Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerability
Application Vulnerability Hackers News Vulnerability

How to Spy on webcams of website visitors using Flash Player Vulnerability?

Standford University student Feross Aboukhadijeh found vulnerability in Adobe Flash Player that allows any website to spy on their visitors.  This vulnerability allows the attacker to turn on  webcam and Microphone without your knowledge. 

Vulnerability Status:
  • Type: Clickjacking
  • Application: Adobe Flash Player
  • Alert Level: Critical
  • Status: Fixed

He tested this vulnerability in all versions of Flash Player.  He confirmed that it works in Mozilla firefox and Safari browsers. 
There’s a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux).

He reported about this vulnerability to Adobe few weeks ago. As there is no response from adobe, he released it publicly in order to create awareness.

Now Adobe Fixed this vulnerability. Yesterday Adobe said that they posted a fix to the Settings Manager that should resolve the issue.

Here is the Video Demo of Vulnerability:


He combined the Clickjacking technique with Adobe Flash Player Setting Manager page.

How does this attack works?
Instead of iframing the whole settings page (which contains the framebusting code), he just iframe the settings SWF file. This let me bypass the framebusting JavaScript code, since we don’t load the whole page — just the remote .SWF file. he said he was really surprised to find out that this actually works!
.SWF file as important as one that controls access to your webcam and mic!

This is a screenshot of what the Settings Manager .SWF file looks like:


Here is the live Demo of this Attack:
https://www.feross.org/hacks/webcam-spy/
Read more »
Security News
Gmail Scams Scam Report Security News

"Gmail Hacker Pro" Gmail Password recovery Tool ~ Scam Report


GFI Labs Blog security researchers report about a Fake Hacking tools named as "Gmail Hacker pro", this application maker claimed that it will recover lost gmail passwords/Compromise Gmail Accounts.  This tool comes with a fairly slick looking website (complete with live chat support) located at gmailhackerpro(dot)com.

After Installation process is completed, the tool ask for Gmail that you want to hack or recover.  After you click the "Crack Password", it will show progress bar.
 
Once the progress bar reached 100%, the application will show this message:
"Password file has been located", but viewing the recovered passwords will require a product key. Click no to exit."

In order to retrieve a product key, users have to pay 29.99 USD. If they agree to, they are then directed to a ClickBank website where they can make the purchase.


Clearly ,it is one of scam to steal money from Innocent People.GFI Labs categorize GMail Hacker Pro as a Trojan under the detection name GmailHackerPro.pj!.1a.VirusTotal scores currently sit at 16/43

Security Tips from BreakTheSecurity:
  • First of all, you have to understand that there is no such software called as "gmail hacking software". Google is not stupid.
  • If you want to recover or lost gmail account, you can read this article: How to recover compromised or lost Gmail accounts?
  • Don't fall in these type of scam.

Read more »
Phishing Attack
Facebook Scams Phishing Attack

Facebook Phishing Scam promotes Indonesian rock star


A New Facebook phishers used Indonesian Rock star as beit for their phishing sites.

"This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular." reported by Symantec.

Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”.

The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of the photograph translated: “To view videos of Ahmad Dhani recorded from CCTV cameras, please login below”. After users entered their Facebook login credentials, the phishing page redirected to a pornographic website. Of course, if users gave away their login credentials to the phishing site, phishers would have successully stolen their information for identity theft. The phishing site was hosted on a free Web hosting site.

Celebrities have been a common target in phishing attacks. In the past, we have seen Aishwarya Rai and Katrina Kaif used as phishing bait. Phishers are choosing celebrities with a large fan following because they perceive a larger audience will mean more duped users.

Security Tips to avoid Phishing Attack ,provided by Symantec:
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software, such as Norton Internet Security 2011, to protect you from online phishing.
Security Tips from BreakTheSecurity:
  • Before entering the login information ,check the url
  • Use Secure Connection(Ex: https://gmail.com)
  • Use some AntiPhishing Addon(ex: FirePhish)
  • Don't forget to read our Security Tips Blog: http://www.breakthesecurity.com
    Read more »
    SSL
    Google Secure Connection Security News SSL

    Google Provides Secure search(SSL encryption) for Signed in users


    "Google Search will be redirected to secure google search connection(https://), if you are signed in" Google said in their official blog.  This will provide security for users search queries by SSL encryption.  They set SSL as a default connection for Gmail in January 2010, four months later they introduced secure search in this link:
    https://encrypted.google.com/ 

    Recently, Other Giants like Twitter, facebook also introduced the SSL support. 

    As searching query is important and risky thing(especially if you are in public cafe), the google is introducing the default SSL encryption in google Search for Signed in users.  If you are signed in, the google search will be redirected to (https://www.google.com), usually it search in direct connection(http://www.google.com).

