Two local vulnerabilities have been discovered in samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-3297
Ronald Volgers discovered that a race condition in mount.cifs
allows local users to mount remote filesystems over arbitrary
mount points.
CVE-2010-0547
Jeff Layton discovered that missing input sanitising in mount.cifs
allows denial of service by corrupting /etc/mtab.
For the stable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny9.
For the unstable distribution (sid), these problems have been fixed in
version 2:3.4.5~dfsg-2.
Monday, March 1, 2010
debian samba vulns
Monday, February 22, 2010
Chinese Hacker in Google hax identified.
http://gizmodo.com/5477367/chinese-hacker-responsible-for-google-attack-code-identified
im starting a new blog similar to this one as far as it is mostly just reference and links to external articles. This one will be just about anything non IT/security related and id be glad to allow some peeps to be authors.
It is based on a counter-culture magazine me and some friends have tinkered around with and the addy is
http://liftmag.blogspot.com
im starting a new blog similar to this one as far as it is mostly just reference and links to external articles. This one will be just about anything non IT/security related and id be glad to allow some peeps to be authors.
It is based on a counter-culture magazine me and some friends have tinkered around with and the addy is
http://liftmag.blogspot.com
Wednesday, January 20, 2010
The Singularity is Near & APT briefing
I really should do a full-fledged post about Advanced Persistent Threats(and the hype around the term), because that is all it is. This term has been around for a couple of years, but the concept itself has obviously been around much longer. It just so happens it is getting a lot of media attention recently. regardless, here is 3 articles on the subject.
Excellent article on Advanced Persistent Threats vs. Web-Based Systems by Jeremiah Grossman.
What is an APT and what does it want?
Anatomy of an APT. (from August 2009)
Ray Kurzweil is a prized author and one of the best futurist of our time. This book goes into the future of Artificial Intelligence and the social impact of technology. I am not finished with it yet, but i can hardly put it down(close Reader). There is now a movie and you can check out information and buy the book at http://singularity.com/
More by Kurzweil:
The Impact of Accelerating Information Technology on War and Peace
Kurzweil AI
Book TV 3hr in-depth video on Ray
Here is a couple of images i found interesting while writing this post.
and this one is from Daily Signs of the Apocolypse blog.
click image to enlarge.
Excellent article on Advanced Persistent Threats vs. Web-Based Systems by Jeremiah Grossman.
What is an APT and what does it want?
Anatomy of an APT. (from August 2009)
Ray Kurzweil is a prized author and one of the best futurist of our time. This book goes into the future of Artificial Intelligence and the social impact of technology. I am not finished with it yet, but i can hardly put it down(close Reader). There is now a movie and you can check out information and buy the book at http://singularity.com/
More by Kurzweil:
The Impact of Accelerating Information Technology on War and Peace
Kurzweil AI
Book TV 3hr in-depth video on Ray
Here is a couple of images i found interesting while writing this post.
and this one is from Daily Signs of the Apocolypse blog.
click image to enlarge.
Tuesday, January 19, 2010
IE Aurora src c0de + China Google Attacks & damn rucas!
first things first, here is the exploit c0de PoC.
-->http://www.pastebin.ca/1758112<-- Aurora Exploit python source!
thanks http://vul.kr
here is the McAfee page about "Operation Aurora", the IE Vulnerability that was used to attack some of google's servers + other companies
http://www.mcafee.com/us/threat_center/operation_aurora.html
___
Microsofts advisory.
http://www.microsoft.com/technet/security/advisory/979352.mspx
___
oh lawd its CyBeRwAr!!!
http://www.computerweekly.com/Articles/2010/01/13/239935/google-declares-cyber-war-on-china-after-security-attack.htm
___
code or PoC released to pub. trying to find it now.. will update soon.
http://www.computerweekly.com/Articles/2010/01/18/239991/google-china-hack-code-published.htm
___
Android, yahoo takes hits over "slugfest"
http://www.technewsworld.com/story/Android-Yahoo-Take-Hits-in-Google-China-Slugfest-69141.html
___
Ditch IE? Germany thinks so.
http://blogs.computerworld.com/15416/ditch_ie_over_google_china_hack_bug?source=rss_blogs
or uhm upgrade?
http://news.softpedia.com/news/Upgrade-to-IE8-to-Fend-Off-Attacks-Targeting-IE-0-Day-132527.shtml
___
Google postpones cell phone releases in China over these disputes.
http://news.yahoo.com/s/ap/20100119/ap_on_hi_te/as_china_google
+++
Sprint giving GPS locations to law enforcement. more to come on these issues.
