Showing posts sorted by relevance for query researchers. Sort by date Show all posts
Showing posts sorted by relevance for query researchers. Sort by date Show all posts

Android handsets 'leak' personal data

Posted by Avik Sarkar On 5/17/2011 10:09:00 pm


More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
The data being leaked is typically used to get at web-based services such as Google Calendar.
The discovery was made by German security researchers looking at how Android phones handle identification information.
Google has yet to comment on the loophole uncovered by the researchers.
ID attack University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub made their discovery while watching how Android phones handle login credentials for web-based services.
Many applications installed on Android phones interact with Google services by asking for an authentication token - essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time.
Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.
Armed with the token, criminals would be able to pose as a particular user and get at their personal information.
Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.
"[T]he adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user," the researchers wrote in a blog post explaining their findings.
Abuse of the loophole might mean some people lose data but other changes may be harder to spot.
"...an adversary could change the stored e-mail address of the victim's boss or business partners hoping to receive sensitive or confidential material pertaining to their business," the team speculated.
There is no suggestion that attackers are exploiting the Android loophole at the moment.
Almost all versions of the Android operating system were passing round unencrypted authentication tokens, found the researchers. It was fixed in version 2.3.4 but, suggest Google figures, only 0.3% of Android phones are running this software.
Some Google services, such as image sharing site Picasa, are still using unencrypted authentication tokens that can be stolen, found the team.
The researchers urged Android phone owners to update their device to avoid falling victim to attacks via the loophole. Google is also known to be working with operators and handset makers to get updates to people faster than at present.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Critical Security Holes In Oracle Database

Posted by Avik Sarkar On 12/03/2011 04:06:00 pm


A serious vulnerability found by security researchers on oracle databases. An attacker can perform SQL injection attacks and other advanced attacks, thus they can gain full privilege & traction said security researchers. Is Oracle just paying lip service to database security? Some researchers within the database community think so, complaining that as the software juggernaut has grown with acquisitions, such as the blockbuster Sun deal, it hasn't maintained enough resources to securely develop database products and resolve vulnerabilities disclosed by researchers in a timely fashion.
"I would say easy fixes get done pretty quickly, within three to six months, but things that are harder and need some changes in architecture or have an impact on customers where customers have to make some changes to their products, to their software that uses the databases, those things don't get done in the CPU," said Alex Rothacker, manager of Application Security's research arm, TeamSHATTER. "We have a vulnerability disclosed where basically we can brute force any user's password ... we reported this two years ago and they haven't fixed it yet." 

 It's a complaint lodged by many researchers, who say that even as Oracle publicly states it wants to work with the research community to fix database issues, it isn't putting its shoulder into the effort. The numbers show that the proportion of quarterly critical patch updates for Oracle database products has diminished considerably over the last two years.
While some might come to the conclusion that there are fewer updates because Oracle's products are getting more secure, researchers say this trend has occurred simultaneously as the window between disclosure of vulnerabilities and patch releases for them has grown wider.

"They respond immediately and say 'Thank you very much for the information' and so on, but it sometimes takes more than a year to actually release a patch," said Slavik Markovich, VP and CTO of database security for McAfee. "I get the feeling that they don't invest enough or have enough people working on this so it takes a long time to patch." In the meantime, too, new database products--some of them security related, even--are released with the same type of vulnerabilities that researchers have been alerting Oracle to for years.   



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

HP LaserJet Printers Have Serious Security Flaws Said Columbia University Researchers

Posted by Avik Sarkar On 12/02/2011 11:55:00 pm



Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer.
Attacks can be carried out from different vectors. Printers that support a remote firmware update process could allow attackers to take control of a printer’s firmware over the Internet in less than a minute if the printer is not protected properly by a firewall. The researchers during a scan were able to find more than 40,000 devices that they said could be infected within minutes.


Local attacks are another possibility. The researchers were able to send print commands from Macintosh and Linux computer systems to trick the printer into reprogramming itself. It is not clear at the time of writing if Windows environments are safe or also affected by this.
Printers that the researchers analyzed do not verify the source of the firmware with the help of digital signatures. A HP spokesperson stated that all modern HP printers do require digitally signed firmware upgrades since 2009. Even worse for consumers and companies, there is no way of telling if a printer’s firmware has bee compromised short from physically disassembling the printer and analyzing its chipset output.
According to RedTape, HP is currently analyzing the claims made by the researchers. HP could release a firmware update of their own to resolve the vulnerability. Compromised printers however may have been programmed to block new firmware updates. That’s bad on the one hand as companies would have to throw away the printer in this case (or talk to HP to find a solution) and good in another as they have just identified a compromised printer in their network. The researchers have started analyzing printers manufactured by other companies recently but no results have been posted yet. They say it is likely that printers and other devices with Internet access are also vulnerable.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launches Security Bug Bounty

