November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

November 10th, 2009

Commercial spying app for Android devices released

Posted by Dancho Danchev @ 2:07 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Spyware and Adware

Tags: Mobile, Malware, Mobile Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.

Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.

More details:

Read the rest of this entry »

October 28th, 2009

Firefox hit by multiple drive-by download flaws

Posted by Ryan Naraine @ 7:34 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Malware, Mozilla, Open source, Passwords, Patch Watch, Privacy, Responsible disclosure, Vulnerability research

Tags: Mozilla Firefox, Attacker, Flaw, Vulnerability, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Mozilla’s flagship Firefox browser is vulnerable to at least 11 “critical” vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.

The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser’s form history. Read the rest of this entry »

October 19th, 2009

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

Posted by Dancho Danchev @ 10:32 am

Categories: Anti Virus, Browsers, Complex Attacks, Data theft, Hackers, Kernel-level Exploits, Malware, Passwords, Privacy, Research, Rootkits, Spyware and Adware, Tools

Tags: USB, Laptop Computer, Attack, TrueCrypt, Mobile Proximity Alarm, Security, Hardware, Notebooks & Tablets, Dancho Danchev

Security researcher Joanna Rutkowska has released a PoC (proof of concept) of a keylogger that is capable of logging TrueCrypt’s disk encryption passphrase enabling the attacker to successfully decrypt the hard drive’s content.

Dubbed, the ‘evil maid’ attack due to its ‘plug-and-exploit’ functionality requiring 1-2 minutes for the infection process to the take place, works with the latest TrueCrypt versions 6.0a - 6.2a.

Here’s how it works, and TrueCrypt’s response:

Read the rest of this entry »

October 19th, 2009

Commonwealth fined $100k for not mandating antivirus software

Posted by Dancho Danchev @ 8:11 am

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, PCI, Passwords, Pen testing, Privacy, Rootkits

Tags: Electronic Banking, Antivirus Software, Commonwealth Financial Network, Banking, Security, Viruses And Worms, Financial Services, Dancho Danchev

According to a recently published SEC cease-and-desist order, the Commission has recently fined Commonwealth Financial Network $100,000, for not mandating antivirus software on the computers of its representatives, leading to a security incident which took place in November 2008, allowing the cybercriminal behind the attack to place eighteen unauthorized purchase orders, resulting in $523,000 of unauthorized purchases.

Despite Commonwealth’s brisk reaction which greatly minimized the financial impact of the compromised accounts, the incident took place shortly after a representative contacted the IT Help Desk indicating a malware infection might have taken place without receiving “follow-up” attention:

Read the rest of this entry »

September 16th, 2009

Phishers introduce 'Chat-in-the-Middle' fraud tactic

Posted by Dancho Danchev @ 4:17 pm

Categories: Botnets, Browsers, Data theft, Hackers, Passwords, Phishing, Privacy, Spam and Phishing

Tags: Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Phishers don’t just want to “bank with you”, they also want to talk you into revealing the answers to your ’secret’ questions, next to more sensitive information that would help them gain access to your online bank account.

A new ‘Chat-in-the-Middle’ fraud tactic was recently discovered by the RSA FraudAction Research Lab, according to which the phishing site intercepted is using the hosting services of a well known managed cybercrime network, with the campaign itself in an apparent test mode since they’ve only detected a single instance of the attack.

Here’s how it works, and why going mainstream with such a feature from a phisher’s perspective may in fact make their phishing campaign a less profitable, and much more time-consuming process than it currently is:

Read the rest of this entry »

August 12th, 2009

eBay warns of developer password-theft flaw

Posted by Ryan Naraine @ 9:42 am

Categories: Browsers, Data theft, Malware, Passwords, Patch Watch, Privacy, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Web Applications, eBay

Tags: Developer, Password, Flaw, eBay Inc., Kandaswamy, Ryan Naraine

If you are a member of the eBay Developer Program, you might want to change your password immediately.

According to a warning from eBay’s Kumar Kandaswamy, a vulnerability in the service allows malicious hackers to gain information to developer accounts.  The company is strongly encouraging its user base to change passwords to the developer.ebay.com portal.   The flaw does not affect ebay.com accounts.

Read the rest of this entry »

August 12th, 2009

Apple plugs code execution, phishing holes in Safari browser

Posted by Ryan Naraine @ 6:39 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Open source, Passwords, Patch Watch, Pen testing, Phishing, Privacy, Responsible disclosure, Vulnerability research, Windows Vista

Tags: Apple Macintosh, Apple Safari, Microsoft Windows Vista, Apple Inc., Web Site, Web Browser, Arbitrary Code Execution, Application Termination, Browser Version, Phishing

Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks.

The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks.

Here’s a snapshot of the vulnerabilities being fixed:

Read the rest of this entry »

August 11th, 2009

Password-reset flaw haunts WordPress admins

Posted by Ryan Naraine @ 8:17 am

Categories: Browsers, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Open source, Passwords, Patch Watch, Privacy, Responsible disclosure, Vulnerability research, Web Applications

Tags: Administrator, Flaw, Wordpress, Security, Ryan Naraine

Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform.

The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.

Read the rest of this entry »

August 5th, 2009

Mozilla shuts online store after security breach

Posted by Ryan Naraine @ 11:53 am

Categories: Browsers, Data theft, Firefox, Malware, Mozilla, Open source, Phishing, Privacy, Web Applications

Tags: Online Store, Mozilla Corp., Mozilla Store, GatewayCDI, Security, Ryan Naraine

The Mozilla Foundation has shuttered its e-commerce store after confirming a security breach at GatewayCDI, the third-party vendor that handles the store’s backend operations.

The open-source groups said it has asked Gateway CDI to quickly notify individuals who had their sensitive data compromised.  Mozilla did not elaborate on the extent of compromised customer data.

Read the rest of this entry »