+++
and damn Rucas, pissing off freenode opers and shit. lawl.
http://pastebin.ca/1756688
http://blog.freenode.net/2010/01/javascript-spam/
# Author : Ahmed Obied (ahmed.obied@gmail.com)
#
# This program acts as a web server that generates an exploit to
# target a vulnerability (CVE-2010-0249) in Internet Explorer.
# The exploit was tested using Internet Explorer 6 on Windows XP SP2.
# The exploit’s payload spawns the calculator.
#
# Usage : python ie_aurora.py [port number]
-->http://www.pastebin.ca/1758112<-- Aurora Exploit python source!
thanks http://vul.kr
here is the McAfee page about "Operation Aurora", the IE Vulnerability that was used to attack some of google's servers + other companies
http://www.mcafee.com/us/threat_center/operation_aurora.html
___
Microsofts advisory.
http://www.microsoft.com/technet/security/advisory/979352.mspx
___
oh lawd its CyBeRwAr!!!
http://www.computerweekly.com/Articles/2010/01/13/239935/google-declares-cyber-war-on-china-after-security-attack.htm
___
code or PoC released to pub. trying to find it now.. will update soon.
http://www.computerweekly.com/Articles/2010/01/18/239991/google-china-hack-code-published.htm
___
Android, yahoo takes hits over "slugfest"
http://www.technewsworld.com/story/Android-Yahoo-Take-Hits-in-Google-China-Slugfest-69141.html
___
Ditch IE? Germany thinks so.
http://blogs.computerworld.com/15416/ditch_ie_over_google_china_hack_bug?source=rss_blogs
or uhm upgrade?
http://news.softpedia.com/news/Upgrade-to-IE8-to-Fend-Off-Attacks-Targeting-IE-0-Day-132527.shtml
___
Google postpones cell phone releases in China over these disputes.
http://news.yahoo.com/s/ap/20100119/ap_on_hi_te/as_china_google
+++
Sprint giving GPS locations to law enforcement. more to come on these issues.
+++
and damn Rucas, pissing off freenode opers and shit. lawl.
http://pastebin.ca/1756688
http://blog.freenode.net/2010/01/javascript-spam/
Monday, January 18, 2010
weekend life!
More analysis' on DDoS/Bot Nets. just bumping the old post.
if it had a couple of faces that portrayed the hilarity of last nite, this would be dead on ;)
if it had a couple of faces that portrayed the hilarity of last nite, this would be dead on ;)
Saturday, January 16, 2010
Commit Internet Suicide Now! + Nexus One price drops & Higher prices outside USA
It is time to turn over a new leaf folks. Put social networking behind you. Go meet a real person. Have a beer and get some strange. Commit internet suicide!
http://suicidemachine.org/
Only 20,000 Nexus One handsets sold in the first week forcing a substantial price drop including a rebate for people who already purchased one. People are calling the nexus One and Android phones in general the "iPhone killer". As a droid enthusiast and developer I love this new slogan, but the insanely high price of the Nexus One was almost a "droid killer". I am just glad they noticed their folly quickly and started dropping prices. It looks like the drop is around 100$ for most carriers.
On a similar topic check out these stats on the price difference of the N1 in other countries!
http://www.androidcentral.com/outside-us-nexus-one-really-gonna-cost-you
http://suicidemachine.org/
Only 20,000 Nexus One handsets sold in the first week forcing a substantial price drop including a rebate for people who already purchased one. People are calling the nexus One and Android phones in general the "iPhone killer". As a droid enthusiast and developer I love this new slogan, but the insanely high price of the Nexus One was almost a "droid killer". I am just glad they noticed their folly quickly and started dropping prices. It looks like the drop is around 100$ for most carriers.
