“The Google chrome browser is vulnerable to memory exhaustion based denial of service which can be triggered remotely.The vulnerability triggers when Carriage Return(\r\n\r\n) is passed as an argument to window.open() function. It makes the Google Chrome to generate number of windows at the same time thereby leading to memory exhaustion. The behavior can be easily checked by looking at the task manager as with no time the memory usage rises high. The problem lies in the handling of object and its value returned by the javascript function. Once it is triggered the pop ups are started generating. The Google Chrome browser generate object windows continuously there by affecting memory of the resultant system. Probably it can be crashed within no time. User interaction is required in this.”

What’s Google’s take on this flaw, and have they acknowledged it already? Zero Day asked the researchers.

Q: This is the second DoS vulnerability that members from EvilFingers disclose. How is the second one different than the first one, and how would a remote attacker take advantage of it?

A: Ideally, both are Denial of Service attacks. But second one is different for the matter that it does a memory exhaustion, or I would say “performance” peaks with the pop-ups. By default, all the pops are blocked by Chrome, but still the CPU usage jumps up to 98% and so does the memory consumption, therefore other processes will surely be affected. And then the PoC for the first one crashes the chrome right away without any reaction time to the user or any user way to prevent the loss of work. But with the second one, an experienced user can prevent the same and can save work of other tabs before resulting in a browser restart. Or put in another way, first one is a crash of all tabs, second one is a hang of tabs.

Q: Since you’re responsibly disclosing the vulnerabilities that you find to Google, what is your opinion on their current response time and overall attitude towards the vulnerabilities that you’ve reported?

A: Response time with the first one was well appreciable, as it was fixed within 24hrs though it took some days to roll out next 0.2.149.29 ‘patched’ version. For this newer DoS, the patch is yet to roll out and they have acknowledged the bug for now.

Has Google’s Chrome level of exploitability changed since the first DoS vulnerability? It may well be declining considering some recently published browser market-share statistics, clearly indicating that a lot of users seems to have given Chrome a try, and are back to their default browsers. According to published Chrome stats by Net Application :

“At the end of its third week of availability, Google Inc.’s Chrome accounted for 0.77% of the browsers that visited the 40,000 sites tracked by Net Applications, down from a 0.85% share the week before. “The trend line on Chrome still has a slight downward angle, and these weekly numbers reflect that,” said Vince Vizzaccaro, Net Applications’ executive vice president of marketing. Although Chrome popped above 1% within hours of its release, the new browser now reaches that mark only in the middle of the night, U.S. time, Vizzaccaro added.”

StatCounter’s latest Chrome stats of over 450M page views globally, also indicate the introduction period and the slight decline afterwards. Chrome’s popularity is proportional with its level of exploitability, so keeping an eye on how many users stick with the (BETA) browser, will either increase or decrease it.

Source

Security firm Sophos warned on Thursday that e-mails being circulated on the Web that purport to offer a free iPhone game instead are carrying a Trojan horse that can take control of infected Windows machines.

The e-mails have subject lines like “Virtual iPhone games!” and “Apple: The most popular game!” The attachment is called “Penguin.Panic.zip,” which refers to the iPhone game of the same name.

The Trojan has been identified as Troj/Agent-HNY, Sophos said.

Sophos has not yet seen versions that run on Mac OS X, the Apple iPhone, or other mobile devices.

The e-mails sent out in the aftermath of the Delhi and Ahmedabad blasts reveal that the Indian Mujhahideen hacked into unsecure WiFi networks to send out the terror e-mail.While this trend may continue thanks to the number of IT professionals on the Students Islamic Movement of India/Indian Mujahideen rolls, it is up to us to ensure that we take utmost care while using the Internet.

Sameer Shekle, co-founder and COO, Aujas Networks, a digital security services provider, says Internet users could adopt the following methods to ensure that s/he is safe.

1. Disabling the SSID broadcast. To some extent this makes it difficult for the hacker to detect the presence of a WiFi access point.
2. Enable MAC address filter. Each network interface has a unique MAC address, by filtering it, one can to an extent control which machines can use the access point.
3. Turn on WPA/WEP encryption. This ensures that traffic between a legitimate machine and an access point is not readable.
4. Change default admin passwords for access points.
5. Ensure access points are placed securely. In the centre of a room/office etc to minimise its signal strength outside the office.

