Ethical Hacking | Penetration Testing
.png)
HP’s P2000 G3 MSA Storage Area Network (SAN) product contains an hidden and undocumented account with more privileges than the normal customisable account (manage:!manage). Apparently included for support purposes, the account (admin:!admin) is not visible in the user manager and can’t be deleted or modified. It allows unauthorised users to access these systems and the data stored there.
Read the full story here.
Source:[TheHSecurity]
Professional security researcher, hacker and MalCon speaker Atul Alex has analyzed the firmware for the Symbian S60 smartphone (which also runs on the Nokia 5800, Nokia X6, Nokia 5530XM, Sony Ericsson Satio and Sony Ericsson Vivaz) and created a modified firmware with a back door which allows a 3rd party to record telephone calls and download emails, telephone lists and text messages from the phone’s memory.
To use the back door, the new firmware must be downloaded on to the target phone in a manoeuvre reminiscent of the best Hollywood spy films. The compromised firmware, which is created by modifying version 5 of the original software, allows all of the smartphone’s functions to be remotely controlled, including the camera.
Once installed, the hack contacts the attacker via a wireless connection and transmits the device’s current IP address. The attacker can then connect to the phone remotely and any stolen data can be transmitted via 3G or WLAN to the attacker’s file server.
The H are reporting that the back door uses a technique to hide the extra process from the system’s TaskManager. The only way to remove the back door is to overwrite the firmware with Symbian’s original software.
Guillaume Delugré , the security researcher at French security firm Sogeti ESEC has demonstrated how it might be possible to place backdoor rootkit software on a network card.
This proof-of-concept code has been developed after studying the firmware from Broadcom Ethernet NetExtreme PCI Ethernet cards.
He used publicly available documentation and free open-source tools to built a set of tools to instrument the network card firmware. Those tools provided him a way to debug in real-time the MIPS CPU of the network card, as well as doing some advanced instrumentation on the firmware code such as execution flow tracing and memory-accesses logging.
Further, he developed a custom firmware code and flash the device and get execution on the CPU of the network card by reverse engineering of its EEPROM.
The developed rootkit will be residing inside the network card and offers some interesting features:
“The network card natively needs to perform DMA accesses, so that network frames can be exchanged between the driver and the device.From the firmware point of view, everything is operated using special dedicated device registers, some of them being non-documented. An attacker would then be able to communicate remotely with the rootkit in the network card and get access to the underlying operating system thanks to DMA,” Delugré explains.
This research has been presented in Hack.lu conference last month. The presentation slides are avaliable to donwload here.
A security researcher has unearthed a “bizarre” flaw in Apple’s QuickTime Player that can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system.
Read the full article here.
Source:[TheRegister]
.png)