Google Chrome OS Has Security Hole (Black Hat 2011)

Posted by Avik Sarkar On 8/05/2011 07:20:00 pm


Black Hat Google has billed its Chrome operating system as a security breakthrough that's largely immune to the threats that have plagued traditional computers for decades. With almost nothing stored on its hard drive and no native applications, there's no sensitive data that can pilfered and it can't be commandeered when attackers exploit common software vulnerabilities.
But according to two researchers who spent the past few months analyzing the Chrome-powered Cr-48 beta released in December, the browser-based OS is vulnerable to many of the same serious attacks that afflict people surfing websites. As a result, users remain susceptible to exploits that can intercept email, documents, and passwords stored on centralized servers, many of which are maintained by Google.
“Even though they put these awesome security protections in place, we're just moving the security problems to the cloud now,” Matt Johansen, a researcher with WhiteHat Security, told The Register. “We're moving the software security problem that we've been dealing with forever to the cloud. They're doing a lot of things right, but it's not the end all and be all for security.”
Virtually all of the threats identified by Johansen and his WhiteHat colleague Kyle Osborn stem from Chrome's reliance on extensions, which are essentially web-based applications. A fair number of the extensions they analyzed contain XSS, or cross-site scripting, bugs, which have the potential to inject malicious code and content into a visitor's browser and in some cases steal credentials used to authenticate user accounts.
As they went about testing what kind of attacks various XSS vulnerabilities could allow, Johansen and Osborn noticed something curious: a bug in one extension often allowed them to hijack the communications of a second extension, even when the latter one had no identifiable security flaws. At the Black Hat security conference in Las Vegas on Wednesday, they demonstrated this weakness by exploiting an XSS hole in one extension to steal passwords from an otherwise secure account on cloud password storage service LastPass.
“If any of the other vulnerable extensions have an XSS hole, we can utilize JavaScript to hijack that communication,” Johansen said. “LastPass is doing absolutely nothing wrong here. You can have an extension that's perfectly fine, but if you have another that has a cross-site scripting error in it we can still access information in secure applications.”
The discovery has generated a quandary for the researchers.
“Whose problem is this to fix?” Johansen continued. “We don't really have an answer for that. LastPass did everything correctly. It's the other extension developers that developed an extension with a vulnerability in it.”
After being informed of the specific attack, LastPass made changes to its Chrome extension that prevented it from being carried out, so it's reasonable to assume extension makers foot some of the responsibility for preventing their apps from being compromised by others. But Johansen couldn't rule out the possibility that vulnerabilities and other apps could probably make LastPass vulnerable again. He said Google might be able to fix the problem by overhauling the application programming interfaces extension developers use.
The researchers also demonstrated an XSS vulnerability in Scratchpad, a text-editor extension that's bundled with Chrome. By sharing files with names containing JavaScript commands stored on Google Docs they were able to obtain the Google session cookies of anyone who used a Chromebook to view the documents. An attacker could exploit the vulnerability to read a victim's email, or to send instant messages to everyone on the victim's contact list. If any of the contacts are using Chromebooks, they could be similarly vulnerable to booby-trapped filenames stored on Google Docs.
A Google spokeswoman defended the security of Chromebooks and said the vulnerabilities enumerated by the researchers weren't unique to the cloud-based OS. In an email, she issued the following statement:
This conversation is about the web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.
The researchers stressed Google engineers were extremely quick to fix the Scratchpad vulnerability and awarded them a $1,000 bounty for their report. But they remain convinced that the security of Chrome OS in many cases is only as strong as its' weakest extensions. They also pointed out that penetration-testing tools such as the Browser Exploitation Framework could be used to help streamline attacks in much the way Metasploit is used to manage exploits for traditional machines.
And, Johansen said, Chrome hacking through XSS may be only the beginning, since the flaws are among the easiest to find and exploit.
“Who knows what we're going to be looking for months or years from now when Google can figure out a way to thwart the cross-site scripting threat,” he said. “Why would we be trying to write buffer overflows when we can just write a simple JavaScript command.” 
-News Source (The Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DARPA Launched Cyber Fast Track (Fund To Innovate Military)

