Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java. 

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.

• Web Browser
• Google Chrome on Windows 7 ($100,000)
• Microsoft Internet Explorer, either
• IE 10 on Windows 8 ($100,000), or
• IE 9 on Windows 7 ($75,000)
• Mozilla Firefox on Windows 7 ($60,000)
• Apple Safari on OS X Mountain Lion ($65,000)
• Web Browser Plug-ins using Internet Explorer 9 on Windows 7
• Adobe Reader XI ($70,000)
• Adobe Flash ($70,000)
• Oracle Java ($20,000)

The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.

Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.

Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-

Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars"https://www.voiceofgreyhat.com/2013/01/Pwn2Own-2013-Hack-and-Earn-in-Million.html</a>

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

The Redmond based software giant Microsoft issued an urgent security advisory to address vulnerabilities in its popular web-browser that is Internet Explorer.  Few of days new “zero day” security hole in IE was discovered which could potentially allow hackers to take over control of your system when all you've done is visit an infected website. The vulnerability affects IE versions 6, 7 and 8. Though the latest versions of the browser, that means IE 9 and 10, are not affected. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” Microsoft said in its statement. The statement went on to say, “an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.”

On its advisory Microsoft first issued warning of the problem, which involves how IE accesses "an object in memory that has been deleted or has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code. Security vendor Symantec described such a scenario as a "watering hole" attack, where victims are profiled and then lured to the malicious site. Last week, one of the websites discovered to have been rigged to delivered an attack was that of the Council on Foreign Relations, a renowned foreign policy think tank. 

While talking about IE and its bugs, then we would like to remind you that couple of weeks ago, Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized. That time the software giant ignored that particular issue. But here they take this one bit seriously; So if you still using the older and affected version of IE, then its time to update your browser, in order to stay safe and secure on the Internet. To update your browser or to access the security fix click Here. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed"https://www.voiceofgreyhat.com/2013/01/Vulnerability-in-Internet-Explorer-Fixed.html</a>

Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor

Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor, Still Microsoft is Apathetic 

Yet again Microsoft Internet Explorer have fallen victim in front of hackers. Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized  The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads. Spider.io said -The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.

As a user of Internet Explorer, your mouse movements can be recorded by an attacker even if you are security conscious and you never install any untoward software. An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit. This is not restricted to lowbrow porn and file-sharing sites. Through today’s ad exchanges, any site from YouTube to the New York Times is a possible attack vector. Indeed, the vulnerability is already being exploited by at least two display ad analytics companies across billions of webpage impressions each month. As long as the page with the exploitative advertiser’s ad stays open—even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer—your mouse cursor can be tracked across your entire display.

Vulnerability Disclosure
Package: Microsoft Internet Explorer
Affected: Tested on versions 6–10
BugTraq Link: seclists.org/bugtraq/2012/Dec/81

Spider.io has set a demo page to demonstrate how the vulnerability is working. According to sources, Microsoft Security Research Center has acknowledged the vulnerability, but unfortunate that Microsoft are not in a hurry to patch this vulnerability in existing versions of its popular browser. "There are no immediate plans to patch this vulnerability in existing versions of the browser."  said MSRC

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor "https://www.voiceofgreyhat.com/2012/12/IE-Vulnerability-Allowing-Hackers-to-Track-Mouse-Cursor.html</a>

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)

The searching giant Google finally included the Do Not Track (DNT) option into its first stable version of the company's browser which is Google Chrome 23. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser.  Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. Also the Redmond based software giant drew some criticism recently for its decision to enable Do Not Track by default in IE 10. First it was Mozilla who proposed the Do Not Track mechanism, in Firefox in June 2011 when it released Firefox 5. The DNT option is disabled by default in Chrome and in order to turn it on, users need to go to the customization menu in the top right corner of the browser window. Then click on the Settings option in the left side and scroll down to open the Advanced Settings menu. Under the Privacy menu, check the box next to the "Send a 'Do Not Track' request with your browsing traffic" option. Once that option is enabled, the user will see a message explaining what the DNT system will do for them.

