did anything more than highlight the sloppy coding.

Something else which I personally find weird about this case is that Weev didn’t even write or execute the program that did the harvesting of the ‘sensitive’ information from AT&T, it was Daniel Spitler.

So how does Auernheimer end up in the hot seat for it? For being a troll and a public figure I guess. His lawyer did try to explain that he was accessing information on a publicly available Internet server – there was no password cracking or software hacking involved.


His defense lawyers argued that he was accessing information on a public web server and that if this was a crime then most internet users are guilty too. This cut little ice with the presiding judge.

“While you consider yourself to be a hero of sorts, without question the evidence that came out at trial reflected criminal conduct,” Judge Wigenton said in imposing the sentence. “You’ve shown absolutely no remorse. You’ve taken no responsibility for these criminal acts whatsoever. You’ve shown no contrition whatsoever.”

Auernheimer’s colleague Spitler now looks likely to face a similar sentence after pleading guilty, andsome in the security field are warning that the verdict will have a deadening effect of flaw exposure. Former National Security Agency (NSA) programmer and now Apple-cracker and security consultant Charlie Miller said the decision was highly troublesome.

In this hack’s opinion, Auernheimer’s sentence is far too severe. You could argue that he should have submitted the flaw to AT&T, waited for the problem to be fixed, and then reaped the publicity. He could also have profited from selling the flaw on the grey or black markets, but chose not to go for the money, but to get embarrassment value instead.

“My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won’t nearly be as nice next time,” he said in a Reddit forum.

I guess he won’t have to serve the full sentence (if he behaves himself), but he’s still facing a fair old stretch in the slammer. It seems more like a grudge sentence than anything else, because he took no responsibility, wouldn’t apologise and has shown zero remorse.

Judges can get ticked off by such behaviour. Oh well, poor Weev – either way I’m pretty sure we haven’t heard the last of him.

Source: The Register


Posted in: Apple, Exploits/Vulnerabilities, Legal Issues, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities, Legal Issues, Web Hacking | Add a Comment
Recent in Apple:
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- XcodeGhost iOS Trojan Infected Over 4000 Apps

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 82,902 views
- Apple Struggling With Security & Malware - 24,117 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,832 views

Get 50% off your second year with our 2-year deal!


SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool

Don't let your data go over to the Dark Side!


SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Features

  • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
  • Performance testing: session resumption and TLS tickets support
  • Security testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacks
  • Server certificate validation
  • Support for StartTLS with SMTP and XMPP, and traffic tunneling through an HTTPS proxy
  • Client certificate support for servers performing mutual authentication
  • Scan results can be written to an XML file for further processing

We wrote about SSLyze when it was first released: sslyze – Fast and Full-Featured SSL Configuration Scanner

And for the v0.4 release more recently: SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration

v0.6 is now available and has had some significant improvements, v0.5 saw the addition of a server side check for the CRIME attack, that uses SSL Compression. New in v0.6:

  • Added support for Server Name Indication; see –sni
  • Partial results are returned when the server requires client authentication but no client certificate was provided
  • Preliminary IPv6 support
  • Various bug fixes and better support of client authentication and HTTPS tunneling

Do also check out – TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation – and be SURE to read the excellent comment from William.

You can download SSLyze v0.6 here:

Linux/OSXsslyze-0.6_src.zip
Windows 7/Python 32-bitsslyze-0.6_Windows7_Python32.zip
Windows 7/Python 64-bitsslyze-0.6_Windows7_Python64.zip

Or read more here.


Posted in: Cryptography, Network Hacking, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Cryptography, Network Hacking, Web Hacking | Add a Comment
Recent in Cryptography:
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know
- ISIS Running 24-Hour Terrorist Crypto Help-desk

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,610 views
- Hackers Crack London Tube Oyster Card - 44,561 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,833 views

Get 50% off your second year with our 2-year deal!


Evernote Hacked – ALL Users Required To Reset Passwords

Don't let your data go over to the Dark Side!


The big news in the past week or so was the Evernote hack, being a user of Evernote I was interested by this one – it seems to be a pretty pervasive hack with user IDs and e-mail addresses being leaked.

Thankfully the passwords are salted hashes, so it’s unlikely they’ll get brute forced any time soon. As a precaution, Evernote forced a password reset on its entire userbase.

Evernote has joined the growing list of companies whose cloud-based services have suffered a serious security breach, announcing over the weekend that it had implemented a service-wide password reset after attackers accessed user information.

