Tag Archives: google

Microsoft: Emergency IE Patch Coming

0
Posted by Tech Paranoia on January 19, 2010 – 9:02 am
Filed under Patches, exploit
Tagged as , , , , ,

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend.

The decision to ship the IE patch outside of Microsoft’s scheduled Patch Tuesday releases follows the release of exploit code into the Metasploit attack tool.

The Metasploit code only works against Internet Explorer 6 but there are claims in the security research community that the vulnerability has been successfully exploited on IE7 (Windows Vista) as well as IE6 and on Windows XP.

The vulnerability was discovered during zero-day attacks against several big-name U.S. companies, including Google, Adobe and Juniper Networks. During those attacks, data-stealing malware exploited the flaw against systems running IE6 on Windows XP.

Microsoft says the ongoing attacks remain “targeted to a very limited number of corporations” and are only effective against Internet Explorer 6. However, with the exploit code now in Metasploit, malware purveyors could begin tinkering with exploits geared to newer versions of the browser.

Now, Microsoft is imploring its customers to upgrade immediately to IE 8. A special guidance page has been published to offer information on how to mitigate this vulnerability and avoid attacks.

Microsoft’s Security Research & Defense team has created and released a one-click “Fix It” tool to allow users to enable DEP (Data Execution Prevention) on older versions of the browser. DEP, a crucial anti-exploit mitigation, is enabled by default on IE8 only.

Source: ThreatPost

Hack of Adobe Conducted Via Zero-Day IE Flaw

0
Posted by Tech Paranoia on January 14, 2010 – 2:22 pm
Filed under Hacks, Zero Day, exploit
Tagged as , , , , ,

The recent hack attack on Adobe occurred through exploitation of a zero-day vulnerability that affects all versions of Internet Explorer, according to a security researcher with a leading anti-virus firm.

Microsoft learned about the vulnerability only Wednesday evening and is planning to release an announcement about the vulnerability later today, said the researcher, who asked not to be identified because he’s not authorized to speak with the press.

The vulnerability, for which there is currently no patch, is a memory corruption flaw that causes the browser to internally misfire in a way that allows the hacker to inject malware on the user’s computer.

“It’s pretty targeted so the reality is that it’s only currently being used against these targeted companies,” the researcher said. He couldn’t say how many of the other 33 companies hit in the hack attack were breached in this way.

Zero day vulnerabilities are security flaws in software for which there is currently no patch. Researchers discovered a memory corruption flaw in IE in December, which Microsoft patched on Dec. 9. The researcher, however, said the one that affected Adobe is believed to be a new and different one.

Google announced on Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network, and that the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists.

Minutes later, Adobe acknowledged in a blog post that it discovered Jan. 2 that it had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Neither Google nor Adobe provided details about how the hacks occurred.

Full article at: Threat Level

GMail Goes “https-only” By Default

0
Posted by Tech Paranoia on January 14, 2010 – 9:30 am
Filed under Security
Tagged as , ,

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service.

Google had previously added the option for GMail users to “always use https” back in July 2008 but it was turned off by default.

Last June, a group of researchers and academics released an open-letter calling on Google protect users’ communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.

Now comes word that this is indeed happening:

“We are currently rolling out default https for everyone. If you’ve previously set your own https preference from Gmail Settings, nothing will change for your account. If you trust the security of your network and don’t want default https turned on for performance reasons, you can turn it off at any time by choosing “Don’t always use https” from the Settings menu. Gmail will still always encrypt the login page to protect your password. Google Apps users whose admins have not already defaulted their entire domains to https will have the same option.”

Source: ThreatPost

Google announces data breach, will stop censoring in China (if they stay at all)

0
Posted by Tech Paranoia on January 13, 2010 – 11:00 am
Filed under Hacks
Tagged as , ,

The big news today regarding Google is its announcement on its blog that it was a target of a highly focused attack on its corporate infrastructure.

Googles statement:

“First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.”

Google has announced that it will stop filtering search results in China. This is a bold move for Google, and a reversal of past practices. Google has come under fire from freedom advocates in recent years due to its cooperation with the Chinese government in censoring search results for users in China.

This move indicates that Google possibly considers the attacks to have been authorized by the Chinese government, or that they were performed by government sympathizers.

Additionally, Google has announced that if conditions in China continue to be non-conducive to business, it will consider pulling out of China completely.

New Attack Locates Web Users Via XSS, Google Data

0
Posted by Tech Paranoia on January 6, 2010 – 9:00 am
Filed under Hacks, Privacy
Tagged as , ,

The security researcher who created the MySpace XSS worm in 2005 has developed a technique that enables an attacker to accurately locate a Web user with GPS coordinates, without using IP-based geolocation.

Samy Kamkar, the author of the infamous Samy worm that spread through MySpace, on Monday published information about a new technique that can be used to exploit a vulnerability in some home Internet routers and, when combined with other information, pinpoint a user’s physical location. The tactic utilizes a combination of cross-site scripting and some freely available tools and information on the Web.

In an example of the attack Kamkar published on his site, the attacker must first get the victim to visit a malicious Web site, which then exploits a cross-site scripting flaw in the victim’s home router. In his example, Kamkar uses a flaw he discovered in a router used by Verizon FiOS customers. A bit of AJAX code then grabs the router’s MAC address and sends it off to the attacker.