Posted by Avik Sarkar On 7/30/2011 05:01:00 pm


Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.
Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.
Facebook Chief Security Officer Joe Sullivan told that "Typically, it's no longer than a day" to fix a bug,

Facebook's Whitehat page for security researchers says: 

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

The compensation program is a good way to provide an incentive and show appreciation to the research community for helping keep Facebook safe for users, according to the company's security team. Up until now, researchers received recognition on the Facebook Whitehat page, maybe some "swag," and--if they were lucky--a job.
"Some of our best engineers have come to work here after pointing out security bugs on our site," like Ryan McGeehan, manager of Facebook's security response team, said Alex Rice, product security lead at Facebook. (Facebook also recently hired famed iPhone jailbreaker and Sony PlayStation 3 hacker George Hotz, who works on security issues.)
Meanwhile, Facebook is allowing security researchers a way to create test accounts on Facebook to ensure they don't violate terms of use or impact other Facebook users, Rice and McGeehan said.
Facebook is following in the steps of Mozilla, which launched its bug bounty program in 2004, and Google, which offers a bug bounty program with payments ranging from $500 to more than $3,000 for finding Web security holes, as well as a program specifically for Chrome bugs.
Microsoft has offered bounties of $250,000 for information leading to the arrest of virus writers, but does not pay researchers who find bugs in its software. However, other companies do, like TippingPoint's Zero Day Initiative.
Researchers typically are paid more for finding bugs in desktop software, which can take much longer to fix and to update software on computers than bugs in Web-based software, which can be fixed much more quickly.

According To FACEBOOK:- 

Eligibility
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
    ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (CSRF/XSRF)
    • Remote Code Injection
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.

Rewards
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded
Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques


                                                                                                                                                                     -News Sourec (FACEBOOK & Cnet)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

CAPTCHA System Penetrated, Cyber Security Have to Face a New Challenge

Posted by Avik Sarkar On 11/04/2011 12:33:00 am






Researchers crack Microsoft, eBay, Yahoo, Digg audio captchas 


Researchers have figured out how to to crack captchas, making it possible to launch automated attacks against sites such as Microsoft, eBay and Digg where opening phony accounts could be turned into cash. Software written by researchers at Stanford University and Tulane University can interpret human speech well enough to crack audio captchas between 1.5% and 89% of the time - often enough to make sites that use them vulnerable to setting up false user accounts, the researchers say. Called Decaptcha, the program was able to decode Microsoft's audio captchas about half the time. It cracked the toughest audio captcha from reCAPTCHA just 1.5% of the time and Authorize.com's audio captchas 89% of the time. It solved eBay audio captchas 82% of the time, Microsoft 48.9% of the time, Yahoo 45.5% of the time and 42% of the time for Digg, say the researchers, headed up by Elie Bursztein, a post-doctoral researcher at Stanford.

According to the Researchers Group the compromised captchas are:-
  • The math captcha
  • The geometric captcha
  • The drag and drop captcha
  • The sexy captcha
  • The cute captcha
  • The Audio Captcha
For more information & to see Elie Bursztein's (Security Research at Stanford) entire post click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Two Young Researchers Found Vulnerability in Microsoft Windows Live Which Could Lead ID-Theft

Posted by Avik Sarkar On 7/15/2012 04:45:00 pm

Two Young Researchers Found Security Flaws in Microsoft Windows Live Which Could Lead Identity Theft
Recently two young security researchers of Morocco named Abdeljalil S'hit and Yasser Aboukir discovered a serious vulnerability in Microsoft's Windows Live service. The vulnerability has been reported to Microsoft, but unfortunately the software giant neither gave compastion nor  did any comment about the said topic. In a report ZDNet said the vulnerability in question leveraged Cross-Site Scripting (XSS) to execute a malicious script. 

More specifically, the two researchers managed to cause an error on the Windows Live login page (as you can see above), and once the victim clicked on the "Continue" button, their malicious script would be executed. XSS flaw means that an attacker could impersonate a Windows Live user by gaining full control of the victim's cookies. Combined with social engineering, this technique could be used to steal a victim's Windows Live identity with ease. 

