FireMaster – Firefox Master Password Recovery Tool

FireMaster is the first ever built tool to recover the lost master password in Firefox. Master password is used by Firefox to protect the stored sign-on information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lose all the sign-on information stored in it.

However user can now use FireMaster to get back all their stored credentials. FireMaster uses combination of techniques such as dictionary, hybrid and brute force to recover the master password from the Firefox key database file. Now it also supports patten based password recovery mechanism which significantly reduces the time taken to recover the password.

Source and Download:
http://securityxploded.com/firemaster.php

Posted in Internet, Privacy, Security, Software | No Comments

New Attack Cracks Common Wi-Fi Encryption in a Minute

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

Source:
http://www.pcworld.com/article/170891/new_attack_cracks_common_wifi_encryption_in_a_minute.html?tk=rss_news

Posted in Internet, Networking, Privacy, Security, Software | No Comments

Sub7 (SubSeven) is back with a new release 2.3

Sub7, or SubSeven or Sub7Server, is the name of a popular backdoor program. It is mainly used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing passwords and credit card details. Its name was derived by spelling NetBus backwards (“suBteN”) and swapping “ten” with “seven”.

Among Sub7’s capabilities are complete file system access and real-time keystroke logging. The latter capability makes it possible for Sub7 to be used to steal passwords and credit card information. It also installs itself into the WIN.INI file and the “run” key of the Windows Registry, in addition to adding a “runner” to the Windows Shell. Computer security expert Steve Gibson once said that with these features, Sub7 allows a hacker to take “virtually complete control” over a computer. Sub7 is so invasive, he said, that anyone with it on their computer “might as well have the hacker standing right next to them” while using their computer.

Source:
http://www.security-database.com/toolswatch/Sub7-SubSeven-is-baclk-with-a-new.html

Posted in Internet, Networking, Privacy, Security, Software | No Comments

Critical vulnerability in the Linux kernel affects all versions since 2001

Google security specialists Tavis Ormandy and Julien Tiennes report that a critical security vulnerability in the Linux kernel affects all versions of 2.4 and 2.6 since 2001, on all architectures. The vulnerability enables users with limited rights to get root rights on the system. The cause is a NULL pointer dereference in connection with the initialisation of sockets for rarely used protocols.

A pointer structure usually defines what operations a socket supports, for example accept, bind and so on. If, say, the accept operation is not implemented, it should point to a predefined component such as sock_no_accept. This is evidently not the case with all implemented protocols. The report mentions PF_BLUETOOTH, PF_IUCV, PF_INET6 (with IPPROTO_SCTP), PF_PPPOX and PF_ISDN, among others, as having unimplemented operations. Some pointers remain uninitialised, and this can be exploited in conjunction with the function sock_sendpage to execute code with root rights.

Source:
http://www.h-online.com/security/Critical-vulnerability-in-the-Linux-kernel-affects-all-versions-since-2001–/news/114004

Posted in Linux, Security | No Comments

More holes found in Web’s SSL security protocol

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.

This type of attack could let an attacker steal passwords, hijack an on-line banking session or even push out a Firefox browser update that contained malicious code, the researchers said.

The problems lie in the way that many browsers have implemented SSL, and also in the X.509 public key infrastructure system that is used to manage the digital certificates used by SSL to determine whether or not a Web site is trustworthy.

A security researcher calling himself Moxie Marlinspike showed a way of intercepting SSL traffic using what he calls a null-termination certificate. To make his attack work, Marlinspike must first get his software on a local area network. Once installed, it spots SSL traffic and presents his null-termination certificate in order to intercept communications between the client and the server. This type of man-in-the-middle attack is undetectable, he said.

Source:
http://www.computerworld.com/s/article/9136074/More_holes_found_in_Web_s_SSL_security_protocol?taxonomyId=17

Posted in Internet, Privacy, Security | No Comments