November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

November 3rd, 2009

iHacked: jailbroken iPhones compromised, $5 ransom demanded

Posted by Dancho Danchev @ 6:09 am

Categories: Apple, Botnets, Browsers, Complex Attacks, Hackers, Malware, Passwords, iPhone

Tags: Apple iPhone, SSH, Smart Phones, Consumer Electronics, Personal Technology, Security, Dancho Danchev

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.

Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.

Here’s what he demanded, and how he changed his attitude following the suspension of his PayPal and the spamvertised URL:

Read the rest of this entry »

October 27th, 2009

Gawker Media tricked into featuring malicious Suzuki ads

Posted by Dancho Danchev @ 10:17 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Flash, Hackers, Malware

Tags: Advertisement, Gawker Media, Suzuki, Dancho Danchev

A group of cybercriminals have successfully managed to trick Gawker’s ad sales team into featuring malicious ads serving Adobe exploits (CVE-2008-2992; CVE-2009-0927) and scareware, by impersonating a legitimate ad agency inquiring about an upcoming Suzuki ad campaign.

According to Gawker Media, the malware distributors were one of the most convincing ones they’ve seen, with clear experience in ad sales lingo. Here’s a brief chronology of the correspondence between Gawker and the scammers, and what could Gawker media have done in order to prevent the malvertising attack:

Read the rest of this entry »

October 22nd, 2009

Metasploit + Rapid7 shakes up pen-test landscape

Posted by Ryan Naraine @ 10:21 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Exploit code, Locally Running Web Servers, Malware, Metasploit, Microsoft, Patch Watch, Pen testing

Tags: Penetration Testing, Microsoft Corp., Exploit, R7, Immunity, Marketing Research, Marketing, Ryan Naraine

Guest Editorial by Nick Selby

With the acquisition of Metasploit (MS) by Rapid7 (R7), the dynamics within the small penetration testing market have changed. We believe that more competition will challenge each of the three main penetration testing software vendors in different ways, and that this new competitive landscape will quickly inure to the benefit of end users and buyers.

To radically simplify, the dynamics have been that Core Security sat at the top of the marketplace in terms of price, scale and enterprise usability; Immunity Security cleaned up at the lower end of the enterprise market and dominated for vendors and professional services types, who also used MS as a free tool. Read the rest of this entry »

October 22nd, 2009

Gaping security hole in Time Warner cable routers

Posted by Ryan Naraine @ 9:11 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Java, Mobile (In)Security, Passwords, Patch Watch, Pen testing, Phishing, Responsible disclosure

Tags: Security, Time Warner Inc., Router, Network, Time Warner Cable Inc., Chen, Routers & Switches, Network Technology, Networking, Ryan Naraine

A gaping security hole in cable modems distributed to Time Warner/Road Runner customers could potentially be exploited remotely to access private networks and possibly capture and manipulate private data.

That’s the warning issued by David Chen, a blogger and start-up founder who discovered he could trivially access a customer’s  of Time Warner’s SMC8014 series cable modem/Wi-Fi router combo by simply disabling JavaScript in the browser to access hidden features in the router’s admin interface. Read the rest of this entry »

October 20th, 2009

GAO report: NASA at 'high risk' of data breach

Posted by Ryan Naraine @ 5:29 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Passwords, Patch Watch, Pen testing, Punditocracy, Responsible disclosure

Tags: NASA, General Accounting Office, Audior, Security, Strategy, Management, Ryan Naraine

The U.S. Government Accountability Office (GAO) has painted a bleak picture of the NASA’s IT security posture.

An audit of the space agency’s computer systems found weaknesses in several critical areas, especially in the way NASA implemented access controls like user accounts, passwords and the encryption of sensitive data. Read the rest of this entry »

October 19th, 2009

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

Posted by Dancho Danchev @ 10:32 am

Categories: Anti Virus, Browsers, Complex Attacks, Data theft, Hackers, Kernel-level Exploits, Malware, Passwords, Privacy, Research, Rootkits, Spyware and Adware, Tools

Tags: USB, Laptop Computer, Attack, TrueCrypt, Mobile Proximity Alarm, Security, Hardware, Notebooks & Tablets, Dancho Danchev

Security researcher Joanna Rutkowska has released a PoC (proof of concept) of a keylogger that is capable of logging TrueCrypt’s disk encryption passphrase enabling the attacker to successfully decrypt the hard drive’s content.

Dubbed, the ‘evil maid’ attack due to its ‘plug-and-exploit’ functionality requiring 1-2 minutes for the infection process to the take place, works with the latest TrueCrypt versions 6.0a - 6.2a.

Here’s how it works, and TrueCrypt’s response:

Read the rest of this entry »

October 19th, 2009

Microsoft: Human error caused critical SMB2 vulnerability

Posted by Ryan Naraine @ 9:35 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Flash, Hackers, Malware, Microsoft, Mozilla, Open source, Pen testing, Punditocracy, Responsible disclosure

Tags: Analysis Tool, Vulnerability, Bug, Microsoft Corp., Humans, Microsoft Windows, Microsoft Windows 7, Productivity, Operating Systems, Security

Microsoft is blaming human error for one of the critical SMB v2 vulnerabilities that exposed Windows users to remote code execution attacks and argues that it’s near impossible to catch these types of bugs with existing code review tools and techniques.

According to a post-mortem of the issue by Redmond security guru Michael Howard (right), the company detected the vulnerable code “very late” in the Windows 7 development process but argued that there are no static analysis tools or SDL requirements that would spot this type of human error.

Read the rest of this entry »

October 16th, 2009

Podcast: Inside the OWA attacks, Patch Tuesday wrap-up

Posted by Ryan Naraine @ 1:35 pm

Categories: Adobe, Anti Virus, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Malware, Microsoft, Mozilla, Oracle

Tags: Attack, Microsoft Outlook Web Access, Microsoft Outlook, Podcasts, Phishing, Microsoft Office, Office Suites, Software, Internet, Security

In this podcast with Threatpost co-editor Dennis Fisher, I discuss the recent Outlook Web Access phishing attacks, the Microsoft/Adobe patchapalooza and the true extent of the botnet/malware epidemic.  Listen here.

October 16th, 2009

Microsoft exposes Firefox users to drive-by malware downloads

Posted by Ryan Naraine @ 9:24 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Google, Google Chrome, Hackers, Malware, Metasploit, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing

Tags: Google Inc., Mozilla Firefox, Vulnerability, Malware, Microsoft Internet Explorer, Microsoft Corp., Attack Vector, Web Browser, Google Chrome, Plug-in

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads. Read the rest of this entry »