On a similar topic check out these stats on the price difference of the N1 in other countries!
http://www.androidcentral.com/outside-us-nexus-one-really-gonna-cost-you
Wednesday, January 13, 2010
CVE-2009-4324 PDF shit , dpc-shodanscan.py by 5ynl0rd + Trojan Pr0n SMS'ers and Haiti earthquake related domains being parked.
The widespread exploitation of the CVE-2009-4324 is no news at this point. Malicious PDF's taking advantage of the Acrobat Reader are still running rampit. This post will pose as a resource for research and study of this and other Acrobat Reader vulnerabilities. I will continue to add on to this instead of creating any new posts.
Official Adobe Bulletin
http://isc.sans.org/diary.html?storyid=7867 <-- excellent analysis http://isc.sans.org/diary.html?storyid=7903 <-- more++
http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
PDF toolz including pdf-parser. This guy's site has a lot of great information about PDF in general. A must visit on this subject!
***http://blog.didierstevens.com/programs/pdf-tools/***
Mitigation and prevention of CVE-2009-4324 Adobe Acrobat reader Vuln
ttp://feliam.wordpress.com/2010/01/13/generic-pdf-exploit-hider-embedpdf-py-and-goodbye-av-detection-012010/ <-- good shit
Old news about the payload
Brad Arkin on Adobe Reader 0day and the Response from Adobe's security team.
MetaSploit database.
http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
and... Google hax0rz target src code of more than 30 companies
Adobes Post about the subject
Reader Update ship schedule.
Old post about exploiting PDFs without being opened.
And without further adu, here is some Python code that uses shodan tosearch for specific network services. Great idea and work 5ynl0rd.
!!! dpc-shodanscan.py !!!
in other news, many domains are already being parked in relation to the Haiti earthquake. but why? Most likely malware related.
Trojan Pr0n dialers make a "cumback" h0h0h0. built on Java 2 micro edition language, these malicious apps will send premium SMS messages to high-rate adult numbers without the users knowledge. Old concept, new warez.
Official Adobe Bulletin
http://isc.sans.org/diary.html?storyid=7867 <-- excellent analysis http://isc.sans.org/diary.html?storyid=7903 <-- more++
http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
PDF toolz including pdf-parser. This guy's site has a lot of great information about PDF in general. A must visit on this subject!
***http://blog.didierstevens.com/programs/pdf-tools/***
Mitigation and prevention of CVE-2009-4324 Adobe Acrobat reader Vuln
ttp://feliam.wordpress.com/2010/01/13/generic-pdf-exploit-hider-embedpdf-py-and-goodbye-av-detection-012010/ <-- good shit
Old news about the payload
Brad Arkin on Adobe Reader 0day and the Response from Adobe's security team.
MetaSploit database.
http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
and... Google hax0rz target src code of more than 30 companies
Adobes Post about the subject
Reader Update ship schedule.
Old post about exploiting PDFs without being opened.
And without further adu, here is some Python code that uses shodan tosearch for specific network services. Great idea and work 5ynl0rd.
!!! dpc-shodanscan.py !!!
in other news, many domains are already being parked in relation to the Haiti earthquake. but why? Most likely malware related.
Trojan Pr0n dialers make a "cumback" h0h0h0. built on Java 2 micro edition language, these malicious apps will send premium SMS messages to high-rate adult numbers without the users knowledge. Old concept, new warez.
Monday, January 11, 2010
Malicious app in Googles android market
How the software that supposedly steals bank infoz made it onto the market blows my mind. I guess I had an idea in my head that a human from google actually went though every bit of code that was submitted and either denied or accepted depending on an array of rules/regulations. Unless this was a one-time human mistake I would say their system is vulnerable. Hollar at us if you read this Mr. Droid09.
http://mobile.slashdot.org/story/10/01/10/2036222/Malicious-App-In-Android-Market
http://mobile.slashdot.org/story/10/01/10/2036222/Malicious-App-In-Android-Market
Sunday, January 10, 2010
768 bit crypto cracked.
We are a bit late on this, but 768 Bit crypto was factored in early December. So you can say 1024 is still "secure" for now, but it *is* only a matter of time.
http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars
Take notes "Joey".
and yes this in fact *was* a lame 'Hackers' movie reference.
