February 5, 2012

You are here: Home / Archives for Live Hacking

Facebook Scams with Chrome and FireFox Plugins

December 23, 2011 By

Picture Source: Websense security labs

(LiveHacking.Com) – Security researchers at Websense® have discovered new Facebook scams.

According to the report published by Websense®, the attacker is utilizing social engineering tricks such as engaging video or offers of a free voucher to attract the victims to its scam pages. Then, the victims will be asked to install a browser plugin. When the plugin is installed, it utilizes a malicious script and the Facebook API to post the scam to the victim’s friends’ pages.

According to the Websense® researchers, at the moment, only Chrome and Firefox plugins are being used.

More information is available at Websense® Security Blog.

Filed Under: Attacks, Facebook Tagged With: , , ,

phpMyAdmin Released Versing 3.4.9 to Fix XSS Vulnerabilities

December 22, 2011 By

(LiveHacking.Com) – phpMyAdmin’s development team has released version 3.4.9 of this open source database administration tool. This new version fixes two critical cross-site scripting (XSS) vulnerabilities in setup interface and the export panels in the server, database and table sections.

All previous versions of phpMyAdmin (3.4.x) and including version 3.4.8 are affected. It is highly recommended to upgrade to version 3.4.9 to correct these security issues.

The new fixes are:

  • bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
  • bug #3442004 [interface] DB suggestion not correct for user with underscore
  • bug #3438420 [core] Magic quotes removed in PHP 5.4
  • bug #3398788 [session] No feedback when result is empty (signon auth_type)
  • bug #3384035 [display] Problems regarding ShowTooltipAliasTB
  • bug #3306875 [edit] Can’t rename a database that contains views
  • bug #3452506 [edit] Unable to move tables with triggers
  • bug #3449659 [navi] Fast filter broken with table tree
  • bug #3448485 [GUI] Firefox favicon frameset regression
  • [core] Better compatibility with mysql extension
  • [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
  • [security] Self-XSS in setup (host parameter), see PMASA-2011-19

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

Filed Under: Open Source, Security, Vulnerability Tagged With: , ,

New Version of Secpoint Google Hacking Database and Tool Released

December 22, 2011 By

(LiveHacking.Com) – Danish IT security company Secpoint has released the new version of its Google Hacking database and tool.New Version of Secpoint Google Hacking Database and Tool Released

The new version of Secpoint Google Hacking database and tool have more than 7800 updates in its Google Hacking database in addition to friendly output and support for multiple sites in its tool.

This open source tool could help the security professionals and penetration testers to submit automated queries to Google and save the output in a file for further investigation.

The following Google hacking databases are included in the Secpoint Google Hacking tool:

  1. devices_and_cameras.txt
  2. errors.txt
  3. files.txt
  4. interesting_directories.txt
  5. interesting_info.txt
  6. login_pages.txt
  7. misc.txt
  8. network_or_vulnerability data.txt
  9. passwords_and_usernames.txt
  10. sql_injection_list.txt
  11. vulnerabilities.txt
  12. vulnerable_systems.txt
  13. webserver_banners.txt

The Secpoint Google Hacking database and tool is available to download here.

Disclaimer: It is against Google’s Terms of Service to send automated queries to Google’s System.

Filed Under: Google, Tools Tagged With: , , ,

Critical Vulnerability is TYPO3-Core; Remote Code Execution

December 19, 2011 By

(LiveHacking.Com) – The TYPO3 development team has issued a warning about a critical vulnerability in the TYPO3 content management system.

According to TYPO3 security bulletins, a crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. The security issue is due to insufficient validation of the AbstractController.php file’s BACK_PATH parameter that leads to remote code execution.

With reference to the TYPO3 security advisory, a vulnerable system will meet all the the following conditions:

  1. TYPO3 version 4.5.0 up to 4.5.8, 4.6.0 or 4.6.1 (+ development releases of 4.7 branch).
  2. The following PHP configuration variables set to “on”: register_globals (“off” by default, advised to be “off” in TYPO3SecurityGuide), allow_url_include (“off” by default) and allow_url_fopen (“on” by default)

The following solutions have been advised by the TYPO3 security advisory:

  1. Update to the TYPO3 version 4.5.9 or 4.6.2 that fixes the problem described.
  2. Set at least one of following PHP configuration variables to “off”: register_globals, allow_url_include and allow_url_fopen.
  3. Apply the securitypatch.
  4. Set up a mod_security rule: SecRule ARGS:BACK_PATH “^(https?|ftp)” “deny”.

Please view the TYPO3 security advisory for more information.

Filed Under: Attack, Attacks, TYPO3, Vulnerability Tagged With: , , ,

ClamAV Version 0.97.2 Released

July 27, 2011 By

ClamAV Logo(LiveHacking.Com) – The ClamAV development team has released version 0.97.2 of its open source anti-virus. This update includes fixes for problems with the bytecode engine, Safebrowsing detection, hash matcher, and other minor issues.

