Exitmap : Exposing Malicious Tor Exit Relays.

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-PyKgm5gG--w/VeN-PIB8GbI/AAAAAAAAAnM/gbs_3PvUHOs/s1600/PicsArt_1440972291361.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Exitmap " border="0" height="500" src="https://1.bp.blogspot.com/-PyKgm5gG--w/VeN-PIB8GbI/AAAAAAAAAnM/gbs_3PvUHOs/s640/PicsArt_1440972291361.jpg" title="" width="640" /></a></div> <br /> <div class="separator" style="clear: both; text-align: center;"> </div> Tor is a  free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.<br /> <br /> <h2 style="text-align: left;"> How tor works.</h2> <br /> Tor enables you to route web traffic through several other computers in the Tor network so that the party on the other end of the connection can't trace the traffic back to you. That way, the more Tor users there are, the more protected your info. As the name implies, it creates a number of layers that conceal your identity from the rest of the world.  The computers that handle the intermediary traffic, known as Tor Relays, are three different kinds.<b> Middle relays, End Relays, and Bridges. </b>Naturally, end relays called as b<b> </b>are the final relays in the chain of connections; while middle handle traffic along the way.<br /> <br /> <h2 style="text-align: left;"> Tor – Is it safe?</h2> <br /> Now the question-<b>Is it safe anymore?</b> Tor is facing a bit of a trouble, as it's become increasingly clear that the wildly popular network isn't the internet invisibility cloak it was once thought to be. Researchers have developed a technique called <a href="http://www.hackcave.net/2015/08/circuit-fingerprinting-unmask-tor-users.html" rel="nofollow" target="_blank"><b><span style="color: #38761d;">Circuit Fingerprinting</span></b></a>, according to which Tor users can be unmasked without decrypting the traffic. Those who host exit relays bear a bit more of a burden as they're the ones who are targeted by police and copyright holders if any of that illicit activity is detected. Most of the damage is caused by the bad exit nodes. Anyone can set up a malicious exit node for the purpose of spying. So it is recommended to take extreme care not to fall into these unsafe exit nodes. Researchers have published a <span style="color: #38761d;"><b><a href="http://www.cs.kau.se/philwint/spoiled_onions/pets2014.pdf" rel="nofollow" target="_blank"><span style="color: #38761d;">research paper</span></a> </b></span>describing a tool they developed to make the Tor network safer.<br /> <br /> <h2 style="text-align: left;"> Exitmap Scanner</h2> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-owCTAQ4ox2s/VeN8tCH3t1I/AAAAAAAAAnE/RhE8GazyA8k/s1600/exitmap.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Exitmap" border="0" height="248" src="https://3.bp.blogspot.com/-owCTAQ4ox2s/VeN8tCH3t1I/AAAAAAAAAnE/RhE8GazyA8k/s640/exitmap.jpg" title="" width="640" /></a></div> <br /> Exitmap is an <b>easily extensible, fast and modular Python-based scanner</b>, which is able to probe exit relays for a variety of <b>MitM</b> attacks. Modules implement tasks which can be executed over all exit relays or a subset of them. The tool uses Stem to initiate circuits overall given exit relays and as soon as tor notifies Exitmap of an established circuit, a module is invoked over the newly established circuit. Among other things, Exitmap has been used to check for false positives on the Tor Project’s check service. The modular architecture of Exitmap allows it to scan the entire tor network in seconds<br /> <br /> <h2 style="text-align: left;"> Conclusion</h2> <br /> The researches claims to have revisited the trustworthiness of Tor exit relays by their study. As per the results many tor exit nodes are unsafe and prone to attack. Their results further suggest that the attackers may set up rogue exit nodes for the purpose of spying and can remain hidden, snooping all the user data and activities. There are many tools to check the tor exit nodes, <b>exitmap. tortunnel </b>or<b> SoaT, torscanner, </b>or<b> DetecTor, </b>to mention a few.  Meanwhile, researches are still going on to develop a better Tor alternative which is faster and secure. A new anonymous network has already been built ,called as <b><a href="http://www.hackcave.net/2015/08/hornet-ultra-high-speed-secure-tor.html" target="_blank"><span style="color: #38761d;">HORNET, and it works on high-speed Onion Routing at the Network Layer.</span></a></b><br /> <br /> <h4 style="text-align: left;"> <span style="color: red;"><b>Suggested Reading</b></span></h4> <br /> <h4 style="text-align: center;"> <b><a href="http://www.hackcave.net/2015/08/circuit-fingerprinting-unmask-tor-users.html" target="_blank"><span style="color: #38761d;">Circuit Fingerprinting-Unmasking Tor Users without Decrypting Traffic.</span></a></b></h4> <br /> <br /></div>