The last update we got from Microsoft is saying - "We quickly addressed the vulnerability in question to help keep customers protected and appreciate the researchers using Coordinated Vulnerability Disclosure to assist in us working toward a fix in a coordinated manner"






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Browser Injection Vulnerability Found By IBM Researchers

Posted by Avik Sarkar On 8/05/2011 06:27:00 pm


Researchers with IBM have discovered what could be a very serious flaw in the Android operating system. The flaw is billed as allowing hackers to intercept web browser operations by injecting JavaScript code into the system.
According to Roee Hay and Yair Amit of IBM's Rational Application Security Research Group, this means that a malicious, non-privileged application could break into the browser URL loading process and its allied sandbox to inject JavaScript.
This is potentially very serious, Infosecurity notes, as the sandbox element of the browser environment seen on Android is supposed to defend the smartphone/tablet platform against this type of attack.

The researchers note that the vulnerability "has the same implications as global XSS, albeit from an installed application rather than another website."
The IBM security researchers go on to say that Android 2.3.5 and 3.2 have been released and which incorporate a fix for this bug.
Patches are also available for Android 2.2 and will, they note, be released at a later date.

The Researchers have also posted a video about this vulnerability:-


For more information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

New MacGuard Phishing Attack Bypasses Mac OS X Password Requirement

Posted by Avik Sarkar On 5/27/2011 09:07:00 pm


A new MacDefender variant targeting Apple (NSDQ:AAPL)'s Mac OS X platform now can circumvent the password requirement to install fake antivirus software onto victims' computers.
The latest version of the fake antivirus MacDefender, known as MacGuard, was first detected by researchers at Mac security firm Intego. Unlike other versions of Mac Defender, MacGuard bypasses password requirements, and automatically installs without any user intervention.
Intego researchers first detected a fake antivirus attack with Mac Defender targeting the Mac OS X platform May 2. Like other fake antivirus schemes, known as scareware, the virus appeared on users' Macs via a pop-up or an infected link, offering a phony virus scan. The fake scan would inevitably claim to find a virus, and then would trick the user into submitting credit card numbers in exchange for bogus antivirus software.
Since it was first discovered earlier this month, alternately named versions of the MacDefender virus have emerged, such as MacProtector, and MacSecurity. Up until now, the different version have been the same application but with different names.
However, the new MacGuard, which is spread via SEO poisoning attacks, functions slightly differently. Initially, the installation package, known as avSetup.pkg, is downloaded automatically when a user visits a malicious or infected site, typically via an SEO poisoning attack.
If Safari's "Open safe files after downloading" feature is checked, the payload will open Apple's Installer and the user will see a standard installation screen, Intego researchers said. If not, users could see a downloaded ZIP archive and feel inclined to double click, which would also launch the Mac OS Installer.
The package then installs a downloader, dubbed avRunner, which then launches automatically while the installation package deletes itself from the user's Mac, essentially erasing its tracks.
"Unlike the previous variants of this fake antivirus, no administrator's password is required to install this program," Intego researchers said in an advisory. "Since any user with an administrator's account -- the default if there is just one user on a Mac -- can install software in the Applications folder, a password is not needed."
The downloader then installs the new MacDefener version, MacGuard, downloaded by the avRunner application from an IP address hidden in an image file.
Intego researchers say that users should be wary of Web pages that appear to be a Finder window.
"Leave the page, and quit your Web browser. If anything has downloaded, and the Installer application has opened, quit it right away; look in your Downloads folder for the file, then delete it," Intego said.
Apple issued an advisory earlier this week warning users of the MacDefender virus , saying that "In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants."
Security experts question how Apple will keep up with what appears to be a constant stream of MacDefender variants -- a tactic which emulates the myriad of fake antivirus attacks on the Windows platform.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Posted by Avik Sarkar On 4/22/2012 02:21:00 pm

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Massive Flashback botnet that hit more than 60K Mac PC world wide originated from hacked and malware-rigged WordPress blog sites. Researchers figure out there were between 30,000 and 100,000 WordPress sites infected in late February and early March, 85% of which are in the United States.
Kaspersky Lab researchers say the infected WordPress blog sites were rigged with code that silently redirected visitors to a malicious server. "When the connection was made to the malicious server, that server would determine which OS was running and serve exploits accordingly," says Roel Schouwenberg, senior researcher for Kaspersky. It was a pay-per-install scheme to spread malware, including the Flashback Trojan.
Most researchers say a gradual decline in machines infected by the Trojan is still underway: As of Thursday, there were about 140,000 infected Macs still out there, according to Symantec, and Kaspersky says it sees only about 30,629 Flashback-infected bots in its sinkhole. Still on the horizon, too, is the possibility of a Flashback comeback, with the command-and-control servers sending their bots updates. "We are watching the command-and-control domains used to control this botnet for any updates ... We haven't seen any new updates being delivered," said Liam O Murchu, manager of operations for Symantec Security Response. "Flashback generates new domains every day, which shows us the attackers have probably written malicious code before. They are aware that their botnet could be taken down with a single domain, so they generate a new one every day." To see the full story click here


Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

TDL is Targeting Windows PC, Experts are saying that "it is almost indestructible"

Posted by Avik Sarkar On 7/05/2011 10:05:00 pm


More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible". The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down. targeting
Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.
Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.
The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus. The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus. "The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.
Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.
A botnet is a network of computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims' PCs or use the machines to send out spam or carry out other attacks.
The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files. The virus installs itself in a system file known as the master boot record. This holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.
The biggest proportion of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.
However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down.
The makers of TDL-4 have cooked up their own encryption system to protect communication between those controlling the botnet. This makes it hard to do any significant analysis of traffic between hijacked PCs and the botnet's controllers.
In addition, TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.
"For all intents and purposes, [TDL-4] is very tough to remove," said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld. "It's definitely one of the most sophisticated botnets out there."
However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

-News Source (BBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple’s Based Networks are More Vulnerable to Attack than Windows (BH 2011)

Posted by Avik Sarkar On 8/05/2011 10:01:00 pm


For many years, Apple enjoyed security through obscurity. The market share for Mac computers was so small that malware creators bypassed it to go after the much bigger target, Microsoft Windows. Not anymore.
Apple’s market share has been slowly rising and the popularity of the iPhone has put Apple’s products into the spotlight. Hackers are taking notice and they’re figuring out that Apple’s computers have security vulnerabilities, some of them more severe than Windows machines, according to a talk by the iSEC Partners security consulting team at the Black Hat security conference today.
Alex Stamos (pictured), Paul Youn, and B.J. Orvis of iSEC Partners said in their talk that it is possible for hackers to penetrate a network of Apple Mac computers and lurk undetected while gathering data. They concluded that there were so many vulnerabilities on the networking level that Mac machines could be considered more vulnerable than Windows machines.
Apple has not yet responded to a request for comment. At Black Hat, there will also be talks about the vulnerabilities of other operating systems, including Windows. In years past, security researchers have blamed Microsoft for producing vulnerable Windows code. And immediately following the Apple talk, security researchers had another talk about hacking Google’s Chrome operating system.
“This is all changing,” Stamos said. “If [recent hacking events] tell us anything, it’s that any computer is vulnerable to attack.”
The iSEC team said they looked at attacks on the Mac and its latest operating system, code-named Lion, or OS X version 10.7, from the perspective of Advanced Persistent Threats, or long-term security break-ins on networks of computers. They showed examples of the vulnerabilities and detailed proof that they had hacked into the operating system.
The category of Advanced Persistent Threats is a hot one because Google discovered that, under Operation Aurora, dozens of companies were compromised over a long period of time. And McAfee reported today that a similar attacked, dubbed Operation Shady RAT, compromised a total of 72 governments and corporations over a five-year period.
A network of Mac computers can be compromised in the usual way, iSEC’s Stamos said. A single user can be tricked out of giving up a username and password through social engineering or targeted “phishing attacks,” or attacks that use a believable ruse to get you to enter your username and password, which is then captured and compromised by the hackers.
Once inside the network, Stamos said that it is easy for the attacker to escalate the privileges he or she has on the network. That is where Apple’s operating system falls down in comparison to Windows. ”Once you have access, you can compromise the networking,” Orvis said. “Network privilege escalation is where it really gets bad on the Mac.”
The security researchers said that Apple has made improvements to security in version 10.7 of OS X, such as putting applications in a “sandbox,” or isolating them so that they can run (or crash) without taking down the rest of the operating system. Still, the researchers said they had figured out a couple of different ways to compromise the security of Macs through a test program dubbed Bonjoof. They said that it’s possible to lurk on a network and cover your tracks so that intelligence can be gathered on a network over time.
“All of Apple’s major authentication protocols suffer” from some kind of weakness, Orvis said.
There are ways to deal with the vulnerabilities, but company security professionals have to know how to use security forensics technology, which can take a long time. In the meantime, attackers can detect the forensics tools and react to their usage in an attempt to hide. The security researchers said they did talk with Apple about the vulnerabilities they found and communicated a number of ideas about how to improve the security of Apple’s computers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Browser history vulnerable to JavaScript snooping

