Security Hero Rotating Header Image

May 8th, 2009:

100,000 PCs wiped as malware pulls “Kill OS” trigger

100,000 PCs wiped as malware pulls “Kill OS” trigger

If ever there was a good reason to keep your computer spyware-free, this is it. Last month a group of more than 100,000 Windows-based PCs saw their operating systems self-destruct, after the botnet that infected them issued the “nuclear option”. Little-used, though apparently present in several different types of trojan, the “kos” or “kill operating system” command basically wipes access to the user’s system.

Use of such a feature is generally considered counterproductive to a botnet user’s primary goal, which is to acquire as many passwords, credit card details and internet banking credentials as possible, without the computer’s owner being aware. Security experts are now debating why this recent botnet – which consisted of PCs primarily in Poland and Spain – self-destructed.

One theory is that it was done to delay individuals from discovering their accounts had been compromised. S21sec’s Jozef Gegeny suggests that the self-destruct in effect “[takes] the victim away from [their] Internet connection – before the unwanted money transfer is realized and further actions could be taken.” Another possibility is user error: Roman Hüssy, who oversees botnet-tracker site Zeustracker, described the typical user of such a malware network as “not very skilled”.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31226

Gray Hat Python

Gray Hat Python

Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it’s easy to write quickly and has the low-level support and libraries that make hackers happy. But until now, there has been no book explaining how to use Python for security-related tasks. Programmers had to dig through forum posts and man pages, endlessly tweaking their own code to get everything working. Not anymore.

Gray Hat Python (No Starch Press, April 2009, 216 pp, $39.95, ISBN 9781593271923) explains the theory behind Python-based debuggers, trojans, fuzzers, and emulators. In addition, readers get hands-on advice for using PyDbg, Immunity Debugger, Sulley, IDAPython, and PyEmu. Security researcher and author Justin Seitz shows readers how to push these security tools to their limits¡Xand how to build new ones when the pre-built tools won’t cut it.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31225

Nude photos leaked to the net by hackers

Cassie Exposed: Nude photos leaked to the net by hackers

Lately, it seems as though more artists and celebrities are being exposed left and right. Photos that they took some time ago somehow become items of interest to hackers and eventually they become stolen material. And, of course, the media and the fans indulge the sensation of seeing their favorite or non-favorite artist or celebrity in the bare.

In what has been some interesting news to many gossip columns and paparazzi sites that was just reported within the last day or so, apparently nude photos of Bad Boy recording artist, Cassie, has leaked to the net. At first, there wasn¡¦t any confirmation on whether or not that was even the real Cassie or a Photoshop creation, according to her Twitter profile; she apparently has admitted that it was actually hers, by reason of ¡¥technicalities.¡¦

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31224

XSS flaws poke ridicule at entertainment industry

XSS flaws poke ridicule at entertainment industry

Cheeky crackers used a cross-site scripting flaw on the web sites of the Motion Picture Association of America (MPAA) to inject listings from controversial torrent links site The Pirate Bay.

Vektor, a member of the Team Elite group of hackers, smuggled links culled from the The Pirate Bay into content served up when surfers visited the MPAA’s recommended list of sites. The MPAA’s legal action against The Pirate makes the supposed endorsement ironic and embarrassing, if not completely unexpected.

Cross-site scripting (XSS) security flaws on websites are all too commonplace and the MPAA is a high-profile target, especially after the four defendants in The Pirate Bay trial were found guilty in a recent high-profile trial. So it was only really a question of time until hackers managed to find a chink in its armour to exploit.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31223

Konami Code Infects Facebook

Konami Code Infects Facebook

If you missed it a few weeks back, a group of particularly nerdy hackers sabotaged ESPN.com by enabling users to adorn it with rainbows, unicorns, and other assorted bedazzling items by entering the famous Konami code on their keyboard (up, up, down, down, left, right, left, right, B, A, enter). Well, now the Konami hack is back and has surfaced on popular social networking site, Facebook, but instead of manifesting itself with everything sparkly and nice, the code now enables a far less exciting lens flare effect.

After entering the code, users will experience a browser filling lens flare when scrolling, typing, and clicking anywhere within the Facebook network. Although hardly as fun and ridiculous as the Lisa Frank wonderland that hackers created on ESPN, we do enjoy adding a little extra pop to our Facebook browsing experience.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31222

Yet another reason why Macs need security software

Yet another reason why Macs need security software

As expected, my blog this week about Macintosh security generated a lot of comments. Some were personal in nature (author’s note: I really do know the difference between a Trojan and a virus but typos happen), some were quite thought-provoking.

I did receive some interesting data from a colleague from IBM. According to the X-Force 2008 Trend & Risk Report (PDF) released early this year, Mac OS X Server and Mac OS X top the list of operating systems with the most disclosed vulnerabilities for 2008. Each accounts for 14.3 percent, and has been in the top five in each of the last three years. Rounding out the top five were: Linux Kernel at 10.9 percent, Sun Solaris at 7.3 percent, and Microsoft Windows XP at 5.5 percent.

