Archive for category Vulnerabilities & attacks
Adobe Apologized for a 16 month-old-Bug
Posted by Mourad Ben Lakhoua in News, Software Security, Vulnerabilities, Vulnerabilities & attacks, Web Security on February 9, 2010
Adobe Company has officially apologized for the flash player 16 month old vulnerability that is still not fixed.
According to Adobe the bug has been eliminated in the beta flash player 10.1, but there still not yet a stable version for this release.
The bug officially was reported on the 22nd of September 2008 and all Flash player plug-in since the 9th version are affected. Many hackers used this gap to inject malicious code on victim’s machine.
Currently Adobe experts provided a special web page to check this vulnerability. The exploit really work you can test it following this link but before clicking you should make sure that you have another page open on the same browser.
Adobe Product Manager Emmy Huang promised that on the next Flash player 10.1 releases the vulnerability will be fixed without giving any sign on the final version date.
you can install the Adobe Flash Player 10.1 from Here.
make sure you subscribe to my RSS feed!
Hacker steals 8K customer logins
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Vulnerabilities & attacks on January 13, 2010
Hackers managed to steal authentication credentials for more than eight thousand New York based bank customers. The incident happened after by passing Internet security measures for an online banking system server.
According to early this week press release, the attack on Suffolk County National Bank (SCNB) started on the 18th of November last year and spent about six days while IT team has been aware of the incident only on the 24th of December during an internal audit mission. As a result 8378 online accounts were compromised, this is approximately less than 10% of the total customers number.
Once the problem has been identified, they immediately took down the server to start the investigation. And the bank confirmed to the customers that there is no evidence for unauthorized accounts access or any suspicious activity.
The most interesting is that for the last quarter of the last year the bank invested about 351 thousand dollar to protect their system and this incident proved that this amount of money is not enough to secure customers.
make sure you subscribe to my RSS feed!
Hewlett-Packard Fixes a Bunch of OpenView Vulnerabilities
Posted by Mourad Ben Lakhoua in Vulnerabilities, Vulnerabilities & attacks on December 11, 2009
Hewlett-Packard Company has released several patches for a bunch of vulnerability on OpenView Software products. HP advises administrators to install the patches immediately to mitigate the risk.
OpenView Network Node Manager (OV NNM) is affected by 12 critical bugs that attackers could use to execute remote arbitrary code and gain control over the system.
The vulnerable versions are OV NNM 7.01 and 7.35 running on HP-UX, Linux, Solaris and Microsoft Windows. But here it is important to note that fixes are released only to version 7.53 so to install the patches for all previous versions Admin are required to upgrade to the latest one and then install the updates.
About eleven of the twelve bugs are detected by TippingPoint and the last bug is reported by researcher from IBM X-Force unit.
So go a head To review the Support Communication –Security Bulletin and act upon as soon as possible.
make sure you subscribe to my RSS feed!
Microsoft to Fix 12 Vulnerabilities On Tuesday, While Sophos Alerts of fake Microsoft updates coming through email
Posted by Mourad Ben Lakhoua in News, Software Security, Vulnerabilities, Vulnerabilities & attacks on December 5, 2009
On this Tuesday we are going to have the regular monthly update by Microsoft the release will include a set of patches to fix 12 problem, we can find among the patches a fix to Internet Explorer 8 vulnerability.
These releases are issued for windows 2000, XP, Vista, Windows 7, Windows Server 2003, 2008 as well as IE 8, Office XP and Office 2003. Three patches status are critical, this means that the impact allows a hacker to use these bugs to run an arbitrary command remotely.
Internet Explorer 8 vulnerability will also be among the patches this bug can allow attacker to run malicious software on the system like Trojan or rootkit to steal credential and data authentication, Microsoft already warned of an existing exploit for this bug and recommends all customers to prevent this attack by keeping antivirus up to date, using a good Pc Firewall and installing all previous patches.
On the other hand Sophos security lab alerted of a fake email message that includes a link to an executable file Windows-KBxxxxx-ENU.exe which contains malware Mal/EncPK-LL here you can find the email image:
The source of the message appears coming directly from Steve Lipner, Microsoft’s Director of Security Assurance, it is here important to be careful and not follow direct links to executable files and make sure that you are updating your system from a trusted sources.
make sure you subscribe to my RSS feed!
US CERT Warns of PhoneSnoop Attack Against BlackBerry
Posted by Mourad Ben Lakhoua in Tools, Vulnerabilities & attacks, hacking on October 28, 2009
US-CERT Issued a new warning concerning a free application that allows a hacker to spy on phone conversation, the program should be installed on the victim device and after the installation a hacker will be able to listen to all victims call.
