Showing posts sorted by date for query bounty. Sort by relevance Show all posts
Showing posts sorted by date for query bounty. Sort by relevance Show all posts

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

Posted by Avik Sarkar On 1/02/2014 11:10:00 pm

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]
Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hcon Security Testing Framework (HconSTF) v0.5 Codename 'Prime' Released

Posted by Avik Sarkar On 4/07/2013 05:20:00 pm

Hcon Security Testing Framework (HconSTF) v0.5 Codename 'Prime' Released

Previously we have discussed couple of times about HconSTF - a browser based security testing framework. Earlier in last year we got HconSTF version 0.4, now after almost 14 month, the author of Hcon, Mr. Ashish Mistry (Information Security Researcher) has proudly released the version 0.5 of HconSTF code named "Prime." No doubt that Hcon has already became a very popular and widely used browser based pen testing framework. Not only in hackers community but also several security experts and infosec researcher's prefers Hcon as one of their all time favorite pentesing tool as HconSTF is very flexible and very handy multipurpose tool for any IT Security Professionals, Web Bug bounty Hunters, Web Developers or any one interested in IT security. As expected this version of Hcon, came with enhanced features and more functionality, so lets take a glance of HconSTF v0.5 -

HconSTF is semi-automated but you still need your brain to work it out. It can be use in all kind of security testing stages, it has tools for conducting tasks like,
  • Web Penetration Testing
  • Web Exploits Development
  • Web Malware Analysis
  • Open Source Intelligence ( Cyber Spying & Doxing )
  • and much more with lots of hidden features

HconSTF v0.5 in Brief:-
  • Based on Firefox 17.0.1
  • Designed in Process based methodology
  • Less in size (40mb packed-80mb extracted), consumes less memory
  • More than 165+ search plugins
  • New IDB 0.1 release integrated
  • Underlined Logging for each and every request
  • More NEW scanners for DomXSS, Reflected XSS
  • New reporting features like note taking, url logging for easy report making
  • Smart searchbox - just select and it will copy it and just change search engine to search
  • Integrated Tor, AdvoR, I2p and more proxies
  • New Grease monkey scripts (18 scripts)
To Download HconSTF v0.5 Click Here [Download Type- Portable (no need to install , run from usb drive or any memory card) Platform : Windows XP , Vista , 7 both x32 & x64]





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Posted by Avik Sarkar On 3/31/2013 03:21:00 pm

Facebook Hacker Cup 2013Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Now a days leading organizations offers bug bounty and other competitions by which hackers from different part of the world will participate and find out security holes, in order to make more secure product and enhance cyber security. While talking about hackers competition then the name of "Hacker Cup" organized by the social networking giant Facebook will surely be an important one. Like last last two years, this year also Facebook called Hacker Cup 2013 in February and after completing several exciting  rounds finally we have the winners of this year's championship. Last year it was Roman Andreev of Russia who won the Hacker Cup with a heavy and prestigious trophy and a check for $5,000. Just like last year, this time also thousand of hackers across the globe participated in the competition and after completing the breathtaking championship three lucky winners been rewarded by Facebook for the outstanding performance. And the winners of Hacker Cup 2013 are Petr Mitrichev,  in second place we have Jakub Pachocki and third place it was Marcin Smulewicz. The social networking giant congratulated all the competitors who taken part in Hacker Cup for a great showing and performance. This year winner Petr Mitrichev solved all the four problems (Archiver, Colored Trees, Minesweeping, Teleports) in a due time and honored with the highly coveted Hacker Cup Trophy and an amount of $10,000. Here are some key moments of this year Hacker Cup:- 
 (Hacker Cup 2103 Finalist)
 (Competition is on)
 (The Prestigious Trophy) 
(Electric Moment)
(Hacker Cup 2103 Award)

(Petr Mitrichev Hacker Cup Winner)
Brief About Facebook Hacker Cup:-
Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is the chance to compete against the world’s best programmers for awesome prizes and the title of World Champion. 
As expected Facebook promises to continue this event every year so keep your eye out for signups to open to be the Hacker Cup 2014. So stay tuned with VOGH, for all the upcoming updates on cyber security. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