Take notes "Joey"
http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars
Take notes "Joey".and yes this in fact *was* a lame 'Hackers' movie reference.
Take notes "Joey"
Saturday, January 9, 2010
FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats
http://www.wired.com/politics/law/news/2007/07/fbi_spyware
i just found it interesting the FBI has taken to hacker tactics and infecting people....
i just found it interesting the FBI has taken to hacker tactics and infecting people....
Friday, January 8, 2010
Build-from-Skratch botnet software being sold. top 10 bots being used.
Botnets these days are extremely sophisticated and the groups/inidividuals responsible are pretty fucking intelligent. We bring you this information as research to feed our own curiosity.
List of Top 10 botnets and their impacts:
http://www.net-security.org/secworld.php?id=8599
HoneyNet's papers on bots!
http://www.cert.org/reports/dsit_workshop.pdf
Pushdo/Cutwail botnet Case study:
http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary/study_of_pushdo.pdf
Zeus:
http://www.securityfocus.com/brief/1055
http://www.readwriteweb.com/archives/zeus-botnet-amazon-cloud-ec2.php
Rustock rootkit and spam bot (case study):
http://www.usenix.org/event/hotbots07/tech/full_papers/chiang/chiang_html/
Torpig:
http://arstechnica.com/security/news/2009/05/researchers-hijack-botnet-score-56000-passwords-in-an-hour.ars
research on torpig:
http://www.cs.ucsb.edu/%7Eseclab/projects/torpig/torpig.pdf
___early ddos tools___
Trinoo::
http://staff.washington.edu/dittrich/misc/trinoo.analysis
Stacheldraht:
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
http://old.honeynet.org/papers/enemy/ddos.txt
http://www.sans.org/security-resources/malwarefaq/stacheldraht.php
TFN:
more to come, still trying to find where to "buy" this stuff
thx rex.
List of Top 10 botnets and their impacts:
http://www.net-security.org/secworld.php?id=8599
HoneyNet's papers on bots!
http://www.cert.org/reports/dsit_workshop.pdf
Pushdo/Cutwail botnet Case study:
http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary/study_of_pushdo.pdf
Zeus:
http://www.securityfocus.com/brief/1055
http://www.readwriteweb.com/archives/zeus-botnet-amazon-cloud-ec2.php
Rustock rootkit and spam bot (case study):
http://www.usenix.org/event/hotbots07/tech/full_papers/chiang/chiang_html/
Torpig:
http://arstechnica.com/security/news/2009/05/researchers-hijack-botnet-score-56000-passwords-in-an-hour.ars
research on torpig:
http://www.cs.ucsb.edu/%7Eseclab/projects/torpig/torpig.pdf
___early ddos tools___
Trinoo::
http://staff.washington.edu/dittrich/misc/trinoo.analysis
Stacheldraht:
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
http://old.honeynet.org/papers/enemy/ddos.txt
http://www.sans.org/security-resources/malwarefaq/stacheldraht.php
TFN:
http://staff.washington.edu/dittrich/misc/tfn.analysisShadow Server's stats on hack-Off and other ddos groups/nets
more to come, still trying to find where to "buy" this stuff
thx rex.
Sun web server, and MYSQL 0day exploit demos
first of all, roll tide... although we played a terrible game, Alabama is now national champions. FJEAR!
here are some exploit demos in flash format. The first
for Sun Web Server.
SJWS exploit - http://intevydis.com/sjws_demo.html
MySQL exploit - http://intevydis.com/mysql_demo.html
Brought to you by http://www.intevydis.com/blog/ writers
of the fine DBJIT toolkit.
"DBJIT Professional is a toolset of more than 50 tools
and exploits which are designed to test the security
of Databases and related software products. The toolset
is written in purePython and designed to be used with
Immunity CANVAS.
Wednesday, January 6, 2010
TLS / SSLv3 renegotiation & Adobe Acrobat vulns/exploits
Fundamentals are a crutch for the talentless.