Posted by Avik Sarkar On 4/25/2011 01:00:00 am

Despite many of us willingly letting the online world have regular glimpses into our so-called private lives through social media portals, most would cry foul if such information was collected without our consent or knowledge. Researchers have just completed a study of scripting code contained within the documents used to display web pages in browsers and found evidence of something called history sniffing. This is where website owners gain access to browser history to track your progress around the web.
There's been quite a lot of discussion of late about the privacy issues surrounding history sniffing but the study by researchers from Jacobs School of Engineering at the University of California, San Diego is believed to be the first empirical analysis of history sniffing online.
"Nobody knew if anyone on the Internet was using history sniffing to get at users' private browsing history. What we were able to show is that the answer is yes," said University of California, San Diego computer science professor Hovav Shacham.

Colorful history

You may have noticed when hopping from site to site around the web that some links are shown in blue and others in purple. The former color is often used to indicate site yet to be visited and the latter, those which you've already been to. Some websites are embedded with special JavaScript code that has a sneaky peek at the browser history and looks for evidence of that color change to record where you've been recently.
This information can then be used by website owners to check if you've been comparing their page or products with any competitors and develop an appropriate marketing strategy. For instance, say you're shopping for a new laptop and are looking to compare prices. If you land on a web page that's using the JavaScript sniffing code, the owner of that page would be able to learn which competitors you've been checking out - without your knowledge – and perhaps adjust pricing to suit.
Nothing wrong with that, you might say, helps to push prices down and encourages competition to the benefit of consumers. Well, yes – it could all be quite innocent but what if the code was used by some unsavory character to build user profiles for phishing scams? If someone were to learn which online banking service you used for example, then a fake page could be set up and an authentic-looking email sent to your webmail Inbox. You then click on the link and there goes your login details.
University of California, San Diego's computer science professor Sorin Lerner said: "We want to let the broad public know that history sniffing is possible, it actually happens out there, and that there are a lot of people vulnerable to this attack."

Identifying the sniffers

The dynamic flow engine for JavaScript was developed by Ph D student Dongseok Jang and used by the researchers to crawl through the top-ranked websites, according to Alexa global website rankings. The tool analyzed the code running on a web page and identified and tagged all instances where the browser history was being checked. They found that 485 of the 50,000 sites checked used code to inspect the style properties that can be used to infer the browser's history.
Although most of the tagged information never got sent over the network back to company servers, the researchers "confirmed that 46 of them are actually doing history sniffing, one of these sites being in the Alexa global top 100." What was done with the data once it got back to the website owners is not known.
While not posing as significant a risk to privacy as, say, malware or session hijacking, Stracham said that "history sniffing is unusual in effectively allowing any site you visit to learn about your browsing habits on any other site, regardless if the two sites have any business relationship."
He thinks that "people who have updated or switched browsers should now worry about things other than history sniffing, like keeping their Flash plug-in up to date so they don't get exploited. But that doesn't mean that the companies that have engaged in history sniffing for the currently 60 percent of the user population that is vulnerable to it should get a free pass."

Keeping up to date

The researchers point out that the latest versions of some browsers – such as Firefox, Chrome and Safari – now block history sniffing, but others (most notably Internet Explorer) do not. They recommend keeping up to date with the latest versions of web browsers to make sure that you benefit from any newly implemented security measures.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Washington D.C. Online Voting System Hacked in Less Than 48 hrs

Posted by Avik Sarkar On 3/16/2012 07:33:00 pm

Washington D.C. Online Voting System Hacked By Researchers Of Michigan University in Less Than 48 hrs
The security functions of a pilot project for online voting in Washington D.C. compromised. Researchers at the University of Michigan have reported that it took them only a short time to crack the security of the whole function. "Within 48 hours of the system going live, we had gained near complete control of the election server", the researchers wrote in a paper that has now been released. "We successfully changed every vote and revealed almost every secret ballot." - Said the researchers.
The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose. In 2010, the developers of the municipal e-voting system that enables voters living abroad to vote via a web site, invited security experts to conduct tests. The university researchers say that the project was developed in cooperation with the Open Source Digital Voting Foundation (OSDV) and that other US states have also worked on services similar to Washington's "Digital Vote-by-Mail Service". They also praise the system's transparency as exemplary but point out that its architecture has fundamental security weaknesses and was not able to withstand a shell injection and other common hacker techniques. The security experts investigated common vulnerable points such as login fields, the virtual ballots' content and filenames, and session cookies – and found several exploitable weaknesses. Even the Linux kernel used in the project proved to have a well known vulnerability.