Posted by Avik Sarkar On 10/11/2012 03:52:00 am

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

One of world's most popular web-browser Google Chrome has fallen victim at Pwnium 2 security contest which took place earlier on 10th October, at the Hack In The Box conference in Kuala Lumpur, Malaysia. A teenage hacker who goes by the pseudonym "Pinkie Pie" was successfully able to "fully exploit" Chrome, escaping the sandbox using only bugs within Chrome. The hack was done on a fully patched 64-bit Windows 7 system running the latest stable branch of Chrome. For his work, Pinkie Pie will receive the top prize of $60,000 from Google
This isn't the first time that "Pinkie Pie", also the name of a "My Little Pony - Friendship is Magic" character, has won money for exploiting Chrome. In March of this year, he was rewarded for vulnerabilities he used at Google's Pwnium contest, which took place during the Pwn2Own competition at CanSecWest, to break out of the browser's sandbox and execute code. In order to get his code to execute on the test system at the time, he had to combine a total of six vulnerabilities; the holes were later closed with the release of Chrome 18. Along with security specialist Sergey Glazunov, Pinkie Pie also won this year's Pwnie Award for the Best Client-Side Bug. What ever the full results of the Pwnium 2 competition will be announced during a talk by Google Software Engineer Chris Evans today that means, 11th October.
We also like to give you reminder that earlier in this year Google had increased vulnerability bounties in Anniversary of Vulnerability Reward Programbe. Also PayPalFacebook & many other has already started this paid bug bounty program. These bug bounty programs & such security contest indeed enhancing the security. 


-Source (The-H & SC Magazine)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Tribute to The 10 Most Infamous Student Hackers of All Time

Posted by Avik Sarkar On 9/15/2012 04:01:00 pm

A Tribute to The 10 Most Infamous Student Hackers of All Time

Since last two years, we the VOGH team has been covering all the latest cyber security updates. But today lets do some thing different. One of our frequent reader and fan Katina Solomon has requested us to share a fantastic article. Everyday VOGH draws headlines of hackers around the world and their activities. While trying to maintain speed with time, we usually forgot our past. Today we will take you into the past, where we will discuss about those heroes, who are always been ill treated by the society & the system while revamping those heroes into cyber-criminals or infamous hackers. Its our question to our humanity "Did the system has done justice with them??" 
Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality.
  1. Sven Jaschan: In the words of one tech expert, “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The man behind the viruses proved to be not even a man at all, legally. Seventeen-year-old hacker Sven Jaschan, a student at a computer science school in Germany, claimed to have created the viruses to become a hero by developing a program that would eradicate the rampaging Mydoom and Bagle bugs. Instead he found himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.
  2. Jonathan James: In 2000, at the age of 16, James, or “C0mrade” as he was known in the hacker community, infamously became the first juvenile federally sentenced for hacking. The targets of his notorious hack jobs were a wing of the U.S. Department of Defense called the Defense Threat Reduction Agency, NASA, and the Marshall Space Flight Center in Huntsville, Ala. (By hacking the latter James gained the ability to control the A/C in the International Space Station.) All of these were pulled off “for fun” while James was still a student at Palmetto Senior High in Miami. Unfortunately, the fun ran out when James was tied into a massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”
  3. Michael Calce: Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days, these huge websites crashed at the hands of 15-year-old Canadian high school student Michael Calce, aka “MafiaBoy.” Armed with a denial-of-service program he called “Rivolta” that overloaded servers he targeted, the young hacker wreaked $7.5 million in damages, according to court filings. Calce was caught when he fell victim to a common ailment of teenage boys: bragging. The cops were turned on to him when he began boasting in chat rooms about being responsible for the attacks. On Sept. 12, 2001, MafiaBoy was sentenced to a group facility for eight months on 56 counts of cybercrime.
  4. Kevin Mitnick: Before performing hacks that prompted the U.S. Department of Justice to declare him “the most wanted computer criminal in United States history,” Kevin Mitnick had already made a name for himself as a hacker in his school days, first at Monroe High School in LA and later at USC. On a dare, Mitnick connived an opening into the computer system of Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code from the company before ratting on him. While still on probation for that crime, Mitnick broke into the premises of Pacific Bell and had to go on the run from police in the aftermath, during which time he hacked dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.
  5. Tim Berners-Lee: “Scandalous” is a synonym for “infamous,” and for this legendary computer scientist, knight of the British Empire, and inventor of the World Wide Web to have been a hacker in his school days is certainly a juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was banned from using university computers after he and a friend were caught hacking their way into restricted digital areas. Luckily by that time he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.
  6. Neal Patrick and the 414s: In the early ’80s, hacking was still a relatively foreign concept to most Americans. Few recognized the enormous power hackers could hijack with a few strokes on a keyboard, which explains why a young group of hackers known as the 414s (after a Milwaukee area code) were virtual celebrities after they hacked into the famous Los Alamos National Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere. While today hacking a lab where classified nuclear research is conducted could earn you a one-way ticket to Guantanamo, the 17-year-old ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.
  7. Robert T. Morris: The first ever Internet worm, the Morris Worm derived its name from Cornell grad student Robert Tappan Morris. In 1988, Morris released the worm through MIT’s system to cover his tracks, which would seem to contradict his claims that he meant no harm with it. But that’s exactly what resulted: the worm spread out of control, infecting more than 6,000 computers connected to the ARPANET, the academic forerunner to the World Wide Web. The damages reached as high as an estimated $10 million, and Morris earned the ignominious distinction of being the first person prosecuted under the Computer Fraud and Abuse Act. Morris got community service but was apparently not considered too infamous to be offered his current job as a professor at MIT.
  8. George Hotz: To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a public menace, a threat to electronic businesses everywhere. To many, Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the tender age of 17 by giving the world its first hacked, or “jailbroken” iPhone. He traded it for a new sports car and three new iPhones, and the video of the hacking received millions of hits. Apple has had to grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal, but Sony Corp. is definitely not OK with such tampering. When Hotz hacked his PlayStation 3 and published the how-to on the web, the company launched a vicious lawsuit against him. In turn, the hacker group Anonymous launched an attack on Sony, stealing millions of users’ personal info.
  9. Donncha O’Cearbhaill: According to the FBI, this 19-year-old freshman at Trinity College Dublin is one of the top five most wanted hackers in the world. Well, he was; now that he’s been arrested he’s not really “wanted” anymore. The Feds contend the young man is a VIP member of the Anonymous and LulzSec hacking groups that have already been mentioned and whose targets have included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a conference call between the FBI and several international police forces who were discussing their investigations of the hacking groups. He could be sentenced to up to 15 years in prison if convicted for that hack alone.
  10. Nicholas Allegra: Just as George Hotz moved on from the Apple hacking game, Brown University student Nicholas Allegra is also hanging up his jersey. “Comex,” as he is known to millions of rooted iPhone fans, created the simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship with the very company whose products he became famous exploiting. Still, Allegra’s hacking skills are so advanced (one author puts him five years ahead of the authors of the infamous Stuxnet worm that corrupted Iran’s nuclear facilities) and so many people availed themselves of his talents, he will forever live in hacking infamy.

