“You don’t have to have access to any emails, passwords, or any other credentials. You simply grab the information from the WHOIS, write a letter with an attached photo-shopped ID with the same name, send it from a random email address, and the domain will be handed to you fairly quickly.”
via How Do You Hijack a Popular Streaming Movie Site? With Ease, Apparently | TorrentFreak.
I’ve been a longtime friend to one cyber warrior. On condition of anonymity, he agreed to be interviewed about what he does for a living and allowed me to record our conversation on a device he controlled, from which I transcribed our conversation. I was able to ask clarifying questions the next day.
via In his own words: Confessions of a cyber warrior | Security – InfoWorld.
Today I am publishing 5 Linksys router vulnerabilities so that consumers may be aware of the risks.
linksys vulns.txt
via Don’t Use Linksys Routers « Superevr.
I run a WRT54GL in my network but installed tomato on it because I never liked the linksys GUI and wanted to try out tomato. Here’s his take on the WRT54GL:
1. Linksys WRT54GL Firmware Upload CSRF Vulnerability
I demonstrate Cross-Site File Upload in my BlackHat and AppSec USA talks. If you need more info on the vector itself, check out How to upload arbitrary file contents cross-domain by Kotowicz.
I suspect these kind of exploits exist in all consumer grade routers.
The above web applications fail to assign new session identities, which allows for a session fixation attack in which the accounts can be hijacked
The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash. When the McRAT successfully installs in the compromised endpoint as an EXE (MD5: 4d519bf53a8217adc4c15d15f0815993), it generates the following HTTP command and control traffic:
POST /59788582 HTTP/1.0
Content-Length: 44
Accept: text/html,application/xhtml+xml,application/xml,*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 110.XXX.55.187
Pragma: no-cache
It should be possible to detect this using something like snort at the firewall/gateway.
TL;DR – An attacker can bypass Google’s two-step login verification, reset a user’s master password, and otherwise gain full account control, simply by capturing a user’s application-specific password (ASP).
via Bypassing Google’s Two-Factor Authentication – Blog · Duo Security.
Also From: Google Security Vulnerability Allowed Two-Step Verification Bypass – Dark Reading.
A successful attack would require first stealing a user’s ASP, which could theoretically be accomplished via malware or a phishing attack.
According to information obtained by SJD the accusations are not made up. This means that the IP-addresses were indeed “caught” sharing the files listed in the letter. However, it is a mystery how the “Internet Copyright Law Enforcement Agency” obtained the home addresses of the subscribers.
via Scammers Extort BitTorrent Users Posing as Law Enforcement | TorrentFreak.
It was only a matter of time before these kind scams surfaced. The outfit in question is here. Fearful of real life charges of real crimes involving interstate commerce probably convinced them to publish this on their site:
Effective immediately, the Internet Copyright Law Enforcement Agency has ceased operations. Please disregard any notices you received from us, and please do not send us any payments.
Hiding malicious code inside image files isn’t new: way back in ye olden days of 2004, malware hidden inside JPEG files plagued Windows machines. Some administrators are doubtlessly wondering why, after all this time, this sort of vulnerability hasn’t been decisively eliminated from the online world.
via TIFF Files Can Attack BlackBerry Server.
From: BlackBerry Vulnerability Could Allow Access to Enterprise Server
An attacker could rig a TIFF image with malware and get a user to either view the image via a specially crafted website or send it to the user via email or instant message. The last two exploit vectors could make it so the user wouldn’t have to click the link or image, or view the email or instant message, for the attack to prove successful. Once executed, an attacker could access and execute code on Blackberry’s Enterprise Server. According to the advisory, an attacker could also “extend access to other non-segmented parts of the network,” depending on privileges.
In this case, the website of a legitimate mobile developer was targeted, with the attackers knowing the people they were really targeting (Facebook, Twitter etc) would sooner or later come to visit the site, allowing them to infect the computers of these organisations.
This type of attack allows hackers to infiltrate systems otherwise closed off to them as Facebook’s own security would spot a straight forward attack.
via Facebook Hacks Points to Much Bigger Threat for Mobile Developers – IBTimes UK.
The article mentions how many app developers on Mac platforms are operating with a false sense of security. Interesting read.
Sullivan has this advice for mobile app developers:
“Any developer who has Java enabled in his browser, has visited mobile developer websites in the last couple of months, and finds evidence his computer is compromised – probably should use his source code versioning system to check recent commits.”
Published on Jan 29, 2013
Belkin WeMo with latest firmware. Able to gain full root access and send commands including changing the state of connected device via flaw in UPnP implementation. Chose a small desk lamp and simple on/off sequence due to safety concerns. Real world this could be a fan or space heater and rapidly turn on/off without limitation. Updates with PoC soon to come.
via Belkin WeMo remote shell and rapid state change exploit – YouTube.
Stuff like this amaze me. Again. Just because you can put an IP stack on something doesn’t mean you should! Below is a video showing how to break in to this device that simply controls an electric outlet. He uses Backtrack 5 to break in. Backtrack is a very useful set of security research tools. The video inspires me to fire up my copy and break into something. 🙂