Friday, August 20, 2010

Network Solutions Parked Domains Actively Serving Malwares

The beginning of this year saw mass Web hosting compromises across numerous hosting providers; thousands of websites were compromised via vulnerabilities in shared hosting providers and as a result, were serving malware. We thought eventually everything would be cleaned up and everyone's operations would be back to normal--but it seems that didn't happen... yet.

http://blog.armorize.com/2010/08/smci-widget-by-network-solutions-still.html

Sunday, July 18, 2010

Microsoft Security Advisory (2286198)

General Information
Executive Summary

Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.

http://www.microsoft.com/technet/security/advisory/2286198.mspx

Thursday, July 8, 2010

Wednesday, June 30, 2010

Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities

Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities

Title : Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2010-1636
CVE ID : CVE-2010-1240 - CVE-2010-1285 - CVE-2010-1295 - CVE-2010-1297 - CVE-2010-2168 - CVE-2010-2201 - CVE-2010-2202 - CVE-2010-2203 - CVE-2010-2204 - CVE-2010-2205 - CVE-2010-2206 - CVE-2010-2207 - CVE-2010-2208 - CVE-2010-2209 - CVE-2010-2210 - CVE-2010-2211 - CVE-2010-2212
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2010-06-29


Technical Description Receive VUPEN Security alerts in a Text format Receive VUPEN Security alerts in a PDF format Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in Adobe Reader and Acrobat, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by memory corruptions, invalid pointers, uninitialized memory, array-indexing and use-after-free errors when processing malformed data within a PDF document, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document.

Affected Products

Adobe Reader version 9.3.2 and prior
Adobe Reader version 8.2.2 and prior
Adobe Acrobat version 9.3.2 and prior
Adobe Acrobat version 8.2.2 and prior

Solution

Upgrade to Adobe Acrobat and Reader version 9.3.3 or 8.2.3 :
http://www.adobe.com/support/security/bulletins/apsb10-15.html

References

http://www.vupen.com/english/advisories/2010/1636
http://www.adobe.com/support/security/bulletins/apsb10-15.html

Monday, May 24, 2010

Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

http://www.sandboxie.com/

Tuesday, May 11, 2010

Yum not workingon Fedora Constantine

Downloaded the new Fedora 12 and had issues using yum..

Here is the fix

*Edit two of your repository files: /etc/yum.repos.d/fedora.repo and /etc/yum.repos.d/fedora-updates.repo.
*Un-comment all the lines that start with the term baseurl and place a comment before all lines that start with mirrorlist. .

* Edit your /etc/hosts file and append the following to it’s contents:

80.239.156.215 mirrors.fedoraproject.org
213.129.242.84 mirrors.rpmfusion.org

Sunday, May 9, 2010

OSSIM

OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.

Besides getting the most out of well known open source tools, some of which are briefly described below, OSSIM provides a strong correlation engine, detailed low, medium and high level visualization interfaces, and reporting and incident management tools, based on a set of defined assets such as hosts, networks, groups and services.

All of this information can be restricted by network or sensor in order to provide only the required information to specific users; allowing for a fine grained multi–user security environment. Finally, the ability to perform as an IPS (Intrusion Prevention System), using correlated information from virtually any source, will be a useful addition to any security professional’s arsenal.

Components
OSSIM features the following software components:

* Arpwatch – used for MAC anomaly detection.
* P0f – used for passive OS detection and OS change analysis.
* Pads – used for service anomaly detection.
* Nessus – used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
* Snort – the IDS, also used for cross correlation with nessus.
* Tcptrack – used for session data information which can prove useful for attack correlation.
* Ntop – which builds an impressive network information database from which we can identify aberrant behavior/anomaly detection.
* Nagios – fed from the host asset database, it monitors host and service availability information.
* Osiris – a great HIDS.
* OCS-NG – cross-platform inventory solution.
* OSSEC – integrity, rootkit, registry detection, and more.

http://www.alienvault.com/community.php?section=Home

Tuesday, May 4, 2010

Hacked US Treasury websites serve visitors malware

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday.

The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.

http://www.theregister.co.uk/2010/05/03/treasury_websites_attack/

Tuesday, April 27, 2010

JoeDoc for PDFs

Joedoc is a novel automated runtime system for detecting exploits in applications running on end-user systems.


http://www.joedoc.org/

Tuesday, April 6, 2010

Monday, March 22, 2010

Configuring SSHD in Ubuntu

OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling a computer or transferring files between computers. Traditional tools used to accomplish these functions, such as telnet or rcp, are insecure and transmit the user's password in cleartext when used. OpenSSH provides a server daemon and client tools to facilitate secure, encrypted remote control and file transfer operations, effectively replacing the legacy tools.

