Archive | August, 2006

libtiff Vulnerability gives hope for a new GTA-less PSP exploit

Outsmart Malicious Hackers


QJ.net forums have been abuzz lately with the talk of a possible new exploit centered around a libtiff vulnerability. NOPx86 stating that he’d managed to crash the PSP using this method. As those of you who follow these things know, a crash doesn’t always mean an open door to an exploit.

But after a cumulative 60 hours of work and research put in by Skylark and psp250 (with a little help from Fanjita), they can confirm that NOPx86’s method is indeed valid and opens the door for a new exploit. They have confirmed that it will work on 2.0 and 2.01 PSP’s, and could potentially work on firmware as high as 2.80 – although at this moment, this is unconfirmed.

But even if this only works on lower firmwares, it will usher in the age of GTA-less homebrew for 2.01+ PSP’s, which will be a welcome change for homebrew enthusiasts.

Work and research on applying this exploit into a publicly usable form will take some time, and it will take even more time to put this to use on PSP’s with higher firmware, but there definitely are possibilities. As always, we’ll keep you up to date on this developing story as soon as more information becomes available.

Posted in: Exploits/Vulnerabilities, Hardware Hacking

Topic: Exploits/Vulnerabilities, Hardware Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Bot Herders Go After MS06-40 Exploit

Keep on Guard!


Malware herders are speeding up, the first wave is already here for MS06-40.

It’s basically a variant of some old malware suited to the new vulnerability. Same old story then, same packer, technique, new exploit.

Same as the days of autorooters.

It’s basically the Mocbot trojan that was used in the Zotob worm attack in August 2005.

The first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets.

The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker, according to early warnings from anti-virus vendors.

I hope the AV first are on top of things, people are patching their machines in a timely fashion (especially in corporate environments – come on people, get SUS!) and awareness is going up.

“Amazingly, this new variant of Mocbot still uses the same IRC server hostnames as a command-and-control mechanism after all these months. This may be partially due to the low-profile it has held, but also may be due to the fact that the hostnames and IP addresses associated with the command-and-control servers are almost all located in China,” LURHQ said in an advisory.

Historically, Chinese ISPs and government entities have been less than cooperative in taking action against malware hosted and controlled from within their networks, the company said.

On Aug. 13, a second variant of the Trojan was detected, confirming fears that botnet herders are already playing cat-and-mouse with anti-virus vendors.

Quite surprising in a way, but also not really as it’s China and they are notoriously un co-operative.

Source: Eweek

Posted in: Exploits/Vulnerabilities, Malware

Topic: Exploits/Vulnerabilities, Malware


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


OpenOffice.org Security ‘Insufficient’

Outsmart Malicious Hackers


It seems people are turning some attention towards the security of Open Office finally, I for one say this is a good thing as it means it’s making inroads, it’s becoming popular, it’s getting to be a contender.

If people are seriously considering the security implications of using Open Office it means they are actually really interested in using it.

With Microsoft Corp.’s Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses.

“The general security of OpenOffice is insufficient,” the researchers wrote in a paper entitled “In-depth analysis of the viral threats with OpenOffice.org documents.”

“This suite is up to now still vulnerable to many potential malware attacks,” they wrote.

The paper describes four proof-of-concept viruses that illustrate how maliciously encoded macros and templates could be created to compromise systems running the open-source software. “The viral hazard attached to OpenOffice.org is at least as high as that for the Microsoft Office suite, and even higher when considering some … aspects,” they wrote.

This is an interesting paper, I’m glad someone did take a rather more in-depth look at the flaws in the Open Office suite.

At least they patch the flaws almost instantly.

A number of the problems described in the report have to do with the basic design of the software. For example, OpenOffice.org does not perform adequate security checks on the software it runs, the researcher said. And because of the extreme flexibility of the free office suite, there are many ways for writers to create malicious macros, the researchers found.

The OpenOffice.org team has already fixed a software bug discovered by the French researchers, and the two groups are in discussions about how to improve the overall security of the software, said Louis Suarez-Potts, an OpenOffice.org community manager.

“The one real flaw in the programming logic has been fixed,” Suarez-Potts said. “The others are theoretical.”

I’d be interested to see some more focus on OpenOffice.Org and it’s security architecture, and of course following this to see all the flaws fixed to make it a strong contender.