Posted by Avik Sarkar On 8/05/2011 06:27:00 pm



The Defense Advanced Research Projects Agency on Thursday launched Cyber Fast Track, an effort to fund innovative cybersecurity efforts by groups and people who don't usually do work for the government, including hobbyists, boutique security labs, and other small groups of hackers, DARPA project manager Peiter "Mudge" Zatko announced at Black Hat, a UBM TechWeb event, in Las Vegas.
The Cyber Fast Track program, first announced at the annual ShmooCon cybersecurity conference in January, will fund between 20 and 100 projects a year, Zatko said. The short, fixed-price contracts will be awarded with little turnaround time--about 10 days from the receipt of proposals--based on a simple proposal template so as to lower the barrier to entry. Projects will be carried out over no more than a few months. 
Cyber Fast Track will fund experimental projects, including commodity high-end computing, open software tools, and others, that might help the military. For example, Zatko raised possibilities like cheap unmanned aerial vehicles and an automated war-dialer that could repeatedly ring phones in a given area to discourage bomb-makers from building improvised explosive devices. Cyber Fast Track may also fund community efforts, possibly including a bug hunting exercise.
In addition to funding fast, cheap innovation that can later be leveraged by the Department of Defense, Zatko sees Cyber Fast Track as a way to link hackers up with government. "The way government is set up, it's almost impossible for the small businesses, the researchers, the hackers, to get money for research without giving up intellectual property or being purchased and having their company gutted," Zatko said. "I want to make it easier."
While some hackers may be reticent of the federal government, Zatko comes with impeccable hacker credentials. He was a member of the L0pht hacker group, created a famous password-cracking tool, and in 1998 testified before Congress that hackers could shut down the Internet in a half hour.
Zatko said that it is difficult for organizations like the L0pht to parse the legalese and government-talk in government contracts, and challenging for them to put together proposals. It takes too long and too much money for venture-backed companies, meanwhile, to justify crafting proposals.
When research is complete, researchers will be able to keep commercial rights to whatever they create, but the government will get government purpose rights that allow it to use, modify, repurpose, or release technical data on the projects in question. They may also be asked to present their efforts to a forum of undergraduate students at a U.S. military service academy, and will be encouraged to continue to update DARPA on the status of their projects once the contract has ended.
In his time at DARPA, Zatko has also been responsible for CINDER, a project that was initially reported by the government to be about insider threats, but which Zatko says is more about combating attacks like Stuxnet and next-generation advanced persistent threats. 

-News Source (Information Week)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Browser Injection Vulnerability Found By IBM Researchers

Posted by Avik Sarkar On 8/05/2011 06:27:00 pm


Researchers with IBM have discovered what could be a very serious flaw in the Android operating system. The flaw is billed as allowing hackers to intercept web browser operations by injecting JavaScript code into the system.
According to Roee Hay and Yair Amit of IBM's Rational Application Security Research Group, this means that a malicious, non-privileged application could break into the browser URL loading process and its allied sandbox to inject JavaScript.
This is potentially very serious, Infosecurity notes, as the sandbox element of the browser environment seen on Android is supposed to defend the smartphone/tablet platform against this type of attack.

The researchers note that the vulnerability "has the same implications as global XSS, albeit from an installed application rather than another website."
The IBM security researchers go on to say that Android 2.3.5 and 3.2 have been released and which incorporate a fix for this bug.
Patches are also available for Android 2.2 and will, they note, be released at a later date.

The Researchers have also posted a video about this vulnerability:-


For more information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

hidilli.com Hacked By c7 King h3x0r

Posted by Avik Sarkar On 8/05/2011 04:35:00 pm


One of Indian Bollywood related site hacked by c7 King h3x0r

Hacked Site:-  
http://hidilli.com/c7.htm


Mirror Link:-

http://www.zone-h.com/mirror/i​d/14560445

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Safe3 Sql Injector v8.6 is Now Available

Posted by Avik Sarkar On 8/05/2011 04:33:00 pm


Safe3 is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This update fixes a lot of bugs.

