Showing posts sorted by date for query Opera. Sort by relevance Show all posts
Showing posts sorted by date for query Opera. Sort by relevance Show all posts

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.
But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager. 

Please Note That: The gyalwarinpoche.com site doesn't seem to be as "official" as dalailama.com

While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1'  apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like ChromeChromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk

Posted by Avik Sarkar On 9/28/2012 04:42:00 am

Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk

Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco yet again another critical Java vulnerability has been spotted in the wild.  The Polish security researcher Adam Gowdiak has found another vulnerability in Java that could allow an attacker to bypass the sandbox. This newly discovered security hole has effected all latest versions of Oracle Java SE software. According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software.” So far the researcher were able to successfully exploit the vulnerability and achieve a complete Java security sandbox bypass 
in the environment of Java SE 5, 6 and 7. Researcher could only claim such an impact with reference to Java 7 environment (the 
Apple QuickTime attack relying on Issues 15 and 22 is the only exception here). 





The following Java SE versions were verified to be vulnerable:

  • Java SE 5 Update 22 (build 1.5.0_22-b03)
  • Java SE 6 Update 35 (build 1.6.0_35-b10)
  • Java SE 7 Update 7  (build 1.7.0_07-b10)


All tests were successfully conducted in the environment of a fully patched Windows 7 32-bit system and with the following web browser applications:

  • Firefox 15.0.1
  • Google Chrome 21.0.1180.89
  • Internet Explorer 9.0.8112.16421 (update 9.0.10)
  • Opera 12.02 (build 1578)
  • Safari 5.1.7 (7534.57.2)
So far there are no reports that the vulnerability is being exploited for attacks. Oracle has not said whether or when it will close the vulnerability. Here we want to remind the very recent history, when several zero day vulnerability was found in all the version of java, which was added on BlackHole Exploit kit. Later Oracle released a patch to close the security hole. 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'BackDoor.Wirenet.1' Trojan Stealing Passwords From Mac & Linux Based Systems

Posted by Avik Sarkar On 9/04/2012 03:34:00 pm


'BackDoor.Wirenet.1' Trojan Stealing  Passwords From Mac & Linux Based Systems

A Russian Anti Virus software company named 'Dr Web' has spotted a piece of malware that unusually targeting Macs and Linux-based systems is causing a world of trouble for those in its path. The newly found mlaware dubbed 'BackDoor.Wirenet.1' apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s also able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload. Wirenet.1 installs itself into the user's home directory using the name WIFIADAPT

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected. Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick.  

Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Opera 11.60 Codenamed "Tunny" Released & Major Security Holes Fixed

Posted by Avik Sarkar On 12/08/2011 11:15:00 am


Opera 11.60 Final Version code named "Tunny" has been released by Opera Software. Opera 11.60 boasts three major new features, including revamped Address Bar, browser engine and mail client. Opera, which runs on Windows, Mac and Linux, has long been regarded as a pioneer when it comes to the web browser -- it was the first to introduce tabbed browsing, for example, and is still the only major browser to also include a mail client.
The Address Bar has been revamped to provide an experience similar to rival browsers such as Google Chrome and Mozilla Firefox in providing helpful suggestions as the user starts typing into the Address field. Version 11.60 also introduces a new shortcut, courtesy of a clickable star, to the Address Bar that makes it quick and easy to add the current web page to your Speed Dial or bookmarks menu.
Opera 11.60′s most visible new features are in the mail client’s extensive redesign, which Opera claims brings it in line with the browser’s "featherweight design aesthetic" The layout is cleaner, and messages are now grouped together by date, with options for grouping them by unread or pinned status, or not at all. Messages can also be pinned via a single click, with the pinning mapped to the IMAP \Flagged feature, ensuring compatibility with other IMAP clients, including Gmail’s Starred message status. The Mail toolbars have been simplified and redesigned icons coupled with easier access to the settings dialog (click the new Wrench button) provide weight to Opera’s claim that this makes the client easier to navigate and more intuitive to use. 
In this release opera updated addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to be set for the TLD itself; these cookies could then be read by other sites using that TLD. A problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which could be used for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript "in" operator, have also been fixed.
In addition to the security fixes, Opera 11.60 has a new HTML engine that should, according to its developers, improve loading time for a majority of web sites, including pages using Secure Sockets Layer (SSL) encryption technology. Other changes include a completely revamped built-in mail client (M2) that's said to be easier to setup and use, and improvements to the address (URL) field to allow users to quickly add their favourite sites to the browser's Speed Dial.