The purpose of this data is to compare the total number of disclosed vulnerabilities with each individual operating system. Vulnerability data is submitted to the Mitre Corp. and then appears in the CVE (Common Vulnerabilities and Exposures) List.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31221

3,857 Vulnerabilities

FAA’s Web Security Audit: 3,857 Vulnerabilities

Just how secure are the government’s IT systems? You’d think that at the very least, critical systems would be protected and invulnerable, but you’d be wrong.

On the heels of news that the DoD had been penetrated and the electrical grid suffered a breach comes news that our air traffic control systems have been attacked numerous times and are poorly defended.

A security audit of the Web applications used in the Federal Aviation Administration’s (FAA) air traffic control (ATC) systems found 763 high risk, 504 medium risk, and 2,590 low risk vulnerabilities. Issues included such basic security errors as the use of default passwords in applications, failure to patch applications in a timely manner, and failure to deploy intrusion detection systems (IDS) (define) throughout the organization.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31219

Space chief wants DoD cyber units joined

Space chief wants DoD cyber units joined

The head of U.S. Strategic Command, which oversees U.S. interests in space and cyberspace, believes the Defense Department needs to organize its cyber defensive and offensive capabilities under a single commander.

Air Force Gen. Kevin Chilton, who now oversees one of the 10 unified commands, put forth his suggestion May 7 in a Washington appearance before reporters. Chilton made his case for a joint cyber command by drawing an analogy to war.

In combat, no lines are drawn between an army¡¦s offensive and defensive units; in the cyber world, though, the Defense Department fences off the unit running day-to-day operations and protecting networks, the Joint Task Force-Global Network Operations in Arlington, Va., from the unit with attack capabilities, the Joint Functional Component Commander-Network Warfare, part of the National Security Agency at Fort Meade, Md.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31218

Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

<!– Envelope-to: email@address Delivery-date: Fri, 08 May 2009 21:59:28 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M2XAF-0008O0-WB for email@address; Fri, 08 May 2009 21:59:28 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 2FD32143865; Fri, 8 May 2009 12:48:59 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 18685 invoked from network); 8 May 2009 18:38:15 -0000 Message-ID: <20090508203746.5a663d2b@sofistic.net> Organization: Sofistic X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-IMAPbase: 1176125385 9009 Status: O X-UID: 9009 Content-Length: 3855 X-Keywords:

Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

Bugtraq: Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

Vpopmail/QmailAdmin User’s Quota Multiple Integer Overflows

URL: http://www.securityfocus.com/archive/1/503375

BLIND SQL INJECTION exploit (GET var ‘AlbumID’)–RTWebalbum 1.0.462–>

Bugtraq: BLIND SQL INJECTION exploit (GET var ‘AlbumID’)–RTWebalbum 1.0.462–>

BLIND SQL INJECTION exploit (GET var ‘AlbumID’)–RTWebalbum 1.0.462–>

URL: http://www.securityfocus.com/archive/1/503374

->

BLIND SQL INJECTION exploit (GET var ‘AlbumID’)–RTWebalbum 1.0.462–>

<!– Envelope-to: email@address Delivery-date: Fri, 08 May 2009 18:02:30 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M2TSw-0006Mk-98 for email@address; Fri, 08 May 2009 18:02:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 13ABC143A07; Fri, 8 May 2009 10:59:31 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 14639 invoked from network); 8 May 2009 16:39:42 -0000 Message-ID: <20090508163942.26572.qmail@securityfocus.com> Content-Type: text/plain Content-Disposition: inline MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) 1.0.462–> Content-Transfer-Encoding: quoted-printable X-IMAPbase: 1176125385 9008 Status: O X-UID: 9008 Content-Length: 7519 X-Keywords:

Waging war on cyberthreats

Waging war on cyberthreats

Compromised information networks can put an organization’s very life in jeopardy. Here are ways that firms can take the lead.


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/XYbginbxPxk/

[security bulletin] HPSBUX02366 SSRT080120 rev.2 – HPUX Running useradd(1M), Local Unauthorized Access

Bugtraq: [security bulletin] HPSBUX02366 SSRT080120 rev.2 – HPUX Running useradd(1M), Local Unauthorized Access

[security bulletin] HPSBUX02366 SSRT080120 rev.2 – HPUX Running useradd(1M), Local Unauthorized Access

URL: http://www.securityfocus.com/archive/1/503369

MagpieRSS Multiple XSS Vulnerabilities

MagpieRSS Multiple XSS Vulnerabilities

Posted by Justin C. Klein Keane on May 08

-= MagpieRSS Multiple XSS Vulnerabilities =-

May 6, 2009
Author: Justin C. Klein Keane <justin_at_madirish.net>
Software: MagpieRSS (http://magpierss.sourceforge.net/)
Version Tested: magpierss-0.72
Vendor notified
Full details can also be found at

URL: http://seclists.org/fulldisclosure/2009/May/0069.html