Not only DNT, with the release of Chrome 23, Google closes several security holes and promises to improve battery life for some users. For systems with dedicated graphics chips that support Chrome's GPU-accelerated video decoding, version 23 of the WebKit-based browser is said to significantly reduce power consumption. According to Google, batteries lasted on average 25% longer in its tests when GPU-accelerated video decoding was enabled compared to only using a system's CPU when streaming online videos. Version 23 of Chrome also addresses a total of 15 security vulnerabilities in the browser, 6 of which are rated as "high severity". These include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk have also been corrected. As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a number of critical vulnerabilities, all of which were discovered by the Google Security Team. Further information about the new features can be found in the release announcement, while a full list of security fixes is provided in a post on the Chrome Releases blog. Chrome 23.0.1271.64 is available to download for Windows, Mac OS X and Linux users. 

-Source (Google Chrome Blog, The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)"https://www.voiceofgreyhat.com/2012/11/Chrome23-With-Longer-Battery-Life-Do-Not-Track.html</a>

Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)

Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched

Adobe- American multinational computer software company has released new versions of its Flash Player to eliminate a number of critical vulnerabilities  in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the security bulletin Adobe said that it has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe recommends users update their product installations to the latest versions:-

• Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
• Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
• Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
• Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
• Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.

AFFECTED SOFTWARE VERSIONS:- 

• Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.243 and earlier versions for Linux
• Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.  To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Adobe also recommended its Adobe AIR users to update  to 3.5.0.600.
While talking about security patches in Adobe product, we want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)"https://www.voiceofgreyhat.com/2012/11/Adobe-Patches-Security-Holes-in-Flash-Player-AIR.html</a>

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Everyday the users of Microsoft newly launched and so far most advanced windows operating system, I mean Windows 8 are increasing. But we have to keep in mind the security threats are also increasing in parallel. Recently well known French IT security firm Vupen, also known as controversial bug hunters and exploit sellers claimed to have Zero-day exploit of Windows 8. Experts at Vupen Security took credit of cracking the low-level security enhancements featured in Windows 8, Microsoft's latest operating system. According a tweet made by the official account of Vupen Security said it already has a Windows 8 exploit on offer. "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" 

Apparently, the exploit combines several unpatched (0-day) security holes in the new version of Windows and the bundled Internet Explorer 10 browser to inject malicious code into systems via specially crafted web pages. Also VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled. “We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Bekrar wrote. 

The exploit allegedly bypasses all of Windows 8's malware protection features: for example the Address Space Layout Randomization (ASLR) function that Microsoft has extended in the current edition of Windows to cover more system areas and offer improved randomisation. Vupen claims that the exploit also bypasses the Data Execution Prevention (DEP) and ROP features as well as Internet Explorer's sandbox-like Protected Mode. A patch for the exploited holes may not become available in the foreseeable future: Vupen said that it discovered the vulnerabilities itself and doesn't plan to disclose them to Microsoft. The company is only offering its exploit to its paying customers, among them government investigation authorities. Should Microsoft close the holes, the elaborate exploit would significantly decrease in value.

-Source (The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10"https://www.voiceofgreyhat.com/2012/11/VUPEN-Researchers-Have-0Day-Exploit-for-Windows8-IE10.html</a>

Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk

Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk

Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco yet again another critical Java vulnerability has been spotted in the wild.  The Polish security researcher Adam Gowdiak has found another vulnerability in Java that could allow an attacker to bypass the sandbox. This newly discovered security hole has effected all latest versions of Oracle Java SE software. According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects “one billion users of Oracle Java SE software.” So far the researcher were able to successfully exploit the vulnerability and achieve a complete Java security sandbox bypass 

in the environment of Java SE 5, 6 and 7. Researcher could only claim such an impact with reference to Java 7 environment (the 

Apple QuickTime attack relying on Issues 15 and 22 is the only exception here). 