To Download Opera 11.60 For Windows, Linux, Mac, BSD & Solaris Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VectorLinux 7.0 Codenamed 'GG' Is Now Available

Posted by Avik Sarkar On 12/01/2011 06:08:00 pm



The final release of VectorLinux 7.0 (code name 'GG') is now available. This release is the result of nearly two years of blood sweet and tears since the very successful release of VectorLinux 6.0. With the enthusiasm of a small group of packagers, our repository now hosts over a thousand up to date packages. VectorLinux is the fastest Linux desktop in it's class bar none. 
The main desktop is based on Xfce-4.8 with a custom theme and artwork again unique to VectorLinux. FluxBox is installed as a secondary desktop option. Much work has been done on localization and we know users from all over the globe will find VectorLinux usable in their language of choice. 
All the VectorLinux trademarks are included: DVD playback, Audio and Video Codecs, Multimedia and Java plugins are installed and working out of the box. The best of the Open Source world is included: Gimp, Inkscape, Geeqie and Shotwell for Graphics; the latest Firefox and Opera for Internet Browsing; Pidgin and Xchat for instant messaging; Brasero for CD burning (K3B is available in the repo); Mplayer, UMplayer, Xine and Exaile for playing most available media formats. The office applications are Gnumeric and Abiword (Libreoffice and many others available in the repo).
Wireless networking has been extended with updated drivers and firmware, Wicd has been employed to manage wireless and non wireless networking. Ufw with the Gufw gui is included for firewall protection and there is added support for several webcam makes and models. The Kernel is version 3.0.8 and there have been improvements in installation, usability and hardware Support. This release will fulfill all the hardware requirements of even the most modern equipment. 


To Download the VectorLinux-7.0 iso Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Criminals Targeting Paypal Via Spamming

Posted by Avik Sarkar On 11/27/2011 02:18:00 pm


Paypal again under cyber attack. This time spammers hit paypal very hard. The issue over here is that Paypal is saying or you can say the spam mail containing that Your email address has been changed. Attached to the email is an HTML form (Personal Profile Form - PayPal-.htm), that requests you enter your personal information. Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.

Typical Spam Looks Like:-

Subject: You have changed your PayPal email address
Attachment: Personal Profile Form - PayPal-.htm
Message body:

Dear PayPal Customer,

You have added [EMAIL ADDRESS] as a new email address for your Paypal account.
If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.
NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Sincerely, PayPal Account Review Department.

Immediately after this phenomena Paypal takes stpes. They are asking you to forward the mail to the security Team.   To know the official advice of Paypal click Here. To prevent this Paypal released security measures. More info Have a look 


  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Opera Finally Closes The SVG-Security Hole In 11.52

Posted by Avik Sarkar On 10/21/2011 07:33:00 pm



An update to the Opera web browser, version 11.52, closes the critical hole in the code for processing SVG content within framesets. With this measure, the browser developers have responded to the hole only days after an exploit was released.
Earlier, we have told about the zero-day hole in opera. When the latest version still remained vulnerable, the developer said that he decided to release the details and the exploit. Opera's security advisory contains no further information. However, the change log at least reveals that the new version also fixes a few other minor problems.
  • For more information and to see the change log click Here
  • To Download the patch released by opera security adviser Clcik Here
  • To Download latest version of Opera (11.52) Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Zero-Day Vulnerability in Opera Browser Found By Vázquez

Posted by Avik Sarkar On 10/19/2011 09:44:00 pm


José A. Vázquez, Security expert has released the details of a critical security hole in the Opera browser which can be exploited to inject malicious code. He says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.
Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.
  • To download the Metasploit Module Click Here
The hole is caused by a memory flaw when processing SVG content within framesets. Simply visiting a compromised web page is enough for a system to become infected with malicious code. Vazquez said that the exploit is successful in 3 out of 10 cases. With the pre-alpha version of Opera 12, the exploit managed to inject malicious code in 6 out of 10 cases.
Vázquez released a the 0day Exploit of Opera Browser 10,11 & 12. You can download that by clicking the following link.
By releasing the exploit, the security expert is forcing the browser developers into action. Later Opera respond and released a security update.