The attacker then sends the MAC address through Google Location Service via the Location-Aware Browsing service in Firefox. The result: a set of longitude and latitude coordinates for the victim’s PC.

Kamkar released the Samy worm on MySpace in 2005 and it quickly spread across the site, leaving messages on millions of users’ pages. He later was sentenced to three years’ probation as part of a plea agreement stemming from the incident.

Source: Threat Post

Researcher Uncovers Twitter, Google Calendar XSS Vulnerabilities

0
Posted by Tech Paranoia on January 4, 2010 – 9:00 am
Filed under Software
Tagged as , ,

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk.

In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site any time the user viewed his or her Google Calendar agenda events.

According to Goldshlager, a penetration testing expert with Avnet Information Security Consulting in Israel, the cross-site scripting vulnerability can be exploited if a victim adds malicious code to his quick add post calendar.

“When the victim … [adds] this malicious code, his cookies [and] session ID will be stolen and will be sent to the attacker site,” he said. “Then the attacker will be able to get full control of the victim’s Google accounts like: Google Calendar account, Google Groups, iGoogle, etc.”

Goldshlager also demonstrated that the HTML injection vulnerability could be used to log a user out of his Google account, something the Google spokesman said “is of negligible security impact” and “can be avoided by not clicking on the link.”

“They should fix this immediately because an attacker can redirect a victim to any site that he wants, and [with] the XSS issue an attacker can steal the victim’s cookies and get full control of his accounts,” the researcher said.

Source: eWEEK

New Google CAPTCHAs now cracked

0
Posted by Tech Paranoia on December 24, 2009 – 2:00 pm
Filed under Hacks
Tagged as ,

Even the latest images in Google’s reCAPTCHA can be cracked with sufficient reliability to allow protective services to be exploited. Last week, Google complained that claims to this effect only related to an old CAPTCHA method from 2008 that is no longer used.

Now, Jonathan Wilkins, the author of the analysis report, has taken a closer look at the new captchas. The main difference is the lack of the horizontal separator line used in the old captchas. Users now find the words easier to read – but so do machines. “The new version of the puzzle is weaker”, Wilkins told The H’s associates at heise Security. In his tests, Wilkins managed to increase the success rate of conventional text recognition nearly tenfold over the previous version (from 5 out of 200 to 23 out of 100).

The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is designed, for instance, to prevent email accounts from being automatically created so that spam can be sent out. The problem with this application scenario is that spammers do not need to be 100% successful. Merely succeeding one out of ten times when creating email accounts is more than sufficient. However, it’s also possible to add additional background protection to the services, such as by limiting the number of requests from a single IP address.

Source: The H Security

Google Chrome bug outs users seeking anonymity

0
Posted by Tech Paranoia on December 15, 2009 – 12:00 pm
Filed under Software
Tagged as , ,

A bug in the latest version of the Google Chrome browser could leak the identity of users trying to surf anonymously, developers warn.

The flaw means that domain-name queries are made by a user’s local network even when Chrome is configured to used a third-party proxy. Users typically use proxies to conceal their local IP address in an attempt to browse anonymously. When the feature is set up, domain-name queries are supposed to be funneled through the proxy, rather than being made by a user’s local network.

“This presents a serious risk for the users of the services such as Tor, as their DNS data and the little anonymity they have with Tor is leaked outside and in the clear,” according to an advisory published Monday on the Full-Disclosure mailing list.

Short for the onion router, Tor is a free service that routes internet connections through an unpredictable series of IP addresses to prevent the true source of a user’s connection from being detected. It is used by configuring a browser or other internet-facing application to use an IP address that belongs to the Tor project. Those using Chrome 3.0.195.33, the most recent version of the Google browser, receive no such protection.

Source: The Register

Google sues alleged work-at-home scammers

0
Posted by Tech Paranoia on December 9, 2009 – 2:00 pm
Filed under Malware
Tagged as ,

Google has sued to stop what it called “a widespread internet advertising scam” being pushed by a Utah company that allegedly used the search engine’s trademark when offering work-at-home opportunities.

Salt Lake City-based Pacific WebWorks doctored up a variety of websites with regularly changing addresses that promised as much as $25 for every link posted on Google, according to a complaint filed Monday in federal court in Utah. (No, we don’t what it means to post links to Google, either). To get started, the sites claimed, readers needed to obtain a Google-sponsored kit.

Although the program was advertised as free, the websites claimed there was a nominal shipping and handling charge or access fee. People who signed up were charged substantial recurring fees that were often hard to stop, according to Google lawyers. Victims frequently received no kit in return, or even worse, received a DVD that contained malware.

“Because of the prominent use of the Google mark and false or misleading statements in the advertisements, consumers are tricked into believing – falsely – that these work-at-home kits are offered, sponsored or endorsed by Google,” the complaint states. “Consumers have sent letters and emails to Google complaining about fraudulent charges. Many have asked Google for a refund or asked Google to cancel the recurring charges, even though Google is not connected to the solicitations.”

Source: The Register

Google now owns the internet, sets up public DNS

0
Posted by Tech Paranoia on December 3, 2009 – 4:00 pm
Filed under Networking
Tagged as ,

Google takes another step closer to owning the internet by releasing its public DNS system today. While the service is most likely more reliable and secure than your ISP DNS, the security implications of Google owning even more of your traffic are troubling. It is possible that, combined with adsense and search indexing, that Google could trace virtually all your travels on the internet.

Google DNS