Archive for December, 2009

Click 'I'm Feeling Lucky' with a blank search.

Google’s New Year’s Eve Tricks

Google likes to have fun with the holidays, and it appears that New Year’s Eve will be no exception. People who have been hitting the “I’m Feeling Lucky” button lately with a blank search have been presented with a timer counting down the seconds to New Year’s Eve. The timer is based on the PC clock.

Example load_file.

Intel Breach Reveals Passport Information

Unu, an active Romanian hacker (see hacker vs. cracker) who largely discloses SQL injection web application vulnerabilities on major sites including recently two Kaspersky international properties and a Wall Street Journal conference site has demonstrated an attack on an Intel web property, http://channeleventsponsors.intel.com/intelwebinar/somepage. This site handles online registrations for channel partner events and that has been demonstrated to have a SQL injection vulnerability that outputs a database table appearing to contain personally identifiable information (PII).

Reactivating DECAF in Two Minutes

Reactivating DECAF in Two Minutes

The misinformation on DECAF being shut down and a hoax is alarming and the quality of reporting on this security topic actually worse than usual. Earlier tonight we noticed this update from @slashdot on Twitter: “DECAF Was Just a Stunt, Now Over”, along with this: “Anti-COFEE tool taken down & d/l’ed copies disabled.”. Ok, fair enough, releasing DECAF was a stunt according to its two creators. But then we saw this train wreck of an article by Nick Eaton, the Microsoft Reporter over at the Seattle PI Blogs. So now we’re going to respond, because the incorrect DECAF as a big hoax story, a tool that supposedly never worked, is propagating through the Intertubes. DECAF was a working tool that can be easily re-enabled, because the shut down appears to only be a call back to decafme.org that is now disabled, but is easily spoofed, and we’ll demonstrate how.

We shall strike if the leader orders: Twitter Struck by Iranian Cyber Army

We shall strike if the leader orders: Twitter Struck by Iranian Cyber Army

At some time around 10pm on Thursday, users going to Twitter.com were served the page below with a banner reading “This site has been hacked by the Iranian Cyber Army”. Also, mowjcamp.org, a site for supporters of Mir-Hossein Mousavi Khameneh a candidate who ran against Mahmoud Ahmadinejad in the 2009 Iranian presidential election, has been serving a similar defacement since at least December 16th and continues to do so. The motive appears to be activism in support of Iran’s current Islamic regime. The attack vector was a bad actor using an id and password assigned to Twitter to log in to the administrative portal of managed DNS service provider Dyn.

Adobe util.printd Zero Day

Adobe util.printd Zero Day

A critical vulnerability was discovered early this week in Adobe Reader and Acrobat versions 9.2 and earlier which could allow attackers to gain control of the affected system, not even a week after Adobe released a critical update for its Flash Player on patch Tuesday last week. The attack uses a weakness in a function called util.printd along with a heap spray implemented with Javascript to attempt to inject shell code.

Forensics: Beverages Aside, A Look at Incident Response Tools

Forensics: Beverages Aside, A Look at Incident Response Tools

In November, Microsoft’s forensics tool called COFEE (Computer Online Forensic Evidence Extractor) was leaked on torrents for download. The news coverage was much hype about nothing, as many free tools already out there exceed COFEE in features and functionality.

Regular or Decaf? Tool launched to combat COFEE

Regular or Decaf? Tool launched to combat COFEE

About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly […]

MySQL.users table, Malaysia site.

Unu Gets Kaspersky (again)

Unu, a Romanian hacker (he who may enjoy the challenge of breaking into other computers but does no harm) who we’ve talked about on the site before has been busy with his fifth demonstrated SQL Injection vulnerability on the web site of a well known company in the last 30 days. This time he has again targeted Kaspersky Labs, the anti-virus vendor that he previously demonstrated web site vulnerabilities for back on February 7th of this year.

Fugitive Found Working at Homeland Security

Fugitive Found Working at Homeland Security

Tahaya Buchanan, a 39 year old continued working for the Atlanta office of U.S. Citizenship and Immigration services (USCIS), part of the U.S. Department of Homeland Security, while a fugitive wanted in Essex County, New Jersey for insurance fraud. It was not until yesterday that the CIS office in Atlanta became aware of the criminal charges, despite her having been arrested on July 9th and spending the subsequent week in a Georgia prison, a warrant in the National Crime Information Center system (nationwide law enforcement notification) issued on January 8th, 2008, and her pleading guilty to one charge of insurance fraud on Monday.

Six Bulletins in Last Patch Tuesday of 2009

Six Bulletins in Last Patch Tuesday of 2009

Today marks the last Microsoft patch Tuesday of 2009, and Microsoft has released patches to six bulletins: MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) MS09-072 – Cumulative Security Update for Internet Explorer (976325) MS09-069 – Vulnerability […]

Page 1 of 212