Exitmap : Exposing Malicious Tor Exit Relays.

Tor is a  free software and an open network that helps you defend against traffic analysis, a form of network surveillance that thre...

Read more »

PayPal Critical Vulnerability To Steal User's Credit Cards in Clear Text Format

<div dir="ltr" style="text-align: left;" trbidi="on"> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-HPDTMbe4K_M/Vd-l3X6lnTI/AAAAAAAAAmQ/w6o2ckMo89U/s1600/PicsArt_1440719333328.jpg" style="margin-left: auto; margin-right: auto;"><img alt="Hacking PayPal" border="0" height="430" src="https://3.bp.blogspot.com/-HPDTMbe4K_M/Vd-l3X6lnTI/AAAAAAAAAmQ/w6o2ckMo89U/s640/PicsArt_1440719333328.jpg" title="PayPal Vulnerability" width="640" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Image credits: PayPal.com</td></tr> </tbody></table> <div> <br /></div> <br /> A critical security vulnerability has been discovered in the eBay-owned PayPal that could allow attackers to steal login credentials and credit card details in plain text.<br /> <br /> <h2 style="text-align: left;"> Stored XSS Vulnerability.</h2> <div> <br /> A critical stored <b>XSS Vulnerability</b> was found in <b>PayPal's secure payment system</b> by Egypt-based researcher <b>Ebrahim Egazy.</b> The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw. It occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.</div> <div> <br /></div> <h2 style="text-align: left;"> About the Vulnerability</h2> <div> <br /> The vulnerability was found at the PayPal Secure payment URL <span style="color: blue;"><b>https://securepayments.paypal.com/cgi-bin/acquiringweb</b></span>. Paypal SecurePayments domain is used by PayPal users to do secure payments when purchasing from any shopping site. This secure payments page require Paypal users to fill some forms that include their <b>Credit Card number, CVV2, Expiry date</b> and more to finalize the payment and purchase the products via their PayPal account. In normal cases, the submitted data is processed through e<b>ncrypted channel(HTTPS)</b> so attackers won’t be able to sniff/steal such data.</div> <div> <br /></div> <div> The researcher was able to find a stored XSS vulnerability that affects the SecurePayment page directly which allowed him to alter the page HTML and rewrite the page content. This makes it possible for an attacker to provide his own <b>HTML forms</b> to the user and send the users data back to attacker’s server in clear text format. This information can be used to purchase anything on behalf of users or even transfer the user's money to attackers account.</div> <div> <br /></div> <div> <br /></div> <h2 style="text-align: left;"> Steps to exploit Stored XSS Vulnerability</h2> <div> <br /> The researcher gives a detailed step by step explanation as below, in his blog. According to him the worst attacking scenario that could be conducted using this vulnerability is as below:</div> <div> <br /></div> <div> <ul style="text-align: left;"> <li>An attacker needs to set up a <b>rogue shopping site</b> or hijack any legitimate shopping site</li> </ul> <ul style="text-align: left;"> <li>Now <b>modify the "Checkout" button</b> with an URL designed to exploit the XSS vulnerability</li> </ul> <ul style="text-align: left;"> <li>Whenever Paypal users browse the malformed shopping website and click on "CheckOut" button to Pay with their Paypal account, they'll be redirected to the Secure Payments page</li> </ul> <ul style="text-align: left;"> <li>The page actually displays a phishing page where the victims are asked to enter their payment card information to complete the purchasing.</li> </ul> <ul style="text-align: left;"> <li>Now on clicking the Submit Payment Button, instead of paying the product price (let's say $100), the Paypal user will pay the attacker amount of attacker's choice.</li> </ul> </div> <div> <br /></div> <h2 style="text-align: left;"> Vulnerability Is patched now.</h2> <div> <br /></div> <div> <b>Egazy</b> reported the bug to PayPal team on June 19th and it was fixed on August 25. He was also rewarded by PayPal with a bug bounty of $750 as per their bug bounty policies.<br /> <br /> <b>Source</b> : <b><span style="color: blue;">http://www.sec-down.com/wordpress/?p=553</span></b><br /> <span style="color: #38761d;"><b><br /></b></span> <b>Also Read: <span style="color: #38761d;"></span></b><a href="http://www.hackcave.net/2015/08/rip-adobe-flash-its-time-to-move-on.html" style="background-color: white; display: inline !important; font-family: 'PT Sans'; font-size: 20px; font-weight: 600; text-decoration: none;"><span style="color: #274e13;">R.I.P Adobe Flash. It's Time To Move On!</span></a></div> <div> <br /></div> </div>

