Archive | April, 2011

Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit

Use Netsparker


So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data loss including user data for millions of users being stolen.

All kinds of personal data was leaked including birth dates, names, e-mail address and it was originally though the hackers had also got hold of user credit card details.

A funny tweet I saw on the matter was “Hello my name is SONY. I like long walks on the beach, DRM, rootkits and losing your cc info.” from @rodolfor.

Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony’s related Qriocity network.

Sony’s stunning admission came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”.

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months

What worries me is how much of their data was stored in plain text, I guess they assumed their system and network was so secure it would not be breached. But still, the important stuff should have been behind some kind of encryption layer and things like passwords should be hashed.

There was an official update from them too on the PlayStation blog here:

Update on PlayStation Network and Qriocity

They did warn users to remain vigilant and provided ways on how to be prepared for credit card. There were some rumours going around that PSN users were seeing $10 debits from the credit cards they had linked to their PlayStation accounts.


Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony’s advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn’t say if its website complied with data-security standards established by the Payment Card Industry.

Sony reminded users located in the US that they’re entitled to receive one credit report per year from each of the three major credit bureaus. The company didn’t offer to pay for any sort of credit monitoring service to help ensure the information it lost isn’t used in identity-theft ruses against its users.

“When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password,” advises a letter that Sony is sending to its users.

The latest news is however that the credit card details are actually encrypted, so they should be safe. The details came from an updated in Q&A format from the PlayStation blog:

Q&A #1 for PlayStation Network and Qriocity Services

Their statement is as follows:

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

So the user data is out there but the credit card data should be safe, even if the table was stolen it’s encrypted – let’s hope the hacker didn’t swipe the keys too.

The case has also triggered a lawsuit with a user of the network suing Sony over the data loss, more from Information Week here:

Sony Sued Over PlayStation Network Hack

Source: The Register

Posted in: Exploits/Vulnerabilities, Legal Issues, Privacy

Topic: Exploits/Vulnerabilities, Legal Issues, Privacy


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool

The New Acunetix V12 Engine


The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc).

Also, since the http traffic is stored in a MongoDB, the traffic is stored at an object-level, retaining the structure of the parsed traffic.

Features

  • Swing-based UI,
  • Interception capabilities with manual edit, both for TCP and HTTP traffic,
  • Syntax highlightning (html/form-data/http) based on JFlex,
  • Storage of http traffic into MongoDB database,
  • Possibilities to intercept in Fully Qualified mode (like all other http-proxies) OR Non-fully qualified mode. The latter means that interception is performed *after* the host has been parsed, thereby enabling the user to submit non-valid http content.
  • A set of filters to either ignore or process traffic which is routed to the proxy. The ‘ignored’ traffic will be streamed to the endpoint with minimal impact on performance.

Known Issues

  • HTTP-intercept: Some button/checkboxes in the interception window does not work
  • TCP-intercept: The statistics counters are incorrect.

You can download OWASP Hatkit Proxy here:

hatkit_proxy-0.5.1.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far

Use Netsparker


There’s been a few big stories in the past few days, one is of course the whole iPhone geo-location data tracking thing – but everyone was too busy checking into Foursquare to complain about that.

The other is that the Sony PlayStation Network (PSN) basically got hacked, owned and raped. It’s still currently down and according to Sony is being completely rebuilt to be more secure, so far it’s been down for 4 days.

The outage of Sony’s PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is “rebuilding” its system to better guard against attacks.

Sony said on Saturday that the outage was caused by an “external intrusion” into the network, but has yet to detail the problem.

The PlayStation Network is used for PlayStation 3 online gaming and sales of software to consoles and the PlayStation Portable. The Qriocity service runs on the same network infrastructure and provides audio and video to Sony consumer electronics products. The latest update, while not explaining the intrusion, pointed towards it being relatively sophisticated.

“Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure,” the company said in a statement. “Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.”

I bet there’s a lot of gaming addicts out there jonesing to get their fix, I’d imagine it’s a top priority for Sony to get this back up and running especially as they were planning to major updates. They haven’t as yet given any kind of indication as to how long it’s going to take them to fix it.

I’d estimate they should be done before the end of this week, more than 7 days down is suicide for this kind of online model.


Sony said it is “working around the clock to bring them both back online,” but didn’t say when they might return. Phone calls to the company’s Tokyo headquarters went unanswered on Sunday.

“We thank you for your patience to date and ask for a little more while we move towards completion of this project,” the statement said.

The outage has left PlayStation 3 owners unable to play online games. Networked gaming, in which gamers collaborate with others in real-time battles, challenges and quests, is very popular and typically enjoyed by millions, especially over the weekend.

I’d imagine we’ll be seeing some kinda of announcement by Sony about this fairly shortly – they can’t be leaving millions of frustrated gamers in the dark. I’d be interested to see some kind of details regarding the intrusion too.

How did they get in? How serious was it? Did they use some kind of mythical 0-day exploit?

From what we know about Sony though, I wouldn’t hold your breath on the details..

Source: Network World

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


SearchDiggity – GUI Front-End For GoogleDiggity & BingDiggity

The New Acunetix V12 Engine


The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks.

SearchDiggity is a new GUI application that serves as a front-end to both GoogleDiggity and BingDiggity.