ClamAV is an open source cross-platform anti-virus engine designed for detecting Trojans, viruses, malware and other malicious threats. ClamAV 0.97.2 is available to download for Linux and Unix distributions from the project’s web site.

The ClamAV team have also announced a new service called “Third Party web interface”. It will allow selected individuals/organizations to publish ClamAV Virus Databases (CVD) through the ClamAV mirror network.

ClamAV source code is released under the GNU General Public License (GPL).

Filed Under: Antivirus, ClamWin, News Tagged With: ,

PhpMyAdmin Project Releases Security Update

July 26, 2011 By

(LiveHacking.Com) – The phpMyAdmin team has released versions 3.4.3.2 and 3.3.10.3 of the phpMyAdmin open source database administration tool.

The new versions patched a total of four security holes in phpMyAdmin. According to the phpMyAdmin project website, the security releases address two “critical” vulnerabilities that could lead to possible session manipulation in swekey authentication or remote code execution. Further, a critical bug that could allow an intruder to perform a local file inclusion have been fixed in this version.

All users are advised to update to the latest versions. The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

Filed Under: News, Open Source Tagged With: , , ,

New Version of ElcomSoft iOS Forensic Toolkit Released: Supports iOS Keychain Decryption

July 26, 2011 By

(LiveHacking.Com) – ElcomSoft has released a major update of its iOS Forensic Toolkit, an all-in-one toolkit for iOS acquisition on both Windows and Mac.

ElcomSoft iOS Forensic Toolkit provides easy access to perform physical evidence acquisition to encrypted information stored in iOS base devices. This toolkit offers investigators the ability to access protected file system dumps extracted from iPhone and iPad devices even if the data has been encrypted by iOS 4.

According to the Elcomsoft blog, the decryption capability is unique and allows investigators to obtain a fully usable image of the device’s file system with the contElcomSoft iOS Forensic Toolkitents of each and every file decrypted and available for analysis.

New Features at a Glance:

  • The ability to decrypt contents of the device keychain
  • The ability to perform logical acquisition of the device
  • Logging of all operations performed within Toolkit
  • Support for iPhone 3G
  • Support for iOS 3.x on compatible devices
  • Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)

The new version of iOS Forensic Toolkit has the ability to extract and decrypt keychain data from iOS devices running iOS 3.x and 4.x. The keychain is a system-wide storage for users’ data to store sensitive information in protected mode.

Another new feature in this version is the audit trail capability. Unique log file will be created by the toolkit to keep the tracks of the activities and help the investigators for the integrity of their investigation.

More technical information is available at ElcomSoft Blog.

Filed Under: Apple, Cryptography, Cyber Forensic, Tools Tagged With: , , , , ,

Critical Vulnerability in CA Gateway Security 8.1 and CA Total Defense r12

July 22, 2011 By

(LiveHacking.Com) — CA Technology is warning its customers for a critical vulnerability in its Gateway Security 8.1 and CA Total Defense r12. The vulnerability can allow a remote attacker to execute arbitrary code.Critical Vulnerability in CA Gateway Security 8.1 and CA Total Defense r12

According to the CA portal, the vulnerability, CVE-2011-2667, occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.

The “Heap Memory” or “Heap Memory Pool” is an internal memory pool created at start-up that tasks use to dynamically allocate memory as needed. This memory pool is used by tasks that requires a lot of memory from the stack in the stack-based memory allocation system.

CA Technology has released an update to patch the vulnerability. Alternatively, update to Gateway Security 9.0 is available from the CA support site.

Filed Under: Attack, Attacks, ca, Vulnerability Tagged With: , , , ,

Google Removed 11+ Million Websites from Its Search Engine; No More .co.cc

July 7, 2011 By

Google has removed more than 11 million .co.cc websites from its search engine index.

Google has modified its malware detection system to identify sub-domain level services which have been used by criminals to register thousands of domains and host malware and fake anti-virus software. As the result of these changes, Google has removed more than 11 million .co.cc websites from it search engine results pages on the basis that most of them are spammy or low-quality.

According to a recent report by Anti-Phishing Working Group, the .cc top-level domain hosted more than 4,900 phishing attacks in the second half of 2010. This number is almost twice the number under any other extensions.

The .co.cc space offered by a Korea company (http://co.cc/) and it is not an official authorized second-level domain like .co.uk. This company as a registry offers single sub-domains for fee, and bulk register with discounted price of $1000 for 15,000 domains. The company claims to have 11,383,736 registered domains and more than 5 millions user accounts.

The .cc is the Internet country code top-level domain (ccTLD) for Cocos (Keeling) Islands, a small Australian territory in the Indian Ocean. The regular .cc websites are unaffected by Google’s changes.

Filed Under: Google Tagged With: , , , ,

phpMyAdmin 3.3.10.2 and 3.4.3.1 Released – Multiple Vulnerabilities Fixed

July 6, 2011 By

The phpMyAdmin development team has released versions 3.3.10.2 and 3.4.3.1 of their database administration tool.

These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.

Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

Filed Under: News, Open Source Tagged With: , , , ,
« Older Posts