http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-06-12 00:36:04 - Ack Ack : There is a lot of news around lately in Holland about vulnerable voicemail systems but it is hard to find a practical approach to this so here is a little guide how you can test if you are vulnerable to this attack and some defense techniques for the end user Your first step is get a wwwspoofcardcom PIN, you can do this by going to wwwspoofcardcom and buy some credits http://www.secuobs.com/revue/news/310658.shtmlhttp://www.secuobs.com/revue/news/310658.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - While strolling through mysqlcom I came across this page There you can view the possibility of the bitwise function right shift A bitwise right shift will shift the bits 1 location to the right and add a 0 to the front Here is an example mysql select ascii b'00000010' -------------------- ascii b'00000010' -------------------- 2 -------------------- 1 row in set 000 sec Right shifting it 1 location will give http://www.secuobs.com/revue/news/310657.shtmlhttp://www.secuobs.com/revue/news/310657.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Some time ago I found a way how to use Google as your proxy having 255 Google IP's I notified them and they did not seem to care, so I asked them if I could publish it and they emailed me the following Hey Jelmer I've chatted with Filipe and we're happy with you publishing your findings Cheers, Adam I also had another vulnerability on gmodulescom which allowed me to http://www.secuobs.com/revue/news/310656.shtmlhttp://www.secuobs.com/revue/news/310656.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Even though we've published some exploits and other unexpected features in Googles services - you have to love them Anyway, Happy Aprils fools day Cheers http://www.secuobs.com/revue/news/310655.shtmlhttp://www.secuobs.com/revue/news/310655.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - The other day i was browsing Facebook and a friend of mine posted this on my wall This is realy insane you have to see this OMG Look What THIS Kid Did to His School After Being Expelled jmp WARNING Graphic Content Not only for the reason that he is dutch this would be fishy, he posted this message on all his friends walls at the same moment I was http://www.secuobs.com/revue/news/310654.shtmlhttp://www.secuobs.com/revue/news/310654.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Yesterday the Facebook chief security officer Joe Sullivan announced at Hack in the Box Amsterdam that Facebook will reward hackers for reporting security vulnerabilities Facebook will officially release their plans soon, this way the social networking site hopes that hackers will report their vulnerabilities in a responsible manner They already had a security hall of fame which can be found here The rewards are still unknown but at Google and http://www.secuobs.com/revue/news/310653.shtmlhttp://www.secuobs.com/revue/news/310653.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Remember back in May I announced this post Google AdWords XSS'es I turned out that I had been in contact with the wrong Google staff The Google AdWords support didn't know enough about security related issues, therefor I didn't get any reward One thing lead to another, and I announced the post with two 0-days However Just minutes after, a certain employee at the Google Security staff contacted Jelmer - http://www.secuobs.com/revue/news/310652.shtmlhttp://www.secuobs.com/revue/news/310652.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Well well, another post about safari The problem I will take up today is the how Safari handles protocol handlers In all other major browsers, even Internet Explorer, you have to agree to visit a link with a custom protocol But not in safari Oh no Luckily, programs usually has built in confirmation that will ask you if you really wish to do what the browser is trying to http://www.secuobs.com/revue/news/310651.shtmlhttp://www.secuobs.com/revue/news/310651.