-News Source (spa-s3c)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"0zapftis" or "R2D2"(Backdoor Trojan Horse) Discovered By Chaos Computer Club (CCC)

Posted by Avik Sarkar On 10/09/2011 07:35:00 pm

The famous Chaos Computer Club (CCC) has announced the discovery of a backdoor Trojan horse capable of spying on online activity and recording Skype internet calls which, it says, is used by the German police force. The malware - which has been variously dubbed "0zapftis", "Bundestrojaner" or "R2D2" - is likely to kick up a political storm, if the allegations are true.

For some years, German courts have allowed the police to deploy a Trojan known colloquially as "Bundestrojaner" ("Federal Trojan") to record Skype conversations, if they have legal permission for a wiretap.
A CCC spokesperson expressed the group's concern at the discovery:-
"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired. Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."
But the CCC's claim is controversial, as the Trojan they have uncovered has more snooping capabilities than that. For instance, it includes functionality to download updates from the internet, to run code remotely and even to allow remote access to the computer - something specifically in violation of Germany's laws.

Functionality:-
  • The Trojan can eavesdrop on several communication applications - including Skype, MSN Messenger and Yahoo Messenger.
  • The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey.
  • The Trojan can take JPEG screenshots of what appears on users' screens and record Skype audio calls.
  • The Trojan attempts to communicate with a remote website.


-News Source (NS & CCC)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Flaws in Amazon Silk (The Cloud-Based) Web Browser

Posted by Avik Sarkar On 10/03/2011 04:18:00 pm


Amazon Silk, the cloud-based Web browser for the leading US online retailer’s Kindle Fire tablet, received mix reactions from users re privacy, especially on features with high risks of endangering data confidentiality.
The Amazon Silk Web browser rides on the high-speed and powerful connection offered by the company’s own Elastic Cloud Computing (EC2) service to reduce page load times.
The online retailer apparently boasts on this split browser architecture, which Opera Software ASA already used on its lightweight Opera Mini browser since 2005. Concerning security, the Amazon Silk Web browser stores all the visited sites of any user that are easily accessible to law enforcement agencies by request. Amazon’s servers will act as MITM, or man-in-the-middle, proxy for HTTPS requests, giving the company enough ability to tap on secure communications. Fortunately, the Web browser comes with an offline/off-cloud feature to stop sharing sensitive data to the servers. However, this Amazon Silk functionality is not set to default so most users will likely not notice of having one and use it.


-News Source (Social Barrel)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSS Said : IE9 Blocks Virtually all Socially Engineered Malware, Rather Than Other Browsers

Posted by Avik Sarkar On 8/18/2011 04:28:00 pm


A study prepared by NSS Labs concludes that Microsoft's Internet Explorer 9 blocks virtually all socially engineered malware, far more than rival browsers.
The study was designed to examine one aspect of security: how a browser handled a malicious URL, such as one received in a posting on a social network or an email. The NSS goal was to find the browser which identified, warned, and/or blocked malicious URLs from being viewed by the user.
As it did in 2010, Microsoft's IE9 with Smart Screen URL detection and Application Reputation topped the field, blocking 99.2 percent of all malicious emails. Google's Chrome 12 finished far behind, blocking 13.2 percent of all malicious URLs. Apple's Safari 5 and Mozilla Firefox 4 tied at 7.4 percent, with Opera 11 finishing dead last at 6.1 percent.

