April 20, 2014

PhpMyAdmin Project Releases Security Update

(LiveHacking.Com) – The phpMyAdmin team has released versions 3.4.3.2 and 3.3.10.3 of the phpMyAdmin open source database administration tool.

The new versions patched a total of four security holes in phpMyAdmin. According to the phpMyAdmin project website, the security releases address two “critical” vulnerabilities that could lead to possible session manipulation in swekey authentication or remote code execution. Further, a critical bug that could allow an intruder to perform a local file inclusion have been fixed in this version.

All users are advised to update to the latest versions. The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

New Version of ElcomSoft iOS Forensic Toolkit Released: Supports iOS Keychain Decryption

(LiveHacking.Com) – ElcomSoft has released a major update of its iOS Forensic Toolkit, an all-in-one toolkit for iOS acquisition on both Windows and Mac.

ElcomSoft iOS Forensic Toolkit provides easy access to perform physical evidence acquisition to encrypted information stored in iOS base devices. This toolkit offers investigators the ability to access protected file system dumps extracted from iPhone and iPad devices even if the data has been encrypted by iOS 4.

According to the Elcomsoft blog, the decryption capability is unique and allows investigators to obtain a fully usable image of the device’s file system with the contElcomSoft iOS Forensic Toolkitents of each and every file decrypted and available for analysis.

New Features at a Glance:

  • The ability to decrypt contents of the device keychain
  • The ability to perform logical acquisition of the device
  • Logging of all operations performed within Toolkit
  • Support for iPhone 3G
  • Support for iOS 3.x on compatible devices
  • Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)

The new version of iOS Forensic Toolkit has the ability to extract and decrypt keychain data from iOS devices running iOS 3.x and 4.x. The keychain is a system-wide storage for users’ data to store sensitive information in protected mode.

Another new feature in this version is the audit trail capability. Unique log file will be created by the toolkit to keep the tracks of the activities and help the investigators for the integrity of their investigation.

More technical information is available at ElcomSoft Blog.

Critical Vulnerability in CA Gateway Security 8.1 and CA Total Defense r12

(LiveHacking.Com) — CA Technology is warning its customers for a critical vulnerability in its Gateway Security 8.1 and CA Total Defense r12. The vulnerability can allow a remote attacker to execute arbitrary code.Critical Vulnerability in CA Gateway Security 8.1 and CA Total Defense r12

According to the CA portal, the vulnerability, CVE-2011-2667, occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.

The “Heap Memory” or “Heap Memory Pool” is an internal memory pool created at start-up that tasks use to dynamically allocate memory as needed. This memory pool is used by tasks that requires a lot of memory from the stack in the stack-based memory allocation system.

CA Technology has released an update to patch the vulnerability. Alternatively, update to Gateway Security 9.0 is available from the CA support site.

Google Removed 11+ Million Websites from Its Search Engine; No More .co.cc

Google has removed more than 11 million .co.cc websites from its search engine index.

Google has modified its malware detection system to identify sub-domain level services which have been used by criminals to register thousands of domains and host malware and fake anti-virus software. As the result of these changes, Google has removed more than 11 million .co.cc websites from it search engine results pages on the basis that most of them are spammy or low-quality.

According to a recent report by Anti-Phishing Working Group, the .cc top-level domain hosted more than 4,900 phishing attacks in the second half of 2010. This number is almost twice the number under any other extensions.

The .co.cc space offered by a Korea company (http://co.cc/) and it is not an official authorized second-level domain like .co.uk. This company as a registry offers single sub-domains for fee, and bulk register with discounted price of $1000 for 15,000 domains. The company claims to have 11,383,736 registered domains and more than 5 millions user accounts.

The .cc is the Internet country code top-level domain (ccTLD) for Cocos (Keeling) Islands, a small Australian territory in the Indian Ocean. The regular .cc websites are unaffected by Google’s changes.

phpMyAdmin 3.3.10.2 and 3.4.3.1 Released – Multiple Vulnerabilities Fixed

The phpMyAdmin development team has released versions 3.3.10.2 and 3.4.3.1 of their database administration tool.

These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.

Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

Nmap 5.59BETA1 Released!

The Nmap development team has released Nmap 5.59BETA1. This new version includes 40 new NSE scripts, improvement in IPv6 scan, 7 new NSE protocol libraries and hundreds of bug fixes.

The new version of Nmap is able to detect services such as Apple iPhoto (DPAP) protocol probe, Zend Java Bridge probe, BackOrifice probe and GKrellM probe. Nmap service and version detection database reached to 7,375 signatures in this new version.

