Alerts This Week
Warning Icon 1 792
Alerts This Week
Warning Icon 1 792

Linux Hacks & Cracks - Page 79

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Authorities have dismantled SocksEscort, a service that sold access to a large proxy network built from compromised residential routers. Investigators say much of the infrastructure sat on infected SOHO networking devices, many running embedded Linux...

We’ve been telling ourselves that Snap apps are sandbox...

UNC2891 has been working its way through gaps in ATM se...

Discover Hacks/Cracks News

LS Hmepg 337x500 34 Esm H267

Comprehending Extended HTML Form Attacks Alongside Their Responses

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"HTML forms (i.e. form) are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not. Apart from that, many web browsers will simply render any data that is returned from the server. Have you ever heard about the extended HTML form attack? What can web developer do? This article looks into this attack and how attackers can use it.

LS Hmepg 337x500 34 Esm H267

Kernel 2.6.25.5 Security Advisory: Buffer Overflow and Code Injection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Linux kernel developers have fixed security flaws in version 2.6.25.5 published last Friday that affect the CIFS and SNMP-NAT modules (nf_nat_snmp_basic). Crafted packets can cause a buffer overflow remotely in the BER decoder used by the ASN.1 parser. The kernel then crashes, and it may even be possible to inject and execute code in the process. What you think will be the impact of these kernel security flaws? How many people will update their systems kernel?

LS Hmepg 337x500 34 Esm H267

Metasploit.com Hijacked By ARP Spoofing Attack Incident

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Monday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider. Using what is technically known as ARP spoofing, the attacker was able to intercept visitors to Metasploit.com, and instead serve them up a page saying the site had been "hacked by sunwear ! just for fun. Users were then redirected to a Chinese forum with an image of the hack.

LS Hmepg 337x500 34 Esm H267

Adobe Flash Standalone 9.0.124.0 Not Vulnerable To Exploit Reports

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

On Thursday, Adobe said "Despite various reports that have been circulating, the Flash Player Standalone 9.0.124.0 and Linux Player 9.0.124.0 are NOT vulnerable to the exploits discussed in conjunction with the previously disclosed vulnerability Symantec posted on 5/27/08. Symantec originally believed this to be a zero-day, unpatched vulnerability, but as their latest update on their Threatcon page indicates, they have now confirmed this issue does not affect any versions of Flash Player 9.0.124.0." This is a good example of why any computer user needs to keep their software updated. But, why did this Flash vulnerability get some much attention when it was a flaw in an older version of the software?

LS Hmepg 337x500 34 Esm H267

Analyzing HTTP Verb Tampering Risks In URL Authentication

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Many URL authentication and authorization mechanisms make security decisions based on the HTTP verb in the request. Many of these mechanisms work in a counter-intuitive way. This fact, in combination with some oddities in the way that both web and application servers handle unexpected HTTP verbs causes the rules dictated by those mechanisms to be bypassable. This article goes into detail discussing this vulnerability and how the various vendors are affected. What do you think about this attack do you think we should be concerned?

LS Hmepg 337x500 34 Esm H267

Sqlninja 0.2.3 Enhances Automated SQL Injection for MS SQL Server

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Being able to upload 'netcat.exe' as 100% plain ASCII GET/POST requests and no FTP? Evasion techniques, code obfuscation, and DNS-tunneld pseudo shells? Sounds like an SQL Injection tool to check out!

LS Hmepg 337x500 34 Esm H267

Apache UTF-7 XSS Discussion: Responsibility for Security Issues

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There is a great debate on the bugtraq mailing list regarding the apache utf7 xss issue. In this debate William Rowe (Apache) discusses why the Apache utf7 vulnerability is in fact not a vulnerability in Apache but in Internet Explorer for not following specifications properly. William first posted to bugtraq https://seclists.org/bugtraq/2008/May/166 with the following "Internet Explorer's autodetection of UTF-7 clearly violates this specification, introducing the opportunity for myriad similar attacks. These are literally everywhere on the web today, we can trust the kids to continue to explore this vector until it is fixed by Microsoft." What do you think about this debate? Who should be responsible in fixing this vulnerability? This article looks at both side of the debate, letting you decide.

LS Hmepg 337x500 34 Esm H267

Debian and Ubuntu Security Advisory: Key Forgery Risks and Solutions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said today. As a tie-in to previous stories posted about Debian's SSL flaws, this article reveals reknown security expert HD Moore's views on the situation. He also provides suggestions on how to properly respond to the flaw and gives advice on whom should be concerned and what patches should be applied.

LS Hmepg 337x500 34 Esm H267

Debian Urgent Security Advisory: Openssl Predictable RNG Risk

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. For anyone using Debian-based systems, please read on for further information on this important matter. 'Predictable' is one word you never want to use to describe OpenSSL.