The following Java SE versions were verified to be vulnerable:

• Java SE 5 Update 22 (build 1.5.0_22-b03)
• Java SE 6 Update 35 (build 1.6.0_35-b10)
• Java SE 7 Update 7  (build 1.7.0_07-b10)

All tests were successfully conducted in the environment of a fully patched Windows 7 32-bit system and with the following web browser applications:

• Firefox 15.0.1
• Google Chrome 21.0.1180.89
• Internet Explorer 9.0.8112.16421 (update 9.0.10)
• Opera 12.02 (build 1578)
• Safari 5.1.7 (7534.57.2)

So far there are no reports that the vulnerability is being exploited for attacks. Oracle has not said whether or when it will close the vulnerability. Here we want to remind the very recent history, when several zero day vulnerability was found in all the version of java, which was added on BlackHole Exploit kit. Later Oracle released a patch to close the security hole. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk"https://www.voiceofgreyhat.com/2012/09/Researcher-Figureout-Yet-Another-Java-Hole.html</a>

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social Engineer Toolkit also known as SET gets another update. Now we have Social Engineer Toolkit version 4.0 codename “Balls of Steel” is officially available for public consumption. In his official blog; Trusted Sec, the developper of SET has claimed that this version of SET is the most advanced toolkit till today. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes. 

Lets talk about some highlights and the new major features of SET 4.0- the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). A new teensy payload has been added from the Offensive-Security crew – the auto-correcting attack vector with DIP switch and SDcard “Peensy”. The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads.

Full Changelog of The Social-Engineer Toolkit (SET) 4.0:- 

•  Added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu.
•  Optimized the new attack vector into SET with standard core libraries
•  Added the source code for pyinjector to the set payloads
•  Added an optimized and obfuscated binary for pyinjector to the set payloads
•  Restructured menu systems to support new pyinjector payload for Java Applet Attack
•  Added new option to SET Java Applet – PyInjector – injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim
•  Added base64 encoded to the parameters passed in shellcodexec and pyInjector
•  Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder – native base64 decoding in Java is the suck
•  Java Applet redirect has been fixed – was a bug in how dynamic config files were changed
•  Fixed the UNC embed to work when the flag is set properly in the config file
•  Fixed the Java Repeater which would not work even if toggled on within the config file
•  Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet
•  Added anti-debugging protection to pyinjector
•  Added anti-debugging protection to SET interactive shell
•  Added anti-debugging protection to Shellcodeexec
•  Added virtual entry points and virtualized PE files to pyinjector
•  Added virtual entry points and virtualized PE files to SET interactive shell
•  Added virtual entry points and virtualized PE files to Shellcodeexec
•  Added better obfsucation per generation on SET interactive shell and pyinjector
•  Redesigned Java Applet which adds heavily obfsucated methods for deploying
•  Removed Java Applet source code from being public – since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet
•  Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack
•  Added double base64 encoding to make it more fun and better obfuscation per generation
•  Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit
•  Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place
•  Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place
•  Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment
•  Fixed a bug that would cause custom imported executables to not always import correctly
•  Fixed a bug that would cause a number above 16 to throw an invalid options error
•  Added better cleanup routines for when SET starts to remove old cached information and files
•  Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE
•  Centralized more routines into set.options – this will be where all configuration options reside eventually
•  Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet.
•  The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming
•  The cloner file has been cleaned up from a code perspective and efficiency
•  Added better request handling with the new urllib2 modules for the website cloning
•  Added user agent string configuration within the SET config and the new urllib2 fetching method
•  Added a pause when generating Teensy payloads
•  Added the Offensive-Security “Peensy” multi-attack vector for the Teensy attacks
•  Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors
•  Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly
•  Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed

To Download The Social-Engineer Toolkit (SET) 4.0 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released"https://www.voiceofgreyhat.com/2012/09/Social-Engineer-Toolkit-4.0-Released.html</a>

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.

Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.

• Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
• Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones

• Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.

Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability"https://www.voiceofgreyhat.com/2012/09/Microsoft-Issues-fixit-To-Close-IE-0day-Vulnerability.html</a>

Google Added Do Not Track (DNT) Facility in Chrome (User Privacy Implemented)

Google Added Do Not Track (DNT) Facility in Chrome Web-Browser (User Privacy Implemented)

Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. So here comes the turn for Chrome. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser, while promising to respect DNT headers set by visitors to its web site. 

First it was Mozilla who proposed the Do Not Track mechanism, later it has been garnered support from all major browser makers and a majority of the technology industry. 

Users who want to take advantage of the new DNT capabilities in Chrome will have to install the latest "bleeding edge" developer build in the form of the Chrome Canary branch. However, this version is not recommended for use in production environments. Users who are running a stable version of the browser will have to wait some months for the feature to arrive in the mainstream version.

"Do Not Track" is a tool that allows browser users to restrict advertisers from collecting information about their online Web activities. It has the backing of the U.S. Federal Trade Commission. Browsers with "Do Not Track" turned on don't block cookies but send a message to advertisers that the user does not want to be tracked. Companies voluntarily decide whether to comply with "Do Not Track," much as they currently decide whether to comply with the "Do Not Call" registry. Microsoft's announcement that it would turn on "Do Not Track" by default in IE10 angered advertisers. "The Digital Advertising Alliance, a coalition that counts Microsoft as a member, said that the decision ran counter to the industry's agreement with the White House announced earlier this year to honor 'do not track' as long as it is not a default setting," many international standards bodies.

-Source (The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Added Do Not Track (DNT) Facility in Chrome (User Privacy Implemented)"https://www.voiceofgreyhat.com/2012/09/Google-Added-Do-Not-Track-DNT-Facility-in-Chrome.html</a>

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)

Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at  Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer preview, developer preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. 

"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

-Source (Computer World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)"https://www.voiceofgreyhat.com/2012/09/Windows8-Users-are-Vulnerable-to-Active-Flash-Exploits.html</a>

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  

Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:

•  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
•  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
•  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
•  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 

Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again"https://www.voiceofgreyhat.com/2012/09/Google-Hackers-Who-Unleashed-Hydraq-Trojan-Strikes-Again.html</a>

Microsoft Unveils Windows Phone 8 Codenamed “Apollo”

Microsoft Unveils Windows Phone 8 Codenamed “Apollo”

Few days ago in a report we have said that Microsoft is expected to launch it's own tablet (Microsoft Surface) while aiming to compete with iPad. Redmond based software and hardware giant just unveiled the next big step in its mobile software, Windows Phone 8 codenamed “Apollo” Windows Phone 8 brings the platform in line with other mobile OSes by adding support for muti-core processors, higher screen resolutions and newer wireless technologies like near field communication (NFC). Importantly, Microsoft has re-coded Windows Phone from the ground up for the new version. Previous versions of Windows Phone were based on Microsoft’s old mobile OS, Windows CE, but now the platform will share the same source code as the company’s coming desktop OS, Windows 8. That has big consequences for developers and consumers. For developers, it will be extremely easy to create a Windows Phone app if they already have a Windows 8 app that runs in the Metro environment (and vice versa). For consumers, it means more apps and better hardware to run them. It also has the effect of rendering every current Windows Phone obsolete, since those phones won’t be able to run the new software. They will, however, get an upgrade to Windows Phone 7 to 8. Windows Phone 8 adds support for many new hardware features. The most anticipated is support for multi-core devices, which have become common on both Android and iOS platforms. There’s also support for better screen resolutions, including 720p and 1,280 x 768 (WXGA). That’s not quite retina, but it’s better than the 800 x 480 screen of the Nokia Lumia 900, one of the current leading Windows Phones.

New Features At a Glance :-

• Support for multi-core processors. Existing support for single core has been a major concern for some high-end users wanting faster processing ability.

• Two new high-definition screen resolutions for the coming OS. They are 1280 x 768 and 1280 x 720.

• Removeable micro-SD support for the first time to allow expansion of base storage.