Nmap 5.59BETA1 source code and binary packages for Linux, Mac, and Windows are now available for download at http://nmap.org/download.html .

Nmap (Network Mapper) is a free and open source utility for security auditing. It is licensed under version 2 of the GNU General Public License.

Security Update: WordPress 3.1.4. Released

The WordPress team has released WordPress 3.1.4. This release is a security update for all previous WordPress versions.

This new release fixes a security issue that could allow an intruder in Editor-level user to gain further access to the site. The vulnerability has been discovered by K. Gudinavicius and reported to the WordPress development team.

Also include in WordPress version 3.1.4 other security fixes and hardening measures.

List of Files Revised

  • readme.html
  • wp-settings.php
  • wp-includes/taxonomy.php
  • wp-includes/post.php
  • wp-includes/version.php
  • wp-includes/bookmark.php
  • wp-includes/wp-db.php
  • wp-includes/formatting.php
  • wp-includes/script-loader.php
  • wp-content/themes/twentyten/languages/twentyten.pot
  • wp-admin/includes/post.php
  • wp-admin/includes/deprecated.php
  • wp-admin/includes/update-core.php
  • wp-admin/includes/media.php
  • wp-admin/js/user-profile.dev.js
  • wp-admin/js/user-profile.js
  • wp-admin/custom-header.php
  • wp-admin/options-general.php

All WordPress website administrators are encouraged to upgrade to this latest version. You can update automatically from the Dashboard > Updates menu in your site’s admin area or download 3.1.4 directly.

Wireshark Version 1.6.0 released

The Wireshark development team has released Wireshark version 1.6.0 of its open source, cross-platform network protocol analyzer.

This new version of Wireshark improves support for large files and has some new features such as the ability to export SSL session keys and SMB objects. The users can now import text dumps into Wireshark and TShark, similar to text2pcap. Further, TShark can now display iSCSI, ICMP and ICMPv6 service response times.

Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets. Please visit Wireshark version 1.6.0 release notes for a complete list of changes.

Wireshark is licensed under version 2 of the GNU General Public License. It can be download here.

June 8th, 2011 World IPv6 Day

Today is World IPv6 Day, major web companies such as Google, Facebook, Yahoo!, Akamai, Limelight Networks and Microsoft will enable IPv6 for 24 hours to test IPv6 in the real world.

On World IPv6 Day more than 430 companies are offering their content over IPv6 for a 24 hours. The goal of this world wide test is to motivate organizations across the related industries (Internet service providers, hardware makers, operating system vendors and web companies) to prepare their services and products for IPv6 to ensure a successful transition from IPv4 to IPv6.

IPv6 is the next generation Internet Protocol (IP) address standard to replace, the IPv4 protocol most Internet services use today. This transition helps to ensure the continued growth of the Internet as a communication platform.

The Internet Society is working with its members and other organizations to promote IPv6 transition by sharing information and helping to build the required operational capability among the Internet community and major web companies.

Facebook Account Password Extractor

ElcomSoft has announced the release of the Facebook Password Extractor, a free tool to recover Facebooks’ user credentials that are stored or cached in popular Web browsers.

The user credentials, such as user account and passwords, are routinely stored or cached in Web browsers to speed up access to protected resources. While it is possible to extract cached passwords from each of the popular Web browsers, it has never been an easy task. Mozilla Firefox, Apple Safari, Opera, Google Chrome and older versions of Microsoft Internet Explorer (v. 6 and earlier) use lighter security mechanisms that are easier to break. However, InternetExplorer 7, 8, and 9 employ an enhanced security model that makes extracting a cached password impossible without knowing the exact authorisation URL.

Facebook Password Extractor is the first free tool on the market to help users to recover lost and forgotten Facebook passwords from all popular Web browsers including enhanced-security Internet Explorer 7 to 9. This free for personal use (non-commercial) utility can instantly reveal cached login and password information to Facebook accounts. Supporting all versions of Microsoft Internet Explorer including IE9, Mozilla Firefox including Firefox 4, Apple Safari up to version 5, Opera up to version 11, and Google Chrome up to version 11, Facebook Password Extractor is the first free Facebook recovery tool to display multiple Facebook logins and passwords instantly and automatically.

Facebook Password Extractor supports the enhanced security model used in Internet Explorer 7 onwards, by including a small database containing exact Web addresses of all possible Facebook login pages.

Facebook Password Extractor can be downloaded now.