PayPal Critical Vulnerability To Steal User's Credit Cards in Clear Text Format

Image credits: PayPal.com A critical security vulnerability has been discovered in the eBay-owned PayPal that could allow attackers ...

Read more »

Hacking Gmail With Fridge : Samsung smart fridge leaves Gmail logins vulnerable to attack

<div dir="ltr" style="text-align: left;" trbidi="on"> <div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-kEvi27d50ZM/Vdy5kOTi1WI/AAAAAAAAAmA/q5xGTvM5_k4/s1600/cq5dam.web.1280.1280.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Hack Cave : Hacking Gmail with Fridge" border="0" height="472" src="https://1.bp.blogspot.com/-kEvi27d50ZM/Vdy5kOTi1WI/AAAAAAAAAmA/q5xGTvM5_k4/s640/cq5dam.web.1280.1280.jpeg" title="" width="640" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Image courtesy: slate.com</td></tr> </tbody></table> <br /></div> Security researchers have discovered an exploit that could potentially steal Gmail credentials of a user whose information is available in a Samsung smart fridge. The smart fridge is among a number of Samsung’s ‘Smart Home’ appliances that can be controlled using the Smart Home application. This vulnerability was discovered during an <b>IoT hacking challenge</b> at the recently concluded <b>DEF CON </b>hacking conference.<br /> <br /> <h2 style="text-align: left;"> Man in the middle attack</h2> <br /> According to the researchers, a man-in-the-middle (MiTM) vulnerability was found that leaves Samsung smart refrigerators open to an exploit that allows an attacker to steal the owner’s Gmail credentials. Though the fridge implements SSL, it FAILS to validate SSL certificates. This leaves the fridge vulnerable to man-in-the-middle attacks against most connections.<br /> <blockquote class="tr_bq"> <i><span style="color: #444444;">"The internet-connected fridge is designed to display Gmail Calendar information on its display," explained <b>Ken Munro</b>, a security researcher at Pen Test Partners. "It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on."</span></i></blockquote> <h2 style="text-align: left;"> Synced Gmail logins are Vulnerable</h2> <br /> The Smart Fridge makes connections to Google's servers to download Gmail calendar information for the on-screen display. By intercepting the connection and performing <b>MiTM</b> attack, an attacker in the same network can potentially steal Google login credentials. It is possible because the fridge fails to validate the SSL certificates.  Hence, hackers who manage to access the network that the fridge is on, can Man-In-The-Middle the fridge calendar client and steal Google login credentials.<br /> <div> <br /></div> <h2 style="text-align: left;"> Other ways to exploit Smart fridge.</h2> <div> <br /></div> <div> The researchers also tried to hack smart fridge through a Firmware update and but was unsuccessful.They also made attempts through TCP services and certificate challenges and found the possibility of a certificate that might be present in the mobile app code. This can be a potential breakthrough but it's yet to be confirmed. </div> <div> <br /></div> <blockquote class="tr_bq"> According to them <i><span style="color: #444444;">"We pulled apart the mobile app and found what we believe is the certificate inside a keystore. We “believe” we did because it is has a name that suggests this. However, it is correctly passworded and we are yet to extract the password that opens the key store. We think we’ve found the password to the certificate in the client side code, but it’s obfuscated and we haven’t got round to reversing it, yet."</span></i></blockquote> <i>Source : http://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/</i><br /> <br /> <b><span style="color: red;">Also Read:</span></b> <a href="http://www.hackcave.net/2015/08/hackers-can-attack-gas-stations-and.html" itemprop="url" style="background-color: white; display: inline !important; font-family: 'PT Sans'; font-size: 20px; text-decoration: none;"><span style="color: #38761d;">Hackers Can Attack Gas Stations and Blow It Up.</span></a><br /> <span style="color: #38761d;"><br /></span></div>

