Vouch, reddit is shit

I like that guy

Security Flaws in UPnP protocol put 50 million devices at risk

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely.

Rapid7 said Tuesday in a research paper (https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play), that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP.

UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services.

In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users.


Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol.

The long list of devices includes products from manufacturers including Belkin, D-Link, Cisco's Linksys division and Netgear.

They found that 20 percent, or 17 million, of those IP addresses corresponded to devices that were exposing the UPnP SOAP (Simple Object Access Protocol) service to the Internet. This service can allow attackers to target systems behind the firewall and exposes sensitive information about them.

Additional vulnerabilities, including ones that can be used in denial of service and remote code execution attacks, also exist in a UPnP library called MiniUPnP.
Rapid7 also release ScanNow UPnP, a free tool that can identify exposed UPnP endpoints in your network and flag which of those may remotely exploitable through recently discovered vulnerabilities.

People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, web cameras, storage drives and smart TVs are often shipped with that functionality turned on by default.


Paypal hacker escaped jail


In London today, an 18-year-old anonymous hacker received an 18-month youth rehabilitation order and a 60-hour unpaid work requirement for his involvement in "Operation Payback". One strike against Paypal alone cost the site £3.5 million pounds.

But Jake Birchall escaped jail today after the judge ruled he had been affected by special needs. He was an advanced user of the internet and had used it for nine years, since he was eight years old.

"He did play a prominent and important part in this and I think he has got to learn to get out of bed in a morning and do unpaid work." The judge said.

Jake Birchall had admitted conspiring to impair the operation of computers in 2010 and 2011. They were convicted for their distributed denial of service attacks, which paralyse computer systems by flooding them with online requests.

Ashley Rhodes, 28, of Bolton Crescent, Camberwell, south London, was given seven months, and Peter Gibson, 24, from Castletown Road, Hartlepool, deemed to have played a lesser role in the conspiracy, was given a six-month suspended sentence.


Buffer Overflow vulnerability in VLC media player


VideoLAN recently published a security advisory (http://www.videolan.org/security/sa1302.html) warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal.

The vulnerability is caused due to an error in the "DemuxPacket()" function (modules/demux/asf/asf.c) when processing ASF files and can be exploited to cause a buffer overflow via a specially crafted ASF file. To exploit the vulnerability, a user must explicitly open a specially crafted ASF movie.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. A patch will be included in VLC 2.0.6, the next version of the media player, which is only available for testing purposes at the moment.

FBI Busts Hacker who blackmails 350 women for stripping on camera


The FBI Tuesday announced the arrest of Karen 'Gary' Kazaryan, a 27-year old man, who is said to have blackmailed more than 350 women after convincing them to strip off in front of their webcams has been arrested in the US.

He was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. The FBI described the alleged blackmail as "sextortion".

He is accused of hacking into the victims accounts and changing their passwords, locking them out of their own online accounts. He then searched emails or other files for naked or semi-naked pictures of the victims, as well as other information, such as passwords and the names of their friends.

He then posed online as the women, sent instant messages to their friends and somehow, persuaded those friends to get undressed so that he could view and take pictures of them. US authorities said they had found about 3,000 pictures of nude or semi-nude women on Mr Kazaryan's computer.

The FBI said that it hasn't yet linked all of the nude and semi-nude images with people's actual identities. "Anyone who believes they may have been a victim in this case should contact the FBI's Los Angeles Field Office at (310) 477-6565," said a statement issued by the bureau (http://www.justice.gov/usao/cac/Pressroom/2013/016.html).

dolar finds this story stupid, he hopes the hacker will get away with it.
dolar feels bad for the victims because they're stupid for getting naked on cam in the first place without knowing that this shit might happen to them...

I think it's funny.

^

I miss Abudct JSP Newsline.

been lazy really. nothing really is happening on the private sides. public is just trash news.

will blog about my phone and do unboxing pics tomorrow though. keep an eye out for that.

HTML5 remote download feature... could be used maliciously

just feel like warning you guys lol. the HTML 5 feature `localstorage` can be used to remotely download files onto your computer without your concent/knowledge. all popular browsers support this feature at this time. a proof of concept code sample can be found on github (https://github.com/feross/filldisk.js) which can fill a users harddrive up with cat pictures writing almost 1gb of data every 16 seconds on a ssd. Firefox is not effected because it has a cap on how much data it writes but chrome, IE, and opera do not have said limit and can fill your entire harddrive up. Although fulling your harddrive up is the least of your worries seeing how it can download anything without your consent to begin with on any browser supporting html5.

