Tag Archive: Hackers


Web attack knows where you live

Filed under: Exploit, Hackers, Malware, RootKit, Security, Technology by Ryan Boese — Leave a comment
August 3, 2010

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number.

It uses this number and widely available net tools to find out where a router is located.

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position.

Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

However, Mr Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed.

He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox web browser. This interrogates a Google database created when its cars were carrying out surveys for its Street View service.

This database links Mac addresses of routers with GPS co-ordinates to help locate them. During the demonstration, Mr Kamkar showed how straightforward it was to use the attack to identify someone’s location to within a few metres.

“This is geo-location gone terrible,” said Mr Kamkar during his presentation. “Privacy is dead, people. I’m sorry.”

Mikko Hypponen, senior researcher at security firm F Secure, attended the presentation and said it was “very interesting research”.

“The thought that someone, somewhere on the net can find where you are is pretty creepy,” he said.

“Scenarios where an attack like this would be used would be stalking or targeted attacks against an individual,” he added.

“The fact that databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly,” said Mr Hypponen.

Mr Kamkar detailed the attack during a presentation at the Black Hat hacker conference. In 2005, Mr Kamkar created a worm that exploited security failings in web browsers to garner more than one million “friends” on the MySpace social network in one day.

Prosecuted for the hack, Mr Kamkar was given three years’ probation, did 90 days of community service and paid damages. He was also banned from using the net for personal purposes for an undisclosed amount of time.

Tags: , , ,
Comment

Hackers could enslave iPad and iPhone: security firm

Filed under: Apple, Exploit, Hackers, Tablets by Ryan Boese — Leave a comment
August 3, 2010

A newly discovered vulnerability in the software that runs Apple Inc’s iPad and iPhone could allow hackers to remotely enslave the popular mobile devices, a security firm warned on Tuesday.

The flaw, which affects Apple’s iOS that also runs the iPod touch, could allow hackers “to take complete control of a vulnerable device,” French security firm Vupen reported on its website.

Company spokeswoman Natalie Harrison said the company was aware of the report.

“We’re investigating,” she said.

The vulnerability in iOS is the latest in a series of security bugs identified in mobile devices over the past week. Security experts at a hacking conference last week pointed out several vulnerabilities in Google Inc’s operating system for mobile phones and tablet PCs.

Vupen said attackers would need to trick a user into visiting a malicious website planted with a tainted PDF document before infecting an iPad tablet of iPhone smartphone.

Source: Reuters / Yahoo!

Tags: , , , , ,
Comment

JailbreakMe Exploits Serious iPhone Security Flaw

Filed under: Apple, Exploit, Hackers, Mobile, RootKit, Telecom, Unlocking, Wireless by Ryan Boese — Leave a comment
August 3, 2010

JailbreakMe makes the process of jailbreaking the Apple iPhone much simpler and less intimidating. Just visit a Web site on the iPhone, and voila! Jailbroken iPhone. Think about that for a minute, though. The simple act of visiting a Web site is able to fundamentally alter the core functionality of iOS.

jailbreaking the iPhone is technically legal–at least from a copyright and DMCA (Digital Millennium Copyright Act) perspective–having a tool that can accomplish it simply by visiting a Web site is awesome for less technically savvy iPhone owners.

However, if JailbreakMe is capable of unlocking the iPhone operating system by taking advantage of a flaw in the way the iPhone renders Adobe PDF files, then other applications can also exploit that same flaw for less-benevolent goals. What JailbreakMe illustrates is that the iPhone has a serious security issue that Apple needs to address.

For companies that allow the iPhone to connect with network resources, or that have embraced the iPhone as the business smartphone of choice, both the JailbreakMe tool itself, as well as any other malicious attacks that might circumvent iOS controls using the same method represent a security concern.

IT admins can use a tool like MAD (Mobile Active Defense) for the iPhone to monitor and enforce security policy on iPhones. Winn Schwartau, chairman of M.A.D. Partners, LLC–developers of Mobile Active Defense–explains that, with jailbreaking, “iPhone users can now download apps from anywhere they choose, not just the iTunes store. This signifies a far greater risk to companies who are trying to leverage the unique capabilities of the Apple platform. But, Mobile Active Defense provides a strong, workable and automatic solution that solves the jailbreaking problem on corporate networks.”

Companies have compliance mandates such as HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), and PCI-DSS (Payment Card Industry Data Security Standard) to follow, and the requirements dictate that IT admins must have control over the devices that connect to the network or process company data and communications. A jailbroken iPhone can interfere with the ability to do that.