Even after following the above precautions, your WiFI account could be compromised and hence, the things to look at are:

• Monitor usage of the access point. Have a clear inventory and knowledge about the position of each access point.
• Monitor the usage of the Internet link, to know what traffic is going out. For example, some corporate block e-mail providers like yahoo or hotmail. Hence, even if the access point is compromised, the hacker may not be able to use public e-mail systems.
• Consider a specific security policy for wireless networks. For example, most companies primarily use wired networks in the office as the primary media. Access points are used in common areas like conferences rooms etc. Hence, strict policies can be deployed on wireless networks as compared to wired networks.

Role of Digital Forensics:

Digital Forensics means the analysis of electronic media to detect forgery or manipulation. It is used to identify possible culprits and also to gather legal evidence to be used for prosecution.

Digital Forensics is a highly-specialised area and if not done using the right skills and tools could lead to evidence being deleted or not usable in the court of law. It is similar to that of criminal forensics and hence needs special skills and tools. Hence, it would be advisable for companies to understand their responsibility and the do’s and don’ts during a breach.

Public e-mails systems have limited information about its users and normally provide it to law enforcement agencies on special request. This information is picked up during e-mail ID creation, usage etc.

Most usual information picked up is the source of the Internet Protocol, which can be masked using techniques like using others’ WiFi networks. Hence, unless e-mail providers enable higher security mechanisms like special authentication while creating users not much can be done. It is not easy for e-mail providers to do this as, by definition, these e-mail systems are free and open for people to use.

Source

Antivirus XP 2008′s Web site looks legit, but caveat emptor.

Yeah, Google.

Apparently, though, the virus is now being spread in more insidious ways, and numerous people who claim safe browsing habits and up-to-date security definitions are being infected–including two of my friends.

In helping them remove it, I discovered an excellent post on the CNET Forums that explained a detailed and accurate method of removal. I’ve retyped it below with more detail in case you’re not able to get to the forums. It’s not particularly complicated, but if you’re not comfortable with advanced settings, I’d recommend proceeding cautiously or get a friend to help.

The scan window from Antivirus XP 2008 also looks legit. It’s also not.

A warning before we begin: do not boot your computer into safe mode. Leave it running as you normally would. I tried restarting into safe mode, and the malware was prepared for that–its folders and files became undetectable.

First, in the Start menu, click on Run. If you can’t find the Run option, hit WIN+R. (That’s the key with the Windows icon on it.)

Type in msconfig, and go to the Startup tab. You’re looking for two files. One begins with the string of letters “lph,” and the second begins with “rhc”. The examples provided are longer strings, “lphc35dj0e1an” and “rhc75dj0e1an”, but after the first three letters, the strings are known to change on different computers. Uncheck the boxes next to both of them, then click on Apply and OK or Close at the bottom of the window.

The scan window from an older version of Antivirus XP 2008.

Restart your computer normally. You’ll notice that the background hasn’t changed. To restore your desktop settings, you’ll need to go to Start > Run again, or Win+R. This time, type in Gpedit.msc. On the left nav, look for User Configuration near the middle. Navigate through Administrative Templates, then Control Panel, and finally Display. When you click on display, you’ll see a list of options open in the central pane. Right click on “Remove Display in Control Panel,” and click “Properties.” Then choose “Disabled.”

Repeat those same steps for the following attributes: Hide Desktop, Prevent changing wallpaper, Hide Appearance and Themes, Hide Settings, and Hide Screen Saver. Change all to “Disabled,” then hit Apply, OK, and restart your computer.

You will still see the Antivirus XP 2008 desktop “theme”, but now you can change it. Anywhere on your desktop, right-click and select properties. The first tab that opens should allow you to change your theme. If you also suffer from massive icons, use the last tab on the right, Settings. In the middle of that tab’s window you’ll see a Screen Resolution option, most likely set to 800×600. Move the slider to the left to choose a more aesthetically appealing resolution.

Source

Then came along the ‘password managers’ which store all your logins and passwords, encrypted and password-protected. But what if the password manager crashes, taking down all your credentials along with it? Huh? And then again, you can’t access it from a second computer, unless you take the pain of using Remote Desktop, which is just as insecure.

The best, and simplest solution, in my opinion is to store them online. Like Google Docs? Yes! Google Docs. Now, i hardly know anyone who does not have a gmail account. So, why not use google docs and create a document and throw everything in? And remember just one password, your google password? And if you are hysterical (read crazy) , you could go a step further and change your gmail/google password everyday.

