napredna pretraga
[ naslovna ] | [ za webmastere ] zastita feeds

09-03-2010 10:09

The correct CV(or malware)

Today we have observed some messages which at first glance appeared to be somebody trying to correct their mistakes on the CV they sent out.

All messages had the same body text that read as follows:

Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.

I have just spotted a mistake on the CV I sent in which my email was incorrect.

Apologies for any inconvenience caused if you ...

Sophos

09-03-2010 2:02

To infinity and beyond

SophosLabs has discovered a technique in anti-virus marketing, which we detect as Spin/BigNumber-P. Typical behaviour involves phrases such as “Product detects X viruses!”, where X is a large, rather exact-sounding number. Some variants involve high-tech numerical displays updated in real-time with ever growing numbers. This technique has been spotted in the wild.

Never one to be left out, SophosLabs would now like to publish the number of malicious files we detect:

 ...

Sophos

09-02-2010 7:17

FakeAV, now with sounds

Recently, creators of Fake Anti Virus software have been getting quite creative and somewhat “professional” in designing the look and feel of their fake software.

Today I came across one with sounds.

Whenever the malware does a fake scan and finds something wrong with the user’s computer, a lady’s voice (in typical GPS style, I might add) booms out “New virus found!!”

If that’s not irritating enough, you get to hear her sweet voice ag ...

Sophos

09-02-2010 4:17

Throttling Traffic Using CSS + Chunked Encoding

19 posts left…

So Pyloris doesn’t work particularly well for port exhaustion on the server, but what if we can exhaust the connections on the client to better meter out traffic? That would make it easier for a MITM to see each individual request if it worked. So I started down a rather complicated path of using a mess load of link tags on an HTTP website trying to affect the connections on the HTTPS version of the same domain. No joy. It turns out that the limits placed on ...

ha.ckers

09-02-2010 3:56

Pyloris and Metering Traffic

20 posts left…

Pyloris is a python version of Slowloris, and since it is written in python it’s SSL version is thread safe. So what better way to lock up an SSL/TLS Apache install (given that Apache still hasn’t fixed their DoS)? Well, one of the big problems attackers have when trying to decipher SSL/TLS traffic is the fact that browsers not only send a lot of request down a single connection but they also connect use a bunch of open connections over separate socke ...

ha.ckers

09-02-2010 3:48

XSHM Mark 2

21 posts left…

If you’re familiar with XSHM this is going to look awfully similar (but better). When a script creates a new popup (or tab) it retains control over where to send it at a later date. I talked about this concept before. But let’s see what else can be done. What if the attacker uses the history.length function to calculate how many pages a user has visited after they left the tab for wherever they landed. The attacker could do something like this:

 ...

ha.ckers

09-02-2010 3:38

Cookie Clobbering

22 posts left…

While thinking about the previous issue and listening to Jeremiah’s preso and talking with the guys at Microsoft I got to thinking about cookie clobbering. Let’s say that Microsoft thinks HTTP cookies overwriting secure cookies is a big enough problem to fix. Let’s walk through the use cases. Let’s say there is a separate place for secure cookies that can’t be overwritten by non-secure cookies. Does that mean two cookies are replay ...

ha.ckers

09-02-2010 3:25

MITM, SSL and Session Fixation

23 posts left…

It’s been known for a long time that HTTP can set cookies that can be read in HTTPS space because cookies don’t follow the same origin policy in the way that JavaScript does. More importantly, HTTP cookies can overwrite HTTPS cookies, even if the cookies are marked as secure. I started thinking of a form of session fixation during our research that uses this to the attacker’s advantage. Let’s assume the attacker wants to get access to a u ...

ha.ckers

09-02-2010 3:12

Issues with Perspectives

24 posts left…

When I told one of my guys about the double DNS rebinding attack, he said, “Well it’s a good thing I use perspectives.” So that was my clue that I had better get familiar with the plugin if people are seriously relying on it for security. In the process we found a number of potential issues. For those of you who aren’t super clued in about this tool it was originally designed to handle situations where governments are tapping people using thi ...

ha.ckers

09-02-2010 2:57

Prior Knowledge Of User’s Cert Warning Behavior

25 posts left…

One of the issues Josh and I talked about at Blackhat was how the SSL certificate warning message can be used to gain information about a user’s behavior and how that can be used against the user. Let’s say a man in the middle causes an error via proxying a well-known owner/subsidiary. For example let’s say https://www.youtube.com/ which most technical people know belongs to Google and which, incidentally causes SSL/TLS mismatch errors because it ...

ha.ckers





  [1] 2 3 4 5 ...  




Brza pretraga:

xss
antivirus
security
vulnerability
avast
SPAM
attacks
pentesting
microsoft
kasper
zastita


Sponzorisani linkovi:

Grcki stubovi
Torte