Schwartau says that the MAD Mobile Enterprise Compliance and Security (MECS) server “can detect jailbreaking within one minute. That’s pretty cool. Once this clear violation of security policy is discovered, the MECS managed firewall issues immediate remediation options to the administrator.”

Detecting jailbreaking could mean intentional jailbreaking from a user trying to implement the JailbreakMe tool on an iPhone, or unintentional jailbreaking from a malicious attack exploiting similar means to take control of the iPhone. Either way–legal or not–IT admins need tools in place that help to monitor and enforce security policy on the iPhone and prevent users from jailbreaking the device.

Source: Yahoo!

Tags: , , , , , , , , ,
Comment

Google has two times more malware than Bing, Yahoo! and Twitter combined

Filed under: Bing, Google by Ryan Boese — Leave a comment
July 29, 2010

Barracuda released its Barracuda Labs 2010 Midyear Security Report, revealing data from two key areas: search engine malware and Twitter use and crime rate.

Searching for Malware

Barracuda Labs conducted a study across Bing, Google, Twitter and Yahoo!, over a roughly two-month period. The analysis reviews more than 25,000 trending topics and nearly 5.5 million search results. The purpose of the study was to analyze trending topics on popular search engines to understand the scope of the problem and to identify the types of topics used by malware distributors.

Key highlights from the search engine study include:

  • Overall, Google takes the crown for malware distribution – turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. Google presents at 69 percent; Yahoo! at 18 percent; Bing at 12 percent; and Twitter at one percent.
  • The average amount of time for a trending topic to appear on one of the major search engines after appearing on Twitter varies tremendously: 1.2 days for Google, 4.3 days for Bing, and 4.8 days for Yahoo!
  • Over half of the malware found was between the hours of 4:00 a.m. and 10:00 a.m. GMT.
  • The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.

The dark side of Twitter

Barracuda Labs analyzed more than 25 million Twitter accounts, both legitimate and malicious. The purpose of this part of the study was to measure and analyze account behavior on Twitter in order to model normal user behavior and identify features that are strong indicators of illegitimate account use. The study reviews several key areas including True Twitter Users, Twitter Crime Rate, and Tweet Number.

Key highlights from the Twitter research include:

  • In general, activity is increasing on Twitter: more users are coming online; True Twitter Users are tweeting more often, and even casual users are becoming more active. As users become more active, the malicious activity also increases.
  • Only 28.87 percent of Twitter users are actual True Twitter Users.
  • Half of Twitter users tweet less than once a day, yet one in 10 users tweet five or more times a day and 30 percent of Twitter accounts have never tweeted.
  • One in every eight Twitter users has at least 10 times more followers than they are following.
  • Only one in 10 users is following more than 100 users, and almost half are following less than five.

Source:  Help Net Security

Tags: , , , , , , , ,
Comment

Wi-Fi WPA2 Vulnerability Found

Filed under: Exploit, Hackers, Security, WiFi by Ryan Boese — Leave a comment
July 24, 2010

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. “…wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named ‘Hole 196′ by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. ‘There’s nothing in the standard to upgrade to in order to patch or fix the hole,’ says Kaustubh Phanse, AirTight’s wireless architect who describes Hole 196 as a ‘zero-day vulnerability that creates a window of opportunity’ for exploitation.” Wi-Fi Net News has some more detail and speculation.

Source: Slashdot

Tags: , , , ,
Comment

Microsoft patches critical bugs in Windows, Office

Filed under: Computers, Exploit, Hackers, Internet, Security, Windows by Ryan Boese — 5 Comments
July 13, 2010

Microsoft today patched five vulnerabilities in Windows and Office, including a bug hackers have been exploiting for almost a month.

As expected, today’s patch slate was short: Just four security updates that included fixes for five separate flaws. Of the four updates, three were rated “critical,” the highest threat ranking in Microsoft’s four-step scoring system. All five of the specific vulnerabilities patched today were also rated critical.

Two of the bulletins affected Windows, while the remaining pair impacted Office. Four of the five vulnerabilities in the bulletin quartet were pegged by Microsoft with an exploitability index score of “1,” meaning that the company expects attacks to materialize in the next 30 days.

But there were few surprises. Last week Microsoft revealed that the two Windows updates would address already-acknowledged bugs in Windows XP and Windows 7.

The most prominent of the pair was MS10-042, the update that addressed the vulnerability in Windows XP’s Help and Support Center, a feature that lets users access and download Microsoft help files from the Web and can be used by support technicians to launch remote support tools on a local PC.