Source: InfoWorld

Posted in: Exploits/Vulnerabilities

Topic: Exploits/Vulnerabilities


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Microsoft Takes an Effort at Cutting Down Blogspam – Splogs

Outsmart Malicious Hackers


Splogs are becoming a huge problem, half the stuff you search for nowadays returns a splog, mostly auto syndicated content.

I find a lot of my own entries on there, surrounded by Adsense ads.

New age scrapers I guess.

Technorati returns a lot of results from splogs too, but at least they have made some efforts to clean that up and Google and being making sign-ups for blogspot much stricter so people are having to resort to their own domains, like the scrapers.

Microsoft today released new research on the epidemic of spam blogs — or “splogs” — as well as the “comment spam” that dodgy marketers splatter all over blogs in a bid to improve their sites’ search-engine rankings. Redmond’s research team found that splogs hosted on Google’s Blogspot.com appear to be widely spammed and fairly effective at jacking up the search results for the spammers’ Web sites.

Comment spam is also getting pretty bad, I can get a couple of hundred a day on some sites.

I’m glad they are making some kind of effort to sort it out.

Yi-Min Wang, manager of Microsoft’s cybersecurity and systems management research group, told me that the goal of Search Defender is to help the software giant automate the filtering of splogs and comment spam links in search results returned on MSN.com.

“We now have a method to identify spammers so that before they get indexed into search results, we can block them,” Wang said. “When this is fully automated, the spammers will need to spend a lot more effort trying to get into our search results.”

We ourselves as writers also have to take measures to curb the comment spam, I use Akismet and find it extremely effective!

But that’s just a start: Sitepoint has some excellent tips on fighting comment spam. Also, most of the major blogging sites now include pointers on how to use antispam features. Blogger.com lets users require commenters to follow a verification process — essentially a captcha — to help weed out automated processes. WordPress has its own tips here, or users can outsource their blogspam patrol (well, sort of) with Akismet, a free (for personal use) tool that compares any link, trackback or comment left on your WordPress blog to a service “which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.” SixApart, which runs TypePad and LiveJournal, also lists a number of tips for users fed up with blogspam.

At least everyone is aware of it now, we just need to get back to fighting it.

Source: Washington Post

Posted in: Spammers & Scammers

Topic: Spammers & Scammers


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


TCPReplay suite 3.0.beta10. Released

Keep on Guard!


Another good tool updated! TCPReplay suite 3.0.beta10 has been released.

For those that don’t know Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s. Tcpreplay supports both single and dual NIC modes for testing both sniffing and inline devices.

Tcpreplay is used by numerous firewall, IDS, IPS and other networking vendors, enterprises, universities, labs and open source projects.

Beta10 contains a number of major enhancements as the code continues to stabilize for the 3.0 stable release. The big changes include removing Libnet as a requirement, tcpprep and tcprewrite no longer requiring root access and improved packet timings for tcpreplay. There are also a number of smaller enhancements and bug fixes.

Also a lot of time has been spent updating the online manual on the wiki which covers most if not all the features of tcpreplay, tcpprep and tcprewrite.

This should be the final beta release and it’s expected to have the first release candidate in a month or so. Please download and test!

You can download it here:

TCPReplay

The new Wikified manual is here.

Download: http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta10.tar.gz?download

Posted in: Countermeasures, Networking Hacking

Topic: Countermeasures, Networking Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


OWASP – Fortify Bug Taxonomy

Keep on Guard!


Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation!

It seems very well written too in terms that anyone familiar with software development or programming can understand.

Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of software security errors to the Open Web Application Security Project (OWASP), a six-year old non-profit with almost 5,000 members whose “mission is to find and fight the causes of insecure software.”

The work will become part of OWASP’s Honeycomb Project.

This is a very good thing.

The OWASP Honeycomb project.

In the Honeycomb project, OWASP is assembling the most comprehensive and integrated guide ever attempted to the fundamental building blocks of application security (principles, threats, attacks, vulnerabilities, and countermeasures) through collaborative community efforts.

You can find the taxonomy itself here:

The Fortify Taxonomy of Software Security Errors

This site presents a taxonomy of software security errors developed by the Fortify Software Security Research Group together with Dr. Gary McGraw. Each vulnerability category is accompanied by a detailed description of the issue with references to original sources, and code excerpts, where applicable, to better illustrate the problem.

Source: Zdnet Blog

Posted in: Countermeasures, Exploits/Vulnerabilities, Web Hacking

Topic: Countermeasures, Exploits/Vulnerabilities, Web Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.