Posts Tagged Attacks
US CERT Warns of PhoneSnoop Attack Against BlackBerry
Posted by Mourad Ben Lakhoua in Tools, Vulnerabilities & attacks, hacking on October 28, 2009
US-CERT Issued a new warning concerning a free application that allows a hacker to spy on phone conversation, the program should be installed on the victim device and after the installation a hacker will be able to listen to all victims call.
This free application called PhoneSnoop and despite the fact that this application provides a similar functionality as FexiSPY, this is the first free program of its kind. Chirashi Zensay the creator of this tool posted on his Blog: “PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner. While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware. I tweaked the application since my first post now allowing anyone to download, install and try it. PhoneSnoop now has the ability for a user to customize the ‘trigger number’; rather than me having to give out customized versions.”
This program has been released to demonstrate how it is easy to exploit vulnerability on the BlackBerry devices and currently there is an effort to release new software that can rout SMS over a hacker.
US-CERT currently encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.
make sure you subscribe to my RSS feed!
HTTP DoS-attack tool on Apache web server
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on June 22, 2009
Robert Hansen, a guru in the field of security, has released a new tool for DoS-attacks, exposing serious Web server’s vulnerabilities including Apache and other servers.
Hansen called his tool Slowloris , the most interesting in this utility that it can cause a DoS attack without using a huge amount of traffic as we usually find in other DoS tools.
According to Hansen typically 1000 machine are required to crash down a web server by bombarding the site with traffic but for Slowloris is not the case because it takes up all the available connection for the server by sending unlimited http requests without closing those connections and this makes Apache waiting for the response too long. Apache web servers do have a limit for number of threads which can be used to deplete the memory and cause defacement.
This vulnerability concerns Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, and Squid, but still not subject to IIS6,IIS7 and lighttpd because these systems deal with the number of open connections.
This tool is available for free on http://ha.ckers.org/slowloris/ but it is important to note that the attack will not work against the large Web sites with load balancing mechanisms 
so just try it locally and it should be used just for the educational purposes.
Astalavista.com Owned!
Posted by Mourad Ben Lakhoua in News, hacking on June 6, 2009
Astalavista website was hacked by hackers referring themselves as anti-sec group.
Astalavista used to be a hacking and security community that started in 1994 and was one of the first search engines for exploit and computer security information. It has provided a board for hacking & security community to share the latest techniques for software cracking, spyware editing, and viruses.
According to anti-sec group they targeted http://astalavista.com to the fact that they are not doing any of this for the “community” but for the money, they spread exploits for kids, claim to be a security community (with no real sense of security on their own servers), and they charge you $6.66 per months to access a dead forum with a directory filled with public releases and outdated / broken services. We wanted to see how good that “team of security and IT professionals” really is.
And they also shared the shell command to getting into the webserver which you can find on the Zone-h website.
Malware attacks 'on the rise'
Posted by Mourad Ben Lakhoua in Cybercrime on May 11, 2009
Cases of malware attacks around the world are continuing to rise, new research has suggested.
The study by security firm Fortinet found that certain countries are being targeted, with attacks on China coming in at the top of the list.
A 45 per cent increase in malware attacks was recorded in the Asian country in April when compared with the same period in 2008, the research found.
‘April was a busy month for cyber criminals, who unleashed the most aggressive malware attacks thus far this year,” Derek Manky, project manager for cyber security and threat research at Fortinet, told Vnunet.com.
‘We believe that this upward trend will endure, and that online gaming attacks will continue to dominate the estimated $2 billion [£1.3 billion] annual market.’
Mary Landesman, senior security researcher at ScanSafe, added to the news provider: ‘With malware increasing in volume and sophistication, and no foreseeable slowdown in sight, it is more important than ever that companies have a comprehensive web security solution in place.’
[Source: BCS]
make sure you subscribe to my RSS feed!
International hackers, many from China, are attacking NYPD computers
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on April 24, 2009
A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD‘s computer system, the city’s top cop revealed Wednesday.
Commissioner Raymond Kelly said the perpetrators have yet to succeed, but their relentless activities have prompted the force to raise its guard against high-tech crime.
“It’s a threat that we must continue to pay close attention to every day,” Kelly said in a speech to the Council on Foreign Relations.