 

The NSS Labs study showed that, globally, all of the browsers tested showed improvement over an NSS study performed last year, with two exceptions: Safari and Mozilla's Firefox. A year ago, Microsoft IE9 blocked 99 percent of the malicious URLs, followed by Chrome 6 (3%), Safari 5 (11%), Firefox 3.6.15 (19%), and Opera 10 (0%).
NSS attributed Microsoft's success to its Application Reputation technology, which has attempted to categorize applications across the Internet.
"The significance of Microsoft's new application reputation technology cannot be overstated," the NSS report found. "Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software. The list is dynamically created and maintained, much the same way Google, (or Bing) is continuously building and maintaining a library of content for search purposes."
The NSS tests sliced the potential for malware along one specific axis, socially engineered malware, a distinction Google objected to during the 2010 tests. ""Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities," a spokeswoman said then.
NSS also found that the combination of SmartScreen and Application Reputation means that IE9 blocked new malware in just over half and hour, while Safari 5 and Firefox 4 required 4.91 and 6.07 hours, on average, to detect a new malicious URL. Chrome 12 and Opera 11, by contrast, required 17.7 and 18.4 hours, respectively. Over time, as the malicious URLs changed in response to detection, the browsers maintained their level of protection fairly consistently, NSS found.
"Not only has the effectiveness of the technology improved, but so has the speed at which it is able to identify socially engineered malware," Roger Capriotta, director of Internet Explorer product marketing, wrote in a blog post Monday. "For our Windows customers, this means fewer infections and headaches for you."
In its report, NSS said its findings were independent, and that it had not received funding from any vendor. 

-News Source (PC Mag)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Web Browser Grand Prix 5

Posted by Avik Sarkar On 7/07/2011 06:20:00 pm

 
Three major released have landed since our last impromptu Web Browser Grand Prix (WBGP4): Chrome 12, Firefox 5, and Opera 11.50. Can Chrome or Opera regain the WBGP championship? Will Mozilla Firefox ever overtake Microsoft's IE9 in the rankings?
If it seems like it was only weeks ago when we were compelled to test the then-new Mozilla Firefox 4 against the reigning Web Browser Grand Prix champion Microsoft Internet Explorer 9 in Web Browser Grand Prix 4: Firefox 4 Goes Final, that's because it was only a few weeks ago.
In an attempt to curb the siphoning of its user base to Google, Mozilla decided to keep pace with the frenetic development cycle of Chrome. Firefox 5 is now a reality. But will Mozilla also keep up with innovation like Google? Furthermore, will a higher integer finally allow Mozilla to overtake arch-rival Microsoft in our performance metrics? Can former speed-kings Chrome and Opera reclaim the dual domination of our WBGP crown, as they did in 2010?
We've tightened up our suite of benchmarks for this article, cutting the fat that was Google's V8 JavaScript Benchmark and the redundant two-pixel variant of the GUIMark2 HTML5 Vector Charting test. We also fleshed it out by adding Facebook's JSGameBench, as well as battery life and reliability testing. But before we get to the benchmarks, let's get caught up on the latest developments in the continuing browser wars.
Opinions:-

The release of Firefox 5 was met with harsh criticism for its apparent lack of anything new. It has been said that Firefox 5 should have been called Firefox 4.1 or 4.2. Or even 4.02.
There is also a growing concern over whether the new rapid release schedule jives with IT departments. Firefox became a viable choice for many companies during the version 2 and 3 days. Mozilla also offers the preferred development platform for most Web designers. Basically, Firefox gained the reputation of being the most stable choice. By mimicking Chrome's development cycle, Mozilla may have shot itself in the foot.
Smack Talk:-

Microsoft took a shot right across the bow of Google and Mozilla by announcing that WebGL is “harmful,” and that IE10 would not be utilizing the specification. Several experts came out in support of Microsoft's assertion, though it should be noted that Redmond may have a dog in this fight with DirectX.

