Monthly Archives: June 2012

Reconnaissance with Images

Hi Readers!!

Lets see how the Images speak this time.

Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case “reconnaissance” refers to the gathering of information in any and all possible manners regarding a particular object of interest. We can gather information from websites online, dumpster-diving offline, and also through the classic act of social engineering. Online information gathering emerged after millions of people all over the world started participating in social networking sites like Orkut, Facebook, Twitter etc. People started to maintain a virtual image of themselves, which may, or may not, be similar to their real-world image. In this article, we shall see the social implications of these dual personas and how they can lead to the exploitation of vanity. We shall also look into how someone’s life can be affected and the risks of geo-localization. This article also features various tools used to perform reconnaissance with the images.

For the full article click here.

Cheers

3psil0nlambda

Advertisements

Virtualization Security in Cloud Computing

Hi Readers!!

Recently I have started writing for Info-sec institute. Here goes my first about security in the cloud!!

2011 ended with the popularization of an idea: Bringing VMs (virtual machines) onto the cloud. Recent years have seen great advancements in both cloud computing and virtualization On one hand there is the ability to pool various resources to provide software-as-a-service, infrastructure-as-a-service and platform-as-a-service. At its most basic, this is what describes cloud computing. On the other hand, we have virtual machines that provide agility, flexibility, and scalability to the cloud resources by allowing the vendors to copy, move, and manipulate their VMs at will. The term virtual machine essentially describes sharing the resources of one single physical computer into various computers within itself. VMware and virtual box are very commonly used virtual systems on desktops. Cloud computing effectively stands for many computers pretending to be one computing environment. Obviously, cloud computing would have many virtualized systems to maximize resources.

Read the full article here.

Cheers

3psil0nlambda

LinkedIN Passwords exposed – A case study by 3psil0nlambda

LinkedIN Hacked

Greetings!

Not long time ago that we saw a Russian hacker post 6.5 million Linked-In password hashes on a Russian hacker forum. After observing the disclosure of the hack, one thing highlighted is that LinkedIn stored passwords using SHA-1 encryption that comes with SSL and TLS protocols.

Using hashes to store passwords – Is it enough?

Storing passwords in clear text would mean lethal for any common user, storing hashes of passwords would make life relatively happier for him. But, is this enough? What are the methodologies that a developer can implement to make password storage more secure and make it difficult for the attacker to crack? Read on…

Salting of hashes:

The concept of salting is simple. Salting is a process of adding salt (a random integer, string, alphanumeric etc.) to your password before computing the hash. This will ensure the randomness in the final hashed password. This would not let the attacker to use the readily available tools, but would challenge him to write a piece of code which would be lot more complicated and time consuming for him.

Possible errors in salting hashes:

  1. Using same salt value for all the passwords
  2. Using too short salts

Making it difficult for the attacker using the concept of KeyStretching:

This refers to a technique to make relatively weak password (referred as key), difficult to crack using the brute force attack by increasing the time taken to crack each case. The final result is termed as the enhanced key. This is preferred to be at least 128 bit long to make brute-forcing least feasible form of attack. A common technique in keystretching would be to apply a cryptographic hash function or a block cipher fuction repeatedly using a loop.

In this article, we have seen a real life scenario of linkedIN attack, and also seen what are the possible ways to fix such kind of attacks by making is less feasible for the attacker.

Cheers

3psil0nlambda

Session Hijacking via XSS in Jabong.com[Patched]

Website:  http://www.jabong.com
Vulnerability: Session Hijacking VIA XSS
Criticality: Moderate to Risky
Author: Karthik R a.k.a 3psil0nlambda
http://www.epsilonlambda.wordpress.org
—————————————————
Another instance of negligence from the team of Jabong .com after repeated emails.
About the site:

Jabong.com is a young and vibrant company that aims to provide good quality branded products. Jabong.com caters to the fashion needs of men, women and kids across footwear, apparel, jewellery and accessories.

At Jabong.com we strive to achieve the highest level of “Customer Satisfaction” possible. Our cutting edge E-commerce platform, highly experienced buying team, agile warehouse systems and state of the art customer care centre provides customer with:

Broader selection of products
Superior buying experience
On-time delivery of products
Quick resolution of any concerns

Multiple Vulnerabilities:

*Cross Site Scripting
*SESSION HIJACKING
*URL Redirection

This can be used to write the cookie data to a text file hosted on a web server and can be later used to compromise user accounts using Cookie Manager Firefox add-on. This Leads to Impersonation of accounts on JABONG.COM

XSS in SnapDeal.com

Site: http://www.snapdeal.com
Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection
Severity : Moderate
Author: Karthik R a.k.a 3psil0nlambda

I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail.

About the Site:

India’s fastest growing shopping site.

Vulnerability:
*XSS a.k.a Cross site scripting
*URL Redirection

Once found out the Vulnerability, it can be used in the following URL to create any attacks.

*Installing malware in the name of Snapdeal.com and gain credit card and other important credentials
*Phishing URL Redirection, and gain login-ID and password

URL used for crafting attacks:-
*http://www.snapdeal.com/search?categoryId=0&keyword=XSS &vertical=all&clickSrc=go_recent&locId=0
*http://www.snapdeal.com/products/lifestyle-handbags-wallets?q=Brand:Jute Planet,A-maze&sort=XSS

Greetz to side-effects, r4dc0re, lord crusader, team inject0r