Archive | April, 2011

Google Chrome To Protect Users Against Malicious Executables


It looks like Google Chrome is stepping up to provide users with the most secure browsing experience. The browser has been built with security in mind since the beginning with it’s sandbox model and it escaped exploitation during the recent Pwn2Own contest.

Now they are infringing on the area of anti-virus vendors and stepping up in the fight against malware by proposing to block applications that are harmful to Windows users.

All we need to do now is make sure all new computers ship out with Chrome or Firefox installed as the default browser.

Google says it’s expanding its blacklist of malicious websites to include those that use deceptive claims to push harmful Windows programs.

The addition to Google’s Safe Browsing API will warn people when they are about to visit websites that offer Windows-based trojans that are disguised as screen savers or other innocuous applications. The search behemoth introduced the service five years ago to alert users when they try to browse sites that perform drive-by downloads that exploit security vulnerabilities in the operating system or browsing software.

The underlying programming interface is already being used by browsers including Google Chrome, Mozilla Firefox, and Apple Safari. It’s also available to any webmaster who wants to use the wealth of information available from Google to prevent malicious links from being posted to their sites.

Seen as though this is part of the Google Safe Browsing API, I wonder will Firefox follow suit and implement this in their browser. It’s always a good idea to give users an additional layer of security.

The onion approach rather than security by obscurity – or more commonly, just not giving two shits.

Drive by downloads have been a problem for a long time, and will continue to be a problem when it comes to users lacking proper secure computing habits (e.g. most of the public mass).


“Safe Browsing has done a lot of good for the web, yet the internet remains rife with deceptive and harmful content,” Moheeb Abu Rajab, a member of Google’s security team, blogged on Tuesday. “It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently.”

Keyloggers, botnet software and adware are just three examples.

The new feature will initially be available only for Chrome users who subscribe to the browser’s development release channel. The company plans to integrate it into the next stable release of Chrome. There is no mention of it being made available to browser providers outside of Google.

The warning will be displayed whenever users encounter a download from a URL that matches the latest list of malicious websites published by the Google API.

Safe Browsing is good and I think it really helps, especially with phishing sites which tend to get reported very quickly and then are promptly blocked in users browsers.

The new feature isn’t available in the current stable release of Chrome, but will be merged into the next stable version and is currently available in the development release.

Source: The Register

Posted in: Countermeasures, Malware, Security Software

Topic: Countermeasures, Malware, Security Software


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)


Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites. It detects CMS and e-commerce systems, message boards, JavaScript frameworks, hosting panels, analytics tools and several more.

The company behind Wappalyzer also collects information about web based software to create publicly available statistics, revealing their growth over time and popularity compared to others. Most of this data is anonymously collected from this Firefox add-on which has been installed by thousands of users.

Wappalyzer was founded in 2008 by Elbert F and has been made possible with the funding of AOE media GmbH, the leading Open Source web development company in Germany.

It detects the majority of common CMS systems, a full list can be found here.

You can download Wappalyzer here:

Wappalyzer.xpi

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Retarded E-mails – Damn Interested Hacking, Paid Server Indian Web, Love Hashing & More


It’s been a while since I’ve added a post to my beloved Retards category (almost a year and a half), since I put the disclaimer and link on the contact page – I’ve actually had a lot less retarded e-mails.

Which is good in a way as I no longer have to waste my time reading them, and bad in a way because I no longer get to laugh at people on a daily basis. Anyway, I still get some – so here they are for your viewing pleasure :)

Ok let’s start off with a classic example..of something I barely understand.

From: patrick
Subject: hi

Message Body:
master is ur window 7 ultimate still on for sale….and how do u I learn this hacking of a stuff…i dam interested…

Oh sorry what? I think you misunderstood the topic of this site.

From: PAM
Subject: program

Message Body:
i need to know what program to download to be able to use our digital dictation recorder

Right ok, I’ll get to work on the Paid Server Indian Web immediately and also write a system to remind you of your own password..

From: phillips
Subject: hi,

Message Body:
pls guys kindly give me a tutorail on how to creat a paid server indian web by myself,and also i forget my computer password and any time i want to on it ,it will be rwquesting for password which i dont know it again,bros what can i do.

Love hashing ya, xx

From: Nita
Subject:

Message Body:
Hi :) My name is Nita and I joined this site for hashing a password,I just don’t know where to hash it.Can someone help me? :)

Byee,Love ya x

Random spacing (check)
Missing letters (check)
Random capitalization (check)

From: FieriHack
Subject: its posible

Message Body:
its posible to find an adres passwd off FAcebook
please P.m to me

Ok you ask me to contact you ‘securely’ but you mail me from a Yahoo! address, no PGP key, no hushmail account…nothing..

From: Soulis
Subject: Question

Message Body:
Please contact me securely.
Thanks


And an old classic thrown in for good measure – the cheating spouse.

From: Kesavan
Subject: Hi

Message Body:
Please, please help me I need a password for a yahoo account…
The password concerned is my life partner for 15 years and I know he is cheating on me…I just need proof to confront him, I did confront him, he treathened to kill me if I carry on asking him about him having affairs…
If you can his email accounts are
xxx@yahoo.com
xxx@textiles.co.za

I would really appreciate it…
Thanks

Is it possible? Yah probably, but you need a brain first.

From: kanan
Subject: Texas Hold em Poker

Message Body:
IS Hacking Zynga Poker possible,add chips or view table cards?

There seems to be more and more Facebook based requests nowadays – here’s another one..

From: felix
Subject: facebook password

Message Body:
I am being falls accused by an impostor using my name, i cannot stop her from spreading news al over my family and friends saying bad words about me. its getting worst.

please help.

felix

I believe what you are looking for is called “A Job” accompanied by “A Credit Card” you scumbag.

From: Blacksheepbo
Subject: Hacking Software

Message Body:
I am looking for a software that will hack into a website like adultfriendfinder or xxxblackbook and allow you to have a free gold or silver membership. Whats out there that will do that or come close?

This selection is from November 2010 – January 2011…I have tons more, will post them soon :)

Posted in: Stupid E-mails

Topic: Stupid E-mails


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).