Attacking Mozilla even further, the Internet Explorer development team sent the Firefox development team a cupcake to celebrate the release of Firefox 5. Mozilla also received cakes from Microsoft for the release of Firefox 3 and 4. Full cakes. Obviously, this is in response to the criticism that Firefox 5 is nothing more than a minor update to Firefox 4. The included note read: "Congratulations on shipping! Love, The IE Team". "Congratulations on shipping" might have been in reference to the frequent delays that plagued Firefox 4, which was eventually made available more than six months late. Now that's a classy way to rag on somebody. Not missing a single opportunity to slam its competition, Microsoft also capitalized on the other major criticism of Firefox 5 when an IE developer boasted Microsoft's commitment to IT.
Mozilla shot back with a blog post addressing the IT issue, although in a very non-concrete way:

"We are exploring solutions that balance these needs..."

Not to be outdone, an Opera employee also had this to say in regard to rapid release schedule:

“Despite the version number (11.50), we've packed a lot of new features into it. While other browsers rush to release whole new version numbers with small tweaks, I think we've kept traditional versioning, while simply releasing a little faster.”Obviously, this comes at an unfortunate time for Mozilla, but one cannot help but wonder if this comment was meant for Google. Opera and Google have gotten into it pretty heavily in the past, and, for a time (before IE9), Chrome and Opera swapped places on a semi-monthly basis in the performance charts.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program

Posted by Avik Sarkar On 6/15/2011 04:54:00 pm


If you've got a way to crack Google Chrome, the Metasploit team wants to pay you for it. Today Rapid 7 announced that it has a total of $5000 in cash to reward to contributors who send in exploits for its Top 5 or Top 25 vulnerability lists. The exploits have to be submitted, and accepted, as modules under its standard Metasploit Framework license. 
Cash for bugs is a controversial but common way for security firms to encourage hackers to send exploits to the white hats. As far as Bug Bounty programs go, Metasploit's program is meager. But for an open source program that relies on contributions sent in for free, it's an interesting experiment. The program will end quickly, lasting only five weeks (July 20). One fun thing that the team is doing is letting people stake a claim to their exploit of choice from their Top 5 (prize is $500) or Top 25 (prize is $100) lists. After claiming an exploit, hackers get a week to submit their Metasploit module for their chosen bug. The prize money will "only be paid out to the first module contributor for a given vulnerability," the Metasploit team says.
And guess what? Denial of Service exploits won't qualify. Metasploit wants your bug to be able to do more than that. It should also bypass ASLR/DEP when applicable and be geared toward English-based targets. Metasploit wants hackers to follow its hacking guidelines and they cannot be residents of a US embargoed country.
All accepted submissions will not only win a bit of cash but their submissions will be made available to other Metasploit users, again under the Metasploit Framework license (3-clause BSD).
As I look at the list of 30 possible exploits while writing this blog post, I see that only two have been claimed so far. CVE/ZDI 2011-1218, Lotus Notes - Autonomy Keyview(.zip attachment), and an exploit not listed in the CVE database, known as " DATAC RealWin On_FC_CONNECT_FCS_LOGIN packet containing a long username." So plenty of room for participants remains.
The cash-for-bugs program is interesting, but the list of vulnerabilities for which Metasploit is seeking help is even more so.

The Top 5 are for specific holes in ...
  1. Google Chrome (before 11.0.696.71)
  2. Lotus Note
  3. IBM Tivoli Directory Server
  4. DNS
  5. GDI
In the Top 25, the entries on the list that caught my eye include holes in JScript, VBScript Scripting Engines, JBOS, Oracle VM and Citrix, among others. (Yes, browsers are in there, too, including Firefox, Chrome and Opera).
Of course, if you do have a killer bug, particularly for some of the browsers like Firefox or Chrome you can perhaps earn more than $100 for it. Mozilla's Bug Bounty program pays up to $3000 cash reward and you get a Mozilla T-shirt. For web applications or services related security bugs, Mozilla pays from $500 to $3,000. In January, Google plunked out what was then a record reward, $3,133, to a hacker for reporting a flaw Chrome. (Google raised its bug bounty fee about a year ago, from $1,337 after Mozilla bumped up its reward rate to $3,000).
TippingPoint, known as one of the founders of the bug bounty concept, not only pays cash (as much as $5,000 for your zero-day), but it also awards bonus points in a scheme more complicated than an airline mileage rewards program. Participants earn points for referring others into the program, for each zero-day they submit and so on. These points gain you bonuses for your hacks, and other goodies like all-expense-paid trips to hacker conferences like Black Hat.
Who knew hacking could be so rewarding?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The World's Safest Browser: BitBox

Posted by Avik Sarkar On 5/15/2011 01:31:00 am



There is no such thing as an entirely secure browser. Let's be realistic: You will always need a good portion of common sense and Internet smarts to avoid nasty attacks hijacks.

