November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

October 19th, 2009

'Evil Maid' USB stick attack keylogs TrueCrypt passphrases

Posted by Dancho Danchev @ 10:32 am

Categories: Anti Virus, Browsers, Complex Attacks, Data theft, Hackers, Kernel-level Exploits, Malware, Passwords, Privacy, Research, Rootkits, Spyware and Adware, Tools

Tags: USB, Laptop Computer, Attack, TrueCrypt, Mobile Proximity Alarm, Security, Hardware, Notebooks & Tablets, Dancho Danchev

Security researcher Joanna Rutkowska has released a PoC (proof of concept) of a keylogger that is capable of logging TrueCrypt’s disk encryption passphrase enabling the attacker to successfully decrypt the hard drive’s content.

Dubbed, the ‘evil maid’ attack due to its ‘plug-and-exploit’ functionality requiring 1-2 minutes for the infection process to the take place, works with the latest TrueCrypt versions 6.0a - 6.2a.

Here’s how it works, and TrueCrypt’s response:

Read the rest of this entry »

October 9th, 2009

New Adobe PDF flaw under attack; Patch coming Tuesday

Posted by Ryan Naraine @ 8:03 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Patch Watch, Pen testing, Research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Flaw, Adobe Acrobat Reader, Attack, Microsoft Windows, Security, Viruses And Worms, Operating Systems

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.

The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX.  Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.

Read the rest of this entry »

October 8th, 2009

Click fraud facilitating Bahama botnet steals ad revenue from Google

Posted by Dancho Danchev @ 9:56 am

Categories: Anti Virus, Botnets, Browsers, Complex Attacks, Google, Hackers, Malware, Research, Web 2.0

Tags: Google Inc., Advertisement, Click Fraud, Domain, Computer, Security, Cybercrime, Dancho Danchev

Originally exposed as a botnet redirecting and monetizing hijacked traffic to over 200,000 parked domains primarily located in the Bahamas, researchers from ClickForensics have recently found evidence on active DNS hijacking of Google properties allowing cybercriminals to steal revenue from Google by pulling search results and displaying them on a bogus homepage (Cybercriminals promoting malware-friendly search engines) which serves ads from pay-per-click ad networks (Microsoft’s Bing invaded by pharmaceutical scammers) maintained by similar cybercrime enterprises.

Here’s how Bahama’s click fraud scheme steals ad revenue from Google and its advertisers according to ClickForensics:

Read the rest of this entry »

September 29th, 2009

Hacker ships tool to circumvent China's Green Dam filter

Posted by Ryan Naraine @ 5:22 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Denial of Service (DoS), Digital rights management, Exploit code, Locally Running Web Servers, Microsoft, Patch Watch, Pen testing, Phishing, Research, Responsible disclosure

Tags: Researcher, Hacker, Tool, Productivity, Government, Security, Ryan Naraine

A security researcher at the University of Michigan has released a tool that help Chinese computers users disable the censorship functionality of the controversial Green Dam Youth Software.

The Dam Burst utility, created by researcher Jon Oberheide, works by by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity. This effectively restores the running application to its original uncensored state, Oberheide explained. Read the rest of this entry »

September 16th, 2009

Google + reCAPTCHA could raise bar in anti-bot, anti-spam battle

Posted by Ryan Naraine @ 12:54 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Denial of Service (DoS), Google, Hackers, Malware, Patch Watch, Phishing, Research, Vulnerability research, Web 2.0

Tags: CAPTCHA, Google Inc., Anti-spam, Bot, Ryan Naraine

Locked in a cat-and-mouse game with spammers who use bots to defeat anti-fraud mechanisms and create fake accounts, Google today announced a deal to acquire reCAPTCHA, a company that provides those squiggly words at login screens (see image at right).

The ReCAPTCHA deal isn’t exactly a security transaction.  Strategically, it gives Google an excellent crowd-sourcing tool to beef up its already impressive machine-vision algorithms (think book-scanning and maps) but, in the long run, the ability to use CAPTCHAs that are near-impossible for bots to decipher allows Google to raise the bar significantly in the fight against bots and spam.

Read the rest of this entry »

August 25th, 2009

Research: 80% of Web users running unpatched versions of Flash/Acrobat

Posted by Dancho Danchev @ 5:41 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Flash, Hackers, Malware, Passwords, Patch Watch, Pen testing, Research

Tags: Adobe Systems Inc., Web, Truesteer, Spyware, Adware & Malware, Cyberthreats, Web Browsers, Security, Dancho Danchev

According to a research published by Trusteer earlier this month, 79.5% of the 2.5 million users of their Rapport security service run a vulnerable version of Adobe Flash, with 83.5% also running a vulnerable version of Acrobat.

The company has also criticized Adobe by insisting that their update mechanism “does not meet the requirements of a system that is used by 99% of users on the Internet and is highly targeted by criminals“, but is praising the update mechanism of Google’s Chrome and Firefox, whose silent updates close the window of opportunity for malicious attackers to take advantage of.

Read the rest of this entry »

August 19th, 2009

IE8 outperforms competing browsers in malware protection -- again

Posted by Dancho Danchev @ 6:16 am

Categories: Anti Virus, Apple, Botnets, Browsers, Exploit code, Firefox, Hackers, Malware, Microsoft, Mozilla, Pen testing, Phishing, Research, Spam and Phishing

Tags: Malware, Microsoft Internet Explorer, Web Browser, IE8, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

A recently released study by NSS Labs is once again claiming that based on their internal tests, Microsoft’s Internet Explorer 8 outperforms competing browsers like Google’s Chrome, Mozilla’s Firefox, Opera and Apple’s Safari in terms of protecting their users against “socially engineered malware” and phishing attacks.

Not only did IE8 top the chart, but also, the rest of the browsers have in fact degraded their “socially engineered malware” and phishing block rate in comparison to the results released by the company in the March’s edition of the study.

How objective is the study? For starters, it’s Microsoft-sponsored one. Here’s how it ranks the browsers:

Read the rest of this entry »

August 12th, 2009

Advanced Mac OS X rootkit tools released

Posted by Ryan Naraine @ 1:42 pm

Categories: Anti Virus, Apple, Arbitrary Code Execution, Black Hat, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Kernel-level Exploits, Locally Running Web Servers, Malware, Open source, Research, Responsible disclosure, Rootkits, Viruses and Worms, Vulnerability research

Tags: Apple Macintosh, Tool, Dai Zovi, Rootkits, Productivity, Apple Mac OS X, Apple Mac OS, Operating Systems, Security, Spyware, Adware & Malware

Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines.

The tools were first discussed at this year’s Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to create hidden system calls or create kernel threads.

Read the rest of this entry »

August 11th, 2009

Microsoft: Exploits likely for 'critical' Windows vulnerabilities

Posted by Ryan Naraine @ 1:01 pm

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Microsoft, Passwords, Patch Watch, Research, Responsible disclosure, Spyware and Adware, Vulnerability research, Web 2.0, Web Applications, Windows Vista

Tags: Windows Vulnerability, Vulnerability, Exploit Code, Microsoft Corp., Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Microsoft today dropped a mega patch bundle with fixes for several “critical” vulnerabilities affecting the Windows platform and warned that “consistent, reliable exploit code” was likely to be released within 30 days.

The Redmond, Wash. software maker released nine bulletins — five rated critical — to provide cover for a total of 19 documented security vulnerabilities.   Of the nine updates, eight affect Windows and one affects Office Web Components (OWC).

Read the rest of this entry »