Saturday, March 20, 2010

Finding Vulnerable sites using image


Did you ever wondered finding vulnerable sites using image site engines... Here is the solution: TinEye,  a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks.
When you submit an image to be searched, TinEye creates a unique and compact digital signature or 'fingerprint' for it, then compares this fingerprint to every other image in our index to retrieve matches. TinEye can even find a partial fingerprint match. TinEye does not typically find similar images (i.e. a different image with the same subject matter); it finds exact matches including those that have been cropped, edited or resized. below are some cool images from their website
To learn more about Tineye visit there wbsite here
If you want to find a vulnerable website, simply choose the image you need to crawl from and  click here

IE exploit on IE6.0 and Windows XP SP2


Exploit code for the zero-day hole in Internet Explorer linked to the China-based attacks on Google and other companies has been released on the Internet, McAfee said on Friday. Also, the German federal security agency issued a statement on Friday urging its citizens to use an alternative browser to IE until a patch arrives.
McAfee researchers have seen references to the code on mailing lists and confirmed that it has been published on at least one Web site, the company's Chief Technology Officer George Kurtz wrote in his blog. "The exploit code is the same code that McAfee Labs had been investigating and shared with Microsoft earlier this week," he said.
Attack is the latest problem/error in how the "createTextRange()" method is processed on a radio button control. "This can be exploited by a malicious Web site to corrupt memory in a way [that] allows the program flow to be redirected to the heap. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.
The flaw is discovered by secunia Secuirty company in their advisory..
SANS Internet Storm Center (ISC) raised its Infocon to yellow
SANS says this exploit is available in Metasploit, but as far as they are aware at this moment there are no automated tools taking advantage of the exploit and widely attacking the internet.   The exploit currently affects a version of the product that is two major revisions behind the current release, and should really not be widely used anymore.  Easy work arounds are available by utilising other browsers or products, signatures are available from the AV vendors and the patch should be available in the next 3-4 weeks.
"The irresponsibility of releasing such a dangerous exploit will require systems administrators to take drastic action to protect their systems," Scott Carpenter, director of security labs at Herndon, Va.-based Secure Elements Inc., said in an e-mailed statement. "When vulnerable home systems are added into the equation, Internet Explorer users can expect a virus or worm in the very near future. The most probable vector for this worm will be in the form of spam with malicious links that will tempt users into clicking on a link that takes them to a malicious Web site."
Microsoft's Response:
Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site," he said in an e-mail. "Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. They also added that , "Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This will either take the form of a security update through our monthly release process or providing an out-of-cycle security update."
Temporary Recommendation:
Meantime, Microsoft said users can protect themselves by configuring IE to prompt before running Active Scripting or by disabling Active Scripting in the Internet and local intranet security zone. Users can also set Internet and local intranet security zone settings to "High" to prompt before running Active Scripting in these zones.
Complete story is on here

Wednesday, March 17, 2010

Goolge Funny pic


Google it!!!
Posted using ShareThis

Free Cisco, Microsoft, CompTia Study materials


I came across this materials today. They are really useful materials for some one looking to learn for certifications like CCSP, CCVP, CCNA, CCNP.. It is a whole set of materials..
Special thanks to Scalenetworks

Saturday, March 13, 2010

Google Turns on Gmail Encryption to Protect Wi-Fi Users


Google is now encrypting all Gmail traffic from its servers to its users in a bid to foil sniffers who sit in cafes, eavesdropping in on traffic passing by, the company announced Wednesday.
The change comes just a day after the company announced it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists. The switch to always-on HTTPS adds more security, but does not help prevent the kind of attacks Google announced Tuesday.
Posted using ShareThis

Thursday, March 11, 2010

Gmail's GPG Encryption


Better security typically goes hand in hand with increased inconvenience. But some human rights activists who used Gmail right now likely wish they'd put up with a little hardship to help keep hackers at bay. I'm not going so far as to recommend you use e-mail encryption, but I think this is a good time to take a close look at it.
To know how to use a collection of free or open-source software packages: GPG, or GNU Privacy GuardMozilla Messaging's Thunderbird e-mail software, and its Enigmail plug-in. CNET Download.com also hosts Thunderbird for Windows and Mac and Enigmail for all platforms.
Public key cryptography
Encryption scrambles messages so that only someone with a key (or a tremendous amount of computing horsepower, or knowledge of how to exploit an encryption weakness) can decode them. One form is called, curiously, public key encryption, and this is what GPG and Enigmail use.
Here's the quick version of how it works. You get a private key known only to yourself and a public key that's available for anyone else to use. The person you're corresponding with also has such a pair of keys. Although the public and private keys are mathematically related, you can't derive one from the other.
To send a private message, someone encrypts it with your public key; you then decrypt it with your private key. When it's time to reply, you encrypt your message with the recipient's public key and the recipient decodes it with his or her private key.
Messages in transit from one machine to another are a bunch of textual gobbledygook until decoded. If you're being cautious enough to encrypt your e-mail, you should be aware that there's still some information that leaks out to the outside world. The subject line isn't encrypted, and somebody might take interest in the identity of your active e-mail contacts and the timing and frequency of communications.
So how do you find out what your correspondent's public key is? You can either fetch the key firsthand from the correspondent, or you search for it on public computers on the Net called key servers--mine is stored at pool.sks-keyservers.net.
This form of encryption has another advantage: you can sign your e-mail electronically so the recipient knows it really is from you. This time the process works in reverse: you sign your e-mail with your private key, then your recipient verifies it's from you using your public key.
[ad#Google Adsense Horizondal banner 468-60]

