Friday, February 23, 2007
Google Desktop Vulnerability
Good demonstration about software vulnerability.
That explain why hackers are changing from network penetration to application penetration.
WatchFire Demo
WatchFirew Whitepaper
That explain why hackers are changing from network penetration to application penetration.
WatchFire Demo
WatchFirew Whitepaper
Thursday, February 15, 2007
Another Vulnerability with the Browsers
Click below to test if your browser is compromised.
Test it out
Source taken from The Register
The latest versions of Internet Explorer and Firefox on Windows and (in the case of Firefox) Unix systems are vulnerable to attacks that could reveal the contents of sensitive files residing on a victim's hard drives.
The vulnerability resides in the functionality that allows the browsers to upload files to a remote server. It requires a victim to visit a booby-trapped website and enter text with certain characters in a comment interface or other input field.
Demonstration exploits, one for IE and the other for Firefox, show how typing a simple string into a message box reveals a Windows user's boot.ini file.
Petko D. Petkov, a researcher who has investigated the vulnerability, says similar techniques could be used to reveal more sensitive files on Windows or Unix-based machines, for example C:\WINDOWS\system32\config\SAM in the former or /etc/passwd in the latter.
The vulnerability in Firefox was tested with versions 2.0 and 1.5. It is a variant of a bug that was reported on Bugzilla as early as 2000, according to Michal Zalewski, who is credited with discovering the flaw in that browser.
Petkov is believed to have first determined that IE 7 is also vulnerable. ®
A Microsoft spokesman said the company is investigating the report. Initial findings by Microsoft's security team are consistent with the report, specifically that "an attacker could gain access to user files if the location of a given file is already known" and would then have to convince the victim to enter the location of that file in a Web page.
Test it out
Source taken from The Register
The latest versions of Internet Explorer and Firefox on Windows and (in the case of Firefox) Unix systems are vulnerable to attacks that could reveal the contents of sensitive files residing on a victim's hard drives.
The vulnerability resides in the functionality that allows the browsers to upload files to a remote server. It requires a victim to visit a booby-trapped website and enter text with certain characters in a comment interface or other input field.
Demonstration exploits, one for IE and the other for Firefox, show how typing a simple string into a message box reveals a Windows user's boot.ini file.
Petko D. Petkov, a researcher who has investigated the vulnerability, says similar techniques could be used to reveal more sensitive files on Windows or Unix-based machines, for example C:\WINDOWS\system32\config\SAM in the former or /etc/passwd in the latter.
The vulnerability in Firefox was tested with versions 2.0 and 1.5. It is a variant of a bug that was reported on Bugzilla as early as 2000, according to Michal Zalewski, who is credited with discovering the flaw in that browser.
Petkov is believed to have first determined that IE 7 is also vulnerable. ®
A Microsoft spokesman said the company is investigating the report. Initial findings by Microsoft's security team are consistent with the report, specifically that "an attacker could gain access to user files if the location of a given file is already known" and would then have to convince the victim to enter the location of that file in a Web page.
Labels: Firefox, IE, Internet Browser, Vulnerability
HD Copy Protection Succumb
I wouldn't call him a hacker but rather he has break the industry invention (years of testing) through hardwork and intensive study (Juz 8 days). Hurray...
Source Taken from The Register
Hacker cracks HD copy protection
A lone hacker has unlocked the master key preventing the copying of high-definition DVDs in a development that is sure to get the entertainment industry's knickers wrapped tighter than a magnet's coil. What's more, the individual was able to defeat the technology with no cracking tools or reverse engineering, despite the millions of dollars and many years engineers put into developing the AACS (Advanced Access Content System) for locking down high-definition video.
A hacker going by the name arnezami on the Doom9 discussion boards, has been hard at work for at least the past eight days, when he first claimed to have discovered how to read the volume ID of the movie King Kong. Over the coming days, he documented his progress, with the Eureka moment occurring on Sunday, when he was able to confirm the validity of his method for identifying the processing key. Combining the two allowed him to unlock the copy protection.
After getting some much-needed sleep, arnezami was back to explain how he accomplished his feat. While his player loaded the Kong disc, he closely looked for changes being made to a certain part of his computer memory. Making a memdump with the WinHex file editor, he was about to find the key fairly easily.
Forum participants continue to debate the implications of arnezami's handiwork. What's known for sure is that his hack unlocks the encryption used to protect content on every Blu-ray and HD DVD disc released to date. Several participants have downplayed the significance of the discovery, reasoning that it could be undermined in the future if the keys are changed or revoked.
But arnezami and others argue it will not be possible for copyright holders to squeeze the toothpaste back into the tube. If a processing key is revoked, hackers can use a player compatible with the new one, insert a disc that's already been cracked, and sniff around in memory for the new processing key.
This week's hack is only the latest sign that the plan to prevent the copying of digital content is less straightforward than Hollywood hoped. Over the past two months, a hacker on the same discussion board who goes by the nick muslix64 disclosed other ways to circumvent copy protections in Blu-ray and HD DVD. Unlike arnezami's method, however, the earlier approach relies on obtaining the unique key for a particular title, making the hack more cumbersome. ®
Source Taken from The Register
Hacker cracks HD copy protection
A lone hacker has unlocked the master key preventing the copying of high-definition DVDs in a development that is sure to get the entertainment industry's knickers wrapped tighter than a magnet's coil. What's more, the individual was able to defeat the technology with no cracking tools or reverse engineering, despite the millions of dollars and many years engineers put into developing the AACS (Advanced Access Content System) for locking down high-definition video.