  



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

iPhone Can Be Used As Spyware & Can Snoop Desktop Typing

Posted by Avik Sarkar On 10/20/2011 11:12:00 pm



A team of researchers at Georgia Tech have demonstrated how they were able to spy on what was typed on a regular desktop computer's keyboard via the accelerometers of a smartphone placed nearby. Normally when security researchers describe spyware on smartphones, they mean malicious code that can be used to snoop on calls, or to steal the data held on mobile phones.
In this case, however, researchers have described how they have put software on smartphones to spy on activity outside the phone itself - specifically to track what a user might be doing on a regular desktop keyboard nearby. It sounds like the stuff of James Bond, but the researchers paint a scenario where a criminal could plant a smartphone on the desk close to their target's keyboard and use specialist software to analyse vibrations and snoop on what was being typed. It's a quite beautiful twist on how bad guys could use microphones to "hear" keystrokes and spy on your passwords.
Patrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.
"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."
Indeed, a photograph of the researcher shows him posing with what appears to be an Android smartphone.

The study's authors also determined that because the smartphone had to be within a range of just three inches from the keyboard, phone users who left their phones in their pockets or purses, or simply moved them further from the keyboard would be well defended.
The researchers admitted that the likelihood of an attack of this nature "right now is pretty low", and I'm not planning to lose any sleep over the threat. Nevertheless, if you manage to get the chance do take some time to read the paper: "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers"

-News Source (NS, Computer World, Georgia Tech's School)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researchers Found Backdoor in FPGA Chip Used By US Military

Posted by Avik Sarkar On 5/31/2012 07:13:00 pm

Researchers Found Backdoor in FPGA Chip Used By US Military

A researchers team from Cambridge University has figure out that a Chinese-manufactured chip used by US armed forces contains a secret access point that could leave it vulnerable to third party tampering. But the backdoor in the FPGA chip is real, probably part of the manufacturer's debugging hardware, and is unlikely to be easily disabled. The researchers tested an unspecified US military chip — used in weapons, nuclear power plants to public transport – and found that a previously unknown ‘backdoor’ access point had been added, making systems and hardware open to attack, the team says. According to Sergei Skorobogatov, researcher of Cambridge University - "We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure."
The news comes at a time when Chinese cyber-spying threats are a particular concern. Chinese telecom manufacturers ZTE and Huawei are already under investigation from the US government, which is assessing whether the duo’s telecom businesses pose a national security threat. The Cambridge researchers did not name the company that developed the chip tested, nor did they provide more specific details of its usage. The draft of the associated paper gave more details though. Firstly, the chip in question was a Actel/Microsemi ProASIC3 chip, a "military grade" FPGA (Field Programmable Gate Array) which has a 128-bit AES encryption key to protect its contents and configuration, the intellectual property (IP) of the chip programmer. The chip is not an "American military chip" but an off-the-shelf component used in a wide variety of applications, including US military applications, and its encryption capabilities are specifically designed to only protect the IP.


-Source (The Next Web & The-H)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Experts Are Saying: Project 25 Mobile Radios Are Vulnerable

Posted by Avik Sarkar On 8/27/2011 02:51:00 am


Many users don’t know how to use encryption, and radios can be jammed with a child’s toy. A paper presented at this year’s APCO conference showed the vulnerability of some new and expensive encrypted digital mobile radios, particularly those used by federal law enforcement agencies. The researchers from the University of Pennsylvania found that it was very easy to monitor sensitive law enforcement operations, that users either didn’t turn on their encryption or thought their transmissions were encrypted when they weren’t, and that a $30 child’s toy could corrupt the radios’ signals enough to make them useless. They also found a way to make the radios transmit at will, so that direction-finding equipment could be used to determine their location.
The radios with the identified problems operate on a relatively new protocol called Project 25 (P25). P25 is an initiative of the Association of Public Safety Communications Officers (APCO) and both users and manufacturers of radio equipment. P25 radios use digital transmissions on channels spaced 12.5KHz apart in the UHF and VHF bands. One of the objectives of P25 is to expand the number of channels available for use in the crowded radio spectrum. Presently, federal law enforcement agencies are the biggest users of P25 equipment, but other public safety organizations are adopting the standard as they replace their “legacy” radios. Eventually, all users in the VHF and UHF bands will be required to go to P25 equipment, as their licenses to operate on the broader channels and with analog equipment won’t be renewed by the FCC.
Traffic over P25 equipment is transmitted in digital form, as bits of ones and zeros, rather than as an analog waveform as with older radios. The body of voice or data traffic is preceded and followed by several data frames of different lengths that identify the source, the type of information (voice or data) that follows, and when the traffic is encrypted, encryption keys that prevent the transmission from being heard by a radio which doesn’t have the matching codes. The authors of the paper found that the markings on the radios that turned the encryption on or off were so cryptic themselves that many of them thought they were transmitting encrypted, when they were actually sending “in the clear.” The knobs and indicators for encryption were poorly located, making it easy to turn encryption on and off while adjusting the volume or changing radio channels.

