« Archives in August, 2010

Critical bug in 40 different Windows apps

Metasploit’s HD Moore was in the midst of researching the recently patched LNK (Windows shortcut) vulnerability when he stumbled upon a serious problem that exposes more than 40 different Windows software programs to remote code execution attacks.

Read more…

BinPack: Las Vegas Edition Release

BinPack is a portable security environment for Windows.
With 100+ security tools in the repository, you can easily convert any system into a hacking platform in minutes.

For those weren’t able to score a BinPack disc, don’t worry the guys over at West Coast Hackers have setup a torrent of the iso. The disc contains a portable security environment customized for all the various Black Hat, DEFCON, and Security B-Sides attendees as well as the BinPack tool. However, by the time I was able to write this blog, they have also released version 2.0.1.

Visit the BinPack project page here.
Download version 2.0.1 here.


Next generation web scanner. Identify what websites are running.

Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these cues and reports what it finds.

WhatWeb has over 250 plugins and needs community support to develop more. Plugins can identify systems with obvious identifying hints removed by also looking for subtle clues. For example, a WordPress site might remove the tag but the WordPress plugin also looks for “wp-content” which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID’s and more.

There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.

WhatWeb Websitebrought to you by MorningStar IT Security

The code can be downloaded here.

Researcher Arrested in India After Disclosing Problems With Voting Machines

Researchers beware!

A security researcher in India has been arrested after he refused to provide authorities with the name of a person who supplied him with an electronic voting machine that was used to discover vulnerabilities in the system. The researcher had used the machine to demonstrate how someone could hack voting systems to easily subvert an election.

The moral of this story is don’t do your research with stolen property!

Read more…

Social Engineers Successfully Gather Info

The Defcon18 contest worked well — too well — its organizers say

The one glimmer of hope during last week’s social-engineering contest at Defcon18 was when two different employees at a major retailer separately shut down a contestant trying to smooth-talk his way into gathering sensitive information on their company.

Success was the overwhelmingly disturbing trend in the contest, where around 17 people had 25 minutes to social-engineer by phone information out of a specific company they were assigned to. Each contestant had been assigned a “target” company in advance of the contest, and were allowed to gather as much information as they could passively (no phone calls, email, or direct contact) before the big showdown in Vegas.

All of the contestants were able to social-engineer information out of their targeted companies, some posing as journalists, IT survey-takers, and businessmen, for instance. The list of companies targeted in the contest included Google, BP, McAfee, Symantec, Shell, Microsoft, Oracle, Cisco, Apple, and Walmart. The contest organizers won’t reveal which company’s employees gave up what information, but the bottom line is that it worked better than the organizers had anticipated.

Read more…

Open PDF Analysis Framework

Opaf! It’s an Open PDF Analysis Framework!
According to the developer, Feliam, it’s still young and not finished but it does show promise. The following information is from his blog: “A pdf file rely on a complex file structure constructed from a set of tokens, and grammar rules. Also each token being potentially compressed, encrypted or even obfuscated. Open PDF Analysis Framework will understand, decompress, de-obfuscate this basic pdf elements and present the resulting soup as a clean XML tree(done!).”

After using Didier Steven’s pdf tools for some time now, I’m interested to see if this code can compete.

The source code can be found here.

Apple Releases Updates for iPhone, iPod touch, and iPad

Apple has released iOS 4.0.2 for the iPhone and iPod touch and iOS 3.2.2 for the iPad to address vulnerabilities in the FreeType and IOSurface packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or gain system privileges.

First SMS-sending Android Trojan reported

Security experts warned on Tuesday about what is believed to be the first Trojan targeting Android-based mobile devices that racks up charges by sending text messages to premium-rate numbers.

The Trojan-SMS malware, dubbed “Trojan-SMS.AndroidOS.FakePlayer.a,” is being distributed via an unknown malicious Web site, said Denis Maslennikov, senior malware researcher at Kaspersky Lab.

Users are prompted to install a “media player application” that is a little bigger than 13 kilobytes, but which is hiding the Trojan inside, according to Kaspersky and mobile-phone security company Lookout, which analyzed the threat. Once installed, the Trojan starts sending SMS messages behind the scenes that cost several dollars per message, without the device owner knowing it.

Unpatched kernel-level vuln affects all Windows versions

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.

The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges.

Read more…

Microsoft to set record with next Patch Tuesday

Microsoft’s security patch release scheduled for next week will include a record number of bulletins that fix dozens of vulnerabilities in several of its products, the company said on Thursday.

The next Patch Tuesday, scheduled for August 10, will include 14 bulletins, eight of which are rated critical, Microsoft’s highest severity classification, generally reserved for bugs that can be exploited to remotely execute malware on vulnerable systems with little or no interaction on the part of the end user. Six of those bulletins apply to Windows, another one applies jointly to Windows and Silverlight and the last to the Office suite.

Read more…