We want to dedicate the above post to the legendary hacker, who left us -Jonathan James aka “C0mrade”. Also the post is a tribute to all the so called 'infamous hackers'. You are our heroes and inspiration, you will always be there in our soul. Team VOGH salutes you...... 


-Thank you Katina & Online Degrees




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Announced 'Pwnium 2' & Increased Prize Money $2m To Exploit Chrome

Posted by Avik Sarkar On 8/18/2012 06:40:00 pm

Google Announced 'Pwnium 2' & Increased Prize Money $2m To Exploit Chrome

Few days ago we got the result of Microsoft hosted Blue Hat Security contest, where Microsoft awarded a bunch of hackers and gave away an amount of  $260,000. Immediately after this event, Internet giant Google   has upped the ante in its industry-leading cash-for-security-bugs program with hefty bonuses and a hacking contest that will award up to $2 million worth of prizes to people who successfully exploit its Chrome browser. In the official Chromium blog, Google has announced the plan for Pwnium 2. According to a blog post by Chris Evans, Software Engineer at Google- Pwnium 2 will be held on Oct 10th, 2012 at the Hack In The Box 10 year anniversary conference in Kuala Lumpur, Malaysia.
This time, Google be sponsoring up to $2 million worth of rewards at the following reward levels:
  • $60,000: “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself. 
  • $50,000: “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug. 
  • $40,000: “Non-Chrome exploit”: Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. 
  • $Panel decision: “Incomplete exploit”: An exploit that is not reliable, or an incomplete exploit chain. For example, code execution inside the sandbox but no sandbox escape; or a working sandbox escape in isolation. For Pwnium 2, we want to reward people who get “part way” as we could definitely learn from this work. Our rewards panel will judge any such works as generously as we can. 
Exploits should be demonstrated against the latest stable version of Chrome. Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry.) Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to us or fixed on trunk. Please document the exploit. 
We also like to give you reminder that earlier in this year Google had increased vulnerability bounties in Anniversary of Vulnerability Reward Programbe. Also PayPal, Facebook & many other has already started this paid bug bounty program.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Are Invited To Attack Facebook's Corporate Network