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Hi there folks, we are happy to tell you that Fredrik, Mathias and me Jelmer are all in the Google security Hall of Fame for our findings The latest unpublished XSS for which I got in the Hall of Fame is still unpatched http://www.secuobs.com/revue/news/310650.shtmlhttp://www.secuobs.com/revue/news/310650.shtml Secuobs.com : 2011-06-12 00:36:04 - Ack Ack - Back in good old 2008, a researcher at the security firm Outpost24 - Jack C Louis found a crucial DoS vulnerability in the fundaments of TCP IP In fact, it turned out to be so powerful, that all major operating systems appeared to be vulnerable We got a PoC http://www.secuobs.com/revue/news/310649.shtmlhttp://www.secuobs.com/revue/news/310649.shtml Secuobs.com : 2010-05-14 16:38:27 - Ack Ack - Well well, apparently, we ve yet again, discovered a few vulnerabilities This exploit puts Opera 1053, and Microsoft Internet Explorer 8 in a DoS condition However, that s pretty lame I mean, a simple javascript while 1 alert 1 does the trick for that The cool point of this is, Apple s Safari 405 causes an access violation exception, which means it tries to overwrite More http://www.secuobs.com/revue/news/222201.shtmlhttp://www.secuobs.com/revue/news/222201.shtml Secuobs.com : 2010-05-12 02:44:50 - Ack Ack - I made a program which will monitor the air for connections between wireless hot spots and hosts, if the program will find a connection it will send a deauth packet which will disconnect the client, this goes at such a high speed that clients will have no chance to establish a proper connection to the More http://www.secuobs.com/revue/news/221198.shtmlhttp://www.secuobs.com/revue/news/221198.shtml Secuobs.com : 2010-05-07 22:29:37 - Ack Ack - Over the past week i have been busy in the lab developing new attack vectors to MySQL injections by using the inter protocol capability with the load_file function With load_file you are able to load files from another machine over SMB, this happens through the underlaying system s SMB client, a basic load_file over SMB looks like More http://www.secuobs.com/revue/news/220064.shtmlhttp://www.secuobs.com/revue/news/220064.shtml Secuobs.com : 2010-05-07 03:16:10 - Ack Ack - While coding my SMB server to further expose cool tricks with MySQL injections i walked against a very nice bug in the SMB2 protocol which can make the box on the other side crash instantly while trying to connect to you Here is an overview of how it the exploit took place Victim Negotiate protocol request and hoping More http://www.secuobs.com/revue/news/219718.shtmlhttp://www.secuobs.com/revue/news/219718.shtml Secuobs.com : 2010-05-05 14:14:27 - Ack Ack - Hey, Kasper just released a new page called Protocols , with documentation about loads of the existing protocols in the OSI-layer Truly a great work Let s say you want to watch the documentation for TCP, then by going to this URL, you ll find all from the TCP RFC 0793 , the IANA documentation of ports reserved for different underlaying TCP IP based More http://www.secuobs.com/revue/news/219029.shtmlhttp://www.secuobs.com/revue/news/219029.shtml Secuobs.com : 2010-05-03 12:21:39 - Ack Ack - This MySQL OOB technique, seem to be getting out of control It didn t exist in the wild for as far as we know about , so we started to look into it even further Malware can use this SMB vulnerability in order to spread itself to other locations To let s say, all Windows boxes on the local network Rather More http://www.secuobs.com/revue/news/218177.shtmlhttp://www.secuobs.com/revue/news/218177.shtml Secuobs.com : 2010-05-03 04:08:53 - Ack Ack - Last week there was a lot to do on MySQL and the load_file function on our blog, we found ways of generating DNS and ARP packets, these are useful things to be aware of during a penetration testing and fresh material for us to investigate further in to develop new ways of attacking systems During penetration More http://www.secuobs.com/revue/news/218112.shtmlhttp://www.secuobs.com/revue/news/218112.shtml Secuobs.com : 2010-04-30 02:12:57 - Ack Ack - Both me and my fellow researcher Mathias have heard all from It s impossible to make DNS requests in MySQL to There is no out-of-band techniques for MySQL So we both thought Hey, it can t be that hard So ladies and gentlemen, here s a so far theory on a MySQL out-of-band request As long as you have the File_priv More http://www.secuobs.com/revue/news/217501.shtmlhttp://www.secuobs.com/revue/news/217501.shtml Secuobs.com : 2010-04-29 22:14:14 - Ack Ack - Yes, this might come as a spoiler, but me, Mathias and Kasper are currently researching in the Cellular area Enough of that at the moment Anyway, whilst we read through RFC s and wikipages, we stumbled upon this specific page containing this eventually when modems began to be used to dial up to the Internet led to More http://www.secuobs.com/revue/news/217414.shtmlhttp://www.secuobs.com/revue/news/217414.shtml Secuobs.com : 2010-04-29 18:23:26 - Ack Ack - By again bypassing the too much recursion security if there is any in these browsers, it is possible to add iframe elements in a loop If the src attribute is set to mailto , the