Tuesday, August 15, 2006
Hacking AJAX is alot more fun now
Hackers Add Ajax to Bag of Tricks
Souce Taken from CIO-Today
The hot new technology behind slick Web pages has suddenly become the hot new tool for cybercriminals. The technology, Ajax coding and Web tools, enables popular Web sites such as Google Maps and MySpace.com to come alive. It is also the technology behind Windows Live, the slate of cutting edge online services Microsoft has begun testing.
But hackers and cybercrooks have discovered that Ajax can be tweaked in myriad ways. By corrupting one of the dozens of data exchanges Ajax handles while loading a Web page, a hacker can take over control of the PC.
At the giant Black Hat cybersecurity conference here, talks on what kind of Ajax attacks to expect and how to defend against them drew large audiences.
"Ajax has introduced a huge attack surface," says Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "Ajax works under the covers to make Web sites really responsive, but criminals can just as easily use it under the covers to do some bad stuff."
Recent high-profile attacks include June's Yamanner computer worm, designed to harvest e-mail addresses from Yahoo mail users and send them to spammers in Europe; and Spaceflash, which installed adware (advertisements and tracking programs implanted surreptitiously) on the hard drives of more than a million MySpace users.
Those for-profit intrusions were foreshadowed by last October's milestone Samy worm. Created by a youthful hacker, Samy used an Ajax attack to infect a million MySpace users for the express purpose of adding them to the hacker's friends list -- to make him seem popular. MySpace had to shut down for a day to clean up Samy.
"We've gone from kids screwing around to criminals looking for ways to make money in less than eight months," says Hoffman.
Dave Cole, director of Symantec Security Response, says social networking sites suggest a false sense of security: "You don't expect to be attacked when you go to Joe Bob's page."
Hemanshu Nigam, MySpace's chief security officer, said in a statement that the company uses strong security measures and works with law enforcement in the event of a breach. Since Ajax is well on its way to becoming a standard for the way interactive Web pages operate, security experts expect attacks to escalate.
"Imagine when the same flaws are used to steal money from financial institutions," says Alex Stamos, principal partner at security researcher iSEC Partners.
Security researchers are trying to help corporations stay a step ahead. At Black Hat, SPI Dynamics' Hoffman showed how Ajax attacks could be designed to break into and manipulate online stock trading accounts.
Jeremiah Grossman, CTO of WhiteHat Security, gave a well-attended demonstration showing how hackers could spread an Ajax attack through MySpace as a means to release an invasive program deep inside a corporation's internal network.
"This is just a natural extension of where things are headed," says Grossman. "We know these kinds of attacks always get better and better."
Souce Taken from CIO-Today
The hot new technology behind slick Web pages has suddenly become the hot new tool for cybercriminals. The technology, Ajax coding and Web tools, enables popular Web sites such as Google Maps and MySpace.com to come alive. It is also the technology behind Windows Live, the slate of cutting edge online services Microsoft has begun testing.
But hackers and cybercrooks have discovered that Ajax can be tweaked in myriad ways. By corrupting one of the dozens of data exchanges Ajax handles while loading a Web page, a hacker can take over control of the PC.
At the giant Black Hat cybersecurity conference here, talks on what kind of Ajax attacks to expect and how to defend against them drew large audiences.
"Ajax has introduced a huge attack surface," says Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "Ajax works under the covers to make Web sites really responsive, but criminals can just as easily use it under the covers to do some bad stuff."
Recent high-profile attacks include June's Yamanner computer worm, designed to harvest e-mail addresses from Yahoo mail users and send them to spammers in Europe; and Spaceflash, which installed adware (advertisements and tracking programs implanted surreptitiously) on the hard drives of more than a million MySpace users.
Those for-profit intrusions were foreshadowed by last October's milestone Samy worm. Created by a youthful hacker, Samy used an Ajax attack to infect a million MySpace users for the express purpose of adding them to the hacker's friends list -- to make him seem popular. MySpace had to shut down for a day to clean up Samy.
"We've gone from kids screwing around to criminals looking for ways to make money in less than eight months," says Hoffman.
Dave Cole, director of Symantec Security Response, says social networking sites suggest a false sense of security: "You don't expect to be attacked when you go to Joe Bob's page."
Hemanshu Nigam, MySpace's chief security officer, said in a statement that the company uses strong security measures and works with law enforcement in the event of a breach. Since Ajax is well on its way to becoming a standard for the way interactive Web pages operate, security experts expect attacks to escalate.
"Imagine when the same flaws are used to steal money from financial institutions," says Alex Stamos, principal partner at security researcher iSEC Partners.
Security researchers are trying to help corporations stay a step ahead. At Black Hat, SPI Dynamics' Hoffman showed how Ajax attacks could be designed to break into and manipulate online stock trading accounts.
Jeremiah Grossman, CTO of WhiteHat Security, gave a well-attended demonstration showing how hackers could spread an Ajax attack through MySpace as a means to release an invasive program deep inside a corporation's internal network.