"Thierry Zoller has written a nice summary of the TLS & SSLv3 renegotiation vulnerability. He covers examples, impacts, solutions, and a conclusion. It can be found here: http://www.g-sec.lu/practicaltls.pdf. The ISC previously discussed the vulnerability here: http://isc.sans.org/diary.html?storyid=7534 and the OpenSSL update here: http://isc.sans.org/diary.html?storyid=7543." -from http://isc.sans.org/diary.html?storyid=7582
___
there is a lot of ownage going on with the recent acrobat reader vulns. like someone said in the channel.. they setup for fail when they turned an <3mb href="http://www.isohunt.com/">http://www.isohunt.com
"WARNING: DO NOT OPEN ANY UNTRUSTED PDF FILES DOWNLOADED TO YOUR COMPUTER. (especially those that start downloading without your interaction) There currently is a 0-day (unpatched) flaw being exploited "in the wild" (this means on isohunt.com). We will try our hardest to filter out advertisers that are showing these bad advertisements, but we're not perfect. So, again, DO NOT OPEN, VIEW OR DOWNLOAD ANY PDF FILES that 'automatically' pop up.
Thanks
In the meantime, firewaling 193.104.22.0/24 and at least 89.149.236.46 as well will "help" mitigate the effects of these bad ads. 193.104.22.0/24 has been involved in more than just today's problems. We are in contact with our advertisers about these bad ads.
If you'd like to read more about the PDF exploit (and why you should disable pdf plugins immediately):
http://isc.sans.org/diary.html?storyid=7747
http://extraexploit.blogspot.com/search/label/CVE-2009-4324"
http://www.us-cert.gov/current/
the anti-sec exposed zine that is getting so much hype has had its pastebins removed/expired, i updated below. you can find their shit at http://www.anti-sec.com
"Thierry Zoller has written a nice summary of the TLS & SSLv3 renegotiation vulnerability. He covers examples, impacts, solutions, and a conclusion. It can be found here: http://www.g-sec.lu/practicaltls.pdf. The ISC previously discussed the vulnerability here: http://isc.sans.org/diary.html?storyid=7534 and the OpenSSL update here: http://isc.sans.org/diary.html?storyid=7543." -from http://isc.sans.org/diary.html?storyid=7582
___
there is a lot of ownage going on with the recent acrobat reader vulns. like someone said in the channel.. they setup for fail when they turned an <3mb href="http://www.isohunt.com/">http://www.isohunt.com
"WARNING: DO NOT OPEN ANY UNTRUSTED PDF FILES DOWNLOADED TO YOUR COMPUTER. (especially those that start downloading without your interaction) There currently is a 0-day (unpatched) flaw being exploited "in the wild" (this means on isohunt.com). We will try our hardest to filter out advertisers that are showing these bad advertisements, but we're not perfect. So, again, DO NOT OPEN, VIEW OR DOWNLOAD ANY PDF FILES that 'automatically' pop up.
Thanks
In the meantime, firewaling 193.104.22.0/24 and at least 89.149.236.46 as well will "help" mitigate the effects of these bad ads. 193.104.22.0/24 has been involved in more than just today's problems. We are in contact with our advertisers about these bad ads.
If you'd like to read more about the PDF exploit (and why you should disable pdf plugins immediately):
http://isc.sans.org/diary.html?storyid=7747
http://extraexploit.blogspot.com/search/label/CVE-2009-4324"
http://www.us-cert.gov/current/
the anti-sec exposed zine that is getting so much hype has had its pastebins removed/expired, i updated below. you can find their shit at http://www.anti-sec.com
Sunday, January 3, 2010
roll tide. fuck you and your longhorns mH ;)
LULZ-DISCLOSURE.(edited: a lot of the pastebins expired, but you can find mirrors below)
http://www.anti-sec.com/
http://pastebin.mozilla.org/694145
Saturday, January 2, 2010
android development
okay, heres the deal. i am going to try and post when i can, but my vuln-dev work is on pause for developing games/apps for google android. i will keep this up an maybe put a few other RSS feeds.
#priv-droid for chat.
pz
-builder AKA shekk
#priv-droid for chat.
pz
-builder AKA shekk
Subscribe to:
Posts (Atom)