Hack

Three French reporters attending the Black Hat Security Conference in Las Vegas for Global Security Magazine, were booted and banned for life after they allegedly sniffed the private network set up for the press.

At Black Hat and Defcon, you are almost guaranteed to be sniffed, hacked
and owned by attendees, but the private press network is a different
story.

http://www.infosecnews.org/pipermail/isn/2008-August/016698.html

{ 0 comments }

Bot Herder Ancheta was sentenced to 57 months in jail in 2006. This week cohort SoBe (not the soft drink) has pleaded guilty to two counts of juvenile delinquency relating to conspiracy to commit wire fraud, causing damage to computers used by the federal government in national defense and accessing protected computers without authorization to commit fraud. Sentencing scheduled for May 5, 2008.

Apprantly these malicious hackers gained remote access to thousands of U.S. computers, including Sandia National Laboratories, a facility that works on nuclear weapons and other sensitive material.

{ 0 comments }

Paperghost continues zapping phishing script kiddie sites, serious business but quite a funny saga when carried out batman style.

This time he enrolled a mom’s support with hilarious results.
How to give a wannabe hacker a very bad day

{ 0 comments }

Chris Boyd (aka paperghost) of Facetime, blogged about band hacks on MySpace nine days ago, and has posted several updates.

PC World, October 31, 2007 Hackers Sneak Tricks Into MySpace Band Pages

Yet this is today’s news, “Alicia Keys hit by MySpace Trojan hack” at The Register

The attack was discovered by Roger Thompson of Exploit Prevention Labs, who’s posted an explanation of the attack along with a video here.

Erm, credit where credit is due?

Paperghost’s reaction at Vitalsecurity: Spot the Difference

Edit: VitalSecurity Myspace Band hacks - STILL active!

Update: whoops - sorry Chris

{ 0 comments }

Patches available for several critical vulnerabilities.

Adobe Flash Player.
Flash Player update available to address security vulnerabilities

Sun Microsystems.
Security Vulnerabilities in the Java Runtime Environment Image Parsing Code

Many of these vulnerabilities can be exploited to execute arbitrary code on victims’ computers just by making them access a malicious URL using any application that invokes Flash Player or JRE.

{ 0 comments }

blog.spywareguide.com
Posted on July 17, 2006

Paperghost writes:

Now, there is talk of an exploit that relies on redirects via Flash, meaning the hacker has complete control over your profile. You can see the ripples being made here on Digg - should be interesting to see if Myspace put out some kind of “official response” to this one as it’s really caught fire.

eEye
EEYEB-20060524
Vendor: Symantec
Severity: High (Remote Code Execution)
Date Reported: May 24, 2006

ZDNet
May 25, 2006
Remote Exploit in Norton Anti-Virus Puts 200 Million at Risk
Posted by Richard Stiennon

eEye Digital Security is reporting that they have uncovered a major vulnerability in Symantec’s AV product. Basically it will allow a remote hacker to compromise any machine that is running Norton Anti-Virus. This is a big oops. Symantec will have to scramble to get an update pushed out to all of their customers. I would imagine they can do this before an exploit is developed that allows wide spread use of the vulnerability or a worm to spread.

The Register
eEye, eEye, D’oh
By Joe Fay
Published Friday 26th May 2006 15:03 GMT

Symantec disclosed this week that researchers have discovered a software vulnerability that could allow hackers to take remote control of a PC and that it is working to verify the hole and provide a patch.

And the software in question? Symantec’s AntiVirus Corporate Edition 10.x. Oops.

symantec.com

SYM06-010
May 25, 2006
Symantec Client Security and Symantec AntiVirus Elevation of Privilege

Revision History
May 26, 2006 - Updated Products Affected section and other details

Update:

SANS Internet Storm Center
Handler’s Diary May 27th 2006
Symantec Patch Posted
Published: 2006-05-27,
Last Updated: 2006-05-27 20:01:00 UTC by Deborah Hale (Version: 1)

Symantec has just posted patches for the Security Advisory SYM06-010. It appears at this time that the patches are manual download and install. We don’t know at this point if a product live update will be posted for these patches but for the meantime it is there for manual load.

So for those of you enjoying the long weekend, look at what you get to look forward to on Tuesday. If you are running Symantec Corporate Edition 10.1 you get to spend Tuesday patching.