Skype process


In response to a query raised by one of my friend asking how secure is to use skype and were the communication encrypted?  I did some quick browsing on Skype technology and thought its time to share some information about skype.
Skype is a peer to peer VoIP client allows users to place voice calls and send text messages to other users of Skype clients. Skype claim to have better voice quality than similar applications like MSN and Yahoo Messenger. It also encrypts calls end-to-end. Skype technology uses two types of nodes in its network named Ordinary host ( skype application) and super node (computer with valid IP address).
Windows Registry
Skype application must connect to a host with active internet connection and must register itself with the Skype login server for a successful login. Skype  login server is an important entity in the Skype network with stored usernames,passwords and also used for authentication purpose.  Each Skype client has the capability to build and refresh tables (host cache) of reachable nodes and it contains IP address and port number of super nodes. This table is normally stored in the Windows registry.
Skype traffic
Skype uses wideband codecs to allow and maintain call quality at an available bandwidth of 32kbps. Skype uses TCP for signalling and both UDP and TCP for transporting media traffic. It is to be noted that both signalling and media traffic are not sent on a same port.
Friends list
Skype stores its friends list information in the Windows registry. This list is digitally signed and encrypted. The buddy list is local to one machine and is not stored on a central server. If a user uses SC on a different machine to log onto the Skype network, that user has to reconstruct the buddy list.
Skype encryption
Skype uses AES 256 bit encryption with total possible keys of around 1.1* 10^77. In order to encrypt data in each skype call, it uses 1536 to 2048 bit RSA to negotiate symmetric AES keys. Skype uses STUN protocol to determine the type of firewall or Netowrk Address Translators used in the network. all these data's are stored in windows registry
Session Cryptography:
All traffic in a session is encrypted by XORing the plaintext with key stream generated by 256-bit AES (also known as Rijndael) running in integer counter mode (ICM). The key used is SKAB. Skype sessions contain multiple streams. The ICM counter depends on the stream, on salt, and the sequency within the stream.
Signature padding:
The signature verification method checks the integrity of the signed message. It decrypts the RSA and extracts and checks the padding. It also checks the hash for accuracy. Consistent with ISO 9796-2, after the first signed block, the rest of the signed message is in plaintext, and this is verified via the SHA-1 hash check.
Skype logins
For skype  to initiate it needs more than one value in the host cahce table. As soon as you start the Skype the login process is to look for valid entries with in Cache table.  Without valid entries it is not possible to connect to skype network.  Skype client will first send UDP packet to this entry. If there was no response afterroughly five seconds, SC tried to establish a TCP connection withthis entry. It then tried to establish a TCP connection to the HC IPaddress and port 80 (HTTP port). If still unsuccessful, it tried toconnect to HC IP address and port 443 (HTTPS port). SC thenwaited for roughly 6 seconds. It repeated the whole process fourmore times after which it reported a login failure.We observed that a SC must establish a TCP connection with aSN in order to connect to the Skype network. If it cannot connectto a super node, it will report a login failure.
Media Transfer process:
The video/voice communication through SKype is established through UDP. The trick here is that quite often, one of the users is behind a firewall or a router, hence it doesn't have a real IP address. But if both Skype clients are on real IPs, then the media traffic flows directly between them over UDP. The size of the voice packet is 67 bytes, which is actually the size of UDP payload. One second conversation results in roughly 140 voice packets being exchanged both ways, or 3-16 kilobytes/s.
If one of the callee or both of them do not have a public IP, then they send voice traffic to another online Skype node over UDP or TCP. The developers of Skype have preferred to use UDP for voice transmission as much as possible.
An interesting fact is that even if both sides are not speaking, voice packets will still be flowing between them. The purpose of these so called 'silent packages' is to keep the connection alive.
For detailed Skype security review click here

