The Extended HTML Form attack revisited

June 18, 2008 – 2:13 PM

“HTML forms (i.e. <form>) are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not. Apart from that, many web browsers will simply render any data that is returned from the server. One thing to keep in mind is that HTML forms can be hosted on one website (attacker’s website) and send data to an open port on a victim server.

When an attacker can control what is returned by the server, the victim becomes vulnerable to security issues such as Cross Site Scripting. In the case of HTTP servers, this is a well known issue and therefore modern web servers do not exhibit this behavior by default. However this is not the case with other kinds of servers such as SMTP (Simple Mail Transfer Protocol) or FTP (File Transfer Protocol) servers, often these servers will echo back error messages containing user input. When this user input can be controlled by the attacker, bad things can happen.”

Read the rest of the paper…  (PDF)

Posted in Coding, Internet, Privacy, Security | No Comments

IP traffic to ‘double’ every two years

June 18, 2008 – 9:55 AM

Web traffic volumes will almost double every two years from 2007 to 2012, driven by video and web 2.0 applications, according to a report from Cisco Systems.

Increased use of video and social networking has created what Cisco calls ‘visual networking’, which is raising traffic volumes at a compound annual growth rate of 46 per cent.

Cisco’s Visual Networking Index (PDF) predicts that visual networking will account for 90 per cent of the traffic coursing through the world’s IP networks by 2012.

The upward trend is not only driven by consumer demand for YouTube clips and IPTV, according to the report, as business use of video conferencing will grow at 35 per cent CAGR over the same period.

Cisco reckons that traffic volumes will be measured in exabytes (one billion gigabytes) by 2012 and will reach 552 exabytes by that time.

Soon after 2012 we will have to adopt zettabytes (one thousand billion gigabytes) to express traffic volumes.

The report is based on Cisco’s own predictions and aggregates analysis from several market research firms.

Source: Vnunet

Posted in Hardware, Internet, Networking | No Comments

Internet-connected coffee maker has security holes

June 17, 2008 – 2:44 PM

An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.

Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the Internet Connection software that links his Jura F90 coffee maker to his PC.

Once connected to the Internet, the high-end coffee maker, which retails for nearly US$2,000 on Amazon, lets you do things like set the strength of your coffee and get remote diagnostic help over the Internet without having to send the appliance in for service. 

Wright posted the information on the vulnerabilities, and the fact that there is no patch available yet, to the BugTraq security e-mail list on Tuesday.

A U.S.-based public relations representative for the coffee maker said she would try to reach spokespeople in the Switzerland headquarters for comment.

Read the rest of the story…

Posted in General BS, Hardware, Internet, Networking, Security | No Comments

Recovering from the Encryption Virus

June 17, 2008 – 9:57 AM

Kaspersky Lab has published advice on recovering files encrypted by the frightening Gpcode.ak virus, but there is a big catch — users must not have turned off their PC first.

A new variant of the malware struck last week, scrambling a variety of files on victims’ PCs using a very strong 1,024-bit RSA encryption key that has so far confounded attempts to crack it. Its creators demand a ransom for the unlock key.

While victims of the malware will be grateful to have any method to recover files, this technique is fraught with problems for the non-technical. Ideally, users need to have a second — and therefore clean — computer with which to download a GPL-licensed utility, Photorec, to start the process.

The biggest barrier of all, however, is that users must employ the recovery utility without having turned off or rebooted their PC after the infection was first noticed, a fact that will probably reduce the number of people able to use the method to low percentages.

A reboot tends to be the first thing users try when hit by malware, but this risks changing the data on the hard disk, overwriting areas used by a file created by the virus writers when initially encrypting a victim’s files — it is this small mistake that has made the recovery possible in the first place.

Although Photorec is reported to be able to recover files successfully under these conditions, users need to use a separate utility from Kaspersky to relate those files to their real file names and original directory structure. All in all, the method adds up to a pretty steep crash course in the technical side of a Windows PC.

Meanwhile, a full cure for Gpcode appears no nearer, with Kaspersky admitting it still hasn’t discovered the key with which to unlock files the easy way. But even if the company managed to recover the key, there is nothing to stop the attackers releasing a variant using a new key.

As serious as Gpcode.ak has become — it is effectively a sort of encryption zero day attack for which there is no patch — Kaspersky’s approach has come in for criticism from security researcher Dancho Danchev, who has accused the company of mining worry over the malware as a marketing tool. If that’s a valid criticism, then Kaspersky is far from the first to employ such tactics. The whole security alerts business is built on the same premise.

Ordinary users affected by Gpcode, if indeed there are many of those, will simply be happy to have at least one method that offers hope of recovering their files without having to give in to the criminals and pay the ransom demanded.

Read the rest of the story…

Posted in Hardware, Internet, Privacy, Security, Software | No Comments

BackTrack: A penetration testers toolset

June 17, 2008 – 8:02 AM

There are few job titles as misleading as that of the “Penetration Tester.” Sure, saying professional computer hacker would be more direct, but have you ever noticed how hackers seem to have a dirty mind? Why else would they want to go phreaking through backdoors?

Anyway, in order for hackers to umm…maximize their penetration; they need the right tools for the job. BackTrack is a bootable Linux CD that is the swiss-army knife of computer hacking tools. Need to crack a password or break into a wifi connection? Backtrack has the tools already configured and ready to go.

As a matter of fact, with over 250 tools to choose from, your problem will be finding the right tool for the job. We recommend a quick YouTube search for common hacking scenarios.

Backtrack is open-source, as are all the included tools. The program is completely free to download and use. Unfortunately, as with most open source software, it may be hard to find support should you experience any problems.

Now that you have the tools, be sure to use them wisely. We are sure your neighbors wouldn’t appreciate being brute forced. I am talking about their WiFi, sheesh!

Source: Download Squad

Posted in Internet, Linux, Networking, Privacy, Security, Software | No Comments