May 2010

Safari Carpet Bomb

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 11:54

I recently communicated 3 security issues in the Safari browser to Apple.

Apple let me know that they will fix 1 of the issues I reported. I will not discuss the vulnerability Apple has promised to fix until they release the fix because it is a high risk issue affecting Safari on OSX and Windows.

I let Apple know that I'd like to discuss the 2 issues they won't be fixing with the security community and they let me know they are fine with it. A quote from my last email to Apple:

...since you do not consider issue 1 and 2 to be security related, I will feel free to discuss my thoughts within the information security community. Just let me know if you would like me to wait for some amount of time before I do this.

Response from Apple: We understand if you want to discuss these in the security community.

Before I get to the details, I want to make it extremely clear that the Apple security team has been a pleasure to communicate with. I sent them a couple of emails asking for clarifications, and they responded quickly and courteously every time. I want to publicly acknowledge that I appreciate this very much.

Here are the issues I reported:

Forums: 

Hacking Google Gears' Cross-Origin Communication Model

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 11:48

Google Gears is a well-known RIA infrastructure, used extensively by Google in various services such as Google Docs and Google Reader as well as in non-Google services such as MySpace, Zoho Writer and WordPress.

Gears is a browser extension that allows developers to create richer and more responsive web-applications. One of its key features is the ability to create web-applications that can run both online and offline transparently.
Some of the capabilities Gears introduces are:

  • A local server, to cache and serve application resources (HTML, JavaScript, images, etc.) without needing to contact a server
  • A database, to store and access data from within the browser
  • A worker thread pool, to make web applications more responsive by performing expensive operations in the background
  • The HttpRequest API, which implements a subset of the W3C XmlHttpRequest specification
  • A Geolocation API that enables a web application to obtain a user's geographical position

(The descriptions above are taken from the Google Gears documentation)

In my opinion, one of the nicest things in Gears is the way it is utilized. This is done by inserting JavaScript calls to Gears' API within the HTML code of the web-application. Therefore, unlike some of its alternatives, Gears can be integrated into existing web-applications easily and fluently.

Forums: 

Sun Gifar issue

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 11:43

Last week, Sun released a patch for a vulnerability I reported to them.  The patch I’m talking about fixes the “GIFAR” issue.  I was unable to speak on the issue at Black Hat (for various reasons), but Nate McFeters did a great job of presenting the concept of GIFARs at Black Hat USA along with a simple example of how an attacker could use a GIFAR in an attack.  Now that the issue has been patched, I’d like to cover some of the things related to “GIFARs” that I thought were interesting (including a few items that were not mentioned at Black Hat).

Before we begin, I’d like to thanks Chok Poh from Sun’s Security team.  Chok was vital in fixing the GIFAR issue.  This patch required some significant thought as to how to best handle this issue.  Chok was very responsive and was smart enough to understand the impact of the unusual issue.  I’d also like to thank the Google Security team.  Google was our “guinea pig” for testing some of the pieces related to GIFARs and despite having to redesign some of their application behavior, they were gracious and very worked diligently to protect their users.  Now, on to the show!

Forums: 

Man in the middle attack

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 10:22

In cryptography, the man-in-the-middle attack (often abbreviated MITM), or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).

Forums: 

Honeypot

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 10:10

A honeypot is valuable as a surveillance and early-warning tool. While it is often a computer, a honeypot can take other forms, such as files or data records, or even unused IP address space. A honeypot that masquerades as an open proxy to monitor and record those using the system is a sugarcane.

Forums: 

Cyberattacks during the 2008 South Ossetia War

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 00:47

 During the 2008 South Ossetia war a series of cyberattacks swamped and disabled websites of numerous GeorgianRussian,

Forums: 

Cyberattacks on Estionia 2007

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 00:45

 Cyberattacks on Estonia (also known as the Estonian Cyberwar) refers to a series of cyber attacks that began April 27, 2007 and swamped websites of Estonianorganizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with 

Forums: 

promo-wise.com advertisement fraud

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 00:25

This is a e-mail I received on Wednesday 7th of April 20

I do not trust them because neither their telephone number is posted and the e-mail itself must be written by a 16~20 year old. This is not a conclusion. I am going to keep contact with them and if they are smart they would check out cyberwarzone.com more often.

Also i checked out the website and again no contact information.