LS Hmepg 337x500 34 Esm H267

Mozilla: Trojan-Infected Firefox Add-Ons From Vietnam Alert

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday. Anyone who has installed the Vietnamese language pack for Firefox could be in danger of having malicious code in their system. Be sure to uninstall this add-on pack if you have recently installed it - unless you enjoy banner ads and opening up your system for future exploits.

LS Hmepg 337x500 34 Esm H267

GCC Security Advisory: Pointer Overflow Risks and Secure Coding

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

On April 4, CERT put out a scary advisory about the GNU Compiler Collection (GCC). This advisory raises some interesting issues on when such advisories are appropriate, what programmers must do to write secure code, and whether compilers should perform optimizations which could open up security holes in poorly-written code. Are you a c programmer? This article shows you how to make your code a little more secure. It's a very an important skill to have so take a look.

LS Hmepg 337x500 34 Esm H267

Adobe Acrobat Advisory: Targeted PDF Exploits and Cyber Threats

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Dating back to the end of February, we have been tracking test runs of malicious PDF messages to very specific targets. These PDF files exploit the recent vulnerability CVE-2008-0655. Ever since the end of March, beginning of April, the amount of samples seen in the wild has significantly increased. Interestingly enough, there is almost no "public, widespread" exploitation. All reports are limited to very specific, targeted attacks. However, due to the wide scope of these attacks, and the number of targets we know of, we feel a diary entry was in order. Remember the old saying of "if it ain't broke, don't fix it"? It appears this exploit seems very focused on targeting not only the vulnerability mentioned in the article, but the very facet of sticking with stable software. Nothing is apparently "broken" about Adobe Acrobat v7, however as you can tell by the diary entry, updating is the key to preventing "it ain't broke" software from having to be "fixed" due to exploits such as this one.

LS Hmepg 337x500 34 Esm H267

Microprocessor Backdoor Risks: New Security Challenges for Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For years, hackers have focused on finding bugs in computer software that give them unauthorized access to computer systems, but now there's another way to break in: Hack the microprocessor. On Tuesday, researchers at the University of Illinois at Urbana-Champaign demonstrated how they altered a computer chip to grant attackers back-door access to a computer. It would take a lot of work to make this attack succeed in the real world, but it would be virtually undetectable. It's actually kind of funny that they decided to mention that this system was "running the Linux operating system". Regardless of the OS, a hardware level exploit such as this poses such a bigger threat than just OS security. Although this type of exploit is much harder to deploy rather than software, this article poses interesting situations on how exactly it can be carried out.

LS Hmepg 337x500 34 Esm H267

Explore Web Frameworks at Chicago Open Source Conference for Hackers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This goes out to all the web hackers out there. If you're a proud user of a web application framework and you think it's superior to all others, we invite you to prove it. Flourish is having a web application framework showdown and we need you to come defend yours. There will be food and the site you build goes to a deserving non-profit. So far, we've got someone for Ruby on Rails, CakePHP and web2py. Send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. e-mail address is being protected from spam bots, you need JavaScript enabled to view it if you want to participate. Do you have a favorite web application framework? Do you use it because you think it's secure. This conference seems to be a good test to see how secure web application frameworks are.

LS Hmepg 337x500 34 Esm H267

Analysis of Ongoing IFrame Attack and Mitigation Strategies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the factors that make an ongoing malware attack so difficult to stop is the speed with which the assault can evolve. Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the 'Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that's used to embed HTML from another source into a webpage. The timeline of the attack is provided below, thanks in no small part to security consultant Dancho Danchev, who has kept a play-by-play account of the IFrame attack on his blog. Read on for an interesting analysis of the injection method and how it is leveraging SEO engines. How do you feel this should be properly mitigated and countered?

LS Hmepg 337x500 34 Esm H267

Kernel Vmsplice() Exploit: Understanding Root Access Threats and Solutions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This recent kernel exploit has been spreading around the Internet quickly in recent days. So what is it, exactly? What is it really doing and how does it allow a cracker to exploit the root privileges in your system? Jonathan Corbet chimes in with one of the best overviews of the exploit, why it's a problem, how it got here, and what's being done to address it: "Unlike a number of other recent vulnerabilities which have required special situations (such as the presence of specific hardware) to exploit, these vulnerabilities are trivially exploited and the code to do so is circulating on the net.

LS Hmepg 337x500 34 Esm H267

Firefox Critical Advisory: Chrome Protocol Exploit Assessment

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new bug in Firefox could be used by attackers to scout out a system prior to mounting a more thorough assault, according to Mozilla's head of security. The flaw, said Window Snyder, Mozilla's chief security officer, is in the browser's chrome protocol - 'chrome' is the Firefox term for its user interface - as she responded to reports of the vulnerability and the public posting of a proof-of-concept exploit. What do you think about this latests Firefox bug?

LS Hmepg 337x500 34 Esm H267

Researchers Identify New Phishing Threats with DNS Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet. The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks. What is so new about the possible attacks on DNS servers? We all know they are very vulnerable to attack because they are so visible and important to the Internet

Your message here