    If you are not google user or not signed in, you can still use the Encrypted Search by visiting https://www.google.com directly.(Don't forget the 's')

    Source:
    http://googleblog.blogspot.com/2011/10/making-search-more-secure.html
    Read more »
    Cyber Crime
    Cyber Crime

    LulzSec suspect Cody Kretsinger pleads not guilty to Sony Pictures hack

     LulzSec suspect Cody Kretsinger pleads not guilty to Sony Pictures websites hack.  Last month,he was charged with conspiracy and the unauthorized impairment of a protected computer. Kretsinger is alleged to be the LulzSec member known as "Recursion", and is accused of being involved in an SQL injection attack that stole information from Sony Pictures in June, exposing users email addresses and passwords.

    Approximately 150,000 confidential records were subsequently published online by LulzSec who mocked Sony's weak security:

    "SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

    Prosecutors claim that Kretsinger used the HideMyAss.com proxy server website to disguise his IP address as he allegedly probed Sony Pictures' computer systems in May 2011, hunting for vulnerabilities. HideMyAss submitted the log details as per the court order.


    Kretsinger's trial is scheduled to begin on December 13th. If convicted he faces up to 15 years in prison.

    Cody Kretsinger, from Phoenix, Arizona, pleaded not guilty to conspiracy and unauthorized impairment of a protected computer during a hearing at Los Angeles District Court.

    Read more »
    TeamSwaSTika
    Database Dumped Facebook Hackers Hackers News Paste Bin Leaks TeamSwaSTika

    10,000 Facebook account hacked by TeamSwaSTika


    Recently Formed Hacking Crew From Nepal called "TeamSwaStika" hacked more than 10 thousand facebook account hacked .
    They claim as as most powerful hacking team from Nepal. They also said that next target will be Nepal Government website .

    Hackers Message:
    "Fight For Justice | Justice To Freedom
    Never Give up | Never Back down"

    The hacked facebook accounts dumped in pastebin:

    http://pastebin.com/KYsd0j5B (part1)
    http://pastebin.com/nN5uDrQS (part2)

    Now it is unavailable,pastebin removed the link for security reason.
    Read more »
    Security News
    Firefox Add on Firefox Security internet Security NoScript NSA Security News

    NoScript Anywhere (NSA) Firefox Security Add on Available for Mobiles

    NoScript Anywhere (NSA) is one of Famous Firefox Add on that provides protection from Cross site Scripting ,Clickjacking,etc. It blocks malicious script.  Now this extension is available for Mobile Operating systems also(Android and Maemo builds).

    This is first complete version(NoScript 3 alpha 9) of Noscript extension for mobile. NSA provides features like Desktop version. Like Desktop version, You can allow javascript in trusted sites (whitelist) and block for all other sites(Blacklist).

    Features:
    • Easy per-site active content permissions management.
    • The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
    • ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.
    • ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.
    • Restartless: no need to restart after you install the add on.
    • new page permission editing UI, specifically redesigned for smartphone usage and easily accessible by tapping on a navigation bar icon.
    Blocks XSS Attack(Malicious Javascript)

    Blocks Clickjacking Attack

    Install NSA 3 Alpha 9 now:
    Read more »
    Security News
    Google internet Security Privacy Security News

    Google partnered with Citizens Advice Bureau provides Online Security Tips


    Google joined with Citizens Advice Bureau  and provides Online security tips with title" Good to Know".  This page gives public awareness about the Online risks and need of Security.  The topics separated as four categories namely
    • Stay safe Online
    • Your Data on Google
    • your data on Web
    • Manage your Data
    Stay Safe Online:
    This section provides basic Online security tips about:
    • Phishing and malware attacks(If you are reader of eHackingNews, then you might aware of it).
    • importance of Sign out(most of users fail to sign out.  if you are in public cafe, others can steal your accounts)
    • Secure Connection(https://)
    • Online shopping safety
    • 2-Step Authentication service(Mobile Authentication service that will send random authentication number, whenever you login to gmail)
    • Mobile Security
    Your Data on Google:
    It covers about the Google search logs and web history and more.

    Your data on Web:
    Basic knowledge about the Importance of cookies, accounts and IP address.

    Manage Your data:
    This section covers about the Google Dashboard, How to manage cookies, and more..

    Good To Know is available here:
    http://www.google.co.uk/goodtoknow/

    Every Internet users must read this page in order to protect them self from online risks. 

    Note:
    If you want more security tips, you can check our Security Tips Blog: http://www.breakthesecurity.com. We have cover this topic before 6 months.  Also we have developer HashCodeCracker to check the Password Strength.
      Read more »
      Symantec
      Anti Malwares AntiMalvertising Armorize Malvertising Malware Attack Malware Report Security News Symantec

      Symantec AdVantage(Anti-Malvertising): Armorize and Symantec partnered and launched


      Armorize Technologies(malware blog) and Symantec joined together to fight against Malvertisement. They launched a AdVantage(Anti-Malvertising) Technology, cloud based scanner to detect the malvertising(malware advertisement) in online.