This free application called PhoneSnoop and despite the fact that this application provides a similar functionality as FexiSPY, this is the first free program of its kind. Chirashi Zensay the creator of this tool posted on his Blog: “PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner. While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware. I tweaked the application since my first post now allowing anyone to download, install and try it. PhoneSnoop now has the ability for a user to customize the ‘trigger number’; rather than me having to give out customized versions.”
This program has been released to demonstrate how it is easy to exploit vulnerability on the BlackBerry devices and currently there is an effort to release new software that can rout SMS over a hacker.
US-CERT currently encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.
make sure you subscribe to my RSS feed!
TippingPoint and Qualys Together To Mitigate Network Security Risks
Posted by Mourad Ben Lakhoua in News, Vulnerabilities & attacks on October 25, 2009
TippingPoint and Qualys Network security companies are about to develop and deliver a Network security software, to provide their customers a full package for corporate Network security.
Both companies are looking to build a business partnership to enhance their customer protection from the current threats and to be able to identify the New Network Vulnerabilities.
Under this agreement Intrusion prevention system from TippingPoint will be integrated with QualysGuard Vulnerability Management platform, In order to provide a full environment protection.
Here there were a recent report by SANS Institute found that there is a huge vulnerabilities in the application layer like web application that can be exploited from an unpatched user-side Application like Acrobat reader.
QualysGuard Vulnerability Management can help to monitor the network and TippingPoint IPS will provide an active vulnerability protection through its Digital Vaccine service and as a result we receive a combined vulnerability vision with a virtual patching by the Digital Vaccine filters and mitigate the risk against latest viruses and worms.
Here you can find more details about this partnership.
make sure you subscribe to my RSS feed!
SSLStrip : HTTPS stripping attack
Posted by Mourad Ben Lakhoua in Vulnerabilities & attacks, Web Security on October 17, 2009
Moxie Marlinspike demonstrated another way to compromise SSL based website at the BlackHat DC 2009,which is the HTTPS stripping tool called SSLStrip.
For example if we are looking to check our email on Gmail, we open our browser and we start typing the address: mail.google.com or gmail.com, and we don’t care about the page if it starts http:// or https://, because we know that it turns out automatically. Switching to protected resources is carried out through the normal http-protocol and it is possible to intercept it.
Moxie Marlispike has presented his second program called SSLStrip, the Idea behind the SSLStrip is that it can help attacker to intercept the request for a secure connection from the victim and force him to communicate over non secure http connection.
The tool is developed with python and it replaces secure links to non secure. So the picture is wonderful a server sends the entire content in secure channels for all clients, and the victim does not receive any warning or even suspect that he is using an unsecured connection. All traffic is not encrypted and in clear.
Moxie Marlinspike has run his tool SSLStrip on Tor proxy and in 24 hours he managed to get the following number of authentication credential:
- login.yahoo.com – 114
- Gmail – 50
- ticketmaster.com – 42
- rapidshare.com – 14
- Hotmail – 13
- paypal.com – 9
- linkedin.com -9
- facebook.com – 3
Actually SSLStrip is a very advanced way that combines homographic attack to create a Man In The Middle, this type of attack is based on user confusion to make him believe that the website is legitimate.
make sure you subscribe to my RSS feed!
SSLSniff: How it works?
Posted by Mourad Ben Lakhoua in Vulnerabilities & attacks, Web Security on October 9, 2009
Using emails, control panel, electronic banking system all these operations and others should be fully secure and protected. If all data are transmitted over a secure SSL connection many people think that it is fairly secure. But the question is that true?
The answer is yes but not 100%. To transmit data like login and password in a clear text is unsafe because an attacker can easily intercept, modify or replace it. That is why instead of using HTTP to check mail or to authenticate users we use secure HTTPS which is slower but provides encryption over SSL protocol.
SSL is built on asymmetric key. The public key is distributed to everyone, and with it data are encrypted. And each user has a private key to decrypt the data on the server. The public key is available from server to client and is issued as a certificate signed by the CA (Certification Authorities), and contains the following:
- Dates of Issue
- validity (date of expiring)
- The total (unique)reference of the issuer
- Public key publisher Name (source of certificate)
Actually there are two types of website certificate, the first is Root CA which is the most trusted and it is embedded in the browser so it can guarantee that the site is legitimate, the second is intermediate CA this one also can be used for signing website but it does not guarantee that the site is legitimate and are not embedded in the browser.
