Archive | October, 2006

Tracking Users Via the Browser Cache

Keep on Guard!


An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files.

So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could..

Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of information. A JavaScript .js file resource which is generated dynamically when requested can have embedded a unique tracking ID and can live permanently in your browser’s cache when sent with the right HTTP cache-control headers. This JavaScript file can then be called by pages. The script is never re-requested, and hence keeps the unique ID, and it can call resources on the server-side to track you. They just need to associate this unique ID once with your account (when you login first time after the ID was created), and they can set cookies back again later and track you anyway. The result is that you can be tracked uniquely even past the point where you clear your cookies (i.e., as if you never cleared your cookies to generate fresh ones).

You can view a live demo here.

This is a demonstration of how a person’s web-browser can be tagged and tracked using a unique identifier which lives in the web browser’s cache for a very long time (using HTTP cache control headers and browsers’ use of conditional GET requests). This serves the same purpose as using a cookie to track people. However popular web browsers lack finer cache disposal controls (compared to cookie disposal), and this is something which needs to be looked into. No private information is collected in this example. It has been tested on Firefox, IE6, Konqueror and Epiphany. I don’t know about the IE7 versions or Safari.

Source: Mukund

Posted in: Privacy, Web Hacking

Topic: Privacy, Web Hacking


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.


LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

Outsmart Malicious Hackers


LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project.

LAPSE targets the following Web application vulnerabilities:

  • Parameter manipulation
  • SQL injections
  • Header manipulation
  • Cross-site scripting
  • Cookie poisoning
  • HTTP splitting
  • Command-line parameters
  • Path traversal

What should you do to avoid these vulnerabilities in your code? How do we protect Web applications from exploits? The proper way to deal with these types of attacks is by sanitizing the tainted input. Please refer to the OWASP guide to find out more about Web application security.

If you are interested in auditing a Java Web application, LAPSE helps you in the following ways:

  • Identify taint sources
  • Identify taint sinks
  • Find paths between sources and sinks

LAPSE is inspired by existing lightweight security auditing tools such as RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE addresses vulnerabilities in Web applications. LAPSE is not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process. Those looking for more comprehensive tools are encouraged to look at some of the tools produced by Fortify or Secure Software.

Read more about LAPSE HERE.

You can download LAPSE here:

LAPSE: Web Application Security Scanner for Java

Posted in: Secure Coding, Security Software, Web Hacking

Topic: Secure Coding, Security Software, Web Hacking


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.


The Top 5 Causes of Data Loss

Outsmart Malicious Hackers


An interesting enough article, but if you work in infosec you could probably guess the topics anyway.

In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific prevention strategies for each.

“The single, most effective weapon in the battle against today’s data theft is education,” said Sean Heather, executive director, U.S. Chamber of Commerce.

  1. Storage of Magnetic Stripe Data – The most common cause of data breaches occurs when a merchant or service provider stores sensitive information encoded on the card’s magnetic stripe in violation of the PCI Data Security Standard. This can occur because a number of point-of-sale systems improperly store this data, and the merchant may not be aware of it.
  2. Missing or Outdated Security Patches – In this scenario, hackers are able penetrate a merchant or service provider’s systems because they have not installed up-to-date security patches, leaving their systems vulnerable to intrusion.
  3. Use of Vendor Supplied Default Settings and Passwords – In many cases, merchants receive POS hardware or software from outside vendors who install them using default settings and passwords that are often widely known to hackers and easy to guess.
  4. SQL Injection – Criminals use this technique to exploit Web-based applications for coding vulnerabilities and to attack a merchant’s Internet applications (e.g. shopping carts).
  5. Unnecessary and Vulnerable Services on Servers – Servers are often shipped by vendors with unnecessary services and applications that are enabled, although the user may not be aware of it. Because the services may not be required, security patches and upgrades may be ignored and the merchant system exposed to attack.

Did you get them right?

Source: Aviransplace

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.


Odysseus Proxy for MITM Attacks Testing Security of Web Applications.

Keep on Guard!


Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission.

Odysseus Proxy

For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server.

As data is transmitted between the two nodes, Odysseus decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.

