Taranfx - Your Gateway To Technology » vulnerable

IE Flaw Makes local Files Public

admin — Thu, 04 Feb 2010 19:08:30 +0000

The end of Internet Explorer is finally here. Series of events: Google Hacking, removal of support for Google apps, several other vulnerabilities are forcing users to move to alternates.

Recently, at Black Hat DC conference, a security consultant (Jorge Luis Alvarez Medina) demoed how it’s possible to exploit a flaw in Internet Explorer browser that turns your personal computer into a public file server. In other words, attacker can remotely read files on the victim’s local drive.

There are a few ways to initiate the attack, which is somewhat complex because you have to “string alot of the features together to build an attack tool,” Medina said. One method involves enticing the victim to click a link to a malicious Web site.

.. Read Further »

ALL Windows PC Exploited by Hack

admin — Wed, 20 Jan 2010 18:12:00 +0000

There exists an encryption that has been left UnBroken since 1942 approximately time around the World war 2. This is called security – when encryption algorithm lasts long, really long.

Unfortunately, Microsoft has a different story. After 17 years of windows, someone found a hole that makes every windows PC on this earth prone to hacking.

This hole allows users with restricted access to escalate their privileges to system level – This is possible on all 32bit Windows .. Read Further »

Code that Hacked Google IDs [Aurora]

admin — Sat, 16 Jan 2010 19:31:27 +0000

Chinese hackers changed the face of Internet forever by taking the wrong step — trying to hack the search giant and several other giants.

Apparently, we know that hackers exploited a Vulnerability in Internet Explorer, but little was known about it untill the code that hacked Google became public.

So what does this code do ?

In Easy Words: Basically, the script creates a blank element on the page. This element has an “address” like a house. Then the element “moves out” and something else takes up the space of the house (it might even move the house around, or be larger than the house and contain it). But the script still knows where the house was, and can put things in there and if another bit of the program happens to overlap, some code put in that place might .. Read Further »

How Twitter was Hacked

admin — Fri, 18 Dec 2009 21:04:19 +0000

Internet faced World Wide Panic as Twitter.com was defaced to run out of service. Soon after the attack Users were able to see a page that claimed work of “Iranian Cyber Hackers”.

In simple words, it was nothing but a DNS hijacking attack in which Twitter’s DNS records were altered. That means surfers trying to reach the website directly via name resolution services were redirected to a fake domain, while the Twitter servers were running. As a result, applications that depended upon Twitter’s API - such as TweetDeck or mobile phone apps - were unaffected by the attack. Hence, Twitter servers were never hacked!

Rik Ferguson, a security consultant at Trend Micro, explains that this type of DNS hijacking usually involves compromising the systems at the registrar responsible .. Read Further »

Vulnerabilities in HTML 5 and Future

admin — Sun, 13 Sep 2009 09:34:46 +0000

HTML 5 comes with alot of promise for the web. It has lot of new features that could make Web Browsers and Apps much more powerful than they ever were.

Let’s go by an example. Try accessing Gmail on iPhone or Android phone, you will have notice some differences from what it used to be a month ago. The new thing worth noticing is the introduction of the offline access.

Gmail went down, offline in September, but credits to Gears, Gmail was still up and running with select Browsers. On the other side, iPhone Safari doesn’t have a Gears plugin, so how was it still running?

The answer lies with the HTML 5 standard, more .. Read Further »

Hacking the Unsecure GSM Encryption

admin — Fri, 28 Aug 2009 09:19:51 +0000

Sometimes its ridiculous how the most common (and important) technology in our daily-life is vulnerable to kinds of attacks that could bring nightmares. Still, no one is aware, no one is doing anything. Such is the Case of Today’s GSM — The most popular Cellphone Technology.

Every year, some hacker comes out and breaks something crucial to us, which makes us and authorities learn it the HARD WAY, “We are not safe”.

The best work is done by BlackHat and DEFCON, which are open forums for Hackers, especially DEFCON, which has open hacking challenges.