A hacker going by the name arnezami on the Doom9 discussion boards, has been hard at work for at least the past eight days, when he first claimed to have discovered how to read the volume ID of the movie King Kong. Over the coming days, he documented his progress, with the Eureka moment occurring on Sunday, when he was able to confirm the validity of his method for identifying the processing key. Combining the two allowed him to unlock the copy protection.
After getting some much-needed sleep, arnezami was back to explain how he accomplished his feat. While his player loaded the Kong disc, he closely looked for changes being made to a certain part of his computer memory. Making a memdump with the WinHex file editor, he was about to find the key fairly easily.
Forum participants continue to debate the implications of arnezami's handiwork. What's known for sure is that his hack unlocks the encryption used to protect content on every Blu-ray and HD DVD disc released to date. Several participants have downplayed the significance of the discovery, reasoning that it could be undermined in the future if the keys are changed or revoked.
But arnezami and others argue it will not be possible for copyright holders to squeeze the toothpaste back into the tube. If a processing key is revoked, hackers can use a player compatible with the new one, insert a disc that's already been cracked, and sniff around in memory for the new processing key.
This week's hack is only the latest sign that the plan to prevent the copying of digital content is less straightforward than Hollywood hoped. Over the past two months, a hacker on the same discussion board who goes by the nick muslix64 disclosed other ways to circumvent copy protections in Blu-ray and HD DVD. Unlike arnezami's method, however, the earlier approach relies on obtaining the unique key for a particular title, making the hack more cumbersome. ®
Monday, February 05, 2007
'Contact Us' and risk being DOS
Its intention was to create a channel for feedback and now they have manage to convert it into another form of attack.
Although it doesn't come as a surprise, this form of attack is indeed possible. The ingenius people have done it again.
Source Taken from The Register
The "contact us" feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers, according to UK-based security consultancy SecureTest.
The "contact us" feature is usually a form that allows surfers to submit comments to the people running a website. According to SecureTest, these forms can be used to launch denial of service attacks through endemic security weaknesses that have largely been overlooked.
The significance of the attack varies, depending on whether or not firms host their websites internally. Even sites hosted by third parties can still be vulnerable to denial of service attack through misuse of web-based forms, but the risk is probably worst for firms that cost their own systems.
In cases where firms host their own website, the server would normally sit in the DMZ between external and internal firewalls. The "contact us" form simply creates an email on submission and sends the content to your internal mail server for forwarding on to the relevant internal contact.
Typically, mail filters will treat the web server as an internal mail client, so reduced levels of filtering that may be in place. So if an attacker scripts an attack, battering the form with large volumes of submissions, he can easily cause a mail server to fall over.
Writing scripts to change the content of messages or launching the attack via a network of compromised PCs, therefore changing the source IP address of the submitter, increases the potency of the attack. If the form of features an auto-response the potential load placed on systems by the attack increases all the more, especially if the submitting address is invalid because this generates a bounced reply.
Attacks of this kind could lead to corporate mail systems being overwhelmed in a very short space of time, SecureTest warns.
Managing director Ken Munro said the flaw is overlooked by most organisations, and cited results from the firm's penetration testing work with clients. "When we're penetration testing, we ask clients if they've considered this style of attack. By explicit agreement with the client, with careful consideration to the time of day (or night!) for testing, we conduct a 'contact us' DoS, and in every case we've tried so far, the client's mail server stops responding during the test window," Munro told El Reg.
Fortunately, the attack is relatively easy to defend against.
Firms could rate-limit email traffic from the website, perhaps by using packet shaping techniques, but this risks losing genuine traffic. A better approach is to put a CAPTCHA on the "contact us" form so users are required to enter a short phrase from an image that's not machine readable as part of the form submission process. ®
Although it doesn't come as a surprise, this form of attack is indeed possible. The ingenius people have done it again.
Source Taken from The Register
The "contact us" feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers, according to UK-based security consultancy SecureTest.
The "contact us" feature is usually a form that allows surfers to submit comments to the people running a website. According to SecureTest, these forms can be used to launch denial of service attacks through endemic security weaknesses that have largely been overlooked.
The significance of the attack varies, depending on whether or not firms host their websites internally. Even sites hosted by third parties can still be vulnerable to denial of service attack through misuse of web-based forms, but the risk is probably worst for firms that cost their own systems.
In cases where firms host their own website, the server would normally sit in the DMZ between external and internal firewalls. The "contact us" form simply creates an email on submission and sends the content to your internal mail server for forwarding on to the relevant internal contact.
Typically, mail filters will treat the web server as an internal mail client, so reduced levels of filtering that may be in place. So if an attacker scripts an attack, battering the form with large volumes of submissions, he can easily cause a mail server to fall over.
Writing scripts to change the content of messages or launching the attack via a network of compromised PCs, therefore changing the source IP address of the submitter, increases the potency of the attack. If the form of features an auto-response the potential load placed on systems by the attack increases all the more, especially if the submitting address is invalid because this generates a bounced reply.
Attacks of this kind could lead to corporate mail systems being overwhelmed in a very short space of time, SecureTest warns.
Managing director Ken Munro said the flaw is overlooked by most organisations, and cited results from the firm's penetration testing work with clients. "When we're penetration testing, we ask clients if they've considered this style of attack. By explicit agreement with the client, with careful consideration to the time of day (or night!) for testing, we conduct a 'contact us' DoS, and in every case we've tried so far, the client's mail server stops responding during the test window," Munro told El Reg.
Fortunately, the attack is relatively easy to defend against.
Firms could rate-limit email traffic from the website, perhaps by using packet shaping techniques, but this risks losing genuine traffic. A better approach is to put a CAPTCHA on the "contact us" form so users are required to enter a short phrase from an image that's not machine readable as part of the form submission process. ®