Handler’s Diary May 29th 2006
Symantec AV Vulnerability Latest
Published: 2006-05-29
Last Updated: 2006-05-29 21:21:41 UTC by Kevin Liston (Version: 2)

Symantec has updated their advisory

They confirm that the following versions are affected:
Symantec Client Security-
3.0 all builds
3.1 all builds
Symantec Antivirus Corporate Edition-
10.0 all builds
10.1 all builds

The following patches are available:
Symantec Client Security-
3.0 Builds 3.0.2.2010 and 3.0.2.2020
3.1 Builds 3.1.0.394 and 3.1.0.400

Symantec Antivirus Corporate Edition-
10.0 Builds 10.0.2.2010 and 10.0.2.2020
10.1 Builds 10.1.0.394 and 10.1.0.400

Symantec recommends that you upgrade to a “patchable” version. This may be bad news for some organizations.

Some have reported that the patching process is not trivial, and can be difficult to roll out in some environments.

At this time, there have been no reports of proof-of-concept-code or exploit code other than that held privately by eEye.

We have not received any reports of exploitation in the wild.

Handler’s Diary May 31st 2006
More on Symantec vulnerabilities
Published: 2006-05-31,
Last Updated: 2006-05-31 01:21:02 UTC by Bojan Zdrnja (Version: 1)

The latest patches from Symantec are causing quite a bit of confusion. To reiterate again what Kevin wrote in his diary (http://isc.sans.org/diary.php?storyid=1368):

*ALL* versions of 10.0.x and 10.1.x of Symantec Antivirus Corporate Edition and 3.0.x and 3.1.x of Symantec Client Security seem to be vulnerable.
Symantec Antivirus Corporate Edition version 8.x and 9.x seem to be ok.

Symantec released 4 patches for each product (http://www.symantec.com/avcenter/security/Content/2006.05.25.html):

Symantec Antivirus Corporate Edition
10.1.0.394 -> 10.1.0.396 (there’s a typo here on their web, it’s not version 3)
10.1.0.400 -> 10.1.0.401
10.0.2.2010 -> 10.0.2.2011
10.0.2.2020 -> 10.0.2.2021

Symantec Client Security
3.1.0.394 -> 3.1.0.396
3.1.0.400 -> 3.1.0.401
3.0.2.2010 -> 3.0.2.2011
3.0.2.2020 -> 3.0.2.2021

Now, if you are running *ANY* other version that is affected, you will have to first upgrade to one of the versions that have the patch out and then install the patch. I hope this will clear the confusion.

Resident Evil
theregister.com
By John Leyden
Published Tuesday 9th May 2006

A California man has been jailed for almost five years for running a zombie network of compromised PCs.

Jeanson James Ancheta, 21, of Downey, California, used the botnets he controlled to display cash-generating adverts and as a resource he “rented” for hackers and spammers to run either denial of service attacks or junk mail campaigns.

His network of thousands of zombie computers included machines at the Weapons Division of the US Naval Air Warfare Centrer in China Lake, California, as well as other US Department of Defense PCs.

Copyright © is the original authors

InfoWorld
By Steve Fox
May 01, 2006

Infoworld.com’s security adviser columnist and contributing editor Roger Grimes loves his job. And why not? As senior instructor and consultant at security consultancy Foundstone, he “teaches good hackers how to hack like bad hackers.�? Even better, he gets paid by vendors to break into their businesses (electronically, of course), then report back on what holes he found. “It’s usually trivial, a few hours’ work at most,�? he says.

Given Grimes’ unusual job description, it’s hard to find a security exploit that can shock him. Yet a recent discovery sent him reeling. “I was consulting for a bank,�? he says, “and someone asked me to take a look at a Trojan that had infected 100 bank clients.�? The malware was secretly siphoning money out of customers’ accounts, something he’s seen plenty of times before. But there was a kicker: The reassuring SSL lock icon — that guarantor of a secure e-commerce experience — appeared intact on these customers’ browser screens.

Turns out, Grimes had stumbled on a sophisticated type of Trojan that sidesteps SSL, avoiding authentication and working in the background to steal money, all the while making it appear as if the session were protected by SSL. The implications, Grimes realized, could be devastating, as consumer confidence in online banking and e-commerce in general rests largely on the assumption that SSL means safety.

Copyright © is the original authors.