VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]

Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VOGH Exclusive: URL Redirection Vulnerability Found In Facebook "https://www.voiceofgreyhat.com/2014/01/url-redirection-vulnerability-in-facebook.html</a>

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:

• A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
• A vulnerability that would allow unprivileged users to interfere with backups;
• Security issues involving the OS X and Linux installers;
• Vaious issues with GiST indices;
• An issue related to crash recovery; and
• Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 

-Source (Campus Technology & The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)"https://www.voiceofgreyhat.com/2013/04/PostgreSQL-fixed-denial-of-Service-vulnerability.html</a>

EA Official Forum Hacked !!

EA (Electronics Art) Official Forum Hacked  

Few days ago famous first person shot game Battlefield 3 server get hacked and also in that attack the hacker exploited the server security system in such a way that any one Can Play online without Using EA's digital distribution platform. After that once again famous game developer EA faced cyber attack. The home page of the EA official forum get hacked. According to EA authority the hacker exploited a vulnerability and gained access. Later the fixed the loophole also EA confirmed that user informations are safe and nothing get comprised in the attack. Dan Sheridan, Marketing Manger EA addressed the community to give some assurance to users by saying:  

“As some of you noticed, the homepage of the forums was defaced by a hacker yesterday using a very new exploit for the software which runs the forums. This was noticed quickly and we took the action to take the forums offline while we investigated the details. This work is now complete, and the vulnerability we believe was used has now been fixed. There is no evidence that any personal data was compromised, and as passwords aren’t stored in a recoverable manor, we are confident they remain secure.
Thank you for your patience whilst the forums were offline and we took the necessary steps to investigate this.”

Earlier lots of other gaming giant faced such cyber attack for example Square Enix, Star Wars Galaxies, MapleStory, and so on.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">EA Official Forum Hacked !!"https://www.voiceofgreyhat.com/2012/02/ea-official-forum-hacked.html</a>

Microsoft Allowing Open Source Application In Windows 8 App Store

Microsoft is planning to allow open source application in the Windows 8 store. It has been reported that Windows 8 will be released on February. Earlier Windows 8 Preview was released and was freely available for all. Furthermore, the Open Source Initiative license has the upper hand over the Microsoft Standard Application License Terms, namely the restriction on sharing applications.

In the Press release Microsoft Said:-

"Apps that are released under an Open Source Initiative-recognised open source licence can, at least in the pre-release version of the Windows Store, be distributed according to terms that contradict Microsoft’s Standard Application License Terms if this is required by the open source licence. Among other things, the Standard Application License Terms prohibit the sharing of applications"

Microsoft released more details about the upcoming Windows Store earlier this week. There it is clearly said that “Metro-style applications will be licensable, marketable and downloadable from the Windows 8 Store. Non-Metro-style Desktop Apps will only be marketable from inside the store, with links provided to developers’ sites for sales/downloads.”

This legal loophole may potentially benefit open-source developers in avoiding the impediments encountered by some who were frustrated and hindered by Apple’s much more restrictive App Store ‘terms and conditions’. What’s strange about this whole action taken by Microsoft? That it was accomplished almost completely under the radar, almost as if Microsoft doesn’t want to promote the fact that they’re allowing open source apps in the upcoming Windows 8 Store.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Allowing Open Source Application In Windows 8 App Store"https://www.voiceofgreyhat.com/2011/12/microsoft-allowing-open-source.html</a>

Full Disclosure Of Pentagon Data-breach

We're all human, you know? That's roughly the trick that the hackers most likely relied on when, earlier this year, they managed to steal over 24,000 files from a defense contractor.

The Pentagon won't say what files went astray, or the level of secrecy associated with the contents of the stolen data. But we can assume that at least some of it was highly secret—secret enough that Deputy Defense Secretary William J. Lynn III felt compelled to admit to the attack during a speech about the future of cyber policy yesterday. Lynn said it concerned some of the U.S.'s "most sensitive systems, including aircraft avionics, surveillance technologies" and more, before hinting that foreign powers were behind the attack and using it to declare cyberspace the next battleground.

