Zero Day

August 19th, 2008

Scammers caught backdooring chip and PIN terminals

Posted by Dancho Danchev @ 1:51 pm

Categories: Hackers, Passwords, Governments, United States of America, United Kingdom, Complex Attacks

Tags: Cybercrime, Credit Card Fraud, ATM Skimming, Banker Malware, Social Engineering, Dancho Danchev

The U.K’s Dedicated Cheque and Plastic Crime Unit (DCPU) have recently uncovered state of the art social engineering scheme, where once backdoored, chip and PIN terminals were installed at retailers and petrol stations in an attempt to steal the credit card details passing through. Originally, before online banking took place proportionally with the developments on the banker malware front, scammers used to take advantage of old-fashioned ATM skimming and fake keypad devices, which were installed at less popular locations due to the possibility of them getting caught. What this case demonstrates is that even trustworthy locations where you’d assume that a physical breach cannot take place that easily, remain vulnerable.

Read the rest of this entry »

August 19th, 2008

Android security team appeals to hackers

Posted by Ryan Naraine @ 12:31 pm

Categories: Hackers, Microsoft, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Data theft, Open source, Pen testing, Metasploit, Passwords, Arbitrary Code Execution, Complex Attacks, Mobile (In)Security, Anti Virus, Malware, Web 2.0

Tags: Team, Google Android, Mobile, Hacker, Android Platform Team, Security, Ryan Naraine

Already burned by the discovery of serious security vulnerabilities in its SDK, the Android Security Team emerged from the shadows this week with an appeal to the security community for help fixing flaws in the Linux-based mobile platform.

In a note posted to several public mailing lists, the open-source group published a detailed FAQ covering its security philosophy and process and made a direct request for hackers to use responsible disclosure (.pdf) ethics when vulnerabilities are discovered.

Read the rest of this entry »

August 19th, 2008

China busts hacking ring, managed to penetrate 10 gov’t databases

Posted by Dancho Danchev @ 7:47 am

Categories: Hackers, Black Hat, Passwords, Governments, People's Republic of China

Tags: Security, Hacking, Cybercrime, Dancho Danchev

If you needed a university certificate in China during the last couple of months, there’s a big chance that a group of ten people could have supplied with you such, going a step further and adding your details in more than ten government databases across different provinces in the country, making $300k in the process.

Shanghai Daily is reporting on this sophisticated group of local hackers who were selling “valid” educational certificates by modifying government databases. How they got caught? Apparently, by cross-checking the validity of the certificate, and since they couldn’t hack each and every database in order to add a reference to it, their business model was quickly detected and shut down.

Read the rest of this entry »

August 19th, 2008

Fortune 500 companies use of email spoofing countermeasures declining

Posted by Dancho Danchev @ 2:32 am

Categories: Spam and Phishing, Botnets, Phishing, Research

Tags: Fortune 500, Sender Policy Framework, DomainKeys Identified Mail, Dancho Danchev

Here’s a paradox - a technology originally meant to verify the sender of an email message for the sake of preventing spoofed messages from reaching the network, still hasn’t been embraced by the world’s biggest companies despite being around for years, but is actively used by adaptive spammers increasingly abusing legitimate services in order to take advantage of their identifiable email reputations.

A recently conducted study by Secure Computing’s TrustedSource reveals that, not only a mere 40% of the Fortune 500 companies use Sender Policy Framework and DomainKeys Identified mail, but also, that the ones who’ve implemented the countermeasures aren’t fully taking advantage of protection mechanisms offered at the first place.

Read the rest of this entry »

August 18th, 2008

DEFCON 16: List of tools and stuff released

Posted by Ryan Naraine @ 6:13 pm

Categories: Zero-day attacks, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Black Hat, Open source, Pen testing, Firefox, Metasploit, Passwords, eBay, Arbitrary Code Execution, Anti Virus, Web 2.0, Tools

Tags: Tool, E-mail Address, E-mail, Productivity, Online Communications, Ryan Naraine

 Guest editorial by Rob Fuller

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique.