"This is just a natural extension of where things are headed," says Grossman. "We know these kinds of attacks always get better and better."
Thursday, August 10, 2006
An ingenius of data transmission by Trojan
Got to hand it over to these guys. Their minds are much faster to work their ways around the net.
Source Taken from The Register
Security researchers have identified a new Trojan which sends data back to attackers via an unconventional communications protocol (for malware) in a bid to escape detection.
The as-yet unnamed phishing Trojan transmits stolen information back to hackers via ICMP (Internet Control Message Protocol) packets instead of email or HTTP packets, the standard route for transmitting purloined information.
After infecting a victim's computer, the Trojan is programmed to install itself as an Internet Explorer Browser Helper Object (BHO). The software then waits for a victim to post sensitive data online. This data, once entered, is captured by the Trojan and sent to attackers.
Instead of using email or HTTP POST requests, the Trojan encodes purloined data using a simple XOR algorithm before placing it into the data section of an ICMP ping packet.
"To network administrators and egress filters, this ICMP packet looks like legitimate traffic leaving the network. However, the ICMP packet actually contains encoded personal information entered by a user. The attackers presumably capture this packet at their remote server, where the packet is easily decoded to reveal the information entered by the user," reports web security firm Websense, which analysed the behaviour of the Trojan after being among the first to receive samples of the malware code. ®
Source Taken from The Register
Security researchers have identified a new Trojan which sends data back to attackers via an unconventional communications protocol (for malware) in a bid to escape detection.
The as-yet unnamed phishing Trojan transmits stolen information back to hackers via ICMP (Internet Control Message Protocol) packets instead of email or HTTP packets, the standard route for transmitting purloined information.
After infecting a victim's computer, the Trojan is programmed to install itself as an Internet Explorer Browser Helper Object (BHO). The software then waits for a victim to post sensitive data online. This data, once entered, is captured by the Trojan and sent to attackers.
Instead of using email or HTTP POST requests, the Trojan encodes purloined data using a simple XOR algorithm before placing it into the data section of an ICMP ping packet.
"To network administrators and egress filters, this ICMP packet looks like legitimate traffic leaving the network. However, the ICMP packet actually contains encoded personal information entered by a user. The attackers presumably capture this packet at their remote server, where the packet is easily decoded to reveal the information entered by the user," reports web security firm Websense, which analysed the behaviour of the Trojan after being among the first to receive samples of the malware code. ®
Tuesday, August 08, 2006
Do you trust Microsoft Vista?
After months of promise and hardwork the long awaited operating system is circumvent yet again. This time the problem will be better contained. With move by microsoft to seek expert hackers advise this version of Vista OS will definitely take more time but for a better cause.
Kudos.
Source Taken from IT Vibe
Reports of a new threat to Microsoft's unreleased operating system 'Vista' have already started. This new threat named only as 'Blue Pill' has already managed to circumnavigate it's was around the major new feature in Vista, its security.
Microsoft's new Vista operating system has been touted as their most secure operating system to date. Microsoft has put a lot of time and effort in to making this new operating system secure by giving it a "Security Development Lifecycle" which aims to find 'all' security threats before being released.
Microsoft has been after information like this to arise, as they attended this year's Black Hat hacker conference last week prompting attending hackers to do worst.
The Blue Pill works by bypassing Vista's integrity-checking process and allows unsigned code to be loaded by the Vista kernel. By doing this it allows Malware or unauthorised software to be used. Reports also say Blue Pill is undetectable.
Reports now say Microsoft are happy with the information they have received and are looking in to the process used by Blue Pill and hope to find a solution to what could be a rather interesting problem on release.
The finder of the new hack Joanna Rutkowska a researcher for a firm called COSEINC has made some suggestions on the best way to address this. I think Microsoft will be all ears on that one!
Kudos.
Source Taken from IT Vibe
Reports of a new threat to Microsoft's unreleased operating system 'Vista' have already started. This new threat named only as 'Blue Pill' has already managed to circumnavigate it's was around the major new feature in Vista, its security.
Microsoft's new Vista operating system has been touted as their most secure operating system to date. Microsoft has put a lot of time and effort in to making this new operating system secure by giving it a "Security Development Lifecycle" which aims to find 'all' security threats before being released.
Microsoft has been after information like this to arise, as they attended this year's Black Hat hacker conference last week prompting attending hackers to do worst.
The Blue Pill works by bypassing Vista's integrity-checking process and allows unsigned code to be loaded by the Vista kernel. By doing this it allows Malware or unauthorised software to be used. Reports also say Blue Pill is undetectable.
Reports now say Microsoft are happy with the information they have received and are looking in to the process used by Blue Pill and hope to find a solution to what could be a rather interesting problem on release.
The finder of the new hack Joanna Rutkowska a researcher for a firm called COSEINC has made some suggestions on the best way to address this. I think Microsoft will be all ears on that one!