browser will open the deafult mail client one for every iframe This will continue until the RAM is full More http://www.secuobs.com/revue/news/217335.shtmlhttp://www.secuobs.com/revue/news/217335.shtml Secuobs.com : 2010-04-29 07:56:46 - Ack Ack - After first finding this exploit i tested it a couple of times, what turns out is that it sometimes works and sometimes the wait or close page dialog box pops up, sometimes the stack overflow will still trigger after requesting to close the window and sometimes it just won t work, pretty random in my opinion More http://www.secuobs.com/revue/news/217216.shtmlhttp://www.secuobs.com/revue/news/217216.shtml Secuobs.com : 2010-04-28 22:45:20 - Ack Ack - It seems that you guys seem to like us or maybe fear us , well according to this statistics it must be true In just within two days, we ve had visitors from all around the world, which kind of gives us creativity to keep creating new fun and original content Right now, at the time of writing me More http://www.secuobs.com/revue/news/217035.shtmlhttp://www.secuobs.com/revue/news/217035.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - Yes, everything running on TCP IP is in theory vulnerable to SYN-flood attacks For those of you who don t know what it is, wikipedia explained it like this The SYN flood is a well known type of attack and is generally not effective against modern networks It works if a server allocates resources after receiving More http://www.secuobs.com/revue/news/216733.shtmlhttp://www.secuobs.com/revue/news/216733.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - Me and my fellow whitehat Mathias have found several security flaws on both HTC Hero Android 15 and in Nokia N82 SymbianOS 92 We ve tested the Safari Overflow 1 and Safari Overflow 2 on the following browsers cellphones Opera Mini 5018302 802 HTC Hero Dolphin Browser 250 HTC Hero Chrome HTC Hero Default Browser Series60 31 Nokia N82 And well More http://www.secuobs.com/revue/news/216732.shtmlhttp://www.secuobs.com/revue/news/216732.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - Optical character recognition is something which has been growing over the past few years and is getting better and better over the years Today i was playing around with this free online OCR and i tried to inject code in the images After some time fuzzing i found a way of injecting javascript in the system with More http://www.secuobs.com/revue/news/216731.shtmlhttp://www.secuobs.com/revue/news/216731.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - Well well, if you haven t already, stop using Safari This script is very simple and very critical, it causes an Access Violation exception in WebKitdll, which several browsers are based upon Luckily, Google Chrome is enough sandboxed and can not be exploited trough this vulnerability The script simply fills the DOM document with tags and More http://www.secuobs.com/revue/news/216730.shtmlhttp://www.secuobs.com/revue/news/216730.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - We ll start off simple with a short-description A heat pump is a machine or device that moves heat from one location the source to another location the sink or heat sink using mechanical work Most heat pump technology moves heat from a low temperature heat source to a higher temperature heat sink 1 More http://www.secuobs.com/revue/news/216729.shtmlhttp://www.secuobs.com/revue/news/216729.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - There is a problem with the canvas HTML tag, if you place canvas tags in each other you can make a lot of browsers crash I tested this trick on Mozilla Firefox, Safari, Google Chrome, Opera and IE all crashed on Windows XP SP3 Here is an image i made from the crashes And here is the PoC http://www.secuobs.com/revue/news/216728.shtmlhttp://www.secuobs.com/revue/news/216728.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - Fredrik and Mathias wrote in an earlier post today about possible vulnerabilities in the NIBE heat pumps, i am lucky a friend of mine has one so i could play around in it for some time Fredrik was talking about the following possible vulnerabilities - Local file inclusion - Remote code execution I found both of them, the local More http://www.secuobs.com/revue/news/216727.shtmlhttp://www.secuobs.com/revue/news/216727.shtml Secuobs.com : 2010-04-28 04:48:40 - Ack Ack - It spins your head, with great vengeance and furious anger Useful No Funny Yes Your head Hello World Download the script here 360js, 180js 20 http://www.secuobs.com/revue/news/216726.shtmlhttp://www.secuobs.com/revue/news/216726.shtml