• A busier start screen with room for more live tiles than in Windows Phone 7.5. Today's Windows Phones have room for up to eight live tiles and WP8 will have room for up to 32 live tiles, which can be sized differently.

• IT support. Adminstrators will see some gaps in the existing OS filled, including support for encryption and secure boot in WP8, as well as the ability to allow IT to deploy apps without going through Windows Marketplace.

• Built-in Nokia Navteq map technology, with turn-by-turn driving instructions in many countries.

• Full Internet Explorer 10 support with more features of HTML 5 added. Belfiore said that Windows Phone 8 with IE10 will download Web pages slightly faster than three other popular smartphones on the market.

• Native code support, a feature seen as useful to developers eager to move their apps from iOS or Android to Windows Phone. 

-Source (Mshable & CW)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Unveils Windows Phone 8 Codenamed “Apollo”"https://www.voiceofgreyhat.com/2012/06/microsoft-unveils-windows-phone-8.html</a>

Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET

Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET

Microsoft released June 2012 Security bulletin to close a total of 27 security holes in its products, among them 13 in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync, Windows Kernel and Dynamics AX. The company separately announced changes to its automatic updater to block untrusted security certificates. Microsoft updated the updater tool after researchers uncovered how the Flame malware had gamed the process. The most important updates are bundled in the cumulative Internet Explorer patch (MS12-037), which includes fixes for the holes that were targeted by Pwn2Own exploits. Another urgent update is MS12-036, which concerns denial of service and remote code execution vulnerabilities in the Remote Desktop features built into all supported versions of Windows. The third critical update affects the .NET Framework (MS12-038). The remaining 4 updates are rated "important" by Microsoft and close code execution bugs in Lync and privilege escalation holes in Dynamics AX and Windows.

Through this security bulletin Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET"https://www.voiceofgreyhat.com/2012/06/microsoft-security-bulletin-june-2012.html</a>

Internet Explorer 10 Will Support Do Not Track (DNT) By Default in Windows 8

Internet Explorer 10 Will Support Do Not Track (DNT) By Default in Windows 8

Browser war continues and as a result here come another twist, that is in its recent Windows 8, I mean on Release Preview software giant Microsoft has announced that Internet Explorer 10 will have “Do Not Track” (DNT) on by default. IE 10 will be the first web browser with a Do Not Track feature that's on by default. In their official blog release MS said Consumers can change this setting, but the default will be to send the DNT signal to websites that consumers visit. 

According to Microsoft's Chief Privacy Officer Brendon Lynch - "We've made today’s decision because we believe in putting people first. We believe that consumers should have more control over how information about their online behavior is tracked, shared and used. Consumers should be empowered to make an informed choice and, for these reasons, we believe that for IE10 in Windows 8, a privacy-by-default state for online behavioral advertising is the right approach..." Later he added "We are engaged with the W3C, as we are with many international standards bodies. While we respect the W3C's perspective, we believe that a standard should support a privacy by default choice for consumers"
The company also pointed to minutes from the W3C group working on the draft specs, in which the group's co-chairwoman said: "It will be quite a while before we have a final recommendation with which to comply or not. 

"Do Not Track" is a tool that allows browser users to restrict advertisers from collecting information about their online Web activities. It has the backing of the U.S. Federal Trade Commission. Browsers with "Do Not Track" turned on don't block cookies but send a message to advertisers that the user does not want to be tracked. Companies voluntarily decide whether to comply with "Do Not Track," much as they currently decide whether to comply with the "Do Not Call" registry. Microsoft's announcement that it would turn on "Do Not Track" by default in IE10 angered advertisers. "The Digital Advertising Alliance, a coalition that counts Microsoft as a member, said that the decision ran counter to the industry's agreement with the White House announced earlier this year to honor 'do not track' as long as it is not a default setting," many international standards bodies.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Internet Explorer 10 Will Support Do Not Track (DNT) By Default in Windows 8"https://www.voiceofgreyhat.com/2012/06/internet-explorer-10-will-support-do.html</a>