This post was edited by AbDuCt on Mar 2 2013 03:52pm

no real news worth mentioning.

cold fusion an adobe product has had a number of zero days leaked to the public allowing remote attackers to write a cold fusion shell into the web directory where its administrator page is located. how one of the exploits works is a chained exploit method in which first the attack uses a `local file disclosure` exploit in one of the administrative files to print out the current admin password hash which updates every 30 seconds. from there they use java script to rehash the password using the cold fusions hashing function and then by tampering the post request you can send this newly formed hash to the login page bypassing the need of having the the real password. from there an attacker and simply use the content managing system in the administrative page to download any file they wish and run them.

more can be found at: http://www.blackhatlibrary.net/Coldfusion_hacking

as for zines and shit which i don't keep up on a tweet from HackThePlanet about something unrelated lead me to their page which stats HTP5 is coming out soon. they didn't state a time line so no one knows when to expect that.

on an unrelated note HackThePlanet (https://twitter.com/HackThePlanet) tweeted today taunting NIST which is a government database of known exploits and following tweets lead to speculation that they have been exploited using public exploits and their databases will be in their next zine, HTP5.



that's pretty much it.

This post was edited by AbDuCt on Mar 12 2013 01:19am

Ah their accounts were hacked. The only reason they were blackmailable is because they were careful. Had they not been everyone would have found out about the images already - it's hard to blackmail someone with common knowledge information.

Chrome, Firefox, Java, IE10 exploited at Pwn2Own competition



During the first day of Pwn2Own competition at the CanSecWest conference in Vancouver , latest versions of all major browsers were exploited by hackers.

Chrome, Firefox and Internet Explorer 10 on Windows 8 were successfully pwned by various competitors, bringing them tens of thousands of dollars in prizes.
French vulnerability research and bug selling firm 'Vupen' brought down IE10 running on a Windows 8 powered Surface Pro tablet by exploiting a pair of flaws.

Researchers Jon Butler and Nils from MWR Labs managed to exploit Google Chrome on Windows 7 and also used a kernel bug to bypass the sandbox.

"By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges." they said. For this pwn they received $100,000 as reward.

The Java was also killed in Pwn2Own, Java cracked up to three times by three different hackers. Vupen also managed to exploit a vulnerability in Java, "Writing exploits in general is getting much harder. Java is really easy because there's no sandbox."

According to the participants, Chrome was the hardest target because of its sandbox and Java was the easiest target this year.


Apple App Store was vulnerable for more than Half year


A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.


Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store.
Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week.

An attacker only needs to be on the same network as the person who is using the App Store. From there, they can intercept the communications between the device and the App Store and insert their own commands.

The malicious user could take advantage of the unsecure connection to carry out a number of different attacks i.e steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intended to get or by showing fake app updates, prevent a person from installing an app by making it disappear from the App Store or force the App Store to show the entire list of apps installed on a device.

Bursztein has posted some videos that show the App Store holes in action, a couple of which can be found below:

http://www.youtube.com/watch?v=b7MQjLVkekg

He said that he alerted Apple to his findings back in early July of 2012, and Apple only turned on HTTPS encryption at the end of January and even the App Store existed for years without having HTTPS encryption.


Biggest password cracking wordlist with millions of words

One of the biggest and very comprehensive collection of 1,493,677,782 word for Password cracking list released for download. The wordlists are intended primarily for use with password crackers such as hashcat, John the Ripper and with password recovery utilities.

Defuse Security have released the wordlist of 4.2 GiB (compressed) or 15 GiB (uncompressed) used by their Crackstation project (http://crackstation.net/).

Wordlist originally shared by 'Stun', Anonymous Hacktivist. You can also download it from Torrent (http://1337x.org/torrent/493880/A-BIG-password-cracking-wordlist/).


Sudo Local Authentication Bypass Vulnerability when clock is reset

A German researcher, Marco Schoepl recently discovered that it is possible for a user to bypass sudo authentication by resetting the clock. When a user successfully authenticates with sudo, a time stamp file is updated to allow that user to continue running sudo without requiring a password for a preset time period (five minutes by default). Successful exploitation of this feature allow a local attacker to bypass authentication mechanism and gain unauthorized access. This vulnerability has been assigned as CVE-2013-1775. The security bug allows an attacker with a physical access to run commands without user’s password.


Android SwiftKey Keyboard turned into a Keylogger app

One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, "anyone pirating Swiftkey is taking a serious risk" developer said to 'The Hacker News'.
He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs.

"Cracked copies of PC and iPhone apps can have malware as well of course but on both those platforms most software is compiled to machine code. Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK." he explained.

He developed a keylogger from SwiftKey(APK Download), a malicious Java program designed to collect and send all key logs to a remote server (Check Keylogs) Along with the host IP address. He explained the complete code also on his blog.

Android malware is growing at a far more rapid pace than for other mobile platforms. For a Cyber Criminals, it is not important to develop their own malware program from scratch, Reversing ready-mate apps and inserting malware code can easily make their job more easy.

Users really need to think about permissions and consider what the app is asking to do, and to be careful where they are downloading apps from.