Vulnerabilities Fixed in the Apple Developer Website

Posted by Avik Sarkar On 7/05/2011 01:15:00 pm


A vulnerability that could have led to phishing attacks against Mac OS X, iPad and iPad developers has finally been closed, according to the hacker group that flagged up the hole on an Apple development website few days ago. YGN told Apple about the Arbitrary URL Redirect vulnerability and cross-site scripting issue on April 25, warning it could lead to phishing attacks on developers using the website. Apple acknowledged YGN's information on April 27, but didn't fix the hole. That frustrated YGN, which let news reporters know it would go public with the information in a short period of time even if Apple didn't correct the problem. One day after news reports on the situation, Apple fixed the problem.
It was the Vulnerability on Developer  of Apple's Website

Vulnerabilities in developer.apple.com

Vulnerabilities via URL Redirector in developer.apple.com
1. VULNERABILITY DESCRIPTION
Arbitrary URL Redirect
======================


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

URL Shorteners Have been Exploited Malware Writers

Posted by Avik Sarkar On 7/05/2011 01:15:00 pm


URL shorteners (such as bit.ly) have escalated in popularity thanks to services like Twitter where every character counts. However they come at a security cost.
Spammers have been using them to for some time, and anyone who frequents twitter will have seen the pornography industry using them. However Symantec’s Nick Johnston reports on a worrying trend, using them to hide malware using so-called drive-by attacks. He reports on one exploit.
The attack abused at least five different URL shortening sites. The message claimed to be from an inter-bank funds transfer service, claiming that a funds transfer had been cancelled. To find out why the transfer was cancelled, recipients were encouraged to click on a link supposedly pointing to a PDF file, but actually pointing to a shortened URL. This shortened URL then redirects to a site with several drive-by exploits.
A drive-by attack is one that exploits security flaws in browsers and causes them to download and execute malicious code simply by visiting a page. They do not require a user to click on anything or download files. In the example cited, the page exploited holes in PDF documents, Java and a Windows Help Center exploit. Expect more of this, warns Symantec.
We saw hundreds of unique shortened URLs being used to link to this malware, and expect to see malware authors using this technique in future.
There are browser plug-ins for Firefox and Chrome that will expand shortened URLs so you can see the destination site before clicking on the link. It is expected that

To See the Symantec Report Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Fox News Politics Twitter Account Hacked & claims Obama shot in Iowa

Posted by Avik Sarkar On 7/04/2011 06:39:00 pm


Fox News Politics Twitter Account Hacked By The Script Kiddies. The Hacker spread a rumour that  

"Barack Obama has just passed. Neraly 45 Minutes ago. he shots twice in the lower pelvic area and in the neck; shooter unknown bled out."  

He also changed the description of the twitter from its original to  

"H4CK3D BY TH3 5CR1PT K1DD3S"



Later Fox News released a statement confirming the hacking and adding that "the hacking is being investigated, and FoxNews.com regrets any distress the false tweets may have created."

To See the statement Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Web hosting & Dedicated Server Provider's Official Website Hacked By C7

Posted by Avik Sarkar On 7/04/2011 04:17:00 pm


A Web Hosting Company (Agreatwebhost) & Dedecated-Servers-Provider (Dedicated-Services-Host) official website, Where About 18,000 Websites Were Hosted, Hacked And Owned By [c7 assassin]

Hacked Sites:- 


Mirror Links:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

In Australia One out of Six are Affected By ID Theft

Posted by Avik Sarkar On 7/04/2011 04:04:00 pm

 
Nearly one in six Australians have been a victim or known somebody who has been a victim of identity theft or misuse in the past six months, new research shows.
An independent online survey of 1200 people, which will be used to help develop a new National Identity Security Strategy, also revealed nine in 10 people were concerned or very concerned about identity theft and misuse. "It's clear from these results that there is real concern in the Australian community about identity theft and misuse," Federal Attorney-General Robert McClelland said on Sunday.
"In the last six months alone, Australia's Computer Emergency Response Team has alerted Australian businesses to more than a quarter of a million pieces of stolen information such as passwords and account details, allowing them to take steps to protect their systems and their customers." As technology evolved and people undertook more business and transactions online, the risk of identity theft increased, he said. The survey also revealed the majority of identity theft or misuse occurred over the internet (58 per cent), or through the loss of a credit or debit card (30 per cent). Stolen identify information was primarily used to purchase goods or services (55 per cent) or to obtain finance, credit or a loan (26 per cent). Information from the survey, conducted by Di Marzio Research, will be used to help develop a new national identity security strategy, McClelland said.
The government has introduced legislation to parliament aimed at strengthening cybersecurity laws and Australia's ability to combat international cybercrime.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

JailbreakMe 3.0 Exploit for ipad 2 Leaked out

Posted by Avik Sarkar On 7/04/2011 03:56:00 pm


The long-awaited JailbreakMe 3.0 exploit has finally been released but not officially according to a report a beta tester for the software leaked the exploit online the last night. Suffice to say the Dev team nor Comex came forward to validate its authenticity 

According to the News Source:- 
"..Supporting iOS 4.2.1-4.3.3, in short, we don't recommend you to use the exploit, until it has been officially verified. If you want to see it in action however to prove its existence we have got a short in less-than 2 minutes look at JailbreakMe 3.0 right after the break. 

[Update] - Reader Dave (@Dave Flash) notes that the leaked exploit was also available for iPad earlier today, using a different .PDF file from the site mentioned. However, this now appears to have been pulled.
@razorianfly also worked om my 1st gen iPad.
@razorianfly Well, you have to use a different PDF from that site http://rfly.co/m2kz5H
… but it appears to have been pulled.

[update 2] 9to mac that the exploit only appears to work on Wi-Fi Only iPad 2 models, offering up the screen shot below as proof of the jailbreak method.  



[update 3] success stories coming in. @Baisarro notes...
@razorianfly hey Arron! it worked for me with ipad 2 wi-fi iOS, no problems "


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Small Data Breach on Apple Site #Antisec Continues

Posted by Avik Sarkar On 7/04/2011 11:56:00 am


We’ve heard a few reports in the past that Lulzsec hackers had broken into Apple. Now, however, the WSJ is reporting that the AntiSec hackers that have been joyriding around the internet using SQL injectors to steal username and password have hit Apple’s servers and taken user names and passwords.
The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,” the hackers said, “we are busy elsewhere.” A spokesman for Apple didn’t immediately respond to a request for comment. The posted information comes as part of a two-month campaign of digital heists targeting corporations including Sony Corp. and AT&T Inc., as well as government agencies such as the U.S. Senate, the Central Intelligence Agency and the Arizona Department of Public Safety.
Specifically, they say  they’ve got the user name and passwords from this server:
While this looks to be a pretty harmless server with only local user names, previous postings have claimed a much bigger bounty. 
Click HERE to See the Statement on Pastebin 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search