Now let’s imagine this scenario:
We have certificate for Sectechno.com; it is the last link at the certificate chaining (Root CA- Intermediate CA – Intermediate CA – Sectechno.com). Why don’t we make the site also as an intermediate? For example paypal.com or whatever the chain will looks like this (Root CA – Intermediate CA- Intermediate CA – Sectechno.com – paypal.com).
So here the browser will not check the value of these fields and he will determine it as a Root CA for paypal.com website and you can create certificate to any domain without the browser suspect that it is not a valid one.
This type of attack was demonstrated by Researcher Moxie Marlinspike at the Black Hat conference by using his tool SSLSniff , the SSLSniff allow a hacker to perform MITM (Man in the Middle) attack by intercepting all traffic that client request over the HTTPS protected website(login ,password…). So an attacker can create a certificate for a certain website and sign it with an existing certificate, and sniff all data sent by the victim and the vulnerability remains unpatched in Microsoft’s CryptoAPI.
Microsoft are planning for next week a bunch of patches for several products, about 13 fix to repair 34 vulnerabilities but there still nothing mentioned about the CryptoAPI bug.
make sure you subscribe to my RSS feed!
Defeating SSL Vulnerability Remain unfixed
Posted by Mourad Ben Lakhoua in News, Vulnerabilities & attacks, Web Security on October 4, 2009
It has been now Nine weeks since Moxie Marlinspike demonstrated the “new” way of attacking SSL at the Black Hat security conference by the help of his tool, called SSLstrip he was able to make a man-in-the-middle attack on normal, insecure http traffic and replaces links to secure https pages with normal http, so after a user submit the login and password or credit card credential the attacker can find all details in clear without the notice of victim.
Well Microsoft Internet explorer still not fixed to this vulnerability as well as other browser that support CryptoAPI, so here we have a great risk for our resources like VPN and Mail servers.
Actually the Bug ignore all characters like “/” and “0” but organization looks at the domain name, with or without these characters.
So an attacker can create a valid certificate name for your site and use it for example we need to issue a certificate for thoughtcrime.org than the string will be as follow:
www.bankofamerica.com\*thoughtcrime.org
Now the browsers that process SSL-Certificate over Microsoft library are Google Chrome, Apple Safari and Internet Explorer. On the other hand developers of Firefox fixed this Bug just few days after the Black Hat presentation.
make sure you subscribe to my RSS feed!
Critical Windows Remote Vulnerability Exploit
Posted by Mourad Ben Lakhoua in Pentesting, Vulnerabilities & attacks on September 30, 2009
A new post has been released yesterday providing a script to exploit a critical vulnerability in windows, the vulnerability has been discovered since the 7th of September.
Up to this Monday the vulnerability can lead only to a failure in the system but now and after Stephen Fewer from Metasploit issued this script publicly it is possible to run remotely on the vulnerable PC unauthorized software.
Recently security firm Immunity has developed its own code that uses this bug, but that was available only for their subscriber, while Metasploit made it freely available for the wide.
Members of the Metasploit project, which produces an open-source program for network testing, said that the exploit works on Windows Vista Service Pack 1, 2 and Windows 2008 SP1, SP2, on the other hand, according to Kostya Kortchinsky from Immunity, Metasploit code is completely unreliable. The expert said that he was able to make exploit work only with operating system that runs on virtual machine VMware. If he tried to apply it to Windows runs on physical machine it just fails.
In response,HD Moore from Metasploit team assumed that the attack definitely works on several physical machines, but it seems that additional test is required for it.
Now we find that there is a serious vulnerability and there still no patch available yet, Microsoft advice the following:
Mitigations that help prevent attacks
There are a number of mitigating factors that could aid in preventing attacks such as:
• Enterprise customers can disable SMBv2 using a simple registry script or the Fix It described above. Disabling SMBv2 prevents the vulnerable code from being reached.
• Consumers (not part of an enterprise network) are protected by the on-by-default firewall included in Windows Vista:
o The on-by-default Windows firewall protects vulnerable systems
o The on-by-default Windows firewall allows packets through only if a user explicitly shares a folder or printer.
o When a Windows Vista user chooses the ‘Public’ firewall setting, the firewall will block packets even if a folder or printer has been shared.
This can help to mitigate the risk till a patch will be issued. you can also test this vulnerability by using Metasploit framework which is also available on the BackTrack.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the Vulnerabilities & attacks category.
SUBSCRIBE
