MSUpdaterTrojanWhitepaper.pdf (application/pdf Object) Research Lab: MSUpdater Trojan and the Conference Invite Lure. This blog post is based on a joint report by Seculert and Zscaler (blog post). Researchers from both companies separately identified attacks which used a Remote Access Tool (RAT) malware, and recently targeted several government-related organizations. With joined forces, our researchers analyzed the incidents and were able to link them to previous government-related targeted attacks that have been occurring since early 2009.
Seculert and Zscaler identified similar command and control (C&C) beacon patterns. The most often observed are HTTP GET requests to the path: /microsoftupdate/getupdate/default.aspx? ID=[num1]para1=[num2]para2=[num3]para3=[num4] The malware attempts to stay under the radar of network security products by sending fake “Microsoft Windows Update” HTTP requests. Seculert’s FogSense Cloud-Based Service observed instances of these same malicious patterns for our customers as early as March 2010. Figure 2: ISSNIP Conference invitation malicious PDF file. Malware Intelligence Blog. XyliBox. Wild Wild West – 10/2011. Contagio. Ongoing Targeted Attack Campaign Going After Defense, Aerospace Industries. Googlebig. Base64: [?] Binary: [?] Hex: [?] URL Encode: [?] Da39a3ee5e6b4b0d3255bfef95601890afd80709 Uppercase: Lowercase:
Flaws in Videoconferencing Systems Make Boardrooms Vulnerable. THANK GILLIGAN IT'S SAFE FOR WORK: Hack an elevator, go straight to your floor. Html - Best regex to catch XSS (Cross-site Scripting) attack (in Java) The Cross-Site Scripting (XSS) FAQ. Original Document Location: Revised 8/03 Introduction Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites suffer from a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). "What is Cross Site Scripting? " Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user.
"What does XSS and CSS mean? " Often people refer to Cross Site Scripting as CSS. "What are the threats of Cross Site Scripting? " Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them. Step 1: Targeting Step 2: Testing. Breaking Firewalls with OpenSSH and PuTTY. Mike Chirico (mchirico@users.sourceforge.net) or (mchirico@gmail.com) Copyright (c) 2005 (GNU Free Documentation License) Last Updated: Sun Jan 27 09:40:26 EST 2008 If the system administrator deliberately filters out all traffic except port 22 (ssh), to a single server, it is very likely that you can still gain access other computers behind the firewall. This article shows how remote Linux and Windows users can gain access to firewalled samba, mail, and http servers.
In essence, it shows how openSSH and PuTTY can be used as a VPN solution for your home or workplace, without monkeying with the firewall. This article is NOT suggesting you close port 22. From the Linux laptop 192.168.1.106, it is possible to get access to the resources behind the firewall directly, including SAMBA server, HTTP Server, and Mail Server which are blocked from the outside by the firewall. The SSH Server is seen as 66.35.250.203 from the outside. Cross-site scripting and a simple solution. Most of us hardly give security vulnerabilities any consideration when creating a web-application. It's something that takes care of itself right? Mostly we get away with it because our applications may not be affected the moment it goes live. So it becomes a habit to ignore taking care of it. But its a ticking time-bomb. Its strange because the cost associated with additional security considerations are negligible compared to the losses that can arise when the application is actually comprised!
One such vulnerability is XSS or Cross-site scripting. It comes out at number 1 for the second time running in the OWASP Top 10 2007 . XSS accounts for 80% of today's Internet security vulnerabilities says one source. First, let's learn about our adversary. DOM-based XSS vulnerability is when the problem exists in the page's client script itself.
This is where we can use library/frameworks developed by those who know the range of attacks out there. See below code showing how easy it is to use: Free Our Favorite XSS Filters/IDS and how to Attack Them PDF Ebook. Metasploit: Board Room Spying for Fun and Profit. Update: David Maldow of Human Productivity Lab wrote a response to the NYT article that presented an industry perspective on our findings. Mythical Videoconferencing Hackers and why we stand behind our claims. Additionally, the archive of Tuesday's webcast on the same topic (with live demos) is now available. Thank you to everyone who provided feedback! Introduction Today's issue of the New York Times contains an article describing the results of research I conducted over the last three months. This research covered about 3% of the addressable Internet and focused on equipment that spoke the H.323 protocol.
Quality Even cheap video conferencing systems provide an incredible level of visual acuity and audio reception. Auto Answer Video conferencing vendors have taken steps to provide security features, however the leading vendor, Polycom, still ships most of their equipment with auto-answer configured by default. Firewalls Exploits Web Interfaces H.323 Discovery H.323 Clients Conclusion. Opinion: Cool tools for hacker trackers. Opinion By Roger A. Grimes September 28, 2007 12:00 PM ET I was happy to see that the local password hash dump only discovered the harder-to-crack NT hashes with no super vulnerable LM hashes available. This reflects Microsoft's decision to finally disable LM password hashes by default in Vista, a decision overdue by at least five years. Some security administrators ask me why I promote the use of tools like Cain & Abel that make hacking so easy.
I often encourage system administrators to run Cain & Abel, with appropriate permission, of course, to ferret out weak and plain text passwords on their own local system and on their networks. Who am I kidding? XSSed | Cross Site Scripting (XSS) attacks information and archive.