Category: Security

Safari 3 for Windows, not as secured as it seems

By , June 14, 2007 1:48 am

While it is natural for beta software to contain bugs and security loopholes, I just couldn’t help but to laugh at Apple over the mess they had created on Safari 3.

Within hours after the launch of the public beta, security experts such as Aviv Raff, David Maynor and Thor Larholm had publish findings on security flaws found on Safari 3. Immediately over throwing the claims made by Apple for “Safari to be secure from day one“.

Month of Search Engines Bugs

By , May 21, 2007 9:51 pm

A hacker from Ukraine known as ‘MustLive’ as annouced a new Month of Bugs targeted on search engines, something that is common and irreplaceble in the internet.

Purpose of this Month of Bugs is a demonstration of real state with security in search engines, which are the most popular sites in Internet. To let users of search engines and web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines’ owners to security issues of their sites.

more: http://websecurity.com.ua/category/moseb/

Activating Windows XP with your Credit Card details

By , May 18, 2007 11:52 pm

If you had activated your copy of XP (or at least you think you had) using your Credit Card details, chances are you had just been phished. Symantec has reported a new and very interesting trojan horse, that rather than doing the usual stuff a trojan horse does, is phishes the victim to provide his/her credit card details.

When infected, the standalone trojan will prompt you to activate your copy of Windows. You have only two choices here, to proceed with activation or to do it later. Choosing the latter will result in your computer shutting down. Naturally you will be forced to activate Windows. Next you are actually required to provide your Credit Card details, at the same time assuring you that you will not be charged (common sense should make you re-think of the credibility of the message).

Cracking WLAN’s WEP in less than a minute

By , April 7, 2007 9:52 pm

It is already known that WLAN’s WEP isn’t secured. Back in 2001, it was shown that the method of cracking the crypto system RC4 can also be used in cracking the WEP encryption. Then, it needed an estimated of 4,000,000 to 6,000,000 WEP packets in order to crack the secret key used in the encryption. Until recently, the best method requires about 500,000 to 2,000,000 WEP packets which usually takes 10 to 40 minutes.

Now, a group of researchers from Technical University of Darmstadt has managed to bring the figure down to 10% of that. With just 40,000 packets, they are able to achieve a success probability of 50% in obtaining the key. Upping the number of packets to 85,000, they get a staggering 95% success probability.

The researchers has published their report at their website, including the WEP cracking program. They had used and improved on the attack method developed by Andreas Klein in 2005.

Due to the weak security of WEP, the Wi-Fi Alliance had introduced WPA which based partly of the IEEE 802.11i. Later, WPA2 which uses AES encryption was introduced and made mandatory for all new Wi-Fi devices that is Wi-Fi certified.

Skype users at risk of Trojan Horse attack

By , April 5, 2007 12:36 am

Miscreants have again adapted the Warezov Trojan horse to target Skype users, Websense Security Labs warned on Thursday.

The attack is similar to threats that target instant-messaging applications. A targeted Skype user will receive a chat message with the text “Check up this” and a link to a malicious executable called “file_01.exe” on a Web site, Websense said in an alert. If the user runs the file, several other files are downloaded and run, it said.

more at http://news.com.com/Trojan+horse+targets+Skype+users/2100-7349_3-6169973.html

Vista not spared from *.ani zero-day

By , March 30, 2007 11:12 pm

Microsoft had issued a Security Advisory (935423) addressing the threat of the Animated Cursor handling.

This vulnerability can be exploited to execute arbitrary codes to create backdoors and attempt to download malwares into the infected systems.

Windows the more secure OS

By , March 26, 2007 6:01 pm

Symantec has published their 11th volume of Internet Security Threat Report. The report covers a wide area of security and vulnerabilities issues from web browsers to operating system. Symantec is in no way a friend of Microsoft, in fact Symantec recently had issues with Microsoft over Windows Vista security model. However based on research for the second half of 2006, Symantec had concluded that Microsoft is doing better in security as compared to the other competitors.

Microsoft Windows top the list with 39 vulnerabilities found and with an average fix time of 21 days.

Red-Hat Linux came in second with 208 vulnerabilities found and an average fix time of 58 days.

Apple’s Mac OS X got the thrid place with 43 vulnerabilities and an average fix time of of 66 days.

Despite all the hilarious ads that Apple made, including one which made fun of Windows Vista’s UAC, there is nothing which supports the claims of Apple being the better OS. Shame on them.

Windows Vista Vulnerable to StickyKeys Backdoor

By , March 20, 2007 5:02 pm

This vulnerability was discovered by a McAfee researcher, Vinoo Thomas. According to his blog, the StickyKeys can be modified to launch an unauthorised software when triggered.

StickyKeys is a accessibility feature in modern Wndows system to aid disabled users. To trigger, the user needs to hit the modifier key such as ‘Shift’ for five times and once triggered, the modifer keys would “stick”, as though it had been pressed. For example if ‘Shift’ is the modifier key, when triggered, you only need to hit ‘F1’ key inorder to execute ‘Shift + F1’. The StickyKeys can be trigger at the login page, thus implying that no authentication is done prior to triggering the StickyKeys.

This vulnerability involves modifying the file “c:/windows/system32/sethc.exe” that launches StickyKeys. Windows Vista does not do integrity check on the file before executing it, but the file is protected by the Windows file protection. Disabling the file protection is however easy by using the following command.

takeown /f c:\windows\system32\sethc.exe
cacls c:\windows\system32\sethc.exe /G administrator:F

It is noted that using this vulnerability, one can disable the file protection, modify “c:/windows/system32/sethc.exe” such that “cmd.exe” is launched instead. So, the attacker can trigger the StickyKeys at logon to launch “cmd.exe” then proceed to add himself as an administrator by using the following command.

net user USERNAME /add
net localgroup administrators USERNAME

However, the catch is that in order to disable the file protection, one needs to have administrator rights. It doesn’t make sense of performing a long chain of actions to create an administrator account when the attacker already has administrator access to the system.

Phishing using IE7 local resource vulnerability

By , March 20, 2007 4:30 pm

Aviv Raff, an Isreal-based security researcher had discovered a design flaw in Microsoft’s Internet Explorer 7 which allows cross-site scripting using one of the IE’s local resource and opens users to phishing attacks. According to his blog, it can be exploited by creating a specially crafted navcancl.html local resource link with a script that will display a fake content of a trusted site. By open the link sent by the attacker, a “Navigation Cancelled” page will be displayed. By futher clicking the “Refresh the Page” link, the victime will be linked to a fake website, but with the address bar showing the legitimate address of the trusted site.

proof-of-concept

WordPress 2.1.1 Compromised

By , March 10, 2007 1:08 am

To keep it short, WordPress users, update your WordPress to version 2.1.2 if you had recenly installed 2.1.1.

more at http://wordpress.org/development/2007/03/upgrade-212/

Panorama Theme by Themocracy