Features

  • Multi-threaded native Win32 executable – The use of native Window code, combined with extensive multi-threading, means that Odysseus is fast. Speed was a primary development objective.
  • No external dependencies – Everything needed to intercept web requests (apart from a browser configured to use Odysseus as a proxy :) is included in the distribution archive. No additional downloads or installations are required.
  • Flexible & configurable – A wealth of configuration options means Odysseus should be flexible enough to meet the needs of nearly any web based application assessment.
  • Low desktop profile – Odysseus doesn’t clutter your desktop with redundant windows. A simple System Tray icon is all that is needed to access it’s many features. The various components of Odysseus appear and disappear as configured, or instructed, by the user.

Odysseus Proxy

You can download Odysseus here.

Change log is here and FAQ here.

Posted in: Hacking Tools, Security Software, Web Hacking

Topic: Hacking Tools, Security Software, Web Hacking


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.


A Politically Tight Situation? Blame a HACKER!

Keep on Guard!


It has happened quite a few times lately, politically tight situations, mistakes, data or information leaks and whoops damn…er…let’s blame it on hackers!

Case 1:

California Highway Patrol officials have opened a criminal investigation into “multiple” breaches and illegal downloads by outside hackers into the computers of Gov. Arnold Schwarzenegger’s office, after an embarrassing private taped conversation was leaked last week to the Los Angeles Times, administration officials told The Chronicle.

“There is an investigation conducted by the California Highway Patrol on how the tape obtained by the L.A. Times was acquired,” said a senior official who spoke on condition of anonymity. “This is a criminal matter that has been turned over to the CHP.”

Source: SFGate

Case 2:

The man responsible for Joe Lieberman’s campaign Web site said Tuesday that Joe2006.com was overwhelmed by traffic generated by hackers early Tuesday morning, forcing him to take the site off-line.

Tuesday’s attack was the third in the past month, said Dan Geary, who runs Lieberman’s site. But the earlier two attacks involved defacements & the hacker altered content on Lieberman’s home page. This time, attackers toppled the Lieberman site with requests, probably by directing an army of hacked computers at the site.

Source: MSN

So who do we believe?!

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.


Mozilla Hires Ex-Microsoft Security Strategist Window Snyder

Outsmart Malicious Hackers


Looks like Mozilla is toughening it’s stance on security, people have been putting it down lately, especially those from the Microsoft camp as there have been a few flaws.

But well, it’s still not part of the operating system, the flaws are generally fixed within a couple of days and the patching system is simple and bandwidth friendly since version 1.5.0.1.

I generally find it more effecient, better designed, more secure and less proprietary :P than Internet Exploder.

Anyway back on topic..

Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company’s effort to protect its range of desktop applications from malicious hacker attacks.

Snyder, who was responsible for security sign-off for Microsoft’s Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla’s security strategy, eWEEK has learned.

The hiring of Snyder is a coup for Mozilla Corp., the for-profit subsidiary of the Mozilla Foundation, based in Mountain View, Calif.

The group has seen its flagship Firefox Web browser chip away at the market dominance of Microsoft’s Internet Explorer, largely because of high-profile security flaws in and attacks on IE, and the addition of Snyder is sure to help beef up Mozilla’s security process and improve its communications with bug finders.

Sounds like a very good idea to me, with a proper security stance and process in place Firefox will become a market dominating product, it’s already fantastic, now it’s getting more money and skills injected, it’s evolving faster and smoother than ever.

Snyder most recently served as principal and founder of Matasano Security, a New York-based startup that was one of several external penetration testers hired by Microsoft to conduct simulated hacking attacks on Windows Vista.

She is also credited with seeding the idea for Microsoft’s internal “Blue Hat” security briefings, in which the crème de la crème of the hacking community is invited to the company’s Redmond, Wash., headquarters to discuss security with employees.

Snyder, a regular at security conferences, helped to soothe Microsoft’s contentious relationship with security consultants, and played a part in the improvement of the software maker’s strategy for reaching out to security vendors and researchers.

She was HITB conference this year I think if anyone was there, she’s quite cute too :P

Source: eWeek

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.