*sudo apt-get install openssh-server

Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference and to reuse as necessary.

*sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
*sudo chmod a-w /etc/ssh/sshd_config.original

After making changes to the /etc/ssh/sshd_config file, save the file, and restart the sshd server application to effect the changes using the following command at a terminal prompt:

*sudo /etc/init.d/ssh restart

More related info @ https://help.ubuntu.com/7.04/server/C/openssh-server.html

Sunday, March 21, 2010

Malware found on second Vodafone HTC Magic

"When Panda Security found malware on a brand new Android-based Vodafone HTC Magic earlier this month, Vodafone said it was an "isolated local incident." Now, a second phone has been found harboring malware, including a program that turns infected machines into zombies as part of the Mariposa credit card and bank log-in-stealing botnet, according to Spain-based PandaLabs."

PandaLabs connected the S21Sec employee's microSD card to his PC and found that the smartphone was loaded with the malware on March 1, more than a week before he had received the phone from Vodafone.

More info about Vodafone @ http://news.cnet.com/8301-27080_3-20000676-245.html

Monday, March 8, 2010

Mac Tips: Enabling SSH Server

Go to System Preferences, Open Sharing, and choose Remote Login.

If your firewall is on and you are blocking all incoming connection, go ahead and make your FW changes to allow Remote Login (SSH).

Sunday, March 7, 2010

Mac Tips: Print Screen

There are few ways to do screen capture in Mac OS X.
Follow the steps below and you will be able to do a screen capture in Mac OS X.

* Switch to the screen that you want to to do screen capture
* Hold down Apple key ⌘ + Shift + 3 and release all
* You will see a picture file in at your desktop.

You can also do a screen capture for a portion of your screen.

* Switch to the screen that you want to to do screen capture
* Hold down Apple key ⌘ + Shift + 4 and release all key
* Now, You will see the mouse cursor will change to +
* You can start to drag your mouse to select the portion you wish to capture.
* Once finished, you will see a picture file in at your desktop.
If you want to do a screen capture for a particular application window, you can follow this:-

* Switch to the screen that you want to to do screen capture
* Hold down Apple key ⌘ + Shift + 4 and release all key
* Now, You will see the mouse cursor will change to +
* Press the space bar once
* You will see the mouse cursor change to a camera
* Now you can use the camera to select which application window to screen capture
* Once finished, you will see a picture file in at your desktop.

Found this while trying to find easy way to do screen capture on Mac.

Tuesday, March 2, 2010

Miley Cyrus Hacker Still Hacking

"FEBRUARY 25--Undeterred by an FBI probe into his hacking of Miley Cyrus's e-mail account and MySpace page, a Tennessee man continues to engage in other computer intrusions and spamming operations, according to his own admissions. Joshua Holly, 20, has recently described his ongoing hacking and spamming activities in forums on the Digital Gangster web site, where Holly first distributed racy images of Cyrus he found in her Gmail account. In posts this month, Holly bragged about hacking Google's new "Buzz" feature, and he previously offered to sell a "bot" that spams Facebook users. According to the below search warrant affidavit, filed last year in U.S. District Court in Nashville, FBI agents have been probing Holly's Cyrus hacks since July 2008."

More in http://www.thesmokinggun.com/archive/years/2010/0225102holly1.html

Tuesday, February 23, 2010

EasyIDS 0.4 released!

EasyIDS 0.4 released!

0.4 is now available for download. "This release includes many new web features and scripts to make management of your EasyIDS system even easier."

http://www.skynet-solutions.net/easyids/

Thursday, February 11, 2010

California Accidentally Prints SSNs On Envelopes

California's Department of Health Care Services has apologized to nearly 50,000 Medi-Cal recipients whose Social Security numbers were disclosed on the outside of envelopes.

The department said Monday that it was immediately notifying the affected beneficiaries. It said their Social Security numbers were inadvertently included on mailing address labels created by a vendor.

Agency director David Maxwell-Jolly said the department is boosting its efforts to prevent such breaches in the future.

The Social Security numbers were included on letters mailed Feb. 1 to beneficiaries who receive adult day health care services.



From
(© 2010 CBS Broadcasting Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)

Tuesday, February 9, 2010

IPhone: Music control fuctions through headphones

When not on a call, if you click the iPhone’s headphone switch once, music will start playing without having to access the iPod features through the screen. The iPhone doesn’t even need to be unlocked for this to work.

*Tap the switch once again and the music will pause.

*Double-click the switch twice quickly and you will fast forward to the next song.

