Posts Tagged ‘hackers’

Internet Explorer 6-7-8 => Remote Code Execution

Tuesday, January 19th, 2010

Summary:
Microsoft is investigating reports of limited, targeted attacks against customers of Internet Explorer 6, using a vulnerability in Internet Explorer.

Affected:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

Vulnerability:
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

NOTE: This is the vulnerability used by China hackers to spy and scam Gmail Accounts.

Tags: , , , , , , , , ,
Posted in Articles, Exploits, Hacking, News | Comments Off

How the underground died

Thursday, July 16th, 2009

I’m thinking about the underground and people , and reflection is full sadness .
Where is the time of real programmers? Of arpanet? Of Unix?
Jim Morrison said : The end , my only friend .

Yes , the end . And , not as Phrack article , “nostalgia, melodrama, black hat rhetoric”.
Why? Because it isn’t a cold and detached analysis . it’s based on sadness and regret .
There was a story , there were hackers . R.I.P
Giant corporations , script kiddies , white hat disclosure . Murderers.
There was once a time when hackers were basically isolated. The story how the underground died.

Tags: , , , , , , ,
Posted in Articles, General, Hacking, Stuffs, Webappsec | Comments Off

The reality of Phishing and Global Security failed.

Monday, July 6th, 2009

Yes , security . But unfortunately isn’t only respect hacking and hackers or focused on high security level.
What is concretely the modern concept of security? I’m talking about security for everyone using internet and net-services that is actually delegated to giant corporations.
However , big is focused on marketing and advertising , so usually doesn’t provide the necessary security to customers.
Moreover legislation is inefficient or obsolete, online transaction as e-banking is very popular , there are a lot of vulnerabilities which may not be caught up by most service providers and browser vendors , spamming technology is very lamer-friendly . All encourages crackers in phishing or illegal business.
The modern reality of phishing uses social engineering, spam and fake websites obviously with a spoofed identity convincing victims to visit exploited url or to login in fake look like original.

Attackers exploit web browsers using a 0-day bug, unfixed by vendors , to install a malware or infostealer, or dangerous web features like activeX , flash , javascript , xml or technologies like url obfuscation attack , visual spoofing in modern browsers , clickjacking , cross site scripting stoling account credentials, csrf , DNS server poisoning sniffing password information even in the HTTPS connection.

There are a lot of examples of phishing , Paypal , E-bay , Banks and so on.
There are a lot of phishing locations , Usa , Corea , China , Brazil and so on.
Old hackers aren’t involved in , attackers are frequently script kiddies , crackers and generally not properly coders . However they are dangerous for normal users , very very dangerous , even a fake login can be fatal.
Law is impotent and obsolete , there isn’t a content security policy , normal users are unprepared and uninformed . So phishing is a catastrophic reality that sees hackers exploits, sources and kits used by script kiddies to steal victims. Well.

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in Articles, Exploits, General, Hacking, Infosecurity | Comments Off