Posted by Avik Sarkar On 7/30/2012 01:52:00 am


Hackers Are Invited To Attack Facebook's Corporate Network

Last year the social networking giant, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. The minimal reward amount was of $500. White hats were urged to search for Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code Injection bugs. In Facebook's White Hat program the company strictly announced that they should not be bothered with spam or social engineering techniques, DoS vulnerabilities, bugs in Facebook's corporate infrastructure and vulnerabilities in third-party websites or apps. Now they changed their mind. When the social network's security team randomly receiving tips from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the Corporate Network. There are quite a few bug bounty programs instituted by tech companies such as Google, Paypal but Facebook has become the first firm that gave formal permission to white hats to target its networks. Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there’s a million-dollar bug, they will pay it out.
Given that Facebook has a strong incentive to protect the data belonging to its 900 million users, and the fact that data breaches have become a disturbingly common occurrence in the last two years or so, the step seems like a logical one. 


-Source (Net-Security)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vasilis Pappas Won 'Blue Hat' Security Contest & Grand Prize of $200,000 From Microsoft

Posted by Avik Sarkar On 7/30/2012 01:52:00 am

Vasilis Pappas Won 'Blue Hat' Security Contest & Grand Prize of $200,000 From Microsoft

Earlier in last year software giant Microsoft started Blue Hat security contest. BlueHat Prize was globally  announced by the company at the 2011 Black Hat security conference in Las Vegas, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. 
This year Microsoft awarded a bunch of hackers and gave away an amount of  $260,000. 'Hackers' in the good sense here, the clever programmers who won its Blue Hat security contest, including a grand prize of $200,000

The big prize was awarded to a PhD student at Columbia University, Vasilis Pappas, who was handed the check in an American Idol-style contest finale complete with loud music and confetti. The winners were announced during a party at the Black Hat hackers conference 2012 that just happened this week in Las Vegas. Two other guys took home significant prizes, too. Ivan Fratric, a researcher at the University of Zagreb in Croatia, got $50,000 and Jared DeMott, a Security Researcher for Harris Corp. won $10,000.
They all submitted ideas to help solve a really hard security problem called Return-Oriented Programming. ROP is a hacker technique that is often used to disable or circumvent a program's computer security controls. Twenty people submitted ideas in the contest. Without getting into too much technical detail, Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running. It's become popular these days to pay security researchers bounties. But what's cool about the Blue Hat contest is that it paid the researcher for actually coming up with a fix to a problem. Not only Microsoft, other compaines- GoogleFacebook, Paypal & many more already have their "Bug Bounty" program, where they reward researchers for simply identifying flaws in thier system. But by contrast Microsoft and Adobe don't pay bounties. Here Microsoft promised that this first Blue Hat prize won't be its last, So this may be a sign of a smart new approach to engaging with security researchers for the software giant. 


-Source (Microsoft & Business Insider)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PayPal Announced Paid “Bug Bounty” Program for Security Researchers

Posted by Avik Sarkar On 6/24/2012 09:07:00 pm

PayPal Announced  Paid “Bug Bounty” Program for Security Researchers

Giant in payment services provider PayPal recently announced the launch of a new paid bug bounty program where PayPal will reward security researchers who will discover vulnerabilities in its website with handsome amount of money. In the official blog PayPal's Chief Information Security Officer Michael Barrett said- "The security of our customers’ data is our number one priority" Its very obvious and clear that while enhancing more security PayPal took this step because we all know that PayPal is listed among those sites where cyber-criminals always kept their eyes. 
If you are a security researcher, and you've discovered a site or product vulnerability, please forward your details to sitesecurity@paypal.com. We also like to give you reminder that before PayPal- Facebook, Google & many other has already started this paid bug bounty program.