Saturday, March 6, 2010

Automated Web app finger printing tool


In penetration testing finger printing the target web presence and enumerating as much as information possible is the primary step for an attacker/ security professional to discover vulnerability. With fingerprinting information attacker can develop an accurate attack scenario to exploit vulnerability in the software type/version being used by the target host. As important security vulnerabilities like SQL injection, buffer over flow are extremely depend on specific software version and software vendor, accurately identifying this sort of information becomes critical. Namp is one of the best tool serves the purpose for free.
Another tool currently released by Richard.sammet on http://mytty.org/wafp/, Basically this is a ruby based web application finger pritning tool using SQlite DB.
How it works
WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version and even the build number of a web application.
A Web Application Finger Print consits of a set of relative file locations in conjunction with their md5sums. It is made based on a production or example installation of a Web Application or just out of an extracted Web Application install files tarball. For this task, generate_wafp_fingerprint.sh is to be used.
Visit Richard.sammet site for download and samples

Thursday, March 4, 2010

Researcher Rates Mac OS X Vulnerability 'High


Flaw in versions 10.5 and 10.6 can be exploited by a remote attacker, says SecurityReason
The proof of concept merely triggers a memory access error, but such buffer overflow conditions can sometimes be exploited to run arbitrary code.
Although the issue has apparently been fixed in FreeBSD and OpenBSD, the researchers imply that the changes have not filtered through to Mac OS X, where it is said to be present in Leopard (10.5) and Snow Leopard (10.6).
The issue is also said to have been present in NetBSD, Google Chrome, Firefox and other Mozilla projects, Opera, MatLab, and other pieces of software.
SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon. SecurityReason's advisory rates the vulnerability's risk as "high" and claims that the flaw can be exploited by a remote attacker.
For security reasons advisory and proof of concept click here

Tuesday, March 2, 2010

Oracle to Patch 24 Security Flaws

Database server giant oracle is joining Microsoft and Adobe this patch Tuesday

Ten of the patches affect Oracle's database, and two of the vulnerabilities addressed can be remotely exploited over a network without the need for a username and password, Oracle said.
Affected database components include Application Express Application Builder, Listener, Data Pump, OLAP, Secure Backup, Spatial and Universal Installer. Both 11g and 10g database releases are affected.
The update also includes three fixes for Oracle's application server. All three address vulnerabilities that can be exploited without a username or password. They affect the server's Access Manager Identity Server and Oracle Containers for J2EE components.

Monday, March 1, 2010

Dlink router with HNAP vulnerability


A flawed implementation of the Home Network Administration Protocol (HNAP) reportedly allows attackers to gain unauthorised admin access to numerous D-Link router models
SourceSec Security research webpages claims finding a flaw in D-Link’s CAPTCHA implementation, around a way to view and edit D-Link router settings without any administrative credentials.
Simply said,  D-Link routers have a second administrative interface, which uses the Home Network Administration Protocol. While HNAP does require basic authentication, the mere existence of HNAP on D-Link routers allows attackers and malware to bypass CAPTCHA “security”. Further, HNAP authentication is not properly implemented, allowing anyone to view and edit administrative settings on the router.
For detailed vulnerability summary click there pdf

Nexus one phone


Today Tuesday the 5th of January 2010 is expected to be the launch day of Google's Nexus One phone. Google-phone buzz has centered on whether Google can take down apple-iPhone, but it seems to be unrealistic. Leaks suggest the Nexus One will be a global-system device with a 3.7-inch touch screen, five-megapixel camera, Wi-Fi connectivity, an accelerometer and a compass, according to CNN.com partner, Wired magazine. It is expected to run the latest version of the Android operating system, Android 2.1, which is also made by Google but runs on other phones as well. It is also said that Nexus One will be available unlocked means, users wont have to sign up for long term contracts with any particular mobile carrier.
Browsing with curiosity to know more Nexus one, i found this article from engadget.com
Engadget have written the full story on every nook and cranny of this device. Some of those highlights are
  • The HTC-built and (soon to be) Google-sold device runs Android 2.1 atop a 1GHz Snapdragon CPU,
  • a 3.7-inch, 480 x 800 display, has 512MB of ROM, 512MB of RAM, and a
  • 4GB microSD card (expandable to 32GB).
  • 5 megapixel camera with LED flash, with pretty descent looking pictures and the camera software is much faster than the same component on the Droid
  • phone is incredibly thin and sleek -- a little thinner than the iPhone -- but it has pretty familiar HTC-style industrial design
  • It's very handsome, but not blow-you-away good looking. It's a very slim, very pocketable phone, and feels pretty good in your hand.
Engadget has described much more features about Nexus One, but there product seems like one given to google employees and that product may differ from one you buy . And yeah if you are too curious click this link to check the product description from engadget.
In another article from PCworld.com, based on the prevailing rumors and speculation, they have five predictions for what we can expect from the Nexus One. click here to look at their interesting prediction about Nexus One.