Hacks and Incidents

Two “WontFix” vulnerabilities in Facebook Connect

Two “WontFix” vulnerabilities in Facebook Connect: TL;DR Every website with “Connect Facebook account and log in with it” is vulnerable to account hijacking. Every website relying on signed_request (for example official JS SDK) is vulnerable to account takeover, as soon as an attacker finds a 302 redirect to other domain.

I don’t think these will be fixed, as I’ve heard from the Facebook team that it will break compatibility. I really wish they would fix it though as you can see below, I feel these are serious issues.

Standard
Hacks and Incidents

MikroTik RouterOS Admin Password Change CSRF

Full Disclosure: MikroTik RouterOS Admin Password Change CSRF:

# Exploit Title: MikroTik RouterOS Admin Password Change CSRF

# Google Dork: N/A
# Date: 23-2-2015
# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
# Vendor Homepage: http://www.mikrotik.com
<http://s.bl-1.com/h/mPRbq77?url=http://www.mikrotik.com/>/
# Software Link: http://www.mikrotik.com/download
<http://s.bl-1.com/h/mPRbvX9?url=http://www.mikrotik.com/download>
# Version: All versions < 5.0
# Tested on: All OS
# CVE : N/A

Standard
Hacks and Incidents

Thoughts and Concerns about Operation Onymous

Thoughts and Concerns about Operation Onymous: Recently it was announced that a coalition of government agencies took control of many Tor hidden services. We were as surprised as most of you. Unfortunately, we have very little information about how this was accomplished, but we do have some thoughts which we want to share.

Standard
Hacks and Incidents

Over 17000 Mac Machines Affected by ‘iWorm’ Botnet Malware

Over 17000 Mac Machines Affected by ‘iWorm’ Botnet Malware: A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned.

According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet, which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US.

Standard
Hacks and Incidents

EncFS Security Audit

EncFS Security Audit: This report is the result of a paid 10-hour security audit of EncFS. It has been posted to the EncFS mailing list, so check there for follow-up. I feel that full disclosure is the best approach for disclosing these vulnerabilities, since some of the issues have already been disclosed but haven’t been fixed, and by disclosing them, users can immediately re-evaluate their use of EncFS.

Standard
Hacks and Incidents

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution: Yahoo! was recently impacted by a critical web application vulnerabilities which left website’s database and server vulnerable to hackers.

A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt, has found a serious SQL injection vulnerability in Yahoo’s website that allows an attacker to remotely execute any commands on its server with Root Privileges.According to Hegazy blog post, the SQLi vulnerability resides in a domain of Yahoo! website i.e. http://innovationjockeys.net/tictac_chk_req.php.

Standard
Hacks and Incidents

Apple Rolls Out iOS 8 with Bucket of Security Fixes

Apple Rolls Out iOS 8 with Bucket of Security Fixes: A series of kernel flaws, several WebKit bugs and a pair of vulnerabilities that allowed a user to install apps outside of the App Store have been patched in the new release. The major flaw patched in iOS 8 is a problem with the way the Operating System implemented 802.1x. In some cases, the flaw could enable an attacker to steal a user’s WiFi credentials.

The two app-installation vulnerabilities were also patched, both have the effect of allowing a local attacker to install unverified apps and both were reported by the evad3rs crew, a group that releases jailbreaks for iPhones. Also it patches a race condition flaw and a path traversal issue.

Standard
Hacks and Incidents

Today’s Security Hacks Are After More Than Bank Info

Today’s Security Hacks Are After More Than Bank Info: The beat goes on. In recent weeks, both JP Morgan Chase and Home Depot have been identified as the latest victims of large-scale cyberattacks.

JP Morgan Chase was among a handful of U.S. banks hit by hackers in a series of attacks in August. A few days later, Krebs on Security released details about a spring attack on Home Depot. The scope of the attack has not yet been determined, but it could be bigger than last year’s Target breach. Oh, and investigators found another Healthcare.gov hack in July, too.

This is bad news for consumers – but such attacks carry potentially heavier weight than just stealing John Doe’s bank login or credit card information. When the hackers behind the Home Depot attack posted credit card information on the black market, for example, they labeled it “American Sanctions.”

“It’s political hactivism,” says Charles Tendell, founder and CEO of Azorian Cyber Security, a white hat hacker with a background of cybersecurity work for the federal government. “In a lot of cases, they’ve got a statement they want to make.”

McAfee estimates that the annual cost to the global economy from cybercrime is somewhere between $375 billion to $575 billion. “Even the smallest of these figures is more than the national income of most countries and governments,” the firm said in a cybercrime report released in June. They also predicted that the cost of cybercrime and losses from theft of intellectual property will continue to rise.

Standard
Hacks and Incidents

Hacking Canon Pixma Printers

Hacking Canon Pixma Printers: This instalment will reveal how the firmware on Canon Pixma printers used in the home and by SMEs can be modified from the Internet to run custom code.  Canon Pixma wireless printers have a web interface that shows information about the printer, for example the ink levels, which allows for test pages to be printed and for the firmware to be checked for updates.

Standard
Hacks and Incidents

‘Anonymous Philippines’ hacks Hundreds of Chinese Government Websites

‘Anonymous Philippines’ hacks Hundreds of Chinese Government Websites: A Philippine Hacker group claiming ties with the hacktivist collective Anonymous defaced early Monday several Chinese Government websites.

“Anonymous Philippines” claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing’s aggressive actions in the West Philippine Sea, according to the messages posted on their Facebook page.

“The operation was a success, we might not have brought China to it’s knees but we gave hope to our brothers and sisters, because hope is what we need right now. Hope that someday people will stand-up and fight back!” Anonymous Philippines said.

Standard