I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at the “World’s Largest Boar!”, so to speak. One of the CTF (Capture the Flag) contest winners this year actually exclaimed that he only made it to 2 talks in 12 years! I am also one of those individuals who barely get a chance to go to talks and now that the speaker pool is so diverse, it’s hard to find all of the “stuff” they release.

Read the rest of this entry »

August 18th, 2008

uTorrent silently patches critical vulnerability

Posted by Ryan Naraine @ 4:23 pm

Categories: Patch Watch, Hackers, Browsers, Vulnerability research, Botnets, Exploit code, Pen testing, Metasploit, Passwords, Arbitrary Code Execution, Kernel-level Exploits, Anti Virus, Web Applications

Tags: Critical Vulnerability, Vulnerability, µTorrent, Rhys Kidd, Security, Ryan Naraine

If uTorrent is the client you use to download files, now might be a good time to hit that “check for updates” button.

According to security alerts aggregator Secunia, there’s a “highly critical” uTorrent vulnerability that could allow remote code execution attacks with rigged .torrent files.

From the advisory:

• Read the rest of this entry »

August 18th, 2008

Adobe Flash ads launching clipboard hijack attack

Posted by Ryan Naraine @ 2:52 pm

Categories: Patch Watch, Hackers, Apple, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Viruses and Worms, Pen testing, Mozilla, Firefox, Metasploit, Adobe, Flash, Arbitrary Code Execution, Anti Virus

Tags: Adobe Systems Inc., Advertisement, Attack, Security, Ryan Naraine

Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.

Here is a Mac OS X user explaining the attack:

Read the rest of this entry »

August 18th, 2008

From Metasploit to Microsoft: Skape goes to Redmond

Posted by Ryan Naraine @ 10:00 am

Categories: Patch Watch, Hackers, Microsoft, Windows Vista, Browsers, Vulnerability research, Botnets, Exploit code, Open source, Pen testing, Metasploit, Hirings and firings, Arbitrary Code Execution, Kernel-level Exploits, Complex Attacks, Malware, Reverse Engineering, Research

Tags: Microsoft Corp., Mitigation, Matt Miller, Microsoft Windows, Productivity, Tools & Techniques, Operating Systems, Software, Management, Ryan Naraine

Metasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft’s Security Science team.

Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through mitigations, according to an announcement by SDL guru Michael Howard.

Read the rest of this entry »

August 18th, 2008

Fedora infrastructure breach?

Posted by Ryan Naraine @ 8:05 am

Categories: Patch Watch, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Data theft, Open source, Pen testing, Passwords, Denial of Service (DoS), Locally Running Web Servers, Anti Virus

Tags: Fedora Project, Open Source, Security, Ryan Naraine

Has there been a security breach in Red Hat Fedora’s infrastucture systems?

According to a cryptic announcement posted to the Fedora-Announce mailing list, the open-source group is investigating an unspecified “issue in the infrastructure systems” that has resulted in widespread service outages.

In the note, Fedora maintainers recommend that end users avoid downloading packages on Fedora systems, which strongly hints at a security-related problem:

• Read the rest of this entry »

August 18th, 2008

Security vs. convenience: Apple chooses poorly

Posted by Ryan Naraine @ 6:06 am

Categories: Patch Watch, Apple, Vulnerability research, Punditocracy, Spam and Phishing, Spyware and Adware, Data theft, Open source, Pen testing, Passwords, Contributors

Tags: Password, Apple Inc., Oliver, Security, Ryan Naraine

Guest post by Oliver Day

My PowerBook is in the third year of its life and has begun falling apart on a regular basis. I’ve had the laptop in for repair at least five times this year alone.

Every time I bring my laptop in Apple employees ask me the same question: “What is your administrator password?”

The first time I heard this question, I thought he was joking. Apple is not kidding.

Read the rest of this entry »