Inferno released an advisory in Bugtraq stating that he discovered a method of exploiting the following Google items (to name a few):
1. Steal your emails.
2. Steal your contacts.
3. Steal your documents.
4. Steal your code.
5. Steal your sites.
6. Steal your website analytics.
7. Backdoor your iGoogle Homepage with malicious gadgets.

With Twitter’s recent Cross Site Scripting worm and now Google’s universal vulnerability I think its time to re-think your client-side security controls if you haven’t already.

If you haven’t already looked at something like noscript for protection against these attacks, I’d highly recommend it. It may not provide you with complete peace of mind but at least you know you have an extra layer of security against pesky and basic XSS attacks!

1. We believe for anonymity in security through ambiguity and obscurity. Confuse them and they will come.
2. Yo XSS, what will we do today? The same thing we do everyday, try to “hack the planet”!
3. Hacking has no roots in kung-fu. Regardless of what anyone tells you, hackers are not master ninjas.
4. DO NOT use the title penetration tester loosely
5. Sarcasm in infosec is career limiting
6. Satire is the most advanced form of communication having been founded by Egyptian monkeys
7. Join the house of flying hackers social network and look up Debbie. Refer to point 3.
8. Beware of the Council of Internet Supervillans
9. Web application security is the only security! 999% of all reported vulnerabilities affect web applications (i.e. SQL Injection in the widely used Webgoat v1.000001 BETA)
10. How to mitigate additional attacks: (1) Find hacker, (2) Baseball bat.
11. Know how to use the term “pwned”. For example, I got pwned in the back “orfaces”.

A well-organized crime gang has stolen credentials for more than a half-million financial accounts in less than three years using a sophisticated trojan that remains undetectable to the vast majority of its victims, a report published Friday warns. (See The Register

A super, invisible trojan is the makings of a Hollywood movie but this is nothing new. It should make one question the last time their PCs were re-installed, better-yet, browsers in virtual machines!

The Hollywood version of Hackers includes, hacking the Matrix, flying through Cyberspace and being hunted down by every known government agency.

There are two approaches I can see. First, the hacker as the primary role, second, a hacker in a secondary role. The primary role includes films like Hackers, Swordfish and Takedown. Secondary roles includes, Die Hard 4, can’t think of any others right now.

The entertainment value of someone sitting down and coding blows! The value as in the traditional Macguyver series might involve Michael Daw using hacking techniques in a clever way to keep ahead. This is perhaps the way forward.

Cool Wikipedia page of Hacker books here.

Still waiting for a fix…

My original ramblings can be found on WithDK.com.

• What is acceptable vulnerability disclosure? Is vulnerability disclosure good at all?
• Is releasing security research publicly really beneficial to the security at large?
• Who benefits the most from the security tools, research and discussions?
• How do governments view public disclosure of vulnerabilities and research?
• How do corporate bodies view public disclosure of vulnerabilities and research?

I think many would agree that web applications have become target number 1. However, I would like to draw the glaze away from that for a second and point out that network-based intrusion is by no means dead and burried.

Services such as VOIP and BES are growing in popularity and often require significant network design and architecture changes to get working. Also, encryption within new protocols may provide attackers with tunnels to hide and mask traffic to avoid intruder detection systems.

Robert Moore is in prison for breaking into a number of VOIP providers, this is what he had to say:

“I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had ‘admin’ or ‘Cisco0? as passwords on them. We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. …

In summary, web applications are vulnerable yes, but it is only one area of concern. Currently SANS shows little traffic to BES (one service i’ve been researching lately), but this may very well change in months to come.

• sqlmap – feature-rich SQL Injection tool
• bsqlbf 1.1 – Blind SQL Injection Tool
• sqlninja – Microsoft SQL Server SQL Injection tool
• Absinthe – Blind SQL Injection Tool
• SQL Power Injector – SQL Injection Tool
• SQLiX – SQL Injection Tool

More:http://www.databasesecurity.com/sqlinjection-tools.htm

Michael observed the encrypted contents of the webpage with an immediate curiosity.

"Ars you can see Michael, we use HTML Code Guard to protect ur’ downloads page and to prevent spidurs’ and other automated programs from dawnloadin’ all ur’ products."

Michael tried to imagine how the developer across the phone looked. His voice was high-pitched, with a thick distinctive Irish accent.

The idea behind HTML Encryption is to prevent source code theft and to limit information leakage regarding the applications layout and structure.