That way you could access your information from anywhere, and it is password-protected! Simple.

Of the two big browsing features of 2008, one seems to run counter to where developers are driving their browsers. The melding of the location bar to the search bar was expected in Firefox and Opera, thanks to beta versions. Chrome has it, too, calling it the Omnibar. What seems to have caught developers off-guard has been the clamor for a universal switch to stop the cache and browsing history from recording anything at all.

Internet Explorer 8′s InPrivate.

(Credit: CNET Networks)

Microsoft’s InPrivate debuted in Internet Explorer 8 beta 2, and Google Chrome’s version is the well-received Incognito feature. So far, in Firefox, the feature has only been available via the Stealther plug-in, which basically copies all the features of InPrivate except that you don’t have to open a new browsing window. Now, Mozilla has announced through the Firefox 3.1 status tracker that a privacy toggle will be a baked-in feature.

It turns out that Mozilla has had such a toggle on its radar since 2004, when Apple’s Safari introduced a cache-avoiding browsing session. So what took so long for Firefox to decide that this should be a rolled-in feature? As others have noted, Firefox director Mike Beltzner declared that the feature would need to take a backseat to keeping the browser on schedule.

Google Chrome’s stealth mode, Incognito.

(Credit: CNET Networks)

Pressure from this being a near-universal feature has no doubt accelerated its importance, although Mozilla plans to put its own spin on what it can do. In addition to turning off the page cache and the browsing history recorder, there will be no autofill for passwords and new passwords used will not be saved. Also, all cookies acquired during the session will be discarded, as will downloads in the Download Manager. Essentially, pages visited will be stored in the memory, not on the hard disk–although there’s no word on if or how this will affect performance.

Another aspect of the current unnamed feature will save all tabs and close the session, re-opening a new blank browser window. When the private session is finally turned off, the older session will re-open. One difference from Microsoft’s InPrivate will be that there won’t be any neon advertising that private mode has been activated, according to Mike Connor, the lead developer on Firefox. The fact that you are using a privacy mode will remain private.

Originally posted at The Daily Download

Don’t be mistaken by the title. Web site owners already have enough trouble from hackers scanning their web sites for vulnerabilities. This always involved complex scripts and tools but the hacking group ‘Cult of the Dead Cow’ (cDc) which is best known for creating the deadly Back Orifice trojan just released Goolag, an open-source tool that allows even script kiddies to leverage the use of google to help find such vulnerabilities easily.

The web auditing tool from cDc was announced with the following press release:

SECURITY ADVISORY:  The following program may screw a large Internet search
engine and make the Web a safer place.

LUBBOCK, TX, February 20th -- Today CULT OF THE DEAD COW (cDc), the world's
most attractive hacker group, announced the release of Goolag Scanner, a web
auditing tool.  Goolag Scanner enables everyone to audit his or her own web
site via Google.  The scanner technology is based on "Google hacking," a form
of vulnerability research developed by Johnny I Hack Stuff.  He's a lovely
fellow.  Go buy him a drink.

"It's no big secret that the Web is the platform," said cDc spokesmodel
Oxblood Ruffin.  "And this platform pretty much sucks from a security
perspective.  Goolag Scanner provides one more tool for web site owners to
patch up their online properties.  We've seen some pretty scary holes through
random tests with the scanner in North America, Europe, and the Middle East.
If I were a government, a large corporation, or anyone with a large web site,
I'd be downloading this beast and aiming it at my site yesterday.  The v
ulnerabilities are that serious."

Goolag Scanner will be released open source under the GNU Affero General
Public license.  It is dedicated to the memory of Wau Holland, founder of the
Chaos Computer Club, and a true champion of privacy rights and social justice.

GOOLAG SCANNER FUNCTIONS AND FEATURES

Goolag Scanner is a standalone windows GUI based application.  It uses one
xml-based configuration file for its settings.  All dorks coming with the
distribution of gS are kept inside one file.

The group describes itself as:

About CULT OF THE DEAD COW
Based in Lubbock, Texas, CULT OF THE DEAD COW (cDc) is the most influential
computer underground group in the world.  The cDc alumni list reads like a
Who's Who of hacking and includes a former Presidential advisor on Internet
security, among others.  The group is further distinguished by publishing the
longest running e-zine on the Internet [est. 1984], stretching the limits of
the First Amendment, and fighting anyone or any government that aspires to
limit free speech.

Sources: www.goolag.org