-:PayPal Bug Bounty Program In Details:-
  • PayPal security team will determine the bounty amount and all decisions are final. 
  • Bounty is awarded to the first person that discovers the previously unknown bug.
  • The bug bounty program is subject to change or to cancellation at any point without notice.
  • Payment is paid out through a verified PayPal account, once the bug is fixed.
  • For all submissions, do not send personal information in your report and please use PayPal's PGP key to encrypt your email.
  • Individuals from sanctioned countries are not allowed to participate in this program.
  • eBay Inc. employees, contractors and their immediate relatives are not allowed to participate in the program.
Vulnerabilities That Are in Scope:
  • XSS
  • CSRF/XSRF
  • SQLi
  • Authentication bypass
Note: While "Logout CSRF" is a well-acknowledged issue, there are other techniques  like "cookie forcing" and "cookie bombardment" that can make it futile to defend against this attack. Also, PayPal's web sessions are relatively short lived and hence the Bug Bounty panel will not consider reports of the ability to log out users from PayPal as qualifying for the reward.
In Your Bug Submission Email, Please Include The Following:
  • Your email address
  • Your PayPal account (in order to receive the bounty)
  • Vulnerability type (i.e., XSS, CSRF, SQLi, etc.)
  • Vulnerability Scope: Domain(s), URL(s) and Parameter(s) impacted
  • Steps to reproduce bug
Guidelines for Responsible Disclosure
  • Share the security issue with us before making it public on message boards, mailing lists, and other forums.
  • Allow us reasonable time to respond to the issue before disclosing it publicly.
  • Provide full details of the security issue.
Terms for Participation :- As between eBay Inc. and the Submitter, as a condition of participation in the PayPal Bug Bounty program, the Submitter grants eBay Inc., its affiliates and customers a perpetual, irrevocable, worldwide, royalty-free and non-exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create derivative work from, make, use, sell, offer for sale and import the Submission for any purpose. Submitter represents and warrants that the Submission is original to the Submitter and Submitter owns all rights, title and interest in and to the Submission. Submitter waives all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure of the Submission to eBay. In no event shall eBay be precluded from discussing, reviewing, developing for itself, having developed, or developing for third parties, materials which are competitive with those set forth in the Submission irrespective of their similarity to the information in the Proposal, so long as eBay complies with the terms of participation stated herein. 

For additional information click Here





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Said - Please Hack Us & Get Bounty of $500

Posted by Avik Sarkar On 5/13/2012 12:30:00 am

Facebook Said - Please Hack Us & Get Bounty of $500

Earlier through Hackers Cup, Facebook has already shown honour to hackers now social networking giant Facebook is directly encouraging hackers to try hacking its security systems to find weaknesses. Those who succeed will receive a reward of US$500 or more and have their name added to a list of helpful hackers.
The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer, Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.

According to Facebook - "If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities. If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

Eligibility:-
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Remote Code Injection
  • Broken Authentication (including Facebook OAuth bugs)
  • Circumvention of our Platform permission model
  • A bug that allows the viewing of private user data
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Rewards:-
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded
Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering technique


                      For detailed information click Here





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Handover The Rustock Botnet Case to FBI

Posted by Avik Sarkar On 9/23/2011 01:25:00 am


Microsoft lawyers have sealed their victory over the operators of what was once the world's biggest source of spam after winning a court case giving them permanent control over the IP addresses and servers used to host the Rustock botnet. The seizure was completed earlier this month when a federal judge in Washington state awarded Microsoft summary judgement in its novel campaign against Rustock, which at its height enslaved about 1.6 million PCs and sent 30 billion spam messages per day. The complex legal action ensured that IP addresses and more than two dozen servers for Rustock were seized simultaneously to prevent the operators from regrouping.
Now the attorneys are turning over the evidence obtained in the case to the FBI in hopes that the Rustock operators can be tracked down and prosecuted. Microsoft has already offered a $250,000 bounty for information leading to their conviction. It has also turned up the pressure by placing ads in Moscow newspapers to satisfy legal requirements that defendants be given notice of the pending lawsuit.
According to court documents, the Rustock ringleader is a Russian citizen who used the online handle Cosma2k to buy IP addresses that hosted many of the Rustock command and control servers. Microsoft investigators claimed the individual distributed malware and was involved in illegal spam pitching pharmaceutical drugs.
“This suggests that 'Cosma2k' is directly responsible for the botnet as a whole, such that the botnet code itself bore part of this person’s online nickname,” the Microsoft motion stated. In a blog post published Thursday, Microsoft said the number of PCs still infected by Rustock malware continued to drop. As of last week, a fewer than 422,000 PCs reported to the seized IP addresses, almost a 74 percent decline from late March. It also represented significant progress since June, when almost 703,000 computers were observed.
The Rustock takedown has been a rare bright spot in the ongoing fight against computer crime. After it was initiated, federal authorities waged a similar campaign against Coreflood, another notorious botnet estimated to have infected 2 million PCs since 2002. In a step never before taken in the US, federal prosecutors obtained a court order allowing them to set up a substitute command and control server that forces infected machines to temporarily stop running the underlying malware. Taking down botnets is a good start, but it does little stop criminals from setting up new ones. Microsoft's determination in tracking down Cosma2k and his cronies could go a step further, by showing would-be botherders there are consequences to their crimes, no matter where in the world they may be located.