However, if you are paranoid about security, there is one browser that will reliably protect you from virtually all threats. It's a browser you already know: Firefox 4.0.1. Well, a boxed version of Firefox 4.0.1.
I am not exactly an adventurous Internet user as far as the dark corners of the web are concerned. Just I am not the kind of person to enjoy the silence in a dark alley in Chicago's south suburbs after dawn, I typically avoid websites I don't generally trust. I have had my fair share of spyware, trojans and other malware that caused me quite a bit of headache in the past and I am just more cautious than I was 10 years ago. Yet, that might change. I have just discovered a bulletproof wrapper for Firefox and, at least for now, I don't care that much anymore what is happening below the content the browser shows. There might be lots of malware and I really don't care anymore.
The reason is that I have started using BitBox as my browser for my general work-related tasks. BitBox is essentially a heavily armored version of Firefox 4.0.1 that is encased in Oracle's VirtualBox virtual machine (VM) environment that houses a secured Debian 6 Linux OS. That sounds relatively complicated, but once it is installed, this secure version of Firefox works just like a regular version of the browser. The difference is that it runs in a virtualized environment that is separate from your Windows XP/Vista/7.

The upside clearly is that you are dealing with a self-contained package. If you click on malicious malware, the usual EXE files cannot be executed in your Linux VM. You can download files, but they will not explicitly affect your Windows system and need to be manually moved out of the VM, if you have connected the drives. malware that infects Firefox during your session is automatically deleted the next time you start BitBox, as it always starts with its default configuration in the way it was installed. However, phishing attacks that target your personal data and may trick you in providing critical information will still require some common sense not to do so and will not protect you from the effects of such actions.
There are a few downsides. First, it is a hefty 990 MB download and the installed software will require almost 2 GB of space, as there is a need for Oracle's VirtualBox that is included in the package as well as a Debian 6 installation. Since the software is set back to a default level at every time it starts, it is not the most convenient browser to be used on an every day basis for the consumer. The deal breaker is its language. The software was developed for the German government and while it is available as a free download, it is only available in German. Unless you have basic knowledge of German, the installation will be a hurdle too high to overcome and even then it may be rather uncomfortable to be generally used.
The installation of the entire package is documented via PDF file and is somewhat straight forward, but some knowledge about virtual machines and virtualization in general does help when the individual components of the software are installed. In the end, you really want to know what is happening on your PC and you would want to know what effects a configured virtual drive on your PC has. Other than that, I was able to install BitBox within 15 minutes, once it was downloaded. The only criticism I would have is that developer Sirrix is not using the most recent version of Oracle's Virtual Box software (4.04 vs. 4.06). Custom configuration options include a specific download folder as well as a separate malware scanner as well as random root passwords for the virtual machine and proxy settings. During the installation, the software installs a Linux guest (Firefox) inside Virtual Box. Typically you would run the software form within VirtualBox, but Sirrix has managed to trim down the entire process to a single icon on the desktop.
I briefly mentioned it - this is not a browser to get deeply emotional about and discuss its performance features, but the concept is very compelling as far as browser safety is concerned. Plain browsing tasks make a lot of sense in such a package. In fact, I wonder, why such versions aren't offered by Mozilla and Google as well as Opera and Microsoft by default. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