What went down? Fast Company spoke to Nick Percoco, digital security expert and SVP at Trustwave's SpiderLabs, and familiar with exactly this sort of cyberattack, to get some insight.

How The Hack May Have Begun: Email Scams

The fact that the 24,000 stolen files came from a defense contractor is significant, Percoco notes. It's likely easier to get this sort of data from a contractor than launching an all-out attack on Pentagon servers themselves, because companies are full of people—people who are used to doing business in our digitally connected world. And even though an employee of a defense contractor is probably way more switched on to digital security than you or I, it's still not impossible to cheat someone with access to secret files into placing malware on their work laptop.

All it would take for a dedicated hacker is some basic research. If you wanted to steal data like this, you could start by targeting a particular employee via email—"We've seen this happen to defense contractors," Percoco notes. "Using technology like Google, and LinkedIn and other social networks" hackers could find out who best to target. Say they pick a particular EVP, and work out their email address is "JohnSmith@defencecontractorX.com." Then they work out who their colleagues or bosses may be all the way up to CEO level.

Then it's as simple as going to a source of hacking code using your underworld contacts (or using some of your own) and getting access to a "zero day exploit"—a new loophole in a computer or software system's security that hasn't been publicly discovered yet, and hence is still open for hacking use.

This is where the hack escalates. "In this case, they'd been looking for a zero-day exploit in, say, the Adobe PDF reader. And then they'd take a nice creative pen out and draft up a document that looks like it should be something important," Percoco said. After this, the hacker would set up something like a disposable Gmail account and make the screen name the same as one of the target's peers or the CEO of the company. Then they'd "craft up an email that says 'Here's an important document, some new announcement we're working on. Please review it and be ready for a call at 10 a.m. today.'" The trick is to send this to the target at around 7:30 a.m. local time, because the "best time to send those types of things is right before someone's had their coffee."

Typically the sleep-addled victim would trust the email as it's supposedly from a colleague, then launch the embedded PDF (or other faked document). Usually it causes the newly launched program—Adobe Reader in this example—to crash. But as it crashed, it would actually be installing malicious code on the machine. The virus is injected.

How The Attack Began: Website Sting

A similar attack is possible using a faked-up website that looks like it's actually related to the target company—one of those odd-looking, badly maintained websites that kinda looks official that we've all surfed to at some point and been confused by.

Some of these are actually storage pens for targeted malicious code, carefully honed to appear high on Google searches with SEO tricks. And when, say, a marketing official from the target company Googles to find out how their brand is being referenced around the web, they may stumble across one of these fake sites and trigger the release of malware onto their machine.

What Happened Next: Access Is King

Once the malicious code has been installed on the machine, the "sky's the limit," particularly via the email exploit. A well-coded virus code can evade detection and hide on the computer, doing various wicked things.

Often the "sole purpose of the executable is to go and find files on the person's computer and archive those in a zip file or RAR file, and then attempt to extract them from the system," Percoco said, based on his experience. The code could try lots of different routes, using FTP or HTTP or other protocols to get those files off the system. It's something he's seen in "many environments" and, worryingly, they're often "highly successful in getting those files." The code is typically designed to work on Windows machines, with almost no such exploits targeted at Macs—but Percoco agrees that this is at least partly due to the assumption by a hacker that a business user will be using a PC, not a Mac.

The success would be based on the fact no one's seen this particular kind of attack before (a zero-day exploit payoff) and it would easily circumvent any protective anti-virus software installed on the machine—because the protection doesn't know to look out for this type of virus. The only real way to avoid this sort of attack for the target to "avoid clicking on documents," which is clearly unlikely in the case of a business computer user. 

A smarter hacker would select a network administrator at the target company, because they're human, too. Their machine likely has even more interesting files that have data on network security, what kind of code is let in and let out of company firewalls, and so on.