-News Source (Microsoft, Register & CNET)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)

Posted by Avik Sarkar On 8/17/2011 03:57:00 am


Microsoft last week patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the
The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Microsoft internet explorer Fewer chained three exploits , each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP Tipping Point called the feat "impressive" at the time.
Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection .
Although Microsoft credited Fewer in the MS11-057 bulletin for reporting the third vulnerability, it said the bug wasn't a security flaw. "Yes, this update addresses a Protected Mode bypass issue, publicly referenced as CVE-2011-1347," Microsoft said in response to an FAQ query, "Does this update contain any non-security related changes to functionality?"
At Pwn2Own, Fewer used the bypass bug to escape Protected Mode so he could circumvent the browser's sandbox, which allowed him to add a file to the machine, a task that mimicked a hacker's insertion of malware.

Fewer confirmed that last week's IE update fixed the final flaw he used at Pwn2Own.
"Yes MS11-057 patches the final bug, the protected mode bypass, that I used in my Pwn2Own exploit, the other two being a use-after-free which was patched in MS11-018 and an information leak patched in MS11-050," Fewer said today in an email reply to questions.

Earlier Flaws Addressed

MS11-018 and MS11-050 were the designations of the April and June bulletins, respectively, that patched the two other vulnerabilities he reported to Microsoft via Tipping Point's bug bounty program.
According to Aaron Portnoy, manager of TippingPoint security research team and the company's Pwn2Own organizer, Tuesday's IE update wraps up patching for the 2011 contest.
During Pwn2Own, Microsoft said that IE9, the browser that launched shortly after Fewer's hack, did not contain the bugs he exploited.
Including Tuesday's update, IE9 has been patched twice since its March launch. Of the August bugs Microsoft acknowledged as security issues, one was reported by Fewer.
"Yes, I have been doing some research into IE9 and actually my first IE9 vulnerability was also patched this Tuesday as part of MS11-057," Fewer said, referring to a separate bug he was credited with this week.
That flaw, dubbed "CVE-2011-1964," was reported via TippingPoint to Microsoft in May, and was ranked critical for IE9 when run on Vista or Windows 7.
Fewer wouldn't commit to taking on IE9 at next year's Pwn2Own, but he left the door open to a repeat performance. "I don't have any plans as of yet for next year's competition, but if I have a few new bugs handy closer to the time, who knows?"
August's security updates, including MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Chrome OS Has Security Hole (Black Hat 2011)