GoogleDiggity

With the retirement of Google’s SOAP Search API on September 7, 2009, most of the security utilities available for Google Hacking cease to function, leaving the security industry with a need for new and innovative tools. GoogleDiggity is a new MS Windows command line utility designed to help fill that need. GoogleDiggity leverages the Google AJAX API, so it will not get you blocked by Google bot detection while scanning. Also, unlike other Google Hacking tools available, GoogleDiggity actually allows you to specify a Google Custom Search Engine (CSE) id to run Google Hacking vulnerability checks against a customized version of Google that will only return results tailored to your organization.


BingDiggity

BingDiggity is a new command line utility that leverages the new Bing 2.0 API and a newly developed Bing Hacking Database (BHDB) to find vulnerabilities and sensitive information disclosures related to your organization that are exposed via Microsoft’s Bing search engine. This utility also provides footprinting functionality that allows you to enumerate URLS, hosts, domains, IP-to-virtual host mappings, etc. for target companies.

You can download SearchDiggity v1.0 here:

MSI Installer – searchdiggity.msi
ZIP File – searchdiggity.zip

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

Topic: Hacking Tools, Privacy, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Microsoft Implements Company Policy For Vulnerability Disclosure

The New Acunetix V12 Engine


Microsoft has implemented a new company policy regarding vulnerability disclosure in non-Microsoft products (third-party products). Unsurprisingly they are following the ‘responsible disclosure’ line rather than the ‘full disclosure’ line favoured by the infosec community.

It’s fair enough though, as they say treat others as you wish to be treated. I’m pretty sure Microsoft would much prefer people to report vulnerabilities to them privately and give them adequate time to fix the problem before disclosing publicly.

If you really THAT interested, you can actually download the policy here (MS Word).

Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products.

The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They’re intended to simplify communication among affected parties and reduce the chances that vulnerability reports will result in it being exploited in the wild. Among other things, they require employees to send private notifications to the organization responsible for the vulnerable software, hardware or service and only later publish a public advisory.

“We’re definitely into the idea of no surprises for any of our vendors that we find vulnerabilities in,” said Microsoft Senior Security Strategist Katie Moussouris. “We’re basically following the golden rule for disclosure, and it’s all about protecting customers, because there’s no reason to unnecessarily amplify risk by imposing some sort of one-size-fits-all deadline on things.”

The policy (MS Word document here) applies to all Microsoft employees, whether they find vulnerabilities during their personal time or as part of their official duties. The procedures are intended to move away from the doctrine of “responsible disclosure,” which many people in security circles came to resent because it suggested all who disagreed with it were somehow behaving improperly.

It’s interesting to see a company really showing the public at large how they intend to deal with finding vulnerabilities in other peoples software. Google has published a similar (but MUCH less detailed) policy regarding disclosure.

Google will generally give 60 days before they publish a vulnerability publicly, a lot of people give up trying to contact vendors after a few bounced or unreplied e-mails and just post the details on mailing lists like Bugtraq or Full-disclosure.

What will be fascinating is to see what kind of vulnerabilities Microsoft will publish, it’ll give us some idea as to which products and what types of software they are looking at.


Under the policy, Microsoft employees who discover vulnerabilities will report them privately to the third-party organizations responsible. Encrypted email is the favored medium, but only after the employee has identified the right third-party person to receive the report. The reports should include crash dump information, proofs of concept or exploit code, root cause analysis, and other technical details.

“Any vulnerability information provided to the vendor is not intended for public use, but for the vendor’s use to identify and remediate the vulnerability,” the policy states.

For the first time, Microsoft will begin publishing advisories about the vulnerabilities its employees have discovered – preferably only after the security hole has been patched. Microsoft may also issue advisories if it learns the bug is being exploited, or in cases where it receives no response from the third party.

The policy appears to be the first time a company has said publicly exactly when and how it will report vulnerabilities in the products of its peers, partners and competitors. In July, Google’s security team issued a less detailed policy that said members would generally give companies 60 days to patch vulnerabilities before making them known publicly.

Microsoft has yet to implement a bug-bounty program that compensates researchers for their time and expertise in reporting vulnerabilities in its products. Google and Mozilla have paid rewards for years. Security firm Tipping Point has pledged to make vulnerabilities public six months after reporting them privately.

The focus for everyone seems to ‘protecting the end user’ – why the shift in focus? I’m not entirely sure, but it’s not a bad thing.

You can read the Google Policy here:

Rebooting Responsible Disclosure: a focus on protecting end users

Perhaps Microsoft took a leaf from the Google book after all.

Source: The Register

Posted in: Legal Issues, Windows Hacking

Topic: Legal Issues, Windows Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


BodgeIt Store – Vulnerable Web Application For Penetration Testing

Use Netsparker


There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features

  • Easy to install – just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up

There is also a ‘scoring’ page where you can see various hacking challenges and whether you have completed them or not.


Install

All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.

Then point your browser at (for example) http://localhost:8080/bodgeit

The author recommends Zed Attack Proxy to get you started.

You can download BodgeIt Store here:

bodgeit.1.1.0.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Secure Coding, Web Hacking

Topic: Exploits/Vulnerabilities, Secure Coding, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.