Happily, the company’s announcement notes, the passwords accessed were salted hashes, which should mean they last longer than the passwords lifted from the Australian Broadcasting Corporation recently.

The user information accessed by the attackers also included user Ids and e-mail addresses.

Evernote joins the ranks of numerous other large companies which have been hacked recently (including Apple, Facebook & others compromised by the Java exploit).

I’m wondering if there’s some serious service based 0-day exploit out there people are leveraging (Apache? nginx? MySQL?) or something else perhaps.


All Evernote users were required to reset their passwords in case the attackers are able to recover passwords from the salted hashed list. The password reset will apply not only to Evernote logins, but to all apps that users have given access to their Evernote accounts.

Other major names to be hit in recent attacks include Apple, Facebook, Twitter and Microsoft, with a Java zero-day behind most of the vulnerabilities.

The company says the attack “appears to have been a coordinated attempt to access secure areas of the Evernote Service”.

The usual suggestion, that users choose strong passwords that they don’t re-use, will no doubt be ignored by a small-but-significant number of Evernote’s customers.

Evernote suggests that no user data was leaked, which is good as people tend to store pretty important information in the app (Bank account details, passport scans etc). There is a chance that they got caught out by the Java bug too – but that seems unlikely.

I wonder which is the next big powerhouse that’s going to go down to a hack attack, I’m hoping by now everyone in the cloud has sane architecture and strong password storage implementations.

Source: The Register


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,026 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


ARPwner – ARP & DNS Poisoning Attack Tool

Cybertroopers storming your ship?


ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs.

ARPwner

This tool was released by Nicolas Trippar at BlackHat USA 2012.

For the tool to work you need pypcap, so assuming are using a Debian derivative OS (like all sane people do) – you’ll need to do this first:

You can download ARPwner here:

ARPwner.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script
- Phishing Frenzy – E-mail Phishing Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,566 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,336 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,718 views

Get 50% off your second year with our 2-year deal!


Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit

Cybertroopers storming your ship?


There’s an awful lot of high profile hacks going on lately, with some people linking them to the Chinese and a large-scale attack on Western companies. Before this, Twitter Breach Leaks 250,000 User E-mails & Passwords – was probably the most high profile case.

Now Apple, Facebook and quite possibly hundreds of other companies have been hit by a drive by browser exploit in Java on the Mac OSX platform.

Apple has already issued an update for this vulnerability and also a malware scanner which will detect common variations of the infection.

Apple, Facebook and “hundreds of other companies” have had their Mac computers hacked in a sophisticated campaign mounted by an unknown adversary.

Attackers were able to infect Apple, along with other businesses around the world with Mac malware delivered via a Java zero-day vulnerability, Reuters reported on Tuesday, after receiving information from a source at Apple.

The hack used the same Java zero-day and associated Mac malware as the one which Facebook disclosed last week, the Apple source indicated.

Hundreds of companies, including defense contractors, have been infected with the same malicious software, the source said.

“This is the first really big attack on Macs,” Reuters’s source said, “Apple has more on its hands than the attack on itself.”

Apple plans to release a software tool to detect and remove the Java-related malware, the company said in a statement to AllThingsD. Java has not shipped with Macs since the release of OS X Lion.

The whole Chinese hacker thing is a bit of a media frenzy though, as you’d know if you’ve been reading this site for a while – these attacks have been going for a while.

Mandiant is not helping the situation either with their 60 page report on Chinese hacking on American companies – Mandiant gains instant fame after Chinese hack report.


The Mac malware could have been used to deliver a backdoor onto the computers via the installation of an SSH Daemon, allowing hackers to remotely control parts of the affected system, Finnish virus experts F-Secure indicated in a blog post on Monday.

At the time, they classed the Facebook hack as a “watering hole” attack, which sought to target Facebook users by infecting the company behind the social network.

With the revelations from Apple, it appears the attack could have been part of a widespread hacking campaign against various companies including Facebook and Twitter as well.

At the time of writing Google had not responded to queries about whether it had also been targeted, and Microsoft declined to comment.

The news comes alongside the release of a report on Tuesday that linked the Chinese People’s Liberation Army to hackers that have been mounting a “Cold War” style campaign against Western companies.

The report implicated the PLA in a variety of major hacking campaigns that have occurred over the past few years, including 2011’s RSA hack that compromised SecurID encryption tokens.

