November 19th, 2009

Inside the Google Chrome OS security model

Posted by Ryan Naraine @ 11:54 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Hackers, Microsoft, Open source, Passwords, Patch Watch, Responsible disclosure, Viruses and Worms, Vulnerability research, iPhone

Tags: Google Inc., Operating System, Web Browser, Google Chrome, Attack, End Goal, Web Browsers, Operating Systems, Security, Internet

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Read the rest of this entry »

November 11th, 2009

Apple Safari exposes Windows to drive-by download attacks

Posted by Ryan Naraine @ 1:37 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spyware and Adware, Vulnerability research

Tags: Apple Macintosh, Apple Safari, Microsoft Windows XP, Microsoft Windows Vista, Apple Inc., Attack, WebKit, Microsoft Windows, Apple Mac OS X, Apple Mac OS

Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks.

The high-priority update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site.  Some of the issues affect Microsoft’s new Windows 7 operating system.
Read the rest of this entry »

November 10th, 2009

Source code for ikee iPhone worm in the wild

Posted by Dancho Danchev @ 7:31 am

Categories: Apple, Botnets, Hackers, Malware, Viruses and Worms, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Dancho Danchev

Following last week’s systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author’s intention to raise awareness on the issue, the originally released as “closed source” code for the “awareness-building worm” has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone’s contacts and SMS messages.

Read the rest of this entry »

November 10th, 2009

Why is Apple meddling with my Windows AutoRun?

Posted by Ryan Naraine @ 6:46 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Digital rights management, Exploit code, Malware, Microsoft, Pen testing, Punditocracy, iPhone

Tags: Operating System, Apple Inc., Microsoft Windows, Apple iTunes, Digital Music, Digital Media, Operating Systems, Personal Technology, Consumer Electronics, Software

Guest editorial by Costin Raiu

In every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or worse, this is not what the users want.

The most popular example of this applies to Apple. Focusing on eye-catching designs and easy to use products, Apple is listed in almost every marketing book as a success story.

Interestingly, maybe their second most popular software product, Mac OS X (after iTunes) represents a curious blend between eye-catching, easy to use, flexible, usable and decently secure, modern operating system. Please notice how I avoided saying “secure” and instead, wrote “decently secure”. Read the rest of this entry »

November 9th, 2009

Mac OS X mega patch covers 58 security vulnerabilities

Posted by Ryan Naraine @ 2:17 pm

Categories: Adobe, Apple, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Open source, Passwords, Patch Watch

Tags: Security, Apple Macintosh, Apple Mac OS X V10.6 Snow Leopard, Update, Mac OS X Server, Server, Issue, Arbitrary Code Execution, Impact, Adaptive Firewall Description

Apple has dropped another mega-patch to cover a total of 58 documented vulnerabilities affecting the Mac OS X ecosystem.

The majority of the flaws could allow a remote attacker to gain complete control of an unpatched system, meaning that this update carries an “extremely critical rating.” Read the rest of this entry »

November 6th, 2009

Code execution hole in BlackBerry Desktop Manager

Posted by Ryan Naraine @ 7:33 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Mobile (In)Security, Passwords, Patch Watch, iPhone

Tags: Desktop, RIM BlackBerry, Handhelds, Hardware, Ryan Naraine

Research in Motion (RIM) has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software.

The vulnerability, which exists in a  Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager uses, allows a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. Read the rest of this entry »

November 3rd, 2009

iHacked: jailbroken iPhones compromised, $5 ransom demanded

Posted by Dancho Danchev @ 6:09 am

Categories: Apple, Botnets, Browsers, Complex Attacks, Hackers, Malware, Passwords, iPhone

Tags: Apple iPhone, SSH, Smart Phones, Consumer Electronics, Personal Technology, Security, Dancho Danchev

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.

Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.

Here’s what he demanded, and how he changed his attitude following the suspension of his PayPal and the spamvertised URL:

Read the rest of this entry »

October 9th, 2009

Google patches Android DoS vulnerabilities

Posted by Ryan Naraine @ 11:17 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Google, Mobile (In)Security, Patch Watch, Pen testing, Phishing, Responsible disclosure, Reverse Engineering, Spam and Phishing, iPhone

Tags: Google Inc., Phone, DOS, Vulnerability, Patch Management, Cell Phone, SMS, SMS Message, Text Messaging/SMS/MMS, Telephony

Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.

According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hackers to render Android-powered devices useless. Read the rest of this entry »

October 5th, 2009

The case of the fake money-mules: Inside the URLZone Trojan network

Posted by Ryan Naraine @ 2:00 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Exploit code, Malware, Passwords, Patch Watch, Responsible disclosure, Spam and Phishing, Spyware and Adware, iPhone

Tags: Account, Bank, Researcher, Network, Trojan Horse, Computer, Raff, Spyware, Spyware, Adware & Malware, Productivity

Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts.

URLZone, which targets computer users in Western Europe, is a botnet of approximately 6,000 hijacked computers that is used primarily to siphon funds from online bank accounts.  It steals between $4,000 and $15,000 from each compromised bank account and uses a nifty trick of modifying the withdrawn amount on the bank’s web site to avoid detection by the user.

Read the rest of this entry »

September 25th, 2009

Malware affiliate bounty: Infect a Mac, earn 43 cents

Posted by Ryan Naraine @ 6:03 am

Categories: Adobe, Anti Virus, Apple, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Flash, Locally Running Web Servers, Malware, Passwords, Patch Watch, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Web, Apple Macintosh, Malware, Desktops, Hardware, Ryan Naraine

GENEVA — In a sign that cyber-criminals are investing more time and resources into attacks against Apple’s Mac users, a new malware affiliate program has been discovered offering 43c for every infected Mac machine.

During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.

Read the rest of this entry »