HTML Encryption applications are designed to protect and secure HTML code. This post discusses a brief introduction to some of the weaknesses and pitfalls associated with HTML Encryption.

A snippet of encrypted HTML code (1 link) can be seen below:

<meta name="generator" content="HTML Code Guard" /><meta http-equiv="expires" content="0" /><script language="JavaScript"></script>

<!--<br /-->var d="b=~6,98a|6**.doo15;6=92:='p/,7|`*9+*bo=`";var fcrc="5DC10B9C";function dc(e){var ds="";e=e.toUpperCase();for(i=0;i<e.length;i+=2){ds+=unescape("%">

72657475726e206e6e3b7d66756e6374696f6e20686578286e756d297b7661722048657843686172732
03d202230313233343536373839414243444546223b76617220486578537472203d2022223b6e756d3d
61626e286e756d293b6966286e756d3d3d30292072657475726e20223030223b7768696c65286e756d3
e30297b486578537472203d2048657843686172732e636861724174286e756d25313629202b20486578
5374723b6e756d203d204d6174682e666c6f6f72286e756d2f3136293b7d72657475726e204865785374
723b7d66756e6374696f6e2043616c63435243333228737472297b766172206c696d69743d2d33303636
37343931322c206372632c204352435461626c653d6e657720417272617928293b666f7228693d303b693
c3d3235353b692b2b297b6372633d693b666f72286a3d303b6a3c3d373b6a2b2b297b6966286372632026
2031297b637263203d202828286372632026202d3229202f2032292026203231343734383336343729205
e206c696d69743b7d656c73657b637263203d2028286372632026202d3229202f203229202620323134373
438333634373b7d207d4352435461626c655b695d3d6372633b7d766172206372633d2d313b666f7228693
d303b693c7374722e6c656e6774682d313b692b2b297b637263203d202828286372632026202d32353629
202f2032353629202620313637373732313529205e20284352435461626c655b286372632026203235352
9205e207374722e63686172436f646541742869295d293b7d637263203d20637263205e202d313b6372633
d68657828637263293b6372633d6372632e746f55707065724361736528293b72657475726e2
</e.length;i+=2){ds+=unescape("%">

As seen above, its like finding a needle in a haystack. The encryption program above, utilises what I call the JavaScript chaos approach (as many do). This means the original code is pushed, obfuscated, pushed some more etc to prevent reverse engineering. When it is complete we are left with what you see above, a mess. Although, this is not readable to humans, it is obviously readable by the browser, it has to be, or the browser could never render it; however, this particular encryption application must have been designed and tested around Internet Explorer, as Firefox dies and enters an infinite loop when its JavaScript engine attempts to render this. This is our first pitfall when utilising these programs: The large amount of JavaScript obfuscation may cause unexpected results with various browsers.

Second, without attempting to reverse enginner the code (to make it normal HTML once again), we can simply use the browser DOM (Document Object Model) to pry open the websites contents. It is trivial to retrieve images, links, CSS, forms, tables etc. For example, to retrieve the first link on the page, we could simply do this from the navigation bar:

javascript:var x=document.getElementsByTagName('A');alert(x[0].href);

The outcome:

This was me playing around for 10 minutes (literally). In summary… erm.. need I say more.

"Mr Daw, tell me, how do I hack into other people’s computers?"

"Excuse me?" Michael said responding in a low, calm voice.

"I want to be able to hack into computers in any place and at any time, how do I do it?"

Michael had been delivering a security awareness training session with a group of young developers at the London University. The Computer Science professor was an old friend, and often invited Michael to share experiences and deliver talks to his class on a variety of discussions. How to hack into a computer was a question Michael had heard many times during his career, and one that always brought a smile to his face. It was a question that many frowned upon when asked, but for some reason he never tired of hearing it. Hearing the question mean’t two things to Michael. First, this individual obviously feels I may know something of the subject, and second, if I had the power or knowledge to give away such a pearl of wisdom in a single sentence, I would truly be a wizard and probally not driving a beaten up old Fiat.

Michael paused for a minute looking into the young man’s eyes which were becoming increasingly eager for a response.

"Reaching that pinnicle of knowledge and skill requires a life devoted to the art. It is no different from mastering music from composers such as Mozart, or Bach."

The young man’s face frowned. This was obviously not the answer he had expected. As he looked for words, Michael continued:

"The subtle difference with the art of hacking from many other arts, is how the individual chooses to use such talent as it is forged and developed."