The US administration have also added some fuel to the fire with a 141 page PDF strategy – Obama’s new cyber-security tactics finger corrupt staff, China.

It goes without saying, but if you’re running a Mac, make sure you apply the latest patches from Apple.

Source: The Register


Posted in: Apple, Exploits/Vulnerabilities

Tags: , , , , , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities | Add a Comment
Recent in Apple:
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- XcodeGhost iOS Trojan Infected Over 4000 Apps

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 82,902 views
- Apple Struggling With Security & Malware - 24,117 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,832 views

Get 50% off your second year with our 2-year deal!


Weevely – PHP Stealth Tiny Web Shell

Cybertroopers storming your ship?


Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

  • More than 30 modules to automatize administration and post exploitation tasks:
    • Execute commands and browse remote filesystem, even with PHP security restriction
    • Audit common server misconfigurations
    • Run SQL console pivoting on target machine
    • Proxy your HTTP traffic through target
    • Mount target filesystem to local mount point
    • Simple file transfer from and to target
    • Spawn reverse and direct TCP shells
    • Bruteforce SQL accounts through target system
    • Run port scans from target machine
    • And so on..
  • Backdoor communications are hidden in HTTP Cookies
  • Communications are obfuscated to bypass NIDS signature detection
  • Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

You can download Weevely v1.0 here:

weevely-1.0.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

Tags: , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,026 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Twitter Breach Leaks 250,000 User E-mails & Passwords

Don't let your data go over to the Dark Side!


The big news for the past few days was a rather sizable Twitter hack, although it’s only a small percentage of the 140 million strong Twitter user-base – 250,000 is still a large number.

If you were affected you will have received a password reset e-mail and will be prompted to change your password if you try and login via the Web.

There seems to have been a spate recently of fairly high profile attacks originating from China, I saw someone say “If you haven’t been hacked by China this month, you aren’t working hard enough”.

If you find that your Twitter password doesn’t work the next time you try to login, you won’t be alone. The service was busy resetting passwords and revoking cookies on Friday, following an online attack that may have leaked the account data of approximately 250,000 users.

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data,” Bob Lord, Twitter’s director of information security, writes in a blog post.

According to Lord, Twitter was able to shut down the attack within moments of discovering it, but not before the attackers were able to make off with what he calls “limited user information,” including usernames, email addresses, session tokens, and the encrypted and salted versions of passwords.

The encryption on such passwords is generally difficult to crack – but it’s not impossible, particularly if the attacker is familiar with the algorithm used to encrypt them.

As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just “a small percentage” of the more than 140 million Twitter users worldwide.

There haven’t been many details disclosed about this attack, but it seems Twitter managed to discover it whilst it was actually taking place – and managed to shut it down fairly fast. It seems, by the data leaked, that the attacker managed to compromise a fairly core part of the Twitter infrastructure.

They have reacted quickly though and reset the affected accounts, which indicates they know exactly what data the attackers managed to access.


If yours is one of the accounts involved, you’ll need to enter a new password the next time you login. Lord reminds all Twitter users to choose strong passwords – he recommends 10 or more characters, with a mix of letters, numbers, and symbols – because simpler passwords are easier to guess using brute-force methods. In addition, he recommends against using the same password on multiple sites.

Lord says Twitter’s investigation is ongoing, and that it’s taking the matter extremely seriously, particularly in light of recent attacks experienced by The New York Times and The Wall Street Journal:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

Although the attack took place this week, it seems to have no relationship to the outage that took Twitter offline for several hours on Thursday. On the other hand, however, Lord’s post does make rather cryptic mention of the US Department of Homeland Security’s recent recommendation that users disable the Java plug-in in their browsers. He mentions Java twice, in fact.

You can read the Twitter response here:

Keeping our users secure

Both the WSJ and NYT have recently been raided by China based hacking crews, no one knows if this is the work of government backed cyberterrorism squads, or just private hackers doing it for profit or even fun. You can read more about that here:

First the NYT, now the Wall Street Journal: But are hacking attacks from China new?

Source: The Register


Posted in: Exploits/Vulnerabilities, General News

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General News | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,026 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


New eLearnSecurity Pen-Testing Labs Launched – Attend Live Demo Event

Cybertroopers storming your ship?


You might remember the Hera Labs info from the post about the updated Pen-testing Pro course:

eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2

Now eLearnSecurity has decided to open up just the labs outside of the course, for people that want a practical hands-on environment to learn.