Getting access to this sort of data (via the same email hack as described above) could let a persistent hacker penetrate a company's network and install a backdoor onto it—totally circumventing security because then "the attacker doesn't have to come in from the outside, they have code running on that system that will basically open up a connection back to the attacker"—not something network security is expecting. Then you can gain access to passwords and credentials to worm your way in further, eventually finding whatever sensitive data you're looking for.

The result could be a grim violation of company security. "We've seen those for a number of years, in all sorts of companies including government-type companies as well," Percoco says. 

Who Did This?

It's easy to see how a hacker could gain access to a machine and even a company network, and how easy it can be to transfer stolen files from infected computers to the hacker. But whois the hacker? The Deputy Secretary of Defense was careful to link it to "foreign" attackers—and considering this year's hacking news, we're instantly imagining China is to blame.

Percoco says his company does hundreds of investigations every year on attacks like these, and it's "very, very difficult to trace an attack to a specific person and specific political motivation." That's unless it's a hacktivist attack, when a group like Anonymous posts the data online and admits it was to blame—and even then "you don't know where these people are actually located."

A hacker could take his laptop down to a coffee shop, buy a cup of joe and "get on their free Wi-Fi system. And now they go and start looking around the world to find a computer that has a security weakness." Once they find it, they can use the hacked computer for a targeting scenario like the one described above, where they send a tainted email. Anyone tracing the code back after the attack was detected may find it sourced on a corporate computer in, say, China. And then they're stuck—because no one's "going to let the U.S. government come in and do a forensic investigation on some business located in China." 

Furthermore, it's rare that even this first Net address is where the attack is coming from—"they're always jumping through one or many systems" Percoco says, which could be in numerous nations and thus completely confound any attempts to track them. Which means the attacker actually could be located anywhere.

The Cold Cyberwar?

Suddenly, there's a much more sinister angle to the Pentagon hack. Forget "The Chinese Way of Hacking." More like "Even More Malicious Hackers Looking Like They're Using The Chinese Way Of Hacking."

-News Source (Gizmodo)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Full Disclosure Of Pentagon Data-breach"https://www.voiceofgreyhat.com/2011/07/full-disclosure-of-pentagon-data-breach.html</a>

Again WikiLeaks Donations Has been Blocked By Icelandic Bank

An Icelandic bank that unknowingly provided a way for WikiLeaks supporters to fund the controversial website best known for publishing classified military and diplomatic websites earlier this week has closed the proverbial loophole, according to Reuters reports.

In a story published Friday, Maria Aspan of the wire service revealed that Valitor had agreed earlier this week to accept payments processed by DataCell, a data hosting service provider and a WikiLeaks supporter. However, bank officials later told Aspan that they had not been informed that the transactions would include donations to the Julian Assange owned website.

Credit giants Visa and MasterCard have banned DataCell from processing such donations for months, and on Friday, Valitor spokeswoman Jonina Ingvadottir sent an emailed statement to Reuters stating that the bank "was not informed that DataCell would be conducting these activities when their business agreement was made," and another source told Aspan that Valitor had "blocked the Visa and MasterCard WikiLeaks donations and terminated its contract with DataCell" earlier in the day.

That source told Reuters that less than 100 donations were processed before the agreement was terminated.

"The failed Valitor partnership is the latest blow to Assange, who has struggled to gain funding since the major payments networks stopped processing payments to WikiLeaks," Aspan wrote.

"The Internet vigilante group Anonymous temporarily shut down the public websites of both Visa and MasterCard in December after the companies began their embargo."
She added that Olaf Sigurvinsson, the founder of DataCell, "confirmed that Valitor had terminated the contract with his company" and that when the contract was signed, he had made it "absolutely clear" to the Icelandic financial institution that the company would "continue… to collect donations" for various organizations, including WikiLeaks.
On a special page dedicated solely to donations, Sigurvinsson's company posted a statement in which they said, "DataCell advocates free speech and jurisdiction independence. We plead the public support for the independence of media and jurisdiction; and to bring truth, integrity, dignity and justice to the world… You can help by donating financially to the following organizations."