There are blocks of frequencies allocated for the exclusive use of federal law enforcement agencies. These are allocated by the National Telecommunications and Information Administration, and are not published, as are FCC-allocated channels. The allocation is made by both region and user agency, so that a channel used by the FBI in New York might be the one used by the U.S. Forest Service in Boise. Even though the assignments are confidential, the researchers were able to scan the federal bands in two large U.S. cities and monitor ongoing operations at length. The encryption problem became obvious, as users openly discussed names and descriptions of informants, appearance and vehicles of undercover agents and surveillance operators, and plans for raids and arrests. The researchers used a $1000 bench-type receiver, but indicated that the same task could be accomplished with gear from Radio Shack.
Techies are familiar with the acronym “RTFM,” or “Read the [Bleeping] Manual.” The manual for a P25 radio from one well-known manufacturer is 150 pages long. On top of that, most P25 radios are user-configurable, so that combinations of button presses and switch settings set the radio to work in specific ways the owner agency thinks is appropriate. The net effect is that — in addition to the 150-page manual — each agency has to publish their own user manual if they want their users to understand all the functions of the radio and how to use them. Of course, getting the users to read those manuals is another matter.

Digital communications has several advantages over analog, one being that if a portion of a transmission is not received or corrupted in sending, an error-correction protocol identifies it and sends a request for a re-send. The University of Pennsylvania researchers found they could manipulate this mechanism and send a string of renegade error messages to a radio, triggering a string of retransmit requests. There would be no retransmit, as the messages pointed to a nonexistent message stream, but the nearly continuous transmission could be used with a direction finder to pinpoint the location of the radio. Someone who was running countersurveillance on law enforcement users would be able to tell by this method when officers were active, and where they were.

A variation on the data packet manipulation worked to disable the radios entirely. The researchers purchased a toy text messaging device called an IM-Me http://uk.girltech.com/electronics-imMe.aspx , which sends and receives text messages between a computer and the toy, which looks like a text pager. By loading some custom firmware onto the device, it could be set to transmit corrupted data packets to P25 radios and confound their reception. The device had to transmit these packets for milliseconds at a time, making it very difficult to locate and identify.
The authors of this paper are all “good guys” who have no agenda for compromising public safety communications, but if they can produce the hardware and software necessary to manipulate P25 radios, you can bet someone with less honorable motives can, as well. These new P25 radios are expensive; one available from Midland costs $3295. Hopefully, that custom-configuration capacity can be used to modify the radio firmware and close some of these security gaps. In the meantime, if your agency is using or contemplating a purchase of P25 radios, you should revisit your security procedures and contact your vendor to determine how vulnerable your communications may be.

-News Source (Tim Dees & Police One)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Chrome OS Has Security Hole (Black Hat 2011)

