Back again!!

Hula All!

Back to blogging after a long time. Well, as the saying goes “Be late then never”

:)

Back to Security world there are quite an important news around.

1. Gumblar.cn : This trojan is reported to be spreading rapidly using mainly the adobe vulnerability and other techniques. It captures your key logs, web traffic etc for any sensitive login credentials. Reportedly it mainly targets for FTP credentials. Then it infects the hosted site by injecting the malware download link into its html content. Scansafe has suggested a way of checking if your system is infected?? Good Read.

2. HPP: A subcategory of variable manipulation attack vector. Well, this is technique is not a new face to most of the security testers. Two researchers presented the details at OWASP, Poland. As per the presentation, HPP can be used to

  • Override existing hard coded HTTP parameters.
  • Modify the application behaviors.
  • Access and, potentially exploit, uncontrollable variables.
  • Bypass input validation checkpoints and WAFs rules.

Detailed paper is yet to be out. A FAQ is also available here.

3. IIS5/6 Webdav vulnerability: A Microsoft vulnerability was reported in full-disclosure which allowed unauthenticated remote access to the server. This is on the same lines of the old IIS Unicode bug :)

A must read article can be found here by Zoller. For less techie guys, you can find a simplified article here. Microsoft also provides more insight in its advisory.

4. Microsoft Powerpoint and adobe reader exploits are out in wild. All readers are requested to patch their versions.

Happy patching and a secured browsing!

w0lf

Similar Posts you might be interested in:

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • MySpace

categories Application Security, Evil particles, Information Security, Network Security, Vulnerability Assessment | w0lf | May 28, 2009

categories , , , , ,

3 Responses to “Back again!!”

  1. s4nsh1n3 says:
    June 2, 2009 at 11:30 am

    gumblar.cn i found it on bsnl karnataka website while browsing if any visits this site the trojan will get automatically downloaded on the users system without his knowledge. i have reported this to the bsnl karnataka hope they might have resolved the issue

  2. DATA_SNIPER says:
    June 3, 2009 at 12:03 am

    wellcom back.
    nice report dude.
    keep the good work up ;)

  3. w0lf says:
    June 10, 2009 at 10:26 am

    Thanks Data_sniper.

    S4nsh1ne…many Bank sites have been effected by this worm. Luckily they were not noticed by any security guy who would publish about it in the blogs :)

    These Banks need to start thinking about security as seriously as business.

Leave a Reply