      “Malvertising poses a serious risk to online publishers and their customers, reputation and revenue. Highly publicized malvertising infections can damage the reputation of even the most trusted online sites. Symantec AdVantage will provide ad publishers the tools they need to protect their businesses by fighting back against these threats.”
      – Fran Rosch, Vice President, Identity and Authentication Services, Symantec Corp.

       Symantec Advantage will scan, detect and report malvertising on websites by automatically alerting publishers and identifying the location of malicious advertisements so customers can remove malicious ads that may damage their business’ reputation. A real-time performance dashboard complements these automatic reports by providing essential insights. For example, Symantec AdVantage will enable customers to compare safe ads to malicious advertisements and discover how and when malvertising occurred by visually tracing and identifying the path and source of infected advertisements .

      Symantec AdVantage is scheduled to be made available to publishers and ad networks through a free early access program beginning in November 2011.

      The service will be available here:
      http://advantage.symantec.com/

      Reference:
      Few days back, the famous site " KickAssTorrent(KAT.ph)" served malvertising, detected by Armorize.
      Read more »
      Server Compromise
      Armorize Malvertising Malware Attack Malware Report Server Compromise

      KickAssTorrents(Kat.ph) infected and serving malware through Malvertising

      A Famous Torrent website's(alexa Rank:321) KickAssTorrents(kat.ph) OpenX platform compromised, and served a fake antivirus "Security Sphere 2012" through malvertising(stands for malicious advertisement),detected by armorize.When the user click the ad, it will redirect to fake page. This page infects users without their knowledge.


      Coincidentally, KickAss Torrents published a blog post on Oct 10th in response to the website being flagged by antivirus vendor Avast. In it they said:
      ===================
      Our users that are using the Avast anti-virus might have noticed that KAT.ph suddenly became labeled as a dangerous website for users that are not logged in. We want to assure our users that KickassTorrents has no malware or viruses of any kind and it is absolutely safe to use our website. We already contacted Avast and currently we are trying to find and fix the cause of this problem. You will help us if you choose the "Report the file as a false positive" option if you get the alert.
      ===================

      In another thread, KickAss Torrents said:

      ===================
      Now what the hell does this error mean?
      First of all, don't flip out, don't go post on the KAT site, post down here if you experience the same problem.
      Secondly, report down here if you experience this error.
      Thirdly, add kat.ph to the safe URLs in your AV.
      And lastly, please go to this site and report the problem (Avast! users only):
      Avast! forum thread
      Back on topic. What is this error? Does error roughly means that your anti-virus software has found some bad code in an iFrame. This could be from the site itself, or from advertisements. An iFrame is a piece of code that allows you to do several things. Embedding something to your site is a good example.
      I hope this topic helps a little and I certainly hope the error is going to be fixed now.
      Q&A:
      Q: OMFG IS KAT HACKED?
      A: Nope, just some error.
      Q: Is it really safe to visit KAT?
      A: Yes, it is.
      ===================
      KickAss Torrents also referred to this discussion thread on Avast's forum. At the end of the forum it appears that Avast has acknowledged that it was indeed a false positive and have addressed the issue:

      ===================
      Hello,

      It should be solved, if not let us know please.

      Miroslav Jenšík
      AVAST Software a.s.
      ===================

      Well, that time it might have been a false positive from Avast, but this time the website is absolutely infecting its visitors, as seen in our video.


      The attacker injected the malicious script using the following url:
      http://ad.kat.ph/delivery/ajs.php?zoneid=4&target=_blank&charset=UTF-8&cb=95920847237&charset=UTF-8&loc=http%3A//www.kat.ph/§ion=1939940

      At the time of detection , only 2 out of 42 detected the malware in virustotal analysis.

      According to Armorize,this attacker is responsible for speedtest.net incident.

      Using DynDNS domains for their exploit server. Domain names are auto-calculated using Javascript. The algorithm used generates a (predicable) different dyndns.tv domain name every hour, in the format of roboABCD.tv, where ABCD are characters with a fixed seed and incremented by one character every different UTC hour.

      The new dyndns domain for the next hour is generated every hour precisely at minutes 2 to 5, so this may be done by an automated mechanism.

      All generated domains resolve to a single IP: 184.22.224.154 (AS21788, United States Scranton Network Operations Center Inc), located in the US.

      The domain: obama-president.com resolves to this IP and is serving the same exploit pack. This domain was registered on Aug 4th through an Russian registrar, 1'ST DOMAIN NAME SERVICE www.1dns.ru. At this time the domain resolved to an Netherlands IP 85.17.93.9. The domain started to resolve to 184.22.224.154 on Aug 23rd. This IP and the president-obama.com domain are both currently still up and working.

      This video show how the users infected:


      Read more »
      Subscribe to: Comments (Atom)