Kelly said the threat is similar to a shocking cyber espionage plot recently uncovered at the Pentagon.
China-based hackers successfully cracked the Pentagon’s computers and gleaned design features of the F-35 Joint Strike Fighter jet program being developed by Lockheed Martin, the Wall Street Journal reported Monday.
[Source: Daily News]
If you enjoyed this post, make sure you subscribe to my RSS feed!
Cyberspies hack into U.S. fighter project
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on April 21, 2009
Computer spies have repeatedly breached the Pentagon’s costliest weapons program, the $300 billion Joint Strike Fighter project, The Wall Street Journal reported on Tuesday.
The newspaper quoted current and former government officials familiar with the matter as saying the intruders were able to copy and siphon data related to design and electronics systems, making it potentially easier to defend against the plane.
The spies could not access the most sensitive material, which is kept on computers that are not connected to the Internet, the paper added.
Citing people briefed on the matter, it said the intruders entered through vulnerabilities in the networks of two or three of the contractors involved in building the fighter jet.
Lockheed Martin Corp is the lead contractor. Northrop Grumman Corp and BAE Systems PLC also have major roles in the project. Lockheed Martin and BAE declined comment and Northrop referred questions to Lockheed, the paper said.
[Source: Reuters]
Hackers attack antivirus firm's tech-support site
Posted by Mourad Ben Lakhoua in Web Security on February 16, 2009
A Kaspersky Lab technical support site was hacked late last month, exposing private customer information for 11 days, the Moscow-based security company admitted last week. The company learned of and closed the breach on Feb. 7 after it was notified by the Romanian hackers.
“This is not good for any company, especially for a company dealing with security,” acknowledged Roel Schouwenberg, a senior antivirus researcher at Kaspersky, in a conference call last week. “This should not have happened.”
The company had revamped the U.S. support site and relaunched it on Jan. 28. From that point until Feb. 7, the support database was open to attack, Schouwenberg said. The revamped site has now been replaced by the old version.
The article is available here
New style of DNS amplification can yield powerful DDoS attacks
Posted by Mourad Ben Lakhoua in News on February 5, 2009
A new class of distributed denial-of-service (DDoS) attacks, which can overwhelm even mainstream targets, is imminent, a security researcher warned this week.
DNS amplification was first widely publicized about three years ago when computer security experts Gadi Evron and Randal Vaughn published a research paper that examined a scenario in which criminals abuse recursive DNS name servers by using spoofed user datagram protocol (UDP) packets.
The technique soon will be used against more mainstream commercial sites thanks to a new variant in which criminals do not have to rely on recursive queries, Jackson said.
“This new tactic uses a very short query, asking simply the name servers for the ‘.’ domain [a single dot],” he wrote Monday in an analysis of DNS amplification. “This domain is the root server domain, so the answer is large [or long]. A list of all the root domain name servers is sent back in response.”
“We are 100 percent certain that this tactic will be used in the next major DDoS attack,” Jackson said.
DDoS attacks traditionally work when attackers leverage compromised host computers — namely, botnets — to send an extreme amount of traffic to their targets.
But if criminals lack access to a large botnet or face a significant target, they turn to DNS amplification, Jackson said. This technique allows attackers to send a little bit of data to a name server, which, in turn, sends a lot of data to the attacker’s target.
David Ulevitch, founder and CTO of OpenDNS, a DNS resolution service, said few ISPs have fixed their servers since DNS amplification first appeared on the scene, and it is unlikely they are aware of this new variant.
“The bad guys have figured out the population of people they can use as unwitting accomplices is much larger than they previously thought because all DNS servers could potentially be [used to attack] a victim,” Ulevitch told SCMagazineUS.com on Wednesday.
By spoofing the source and inserting the IP address of the target, an attacker is able to direct the amplified traffic to an intended target — the “long” responses will be sent there, Jackson said.
“With or without recursion, the significance of this [new DNS amplification variation] is that even if your name server is configured using the best practices up until [now], it was still vulnerable to this technique,” he said.
Jackson, in his analysis of this new technique, offers solutions for DNS server operators to limit or block the threat.
The article is available here
SUBSCRIBE
Latest Comments