In early June, Tavis Ormandy, a security engineer who works for Google, published attack code for the bug — which also affected Windows Server 2003 — and immediately unleashed a heated debate. While some security researchers criticized Ormandy for taking the bug public, others rose to his defense, blasting both Microsoft and the press — including Computerworld — for linking Ormandy to his employer.

Ormandy disclosed the vulnerability five days after reporting it to Microsoft after he said the company wouldn’t commit to a patching deadline. Microsoft has disputed that, claiming that it only told Ormandy it would need the rest of the week to decide.

Users and IT administrators should apply the MS10-042 patch as soon as possible, agreed several researchers. “This is actively being exploited to target XP desktop systems,” said Jason Miller, the data and security team manager for Shavlik Technologies. Miller also noted that Windows XP remains the most-popular version of Windows on both consumer and business PCs, a fact that Microsoft itself stressed yesterday when a company executive said that XP was on 74% of all corporate machines.

“I’m impressed that Microsoft was able to do a turn-around on this as quickly as they did,” said Miller. “Some bugs linger for months out there.”

Microsoft was first told of the Help and Support Center flaw on June 5, and confirmed that by June 15, attacks were exploiting the bug.

The other Windows update, MS10-043, patches a single bug in the 64-bit version of Windows 7 and Windows Server 2008 R2. Microsoft confirmed the vulnerability in May with a security advisory, noting then that the flaw was in Windows’ Canonical Display Driver, which blends the operating system’s primary graphics interface, dubbed Graphics Device Interface (GDI), and DirectX to compose the desktop.

Source: Computer World

Tags: , , , , , ,
Comment

Access Hulu from Outside the U.S. Without a Proxy Server

Filed under: Computers, Hackers, Hulu, Linux, Mac, Mozilla, Windows by Ryan Boese — Leave a comment
July 10, 2010

We’ve featured one or two ways to watch Hulu from outside the US, but one user over at Reddit has discovered another method, no outside proxy server required. All you need is a Firefox add-on and a few blocked ports.

First, download the Modify Headers add-on for Firefox. Once installed, go to Tools > Modify Headers in Firefox and add a new filter by clicking on the drop-down menu and hitting “add”. In the first box, type X-Forwarded-For and in the second box, type in the IP adddress of any US web site. Leave the third box blank, and then save and enable the filter.

Next, block TCP and UDP port 1935. To do so on Mac, all you need to do is type the following in a Terminal window:

sudo ipfw add 0 deny tcp from any to any 1935
sudo ipfw add 0 deny udp from any to any 1935

Linux users can install iptables to do it through Terminal as well, with the commands:

iptables -A INPUT -p tcp --dport 1935 -j DROP
iptables -A INPUT -p udp --dport 1935 -j DROP

Windows users should be able to follow these instructions to correctly block the ports.

This method should allow access not just to Hulu, but many other US-only streaming sites. Note that this may disable Flash on other sites, so you’ll only want to enable this while you’re watching video on one of these sites. We Lifehacker editors are all in the US, however, so we can’t verify the efficacy of this method. THus, be sure to let us know what does and does not work for you in the comments, and we’ll edit the post accordingly. Also be sure to check out the original post at Reddit and the comments over there, as they have been honing the method quite well.

Source: LifeHacker

Tags: , , , , ,
Comment

Geohot Jailbreaks Apple iPhone 4

Filed under: Apple, Exploit, Hackers, Technology, Telecom, Unlocking, Wireless by Ryan Boese — 1 Comment
July 10, 2010

After months of silence, Geohot has finally published a new blog post in which he talks about iPhone 4 jailbreak situation, limera1n, and Pwned4life exploit which he recently talked about at the Nuit Du Hack conference in Paris. According to his latest blog post, he has managed to jailbreak his iPhone 4 the day it got delivered to him by mail. This is what he writes on his blog:

“As far as a release goes, it probably won’t happen from me. limera1n is little more than a raindrop on a website; it was never mentioned by me previous to this post. pwned4life is a complete invention of some blogger in a basement somewhere. When I said pwned for life, I was referring to the original iPhone, 3G, and Touch; which of course are, by the aptly named PwnageTool.

Again, please don’t ask for release dates. Every person that does makes me want to release a little bit less.”

As for the release dates, it probably wont happen from him. Comex’s Spirit like jailbreak tool is still the most likely candidate for the release, which will probably happen once Apple rolls out the new iOS 4.0.1 / 4.1 firmware update for iPhone 4, 3GS and 3G.