* Click 3 times and you jump back to the previous song

Friday, February 5, 2010

Subpoenaed a number of Online Retailers

New York State's Attorney General, Andrew Cuomo, has subpoenaed a number of online retailers, including GameStop, Barnes & Noble, Ticketmaster and Staples, over the way they pass information to marketing firms while processing transactions. MSNBC explains the scenario thus: "You're on the site of a well-know retailer and you make a purchase. As soon as you complete the transaction a pop-up window appears. It offers a discount on your next purchase. Click on the ad and you are automatically redirected to another company's site where you are signed up for a buying club, travel club or credit card protection service. The yearly cost is usually $100 to $145. Here's where things really get smarmy. Even though you did not give that second company any account information, they will bill the credit or debit card number you used to make the original purchase. You didn't have to provide your account number because the 'trusted' retailer gave it to them for a cut of the action." While there is no law preventing this sort of behavior, Cuomo hopes the investigation will pressure these companies to change their ways, or at least inform customers when their information might be shared.

http://games.slashdot.org/story/10/02/05/0737210/GameStop-Other-Retailers-Subpoenaed-Over-Credit-Card-Information-Sharing?from=twitter

Thursday, February 4, 2010

iPhone OS in this update Feb 2010

Several security issues are addressed for iPhone OS in this update. All of them are applicable to iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2. The update will bring your device up to OS 3.1.3

Almost all of the issues addressed are serious - many of them are buffer overflow conditions allowing arbitrary code execution for common iPhone activities:

* watching a maliciously crafted MP4 video
* viewing a malicious TIFF graphic
* accessing a (again, maliciously crafted) FTP site.
* There's also a particularly nasty one that uses a memory corruption issue to bypass the iPhone password (via a crafted USB control message), allowing access to user data on the phone.

These are referenced as CVE-2010-0036, CVE-2009-2285, CVE-2010-0038, CVE-2009-3384 and CVE-2009-2841

These updates are available on iTunes - more information on the issues and update procedure can be found at http://support.apple.com/kb/HT4013 , or the main security update site at http://support.apple.com/kb/HT1222

The recommendation is to update your device to OS 3.1.3 as soon as possible.

http://isc.sans.org/

Monday, February 1, 2010

MAC Users: Info for Mac OS X v10.6 Snow Leopard

General requirements

* Mac computer with an Intel processor
* 1GB of memory
* 5GB of available disk space
* DVD drive for installation
* Some features require a compatible Internet service provider; fees may apply.
* Some features require Apple’s MobileMe service; fees and terms apply.

Feature-specific requirements
Time Machine

requires an additional hard drive or Time Capsule (sold separately).
Photo Booth

requires an iSight camera (built in or external), USB video class (UVC) camera, or FireWire DV camcorder. Backdrop effects when using a DV camcorder require fixed focus, exposure, and white balance.
Boot Camp

requires Windows XP with Service Pack 2 or Windows Vista (sold separately).
Screen sharing

in iChat and the Finder requires a 128-Kbps Internet connection (300 Kbps recommended).
DVD Player

requires a 1.6GHz processor or faster for improved deinterlacing.
iChat

* Audio chats require a microphone and a 56-Kbps Internet connection.
* Video chats require an iSight camera (built in or external), USB video class (UVC) camera, or FireWire DV camcorder; and a 128-Kbps upstream and downstream Internet connection.
* Backdrop effects when using a DV camcorder require fixed focus, exposure, and white balance.
* Some iChat features offer better performance and quality with higher system capabilities. More details

Exchange Support

requires Microsoft Exchange Server 2007 Service Pack 1 Update Rollup 4. Auto-setup requires enabling the Autodiscovery feature of Microsoft Exchange Server.
QuickTime X movie capture

requires iSight camera (built-in or external), USB video class (UVC) camera, or FireWire DV camcorder.
QuickTime H.264 hardware acceleration

requires a Mac with an NVIDIA 9400M graphics processor.
Developer tools

require 1GB of memory and an additional 3GB of available disk space.
OpenCL

requires one of the following graphics cards or graphics processors:

* NVIDIA GeForce 9400M, GeForce 9600M GT, GeForce 8600M GT, GeForce GT 120, GeForce GT 130, GeForce GTX 285, GeForce 8800 GT, GeForce 8800 GS, Quadro FX 4800, Quadro FX5600
* ATI Radeon 4850, Radeon 4870

64-bit support

requires a Mac with a 64-bit processor.
Grand Central Dispatch

requires a Mac with a multicore processor.


More app description @ http://support.apple.com/kb/SP575

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c