If you ever went to the DEFCONs, you know what I’m talking about. These guys can take down a military of servers down in couple of hours. They can hack anything from a conventional “lock” to GSM phones.

This year was no exception. Karsten Nohl, a PhD candidate from the University of Virginia gave .. Read Further »

The Linux Kernel Bug, Vulnerability that went for Eight years Un-Noticed, Un-Fixed

admin — Sat, 15 Aug 2009 07:28:53 +0000

Sometimes, we overlook a critical aspect which could mean that our efforts of decade can be blasted within seconds. Such is a bug found in Linux 2.4 Kernel.

According to security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.

You can imagine. Out of Today’s Linux systems, 95% use >2.4 <=2.6, so almst every Linux kernel is Vulnerable to this attack.

The bug allows an attacker to escalate local privileges and completely compromise the entire system. Julien Tinnes, a security researcher who does know his way around kernel code, wrote the following details about the bug.

At first sight, the code in af_ipx.c looks correct and seems to initialize .sendpage properly. .. Read Further »
Related Stories
Install Ubuntu on Nexus One
Install Android, Ubuntu on HTC HD2
Google Services now available from CommandLine Linux Tool
Upgrade Ubuntu Karmic 9.1 to Lucid 10.04
Ubuntu 10.04 Lucid Lynx is here [Features]
Sony Removes Linux Support from PS3 Phat
Ubuntu 10.04 Lucid Lynx Beta [UI, Video]
Sync iPhone in Linux [Ubuntu]
IE Flaw Makes local Files Public
ALL Windows PC Exploited by Hack
Code that Hacked Google IDs [Aurora]
Google upgrades to EXT4 FileSystem

BGP 4byte ASN Vulnerable to DoS on Cisco IOS, IOS XE – Fix Released

admin — Tue, 04 Aug 2009 20:53:54 +0000

4byte ASN (autonomous system numbers) was incorporated into most BGP routers recently. Since we are running out of ASN no. given to service providers, authority have stopped using previous Internet 2byte BGP ASN routing Updates.

The newly found vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing.

This feature has a critical vulnerability on all recent IOS that support it. Cisco last week issued — and today updated — a security advisory for its IOS software.

Cisco IOS supporting RFC 4893 for four octet AS number spaces in BGP are susceptible to denial of service attacks when handling BGP updates. There are two DoS vulnerabilities in the software, according to the advisory:

1. Vulnerability .. Read Further »

iPhone SMS Hack Fix via Firmware Update

admin — Fri, 31 Jul 2009 15:47:06 +0000

Apple had been silent on the Critical Vulnerability found by BlackHat’s security expert presenter, till Google went ahead with the similar fix for the Android platform.

I haven’t heard the official news coming directly Apple, but Carriers are doing it. First one to do is O2 UK, which announced that Apple will be releasing fix by weekend.

There’s no news from AT&T yet, but they are not far from.

It’s an admirably quick fix to a comically terrible problem. Probably, it will come as 3.0.1 or something similar. But at least Apple’s got an update infrastructure to match their relatively quick remedy; what’s really worrying is that some other vulnerable phones—mostly Windows Mobile handsets—are still vulnerable, and whatever updates Microsoft have in store may have a slightly harder time blanketing users without the near-daily update checking built into the .. Read Further »

iPhone and Android SMS Hacks

admin — Thu, 30 Jul 2009 15:59:16 +0000

BlackHat is a yearly security conference where Industry’s most Dark side secrets are revealed.

Few years back, Sir Lenin identified a Cisco security flaw that could bring down EVERY SINGLE CISCO ROUTER in the world. Lenin was from ISS (Internet Security Systems), he was fired & tortured, and what not. Cisco, at no cost, wanted their secrets to be revealed. Well, that was years back. since that year, we have more darker sides of the IT world.

This year, Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They’re presenting Today but their findings have been published.

Detail

A serious security flaw that could allow a remote attacker to take control of the victim’s iPhone by sending a specially constructed SMS message. The vulnerability might be publicly demonstrated and explained as per the schedule here .. Read Further »