Source: RedmondPie

Tags: , , , , , , , , , ,
Comment

Computer Virus Strikes South Korea

Filed under: Computers, Exploit, Hackers, Security, Virus by Ryan Boese — Leave a comment
July 8, 2010

South Korean government and private websites have come under cyber-attack a year after a major attack briefly crippled sites domestically and in the United States, officials said on Thursday.

Five websites including those of the Presidential Blue House and the Foreign Ministry were attacked on Wednesday but little damage was done, the Korea Communications Commission (KCC) said.

On July 7, 2009, the so-called distributed denial-of-service (DDoS) attacks shut down 25 Internet sites for hours – 11 in South Korea and 14 in the United States.

‘The DDos attacks resumed exactly a year later as some contaminated PCs were left untreated,’ the KCC said in a statement.

‘However, no obstacles were created in getting access to those sites as the traffic from zombie computers was negligible,’ it said, referring to computers unknowingly contaminated with a virus.

The commission told Internet service providers to urge those using contaminated computers to erase the virus.

Source: AFP

Tags: , , , ,
Comment

iPhone 4 close to being hacked, says iPhone Dev Team

Filed under: Apple, Exploit, Hackers, Technology, Telecom, Unlocking, Wireless by Ryan Boese — 1 Comment
July 8, 2010

The hacker group known as iPhone Dev-Team apparently is close to unlocking iPhone 4 in order to run unofficial apps and to use other GSM cellular networks. Unlocking the operating system, usually termed jailbreaking, lets the user further customise the phone and load and run applications apart from Apple’s iTunes/App Store website.

Unlocking the cellular baseband, sometimes called either a carrier unlock or a SIM (Subscriber Identity Module) unlock, means the phone can accept a different SIM card to work on other GSM networks.

Wikipedia has an exhaustive account of iPhone/iOS jailbreaking attempts and tools. Some bloggers, such as Mic Wright at ElectricPic.com, are already making their wish lists of jailbroken applications, which need a custom installer such as Cydia. Wright listed five:

  • Allowing Apple’s FaceTime video chat to work on 3G cellular connections.
  • Support for 720p high definition video uploads, not just downloads.
  • Installing custom wallpapers and themes, changing iPhone icons, and so on, similar to the capabilities in Winterboard (iPhoneHeat.com has a Winterboard tutorial).
  • And an application to turn the iPhone 4 WiFi adapter into a local hotspot, letting other devices attach to the iPhone and share its 3G connection to the Internet.
  • Wireless gaming controller to work with the Wii, Xbox 360 or PS3, exploiting the iPhone 4′s new gyroscope.

Early on July 5, one of the developers, Planetbeing tweeted (@planetbeing) that he had accessed the baseband bootrom: “The baseband bootrom: c43b30a4ae92571338d93cc42c4050a40dce1e2a. However, @musclenerd and I have run into a speed-bump.” A little later MuscleNerd tweeted: “Now that we have iPhone4 baseband bootrom, we can compare it to earlier 3G/3GS bootroms to see if any bug-fixes pop out.”

Apple’s iOS4 is a major upgrade, including a new baseband, as CNET.com noted. To complete the carrier unlock, the team has to rewrite the baseband code.

Apple has apparently included new code to frustrate the efforts of unlockers and jailbreakers. On July 4, Planetbeing tweeted: “Apple added an anti-blacksn0w trick this time around. ;) i have an ever-growing bag of tricks though, wrapped in a nice python script.”

Blacksn0w is an unlocking application for iPhone 3G and 3GS, created by George Hotz, known as GeoHot. It was released in fall 2009, able to unlock the then-latest version of the baseband. It was subsequently included in Hotz’s blackra1n jailbreaking application. Hotz himself apparently is not working on a iOS4 jailbreak application. In response to speculative tweet by a third Dev-Team member, @comex, @geohot tweeted: “@comex not sure why you wrote I am about to release. like you, I don’t even own an iphone 4.”

According to MuscleNerd, in a July 6 tweet, Comex is advancing a jailbreak similar to his Spirit application: “the next jailbreak from @comex is like first Spirit… all devices, all bootroms, latest FW, painless install.” Spirit was released in March 2010, allowing a user to jailbreak a wide range of iOS 3-based devices, including the new iPad tablet. One big change, according to the Wikipedia entry, is that the iOS device no longer must be plugged into (“tethered”) to a computer.

The Dev-Team has already released a jailbreaking tool, PwnageTool 4.01, for iOS devices that can support iOS4 – iPhone 3G and 3GS, and iPod touch 2G. The application, which runs on Mac OS X, can create custom iOS firmware images.

Source: TechWorld

Tags: , , , , , , , , ,
Comment