Category: Web Application Security
“Attackers are exploiting a known vulnerability in Yahoo’s network to
launch brute force attacks against users’ Yahoo mail accounts. The
attackers are using hijacked mail accounts to send spam. The main Yahoo login page has mechanisms in place that protect accounts from brute force attacks, but the recent attacks have been exploiting a web
application (services) that automates the authentication process and does not have the attack protection in place.”
Users should choose strong password to stay SAFE.
Blogged here recommentions and security tips for file upload module which is commonly targetted by hackers.
Any feedbacks/suggestions would be of great help
Firewalls block hackers from directly connecting to your network shares. Windows administrators keep their systems up-to-date with the latest software patches to thwart worms such as Nimda and Code Red. And user passwords are stronger than ever. But are we secure yet? While the situation is much better than it was just a couple years ago, many companies are still quite vulnerable to a number of attacks. Blocking ports and installing patches has not stopped hackers, it has just forced them to find new ways to break in. And chances are, the first place they are going to look is your Web application.
Well personally I don’t totally depend on automated scanners totally for appsecs but they do help in many cases where the task is repeating or large number of input fields need to be audited. but Appscan would be my choice if it was freeware
Well Here I will not be providing some PoC to hack into these mailing accounts. I will be telling you the methodology that can be used to hack into any of these mailing accounts. The real effort will be yours.
Lets start without any more disclaimer speech and sort.
Two researchers, Robert Hansen and Jeremiah Grossman were planning to present their research on Clickjacking @ OWASP , New York City but had to postpone their presentation because they figured out that the exploitation of this vulnerability can be worst. Affected Vendors requested them to postpone their disclosure so that they can fix it. Most of the times the vulnerability needs to be fixed by web application but this time browser owners have taken up the task of fixing the vulnerability. Microsoft, Adobe are few of those affected.
Well these attacks are sort of tedious and require precision as compared to other powerful attacks like CSRF, SQLi etc. Attacker needs to know the exact layout of page that victim would possibly be viewing. A small here-and-there can foil the whole attack. These attacks can be done on those pages whose button positions remain static. CSRF token solution will not work here.
Gnucitizen has started a new project called Secapps which will be hosting all online web tools. Seems to be nice idea. As of now, they have hosted 2 tools: GHBD and CSRF. Both seem to be nice tool especially the GHDB tool. It has coded a huge DB of Goodle dorks from Johnny.ihackstuff.com.
The project is still in its beta version but looks promising.
Last month, we at our client side were busy fighting phishing attacks. In 30 days we had around 25 phishing attacks. These phishing sites were all hosted on compromised sites with Jhoomla applcation hosted on it. So we had 25 compromised Jhoomla sites. However we were not able to figure out the exploit being used but it surely would be RFI or Remote code execution attack vector being used. So beware you all Jhoomla application users, dont forget to keep monitoring your web-logs frequently. Also check the server files if any suspicious file is lying around. It may be php shell file. Also keep Jhoomla up-to-date.