WebGL in Chrome and Firefox is a serious security risk

Posted by Avik Sarkar On 5/09/2011 10:40:00 pm


A WEB STANDARD enabled by default in the Firefox 4 and Google Chrome web browsers has serious security issues, according to an independent security consultancy.
WebGL, which stands for web-based graphics library, is a software technology that allows you to bring hardware-accelerated 3D graphics to a web browser without the need for additional software. Enabled in the latest versions of Chrome and Firefox, it can also be switched on in Safari and Opera.
Context Information Security consultant James Forshaw said there are a number of serious security issues with the specification and implementation of WebGL.
He said, "These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the graphic processor unit (GPU) and graphics drivers. These attacks on the GPU via WebGL can render the entire machine unusable."
Forshaw claimed that there are other dangers with WebGL that put user data, privacy and security at risk, adding, "These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design."
"Fundamentally, WebGL now allows full programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer."
He said that denial of service attacks are already a well known WebGL security issue, and that some operating system crashes that the firm has observed created potentially exploitable conditions.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Fiddler v2.3.3.3!

Posted by Avik Sarkar On 5/08/2011 05:14:00 pm


Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera and thousands more.


  • Add !dns [hostname] and !nslookup [hostname] to list DNS info to Log tab
  • Add !listen PORT [CERTHOSTNAME] to QuickExec
  • Add audio/video/font/silverlight/flash/HTTP-POST Session icons
  • Revamp a few toolbar icons
  • Enable +/- latency adjustments using AutoResponder
  • Add fiddler.ui.inspectors.request.alwaysuse and fiddler.ui.inspectors.response.alwaysuse preferences
  • Changed “Remove Un-Marked” to ignore breakpointed sessions
  • Added fiddler.ui.CtrlX.KeepMarked and fiddler.ui.CtrlX.PromptIfMoreThan # (to replace CONFIG.iPromptBeforeClearAll)
  • Add Screenshot toolbar command, including delay option
  • Delay-Create FiddlerScript file behind pref “fiddler.script.delaycreate” defaults to true
  • Add IE10 User-Agent to default rules
  • Add AlwaysFresh option to Performance menu
  • Add fiddler.requestbuilder.followredirects.max preference
  • Add actInvertSelectedSessions() with hotkey of CTRL+I
  • about:network is now a synonym for about:connectoids
  • Add support for SELECT @REQUEST.HEADER VALUE, use * to test for existence or “*” to match on a literal star.
  • Various bugfixes
Download Fiddler v2.3.3.3 (Fiddler2Setup.exe) here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft now issuing security advisories about third-party Windows bugs

Posted by Avik Sarkar On 4/26/2011 11:25:00 pm

 
Microsoft has expanded its vulnerability disclosure program to include security bulletins about third-party Windows software as well as its own applications.
The first bulletins, released last weekend, cover two flaws in Google Chrome and one in Opera ll, both of which were patched by December 2010. Microsoft has promised to contact third-party vendors before releasing advisories, but it has reserved the right to issue notification before a patch has been released in cases where a flaw is under active attack.
The software giant is following the same policy for the handling of bugs in third-party software as it does for flaws in its own applications, which it describes as a Coordinated Vulnerability Disclosure policy.
Microsoft has privately supplied security assessment about bugs to third-party suppliers since August 2008. By releasing these advisories in public, it hopes to bolster the security of the Windows ecosystem.
The process might conceivably lead to the release of third-party software updates during the regular Patch Tuesday update cycle but we're not there yet and it's unlikely that Google and Adobe would want to hand over too much control over this process to Redmon

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft shows class in disclosing Google zero-day