To Download Safe3 Sql Injector v8.6 (Safe3SI v8.6) Click Here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Started "BlueHat" Contest for Better Security

Posted by Avik Sarkar On 8/05/2011 05:09:00 am


As any Jedi knight knows, the temptation to turn to the Dark Side is difficult to resist. The same can be true for White Hat hackers--malware fighters who discover vulnerabilities in software.
The black market prices for those kinds of security flaws are as tantalizing to ethical hackers as the malevolent side of The Force was to Luke Skywalker. Microsoft wants to temper those temptations, though, and has announced a contest that offers more than $250,000 in prizes for developing better solutions to counter security threats.
Microsoft's "BlueHat Prize," announced by the company at the Black Hat security conference in Las Vegas Wednesday, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. Those kinds of vulnerabilities can create problems like buffer overflows that can be exploited by Net miscreants to compromise computers.
“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology," Matt Thomlinson, Microsoft’s General Manager of Trustworthy Computing Group, said.
“Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues," Thomlinson continued. "We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks."

Top Experts Needed:-

In offering the prize, Microsoft hopes to attract the world's top experts to focus their "little gray cells" on a major security problem. “Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," observed Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center.
“We’re looking to collaborate with others to build solutions to tough industry problems," she added. "We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world."

The Origin of the Concept:-

According to Microsoft, it got the idea for the BlueHat prize from a previously launched security information-sharing program. That initiative, the Microsoft Active Protections Program (MAPP), allows Microsoft to share information with security vendors around the world so they can release protection technologies to their customers much faster. The success of that program got Microsoft thinking about mounting a similar effort for the security research community.
One vendor with praise for BlueHat was Adobe, a company that's no stranger to software with vulnerabilities. “The Microsoft BlueHat Prize announced at Black Hat [on August 3] is an exciting new initiative and a great example of encouraging community collaboration in the defense against those with malicious intent," observed Adobe's Senior Director for Product Security and Privacy Brad Arkin.
“This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks, rather than thinking about software security as a challenge best addressed one bug at a time," he continued. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."
Here are the official rules and guidelines for the competition. Contest submissions will be accepted until Sunday, April 1, 2012, Microsoft said. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and functionality (30 percent); robustness--how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The winners will be announced at Black Hat USA conference in 2012.

-News Source (PC World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chrome 13 Stable Released With Print Preview & Instant Pages Support

Posted by Avik Sarkar On 8/05/2011 03:38:00 am


As browser version numbers go, Chrome 13.0.782.107 sounds like it’s going to be less than exciting, the kind of build that delivers eight bug fixes and support for some minor HTML5 feature you’ve never heard of.
The reality is very different, though, with Google’s latest stable release providing a couple of important new features and a lengthy list of useful extras.
The headline addition has to be the long-awaited Print Preview. Unlike Firefox and IE, there’s no separate Print Preview menu option; you just click Print as normal, and the current page appears in a new tab, where you can choose your layout (portrait or landscape), the pages you need, your printer and so on, before printing your selection with a click.
While this generally works well, we do have one issue. If you want to see the standard Windows printer properties dialog then you need to click Advanced, which would be fine if it wasn’t for the fact that the Print Preview tab then immediately closes – not what we’d expect. Still, for the moment we’re just happy that Chrome has Print Preview in any form, the fine tuning can come later.
The other major new feature this time is support for Google’s “Instant Pages”, which means that when you run a Google search, Chrome will prefetch the top search result for you (if it’s very sure you’re going to click it). In our tests this worked only occasionally, but when it does the results are impressive, with the selected page popping onto the screen in a flash.
Of course, as with any prefetching, there’s a risk that you may be downloading content which you never access, a particular problem if you’re on a slow or expensive 3G connection. If you’d like to keep your bandwidth use to a minimum, you might prefer to turn this feature off by going to Options > Under the Bonnet and clearing “Predict network actions to improve page load performance”.

To Download Chrome 13 stable click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search