Archive | July, 2008

Which Browser Users Are More Secure?

The New Acunetix V12 Engine


Some new statistics just came out regarding Browser Security, this is more in terms of which users are most likely to apply patches and be using the most secure version.

I would have thought Firefox would have been pretty high since the newer series prompt automatically new patches. My only guess is a lot of people are still using 1.5x series which didn’t have that feature.

It turns out, that Internet Explorer is the ‘most secure’. Well that’s very subjective as IE doesn’t show sub versions like the other browsers do..and Windows Updates pushes out patches quite agressively. It also depends which set of data you look at as both conflict, one says Firefox users are more secure and one says IE

The researchers who published a large study of web browser security this week had a great idea and excellent data to work with. Too bad they overreached with their conclusions. A lot more is being made of this paper than is warranted.

The researchers, from ETH Zurich, Google, and IBM, looked at log data provided by Google from their global user base for web search and applications for the period between January 2007 and June 2008. This data was based on the browser user-agent string, which is also the reason the data is not as telling as the authors argue.

What did the study conclude? First, lots of users are not running the most up-to-date and secure versions of their web browsers. Second, that this is primarily a phenomenon of Internet Explorer users; Firefox users, on the other hand, overwhelmingly update their browsers quickly. These and other results lead the authors to suggest that browsers get expiration dates, much like milk and pharmaceuticals.

As expected though a LOT of users are not running the latest version of their browser, but that doesn’t surprise us really does it?

I think the versioning is an issue though, with IE you only get to know about the major version (IE5, IE6, IE7, IE8) and not which actual patches they have applied.

Why, one might ask, does Microsoft not provide minor version information? Microsoft’s David LeBlanc answers that question in his blog by saying that they consider such information to be an “information disclosure vulnerability.” In other words, by giving a web-based attacker precise version information, you are also giving them better information on how to attack that browser.

In these measurements IE7 users are much more likely to be up to date than other browser users. The authors are correct that Secunia users are more likely to be security-aware, but even when they try to adjust the numbers, multiplying the IE7 number by 2.1 “… to correct for the bias of Secunia’s measurement within a security aware user population” IE7 still ends up looking better.

There is actually a discrepency between the two sets of data, the metrics are odd though and are based on heavy assumptions (IE7 is secure but IE6 is not, while IE7 is a MORE secure browser architecture and feature wise, a fully patched IE6 can also be perfectly secure).

I’d be interested to see more of these stats and see the full Google access logs for a few month period.

That would be some interesting data mining.

Source: eWeek

Posted in: Countermeasures, Exploits/Vulnerabilities

Topic: Countermeasures, Exploits/Vulnerabilities


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


ratproxy – Passive Web Application Security Audit Tool

Use Netsparker


Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

The proxy analyzes problems such as cross-site script inclusion threats, insufficient cross-site request forgery defenses, caching issues, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more.

Why Ratproxy?

There are numerous alternative proxy tools meant to aid security auditors – most notably WebScarab, Paros, Burp, ProxMon, and Pantera. Stick with whatever suits your needs, as long as you get the data you need in the format you like.

That said, ratproxy is there for a reason. It is designed specifically to deliver concise reports that focus on prioritized issues of clear relevance to contemporary web 2.0 applications, and to do so in a hands-off, repeatable manner. It should not overwhelm you with raw HTTP traffic dumps, and it goes far beyond simply providing a framework to tamper with the application by hand.

You can download Ratproxy here:

ratproxy-1.51.tar.gz

Or read more here.

The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). Since it is in beta, there might be some kinks to be ironed out, and not all web technologies might be properly accounted for.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


Google Calendar a New Target for Phishing

The New Acunetix V12 Engine


It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.

The latest target appears to be Google Calendar.

As always be on your guard as these scams are coming from all directions.

A few months ago, spam came to Google Calendar. Now phishing has arrived.

Intrepid Google watcher Philipp Lenssen wrote late last week about being the target of a phishing attempt via Google Calendar.

He received an e-mail to his Gmail account with a reference to a legitimate event from his calendar. The sender was listed as “customer care,” and it asked him to verify his account by supplying his username and password.

It seems to the same old style as normal e-mail phishing but utilising the Google Calendar interface. It comes bundled with the usual spelling and grammatical errors that plague phishing e-mails.

I wonder how many people are falling for this one? If generic phishing ploys are anything to go by…it will be quite a lot.

On May 28, a Google Talk Guide addressed the issue in a Google Groups thread, urging users to click the “Report Phishing” link if they receive suspicious e-mails and not to click on links within the e-mails or open attachments.

Late on Monday, a Google representative e-mailed this statement: “Spam is an issue for all Internet users, and we work very hard to fight it. Using Google Calendar, or any Google product, to send spam is a violation of our product policies. We are actively identifying Calendar accounts that send spam and disabling them.”

Perhaps drop a note to any non-tech friends using Google Calendar just to warn them that this is happening.

You might save someone a lot of trouble.

Source: Cnet (Thanks to Navin)

Posted in: Privacy, Social Engineering, Spammers & Scammers

Topic: Privacy, Social Engineering, Spammers & Scammers


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


PAW/PAWS – Python Advanced Wardialing System

Use Netsparker


Now this is an oldskool topic, wardialling! Some people still ask me about wardialling tools though, so here’s one I found recently written in Python.

PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are – despite their martialic naming – used to find nonauthorized modems so one can disable those and as result make access to the internal network harder.

For PAW list all numbers you want to be dialed into the (text) file “dial.lst”, one in each line – numbers only, no spaces, plus signs, dashes or slashes please.

For PAWS the numbers are accompanied by the ISDN modes to be tested in the (text) file “dial.lst” in the exact format you find in the example file (you can delete individual ISDN types, though), one in each line – numbers only, no spaces, plus signs, dashes or slashes please. A syntax check of any kind is effectively non-existant, so be careful.

Make sure the device your modem is attached to is set correctly in paw.py in the variable “tty” at the top of the file.

Then simply call “./paw.py” or “./paws.py” and watch – a verbatim full log will be written into paw_dialing.log where CR, LF and TAB will be translated into readable equivalents. For PAW an additional summary will be written as CSV file in paw_dialing.csv

You can download PAW/PAWS here:

paw.tar.gz (analog wardialer only)

paws.tar.gz (ISDN & analog wardialing)

Or read more here.

Posted in: Hacking Tools, Hardware Hacking, Networking Hacking

Topic: Hacking Tools, Hardware Hacking, Networking Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.