Recently researches were able to find a loop hole in SSL certificate implementation which could could make any secure website (relying on md5 hashing of CA certificates) vulnerable to nearly undetectable phishing attack.
To brief the attack:
Cryptography, Cybercrime, Information Security, Network Security, Phishing | w0lf | January 1, 2009 | 
Comments (2)
Cryptography, Encryption, netbanking, phishing, PKI, spoofing, SSL certificates
An article at Microsoft gives technical details of Worm:Win32/Conficker.A which is supposed to be in wild.
The details can be briefed as follows:
Evil particles, Information Technology, Network Security | w0lf | November 28, 2008 | Comments (2)
I came across this neat cheat sheet at SANS site. It provides a neat need-to-do list of what steps need to be taken if you are hacked. It has two cheat sheets seperatly prepared for
Information Security, Network Security | w0lf | November 21, 2008 | Comments (0)
Well after a long wait, Metasploit 3.2 has been released with more evil deeds. The evil deeds integrated into the new framework can be briefed as below:
Version 3.2 includes exploit modules for recent Microsoft flaws, such as MS08-041, MS08-053, MS08-059, MS08-067, MS08-068, and many more.
Network Security, Penetration Testing | w0lf | November 20, 2008 | Comments (0)
Mobile Phone Network auditor
NeoPwn is the first network auditing distribution for a mobile phone which loads Backtrack off a MicroSD card to perform penetration testing (pentesting). NoePwn has modified the OpenMoko Neo FreeRunner to act as a network security penetration testing device.
Technology lines, Wireless Security | w0lf | November 3, 2008 | Comments (0)
Quite an interesting finding. Two researchers Martin Vuagnoux and Sylvain Pasini have found that keystokes can be sniffed from the electromagnectic waves generated by the keyboard. They tested around 11 types of keyboard and found they are were vulnerable to atleast one of the 4 types of attack methods. They have recorded a video demonstration of the attack
Information Security, Wireless Security | w0lf | October 25, 2008 | Comments (0)
Ahaaaa.. Newer version of Metasploit is ready to be released sooner. these will contain few newer added features. To brief , they include names such as Browser AutoPwn, Metasploit in the Middle and the Evil Wireless Access Point. As all know Metasploit is free exploit scanner and the best available. Metasploit3.0 project has moved to an all Ruby programming base, which Moore credits with quickening development and exploits.
It has made hacking (for kiddies) very easy. Just choose the target, the exploit and the payload and Boom you get their shell (of-course if the system is vulnerable).
Application Security, Network Security, Penetration Testing, Vulnerability Assessment | w0lf | October 10, 2008 | Comments (3)
Two researchers, Robert Lee and Jack Louis, claim to have found a major TCP/IP protocol vulnerability that it can cause a thrilling Denial of Service(DoS) attack. Well they are yet to reveal the details. A new article reads:
Robert Lee and Jack Louis recently went public claiming to have discovered a new and devastating denial of service (DoS) vulnerability in the core TCP/IP protocol stack used for almost all Internet communication. They refuse to release details before their talk at the T2 security conference in Finland on October 17. Yet they have given many alarming interviews, and the press is having a field day spreading fear and uncertainty. Articles have appeared on The Register (“DoS attack reveals (yet another) crack in net’s core”), Slashdot (“New Denial-of-Service Attack is a Killer”), Search Security (“TCP is fundamentally borked”), and many more publications. In the Register article, Robert Lee says “We haven’t found anybody who has a TCP stack that runs TCP based services that isn’t vulnerable” and that a target machine “basically self thrashes, and the only recovery after about two to four minutes worth of attack flow, even after the attack stops, is to reboot the machine”
Network Security | w0lf | October 9, 2008 | Comments (0)
Four leading websites were or are vulnerable to Cross Site Request Forgery (CSRF) attack according to Princeton University researchers. While ING Direct, YouTube and Metafilter have taken action to address the cross-site-request-forgery (CSRF) vulnerabilities, the fourth site, belonging to The New York Times, has not been fixed !
CSRF flaws can be exploited so a user’s browser is hijacked during a session and used to access a secure target site. As web authentication normally relies on cookies containing a pseudo-random session identifier, attributed to a browser at the beginning of a session, a hacker can perform actions normally restricted to the user if that browser is hijacked during the session
Network Security | Ne0 | October 1, 2008 | Comments (4)
Well it is not a uncommon thing now. Play-stations can be used to connect unsecured wi-fi network. Latest versions of play-stations have the ability to connect to internet via wi-fi connection to download updates. Kids can abuse this to view pornography and other do other popular things which we used to do when we were kids 
Play-station is much cheaper as compared to laptops and can be a cheaper and easier means for war-drivers to hack into wireless routers. Hacking into unsecured wireless routers is like applying butter on bread. Now its high time that every home user should know the basic security configurations while setting up wi-fi network especially in developing countries like India etc.
