January 21st, 2010

And the most popular password is...

Posted by Dancho Danchev @ 5:14 pm

Categories: Browsers, Data theft, Hackers, Passwords, Privacy, Research, Web 2.0

Tags: Security, Hacking, Password, Dancho Danchev

It is “123456,” based on the analysis of 32 million breached passwords, obtained from last month’s RockYou.com server breach, from which researchers from Imperva were able to analyze the insecure practices used by millions of users when choosing their passwords.

What did their analysis conclude? Short passwords, lack of lower-capital-numeric characters mix, and trivial dictionary words, which every decent brute forcing/password recovery application can find out in a matter of minutes.

Key findings include:

Read the rest of this entry »

January 21st, 2010

Microsoft knew of IE zero-day flaw since last September

Posted by Ryan Naraine @ 12:34 pm

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Malware, Microsoft, Patch Watch, People's Republic of China, Research, Responsible disclosure, Vulnerability research

Tags: Attacker, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Zero-day Bug, Web Browsers, Security, Internet, Ryan Naraine

Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.

The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.

Read the rest of this entry »

December 15th, 2009

Report: Google's reCAPTCHA flawed

Posted by Dancho Danchev @ 1:12 pm

Categories: Botnets, Browsers, Facebook, Google, Hackers, Malware, Research, Social Networking Applications, Web 2.0

Tags: CAPTCHA, Google Inc., reCAPTCHA, Dancho Danchev

UPDATED: According to a Google representative from the Google Global Communications & Public Affairs who contacted me - “While the report is newly released, its substance is not current and seems to include some misunderstandings of the reCAPTCHA technology according to some of our engineers. Therefore, the so-called flaws described in the report, are not related to the reCAPTCHA that people use today.”

In a newly released report, security researcher claims that Google’s reCAPTCHA, one of the most widely adopted free CAPTCHA services, contains weaknesses that would allow a 10,000 infected hosts botnet the ability to achieve 10 recognition successes every second, allowing it to register 864,000 new accounts per day.

In response, a Google spokesman stated that the report relies on data collected in early 2008, and doesn’t take into consideration the effectiveness of the current technology used against machine solvers.

More from the report:

Read the rest of this entry »

December 4th, 2009

How many people fall victim to phishing attacks?

Posted by Dancho Danchev @ 3:43 pm

Categories: Botnets, Browsers, Data theft, Malware, Passwords, Phishing, Research, Spam and Phishing

Tags: Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

According to a recently released report, based on a sample of 3 million users collected over a period of 3 months, approximately 45% of the time, users submitted their login information to the phishing site they visited.

The study, exclusively monitored users who successfully reached a live phishing site that was not blocked by their browser’s built-in anti-phishing protection or filtered as fraudulent one (Phishing experiment sneaks through all anti-spam filters), and found out that on average, 12.5 out of one million customers sampled for a particular bank, visited the phishing site.

Here are some of the key findings from the report:

Read the rest of this entry »

December 1st, 2009

Clientless SSL VPNs expose corporate users to attacks

Posted by Ryan Naraine @ 7:58 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Exploit code, Passwords, Pen testing, Phishing, Research, Responsible disclosure, Vulnerability research

Tags: Web, SSL VPN, Attacker, Domain, SSL, Web Browser, VPN Server, Attack, Cookie, VPNs

Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms, according to a warning from the U.S. Computer Emergency Response Team (US-CERT).

This security problem, discussed since at least 2006, could let an attacker could use these devices to bypass authentication or conduct other web-based attacks. Clientless VPN products from Juniper Networks, Cisco Systems, SonicWall and SafeNet are confirmed vulnerable. Read the rest of this entry »

November 30th, 2009

New ransomware attack blocks Internet access

Posted by Ryan Naraine @ 9:32 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Exploit code, Microsoft, Passwords, Research, Viruses and Worms

Tags: Internet Access, License Agreement, Computer Associates International Inc., SMS, Attack, Text Messaging/SMS/MMS, Telephony, Cellular Phones, Security, Consumer Electronics

Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). Read the rest of this entry »

November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

October 19th, 2009

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

Posted by Dancho Danchev @ 10:32 am

Categories: Anti Virus, Browsers, Complex Attacks, Data theft, Hackers, Kernel-level Exploits, Malware, Passwords, Privacy, Research, Rootkits, Spyware and Adware, Tools

Tags: USB, Laptop Computer, Attack, TrueCrypt, Mobile Proximity Alarm, Security, Hardware, Notebooks & Tablets, Dancho Danchev

Security researcher Joanna Rutkowska has released a PoC (proof of concept) of a keylogger that is capable of logging TrueCrypt’s disk encryption passphrase enabling the attacker to successfully decrypt the hard drive’s content.

Dubbed, the ‘evil maid’ attack due to its ‘plug-and-exploit’ functionality requiring 1-2 minutes for the infection process to the take place, works with the latest TrueCrypt versions 6.0a - 6.2a.

Here’s how it works, and TrueCrypt’s response:

Read the rest of this entry »

October 9th, 2009

New Adobe PDF flaw under attack; Patch coming Tuesday

Posted by Ryan Naraine @ 8:03 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Patch Watch, Pen testing, Research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Flaw, Adobe Acrobat Reader, Attack, Microsoft Windows, Security, Viruses And Worms, Operating Systems

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.

The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX.  Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.

Read the rest of this entry »

October 8th, 2009

Click fraud facilitating Bahama botnet steals ad revenue from Google

Posted by Dancho Danchev @ 9:56 am

Categories: Anti Virus, Botnets, Browsers, Complex Attacks, Google, Hackers, Malware, Research, Web 2.0

Tags: Google Inc., Advertisement, Click Fraud, Domain, Computer, Security, Cybercrime, Dancho Danchev

Originally exposed as a botnet redirecting and monetizing hijacked traffic to over 200,000 parked domains primarily located in the Bahamas, researchers from ClickForensics have recently found evidence on active DNS hijacking of Google properties allowing cybercriminals to steal revenue from Google by pulling search results and displaying them on a bogus homepage (Cybercriminals promoting malware-friendly search engines) which serves ads from pay-per-click ad networks (Microsoft’s Bing invaded by pharmaceutical scammers) maintained by similar cybercrime enterprises.

Here’s how Bahama’s click fraud scheme steals ad revenue from Google and its advertisers according to ClickForensics:

Read the rest of this entry »