Posted by Avik Sarkar On 8/05/2011 07:20:00 pm


Black Hat Google has billed its Chrome operating system as a security breakthrough that's largely immune to the threats that have plagued traditional computers for decades. With almost nothing stored on its hard drive and no native applications, there's no sensitive data that can pilfered and it can't be commandeered when attackers exploit common software vulnerabilities.
But according to two researchers who spent the past few months analyzing the Chrome-powered Cr-48 beta released in December, the browser-based OS is vulnerable to many of the same serious attacks that afflict people surfing websites. As a result, users remain susceptible to exploits that can intercept email, documents, and passwords stored on centralized servers, many of which are maintained by Google.
“Even though they put these awesome security protections in place, we're just moving the security problems to the cloud now,” Matt Johansen, a researcher with WhiteHat Security, told The Register. “We're moving the software security problem that we've been dealing with forever to the cloud. They're doing a lot of things right, but it's not the end all and be all for security.”
Virtually all of the threats identified by Johansen and his WhiteHat colleague Kyle Osborn stem from Chrome's reliance on extensions, which are essentially web-based applications. A fair number of the extensions they analyzed contain XSS, or cross-site scripting, bugs, which have the potential to inject malicious code and content into a visitor's browser and in some cases steal credentials used to authenticate user accounts.
As they went about testing what kind of attacks various XSS vulnerabilities could allow, Johansen and Osborn noticed something curious: a bug in one extension often allowed them to hijack the communications of a second extension, even when the latter one had no identifiable security flaws. At the Black Hat security conference in Las Vegas on Wednesday, they demonstrated this weakness by exploiting an XSS hole in one extension to steal passwords from an otherwise secure account on cloud password storage service LastPass.
“If any of the other vulnerable extensions have an XSS hole, we can utilize JavaScript to hijack that communication,” Johansen said. “LastPass is doing absolutely nothing wrong here. You can have an extension that's perfectly fine, but if you have another that has a cross-site scripting error in it we can still access information in secure applications.”
The discovery has generated a quandary for the researchers.
“Whose problem is this to fix?” Johansen continued. “We don't really have an answer for that. LastPass did everything correctly. It's the other extension developers that developed an extension with a vulnerability in it.”
After being informed of the specific attack, LastPass made changes to its Chrome extension that prevented it from being carried out, so it's reasonable to assume extension makers foot some of the responsibility for preventing their apps from being compromised by others. But Johansen couldn't rule out the possibility that vulnerabilities and other apps could probably make LastPass vulnerable again. He said Google might be able to fix the problem by overhauling the application programming interfaces extension developers use.
The researchers also demonstrated an XSS vulnerability in Scratchpad, a text-editor extension that's bundled with Chrome. By sharing files with names containing JavaScript commands stored on Google Docs they were able to obtain the Google session cookies of anyone who used a Chromebook to view the documents. An attacker could exploit the vulnerability to read a victim's email, or to send instant messages to everyone on the victim's contact list. If any of the contacts are using Chromebooks, they could be similarly vulnerable to booby-trapped filenames stored on Google Docs.
A Google spokeswoman defended the security of Chromebooks and said the vulnerabilities enumerated by the researchers weren't unique to the cloud-based OS. In an email, she issued the following statement:
This conversation is about the web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.
The researchers stressed Google engineers were extremely quick to fix the Scratchpad vulnerability and awarded them a $1,000 bounty for their report. But they remain convinced that the security of Chrome OS in many cases is only as strong as its' weakest extensions. They also pointed out that penetration-testing tools such as the Browser Exploitation Framework could be used to help streamline attacks in much the way Metasploit is used to manage exploits for traditional machines.
And, Johansen said, Chrome hacking through XSS may be only the beginning, since the flaws are among the easiest to find and exploit.
“Who knows what we're going to be looking for months or years from now when Google can figure out a way to thwart the cross-site scripting threat,” he said. “Why would we be trying to write buffer overflows when we can just write a simple JavaScript command.” 
-News Source (The Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vasilis Pappas Won 'Blue Hat' Security Contest & Grand Prize of $200,000 From Microsoft

Posted by Avik Sarkar On 7/30/2012 01:52:00 am

Vasilis Pappas Won 'Blue Hat' Security Contest & Grand Prize of $200,000 From Microsoft

Earlier in last year software giant Microsoft started Blue Hat security contest. BlueHat Prize was globally  announced by the company at the 2011 Black Hat security conference in Las Vegas, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. 
This year Microsoft awarded a bunch of hackers and gave away an amount of  $260,000. 'Hackers' in the good sense here, the clever programmers who won its Blue Hat security contest, including a grand prize of $200,000

The big prize was awarded to a PhD student at Columbia University, Vasilis Pappas, who was handed the check in an American Idol-style contest finale complete with loud music and confetti. The winners were announced during a party at the Black Hat hackers conference 2012 that just happened this week in Las Vegas. Two other guys took home significant prizes, too. Ivan Fratric, a researcher at the University of Zagreb in Croatia, got $50,000 and Jared DeMott, a Security Researcher for Harris Corp. won $10,000.
They all submitted ideas to help solve a really hard security problem called Return-Oriented Programming. ROP is a hacker technique that is often used to disable or circumvent a program's computer security controls. Twenty people submitted ideas in the contest. Without getting into too much technical detail, Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running. It's become popular these days to pay security researchers bounties. But what's cool about the Blue Hat contest is that it paid the researcher for actually coming up with a fix to a problem. Not only Microsoft, other compaines- GoogleFacebook, Paypal & many more already have their "Bug Bounty" program, where they reward researchers for simply identifying flaws in thier system. But by contrast Microsoft and Adobe don't pay bounties. Here Microsoft promised that this first Blue Hat prize won't be its last, So this may be a sign of a smart new approach to engaging with security researchers for the software giant. 


-Source (Microsoft & Business Insider)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search