Posted by Avik Sarkar On 8/05/2011 07:20:00 pm


Black Hat Google has billed its Chrome operating system as a security breakthrough that's largely immune to the threats that have plagued traditional computers for decades. With almost nothing stored on its hard drive and no native applications, there's no sensitive data that can pilfered and it can't be commandeered when attackers exploit common software vulnerabilities.
But according to two researchers who spent the past few months analyzing the Chrome-powered Cr-48 beta released in December, the browser-based OS is vulnerable to many of the same serious attacks that afflict people surfing websites. As a result, users remain susceptible to exploits that can intercept email, documents, and passwords stored on centralized servers, many of which are maintained by Google.
“Even though they put these awesome security protections in place, we're just moving the security problems to the cloud now,” Matt Johansen, a researcher with WhiteHat Security, told The Register. “We're moving the software security problem that we've been dealing with forever to the cloud. They're doing a lot of things right, but it's not the end all and be all for security.”
Virtually all of the threats identified by Johansen and his WhiteHat colleague Kyle Osborn stem from Chrome's reliance on extensions, which are essentially web-based applications. A fair number of the extensions they analyzed contain XSS, or cross-site scripting, bugs, which have the potential to inject malicious code and content into a visitor's browser and in some cases steal credentials used to authenticate user accounts.
As they went about testing what kind of attacks various XSS vulnerabilities could allow, Johansen and Osborn noticed something curious: a bug in one extension often allowed them to hijack the communications of a second extension, even when the latter one had no identifiable security flaws. At the Black Hat security conference in Las Vegas on Wednesday, they demonstrated this weakness by exploiting an XSS hole in one extension to steal passwords from an otherwise secure account on cloud password storage service LastPass.
“If any of the other vulnerable extensions have an XSS hole, we can utilize JavaScript to hijack that communication,” Johansen said. “LastPass is doing absolutely nothing wrong here. You can have an extension that's perfectly fine, but if you have another that has a cross-site scripting error in it we can still access information in secure applications.”
The discovery has generated a quandary for the researchers.
“Whose problem is this to fix?” Johansen continued. “We don't really have an answer for that. LastPass did everything correctly. It's the other extension developers that developed an extension with a vulnerability in it.”
After being informed of the specific attack, LastPass made changes to its Chrome extension that prevented it from being carried out, so it's reasonable to assume extension makers foot some of the responsibility for preventing their apps from being compromised by others. But Johansen couldn't rule out the possibility that vulnerabilities and other apps could probably make LastPass vulnerable again. He said Google might be able to fix the problem by overhauling the application programming interfaces extension developers use.
The researchers also demonstrated an XSS vulnerability in Scratchpad, a text-editor extension that's bundled with Chrome. By sharing files with names containing JavaScript commands stored on Google Docs they were able to obtain the Google session cookies of anyone who used a Chromebook to view the documents. An attacker could exploit the vulnerability to read a victim's email, or to send instant messages to everyone on the victim's contact list. If any of the contacts are using Chromebooks, they could be similarly vulnerable to booby-trapped filenames stored on Google Docs.
A Google spokeswoman defended the security of Chromebooks and said the vulnerabilities enumerated by the researchers weren't unique to the cloud-based OS. In an email, she issued the following statement:
This conversation is about the web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.
The researchers stressed Google engineers were extremely quick to fix the Scratchpad vulnerability and awarded them a $1,000 bounty for their report. But they remain convinced that the security of Chrome OS in many cases is only as strong as its' weakest extensions. They also pointed out that penetration-testing tools such as the Browser Exploitation Framework could be used to help streamline attacks in much the way Metasploit is used to manage exploits for traditional machines.
And, Johansen said, Chrome hacking through XSS may be only the beginning, since the flaws are among the easiest to find and exploit.
“Who knows what we're going to be looking for months or years from now when Google can figure out a way to thwart the cross-site scripting threat,” he said. “Why would we be trying to write buffer overflows when we can just write a simple JavaScript command.” 
-News Source (The Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launches Security Bug Bounty

Posted by Avik Sarkar On 7/30/2011 05:01:00 pm


Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.
Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.
Facebook Chief Security Officer Joe Sullivan told that "Typically, it's no longer than a day" to fix a bug,

Facebook's Whitehat page for security researchers says: 

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

The compensation program is a good way to provide an incentive and show appreciation to the research community for helping keep Facebook safe for users, according to the company's security team. Up until now, researchers received recognition on the Facebook Whitehat page, maybe some "swag," and--if they were lucky--a job.
"Some of our best engineers have come to work here after pointing out security bugs on our site," like Ryan McGeehan, manager of Facebook's security response team, said Alex Rice, product security lead at Facebook. (Facebook also recently hired famed iPhone jailbreaker and Sony PlayStation 3 hacker George Hotz, who works on security issues.)
Meanwhile, Facebook is allowing security researchers a way to create test accounts on Facebook to ensure they don't violate terms of use or impact other Facebook users, Rice and McGeehan said.
Facebook is following in the steps of Mozilla, which launched its bug bounty program in 2004, and Google, which offers a bug bounty program with payments ranging from $500 to more than $3,000 for finding Web security holes, as well as a program specifically for Chrome bugs.
Microsoft has offered bounties of $250,000 for information leading to the arrest of virus writers, but does not pay researchers who find bugs in its software. However, other companies do, like TippingPoint's Zero Day Initiative.
Researchers typically are paid more for finding bugs in desktop software, which can take much longer to fix and to update software on computers than bugs in Web-based software, which can be fixed much more quickly.

According To FACEBOOK:- 

Eligibility
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
    ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (CSRF/XSRF)
    • Remote Code Injection
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.

Rewards
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded
Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques


                                                                                                                                                                     -News Sourec (FACEBOOK & Cnet)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search