Read the e-mail down here (This e-mail is written in Dutch, The Netherlands)

 

I DO NOT TRUST THEM

 

-----Original Message-----
From: Janine de Vries [mailto:janine@promo-wise.com] 
Sent: woensdag 7 april 2010 11:13
To: [deleted this]
Subject: Interesse plaatsen advertentie op website http://www.rafati.nl/

Geachte Webmaster,

 

Mijn naam is Janine de Vries werkzaam bij Promo-Wise.com. Graag
bied ik u een maandelijkse vergoeding aan voor het plaatsen van een
artikel of advertentie op uw web-site voor één van onze klanten.

 

Indien u geïnteresseerd bent in ons aanbod, verneem ik van u graag de
mogelijkheden. Heeft u nog vragen of suggesties, kunt u uiteraard te
allen tijde contact met ons opnemen.

 

To speak with one of our English-speaking customer support staff,
please email Andrew Evans at contactus@promotion-time.com.

 

Forums: 

Windows XP Encrypting File System (EFS)

Submitted by siavash on Sat, 05/15/2010 - 18:49

Encryption is the process of converting data into a format that cannot be read by others. You can use EFS to automatically encrypt your data when it is stored on the hard disk.You can encrypt files only on volumes that are formatted with the NTFS file system.EFS, the Encrypted File System, is a feature native to Windows XP that can be used to encrypt(or encode) sensitive files so that only you are able to see and access them. Encryption is the strongest form of protection that Windows provides.The EFS feature is not included in Microsoft Windows XP Home Edition.EFS does support file sharing between multiple users on a single file. 

The use of EFS file sharing in Windows XP provides another opportunity for data recovery by adding additional users to an encrypted file.Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of encrypted files by multiple users without actually using groups, and without sharing private keys between users.

How to Encrypt a File
You can encrypt files only on volumes that are formatted with the NTFS file system. To encrypt a file:

Tags: 

Chatroulette insecure or secure

Submitted by Cyberwarz1 on Sat, 05/15/2010 - 13:24

 

Chatroulette is one of the trending cam communities. On Chatroulette you can find people that are ready to cam with an unknown person. The effect of this is that sometimes you can have a good chat, a good laugh and you might see some nudity.

Before I posted this topic i tried something else. This was the "I got your picture from Chatroulette, click on this link to see if this is you"  

The Blog post:  http://www.cyberwarzone.com/content/your-picture-chatroulettecom

It attracted a lot of people. Now me as a moderator of Cyberwarzone I would never use people their client information. But there are a lot of organizations that are waiting for such persons.

What keeps pushing my buttons is the fact that young children around the age of  ~16 are also online at chatroulette.com. And they don't know what kind of threats they can find online.
 

Forums: 

Pages

Anonymous

South Africa Police Service Hacked
Post date: 05/22/2013 - 09:23
Anonymous hackers shut down Rome court's website
Post date: 05/21/2013 - 12:09
#opisrael reloaded - We know who you are!
Post date: 05/21/2013 - 11:58
Anonymous Hacktivists pinched in Vatican Operation Tango Down
Post date: 05/17/2013 - 16:24
#Anonymous #opPetrol will hit petroleum industry on the 20th of June 2013
Post date: 05/11/2013 - 12:44

Hacking

South Africa Police Service Hacked
Post date: 05/22/2013 - 09:23
Chinese Hackers Army Marching On U.S. companies, government Network
Post date: 05/20/2013 - 13:17
Yahoo Japan suspects 22m IDs stolen
Post date: 05/18/2013 - 11:38
Facebook to Anonymous: We see you and we will report you
Post date: 05/16/2013 - 17:42
Facebook Monitors Your Chats for Criminal Activity
Post date: 05/16/2013 - 17:22

Infosec

South Africa Police Service Hacked
Post date: 05/22/2013 - 09:23
Constant Cyber attack on U.S. Critical Systems Infrastructure
Post date: 05/22/2013 - 08:36
Eurovision Vote Theft, Russians investigating
Post date: 05/21/2013 - 12:44
The Telegraph is hacked by the Syrian Electronic Army
Post date: 05/21/2013 - 12:30
Anonymous hackers shut down Rome court's website
Post date: 05/21/2013 - 12:09

Cyberwarfare

U.S. Could Use Cyberattack on Syrian Air Defenses
Post date: 05/19/2013 - 20:39
Microsoft Security Intelligence Report 14 released
Post date: 05/13/2013 - 14:11
Israel sets up 'secret' diplomatic mission in Persian Gulf
Post date: 05/13/2013 - 13:45
Watch Dogs Game targets SCADA systems & shows cyberwarfare
Post date: 05/13/2013 - 13:32
DOD confirms China’s cyberwar strategy
Post date: 05/12/2013 - 23:16