Hera Pentesting Labs

http://www.elearnsecurity.com/virtual-labs/hera

Main Features


  • You get completely isolated networks to pentest (You are not sharing resources with others)
  • You get new scenarios every month
  • Scenarios are created by experienced pentesters
  • You can sign up with on-demand model

They will be holding a live webinar on January 29th on latest Java vulnerabilities, and demonstrating live exploitation in Hera Labs, you can find more info and register your interest here:

http://www.elearnsecurity.com/c/register_live.php

At the end of the event they are going to give special discount to sign up, so be there or be square!


Posted in: Advertorial, Exploits/Vulnerabilities, Programming

Tags: , , , , , , , , ,

Posted in: Advertorial, Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Advertorial:
- 13 WordPress Security Tips From Acunetix
- Acunetix WVS 10 Released – Keeping Your Website Secure just got Easier
- Double For Your Money With Acunetix Vulnerability Scanner

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 41,128 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,210 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,022 views

Get 50% off your second year with our 2-year deal!


CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

Don't let your data go over to the Dark Side!


The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The FOE automatically collects test cases that cause software to crash in unique ways, as well as debugging information associated with the crashes. The goal of FOE is to minimize the effort required for software vendors and security researchers to efficiently discover and analyze security vulnerabilities found via fuzzing.

Note: this software package contains both the source code for the distribution and a binary installer package for Windows. The installer package will attempt to install FOE and all of its dependent software packages on the system. If you wish to evaluate the binary installer, it is highly advisable to do so on a non-enterprise system devoted solely to testing. An ISO image is also available for convenient use within a Windows virtual machine instance.

At the CERT/CC, we have already used the FOE infrastructure to find a number of critical vulnerabilities in products such as Adobe Reader, Flash Player, and Shockwave player; Microsoft Office and Windows; Google Chrome; Oracle Outside In; Autonomy Keyview IDOL; Apple QuickTime; and many others.

Note: Because fuzzing can fill temporary directories, put the target application in an unusable state, or trigger other operating-system-level bugs, we recommend that FOE be used in a virtual machine.

You can download FOE here:

http://www.cert.org/vuls/discovery/foe.html


Posted in: Exploits/Vulnerabilities, Programming

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,026 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

Don't let your data go over to the Dark Side!


Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority of users.

It is definitely important though, so I can appreciate their urgency. The sad part is most people that will fall for the scam sites that push out such malware won’t know about this patch, so they will remain at risk.

It will help a lot for corporates though managing the entire organization security as many are mandated to use Internet Explorer, and try and keep it secure..

Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week.

The security flaw (CVE-2012-4792) – which affects IE 6, 7 and 8 but not the latest versions of Microsoft’s web browser software – allows malware to be dropped onto Windows PCs running the vulnerable software, providing, of course, that users can be tricked into visiting booby-trapped websites.

Redmond has released a temporary Fix It (easy-to-apply workaround) pending the development of a more comprehensive patch.

The flaw was initially discovered by security tools firm FireEye on the Council on Foreign Relations website on 27 December.


The flaw was discovered right before the new year on December 27th, so Microsoft have managed to get this temporary fix out pretty fast. I’d imagine the full patch will be rolled into the next Windows Update Patch Tuesday.

I don’t expect anyone reading this is using Internet Explorer, so it wouldn’t effect us anyway – but seen as though you are probably at home over the holidays. Do us all a favour and install Chrome or Firefox on your relatives computers.

The attack had been running for at least a week, and perhaps longer, before it was detected. Retrospective analysis by Sophos suggests the same exploit was used on at least five additional websites, suggesting assaults using the bug are far from limited.

“While the assaults appeared to be targeting a small number of sites, there is no obvious link between the victims,” noted Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. “Some are referring to this as a ‘watering hole’ attack, but the evidence we have doesn’t necessarily support that conclusion.”

Security watchers advise either applying Redmond’s workarounds, upgrading to IE 9 or using an alternative browser – at least until a proper patch becomes available. The next patch Tuesday is coming up on 8 January. This doesn’t give Microsoft much time but given the high-profile nature of the vulnerability it’s likely that Redmond will release a patch sooner rather than later.

It was exploited for a week at least before discovery, so that’d give a date of around December 20th when it was first seen in the wild. The next Patch Tuesday is coming in 5 days, so we might even see an emergency out of bounds patch for this so it gets pushed out via Windows Update to the masses.

You can check out the Fix It here:

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution

Source: The Register


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,026 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!