Further down on the page is a form which individuals can donate by credit card to WikiLeaks.

In addition, the web page claims that, "DataCell is taking on legal case against Visa and MasterCard for suspending its account, for which DataCell was processing credit card donation for WikiLeaks. Please contribute to DataCell legal fund to support in its legal battle against credit card giants for their unjustified and prejudicial action."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Again WikiLeaks Donations Has been Blocked By Icelandic Bank"https://www.voiceofgreyhat.com/2011/07/again-wikileaks-donations-has-been.html</a>

Now banks exploit a new payment protection loophole

Tens of thousands of customers who have had complaints about payment protection insurance (PPI) rejected could be denied justice despite banks finally admitting to widespread mis‑selling.
Last week banks dropped their legal fight with City watchdog the Financial Services Authority (FSA) which had ordered them to compensate those who had been mis-sold PPI dating back to the start of 2005. Up to 6.4 million customers could be in line to share a payout worth around £9 billion.
Now it has emerged that some banks are hiding behind rules which state that they don’t have to investigate any complaint they have already rejected.

Loophole: Tens of thousands of customers who have had complaints about payment protection insurance rejected could be denied justice despite banks finally admitting to widespread mis¿selling

Anyone who has a formal complaint rejected must take their appeal to the Financial Ombudsman Service within six months.
If they don’t, then the complaint lapses and they lose all chance to appeal unless there are exceptional circumstances such as long-term illness, being out of the country or if the lender failed to tell them of their right to use the Ombudsman.

Some banks routinely fobbed off PPI complaints for years - and around 70 pc of customers did not take their complaint to the Ombudsman.
Even though they may have had a valid case, those customers may now miss out on compensation.
Santander says it will not consider compensating any customers who have already had their complaint rejected.
State-backed RBS and NatWest say they will offer redress ‘in line with the standards the FSA now requires’ — which does not include complaints already rejected.
Lloyds Banking Group, which includes Halifax and Cheltenham & Gloucester, simply says that customers should contact them directly.
Barclays and HSBC, on the other hand, say that customers who have already been dismissed should get in touch again because the banks are now assessing complaints differently.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Now banks exploit a new payment protection loophole"https://www.voiceofgreyhat.com/2011/05/now-banks-exploit-new-payment.html</a>

Android handsets 'leak' personal data

More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

The data being leaked is typically used to get at web-based services such as Google Calendar.
The discovery was made by German security researchers looking at how Android phones handle identification information.
Google has yet to comment on the loophole uncovered by the researchers.
ID attack University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub made their discovery while watching how Android phones handle login credentials for web-based services.
Many applications installed on Android phones interact with Google services by asking for an authentication token - essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time.
Sometimes, found the researchers, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.
Armed with the token, criminals would be able to pose as a particular user and get at their personal information.
Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.
"[T]he adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user," the researchers wrote in a blog post explaining their findings.
Abuse of the loophole might mean some people lose data but other changes may be harder to spot.
"...an adversary could change the stored e-mail address of the victim's boss or business partners hoping to receive sensitive or confidential material pertaining to their business," the team speculated.
There is no suggestion that attackers are exploiting the Android loophole at the moment.
Almost all versions of the Android operating system were passing round unencrypted authentication tokens, found the researchers. It was fixed in version 2.3.4 but, suggest Google figures, only 0.3% of Android phones are running this software.
Some Google services, such as image sharing site Picasa, are still using unencrypted authentication tokens that can be stolen, found the team.
The researchers urged Android phone owners to update their device to avoid falling victim to attacks via the loophole. Google is also known to be working with operators and handset makers to get updates to people faster than at present.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Android handsets 'leak' personal data"https://www.voiceofgreyhat.com/2011/05/android-handsets-leak-personal-data.html</a>