Posted by Avik Sarkar On 4/25/2011 05:46:00 pm

Microsoft shows class in disclosing Google zero-day
Back in June of last year, Tavis Ormandy, a Google engineer in Switzerland, caused quite a stir. As Gregg Keizer reported at the time, Ormandy told Microsoft about a previously unknown security hole in Windows on June 5, and on June 9 he published a full description of the vulnerability, including proof-of-concept code, on the Full Disclosure mailing list.
Microsoft blew a corporate gasket. Mike Reavey, the director of the Microsoft Security Response Center, blogged the following day, "Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk."
Omandy responded that he was acting on his own behalf, not as a Google employee, but Reavy didn't buy it. The relationship between Microsoft and Google turned from frosty to frigid.
Last week, Microsoft showed its mettle by publicly issuing a new policy and two new "Microsoft Vulnerability Research Advisories" -- a completely new breed of Microsoft malware-fighting animal.
The policy is a nine-page document saying, basically, that when Microsoft discovers a zero-day flaw in some other vendor's product, Microsoft will work with the vendor to fix the vulnerability -- and make sure it's fixed before telling the world: "If attacks are underway in the wild, and the vendor is still working on the update, then both the finder and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers."
There are exceptions to the private reporting restriction. The policy allows Microsoft to divulge details if the vulnerability becomes known to the public at large, when there's evidence that the vulnerability is being used, or when the vendor doesn't respond.
That last point has become a bone of contention with several security researchers who claim that Microsoft hasn't responded quickly enough -- or, indeed, hasn't responded at all -- to their reports of Microsoft vulnerabilities. To be fair, no one has yet determined precisely how long it takes for a lack of response to result in a vendor being classified as "unresponsive."
Microsoft accompanied the new procedure with two new MSVR advisories, dubbed MSVR11-001and MSVR11-002. It comes as no surprise that both of them describe previously undocumented security holes in Google products that had been patched by Google. (MSVR11-002 describes a problem in both Google Chrome and Opera.)
Neither vulnerability is particularly interesting. The first one, a buffer overflow, allows arbitrary code to run, but only in the confines of the Chrome sandbox. It was fixed in Chrome Version 6.0.472.59, which was released seven months ago. The second requires advance knowledge of a specific local IP address. It was fixed in Chrome 8.0.552.215, which was released four months ago. Apparently, Microsoft held onto both reports, pending final publication of their new policy.
If you or someone in your organization ever stumbles on a zero-day vulnerability in a software product, take a few minutes to look over Microsoft's policy. I won't get sucked into debating the virtues of Full Disclosure versus Coordinated Disclosure, but it would certainly be instructive to see how Microsoft says it would treat you and your organization if the shoe were on the other foot.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Announces Coordinated Vulnerability Disclosure Procedures And First Two Vulnerability Advisories

Posted by VOICE OF GREYHAT On 4/24/2011 08:43:00 am

Microsoft announced that it will be actively demonstrating its commitment to Coordinated Vulnderability Disclosure (CVD) by publishing CVD documents and releasing Microsoft Vulnerability Research (MSVR) Advisories on vulnerabilities discovered by Microsoft but fixed by affected vendors. Microsoft hopes that these documents will provide more transparency and insight into their disclosure philosophy and about how they go through the process.
CVD documents clarify how Microsoft responds as a vendor impacted by the vulnerabilities in their own products and services. These documents also demonstrate how Microsoft acts as a finder of vulnerabilities in third-party products and services, and how they act as a coordinator of such vulnerabilities. Read more on CVDs here (word document).
MSVR advisories cover security vulnerabilities that Microsoft or other security researchers discovered in third-party products or services. Microsoft discloses the vulnerabilities to the affected vulnerabilities using procedures described in the Coordinated Vulnerbility Disclosure.
Additionally, yesterday, Microsoft released the first two MSVR advisories which cover issues discovered by Microsoft in third party products, MSVR11-001 and MSVR11-002. Vulnerability 001 covers a vulnerability affecting the Google Chrome browser in versions prior to 6.0.472.59. This vulnerability affects the Sandbox in Chrome and could actually allow an attacker to run arbitrary code inside of Chrome's Sandbox. If the attacker fully exploited this vulnerability your browser would become unresponsive and/or exit unexpectedly; the attacker could run arbitrary code. Vulnerability 002 affects Google Chrome versions 8.0.552.210 and earlier, and Opera versions 10.62 and earlier; 002 addresses an information disclosure vulnerability which exists in the implementation of HTML5 in these browsers. If an attacker successfully exploited this vulnerability they could obtain private information from you.
As always, you should keep your system and programs on automatic update to get the most up to-date bug-free versions. To learn more about each vulnerability visit the Microsoft Vulnerability Research Advisories page.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search