Hacking Gmail With Fridge : Samsung smart fridge leaves Gmail logins vulnerable to attack

Image courtesy: slate.com Security researchers have discovered an exploit that could potentially steal Gmail credentials of a user wh...

Read more »

Task Hijacking Attack: Another Dreaded Android Vulnerability

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-r036-nQXuFE/VdtDC46WbBI/AAAAAAAAAlw/_7qIQ4T-ZYU/s1600/shutterstock_92190493-680x400.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hack Cave" border="0" height="376" src="https://1.bp.blogspot.com/-r036-nQXuFE/VdtDC46WbBI/AAAAAAAAAlw/_7qIQ4T-ZYU/s640/shutterstock_92190493-680x400.jpg" title="" width="640" /></a></div> <br /> <br /> It's really hard time for Android, as yet another serious vulnerability was discovered recently. The issue resides in the<b> multitasking capability </b>of the Android phones. According to the latest research conducted by the researchers at the <b>Pennsylvania State University and FireEye</b>, this serious security flaw gives hacker ability to spy on Android smartphone owners, steal login credentials, install malware, and much more.<br /> <div> <br /></div> <h2 style="text-align: left;"> Attacking Method</h2> <br /> This flaw makes it possible to lure the victim into to type their login details to a spoofed interface. This malicious interface could be controlled by the hacker and it runs whenever an app starts. Thus the sensitive details are stolen by hackers, through the malicious software program, without raising any suspicion to the user. Device owner will have no clue of what is happening and that makes it very dangerous.<br /> <div> <br /></div> <h2 style="text-align: left;"> Vulnerability in Android Task Management.</h2> <div> <br /></div> This was revealed by the researchers who published their findings in a paper titled, "<b><a href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf" rel="nofollow" target="_blank"><span style="color: #38761d;">Towards Discovering and Understanding Task Hijacking in Android" [PDF]</span></a></b><span style="color: #6aa84f;">.</span> It was mainly focussed on what happens when an app or multiple apps run in one or multiple processes simultaneously creating Multi-Tasks. A vulnerability which resides in android multitasking mechanism was found out. Multitasking is an android feature which helps to switch between the apps, background run, running more than one apps etc.<br /> <div> <br /></div> <h2 style="text-align: left;"> Task Hijacking Attack</h2> <br /> Vulnerability in android task management mechanism can be leveraged to initiate task hijacking attacks on a vast scale.The researchers have found out that task hijacking flaw is prevalent in <b>more than 6.8 Million apps from multiple Android app stores.</b> The researchers also claimed that the vulnerability can impersonate the user interface of the app, which is controlled by the attacker on the other hand.<br /> <div> <br /> <i><b>Here is a video providing a quick overview of the vulnerability.</b></i></div> <div> <br /> <div style="background-color: white; border: 0px; font-family: 'Open Sans', arial, sans-serif; font-size: 15px; font-stretch: inherit; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"> <iframe allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/oRmwH6AFjng" style="border-style: initial; border-width: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;" width="640"></iframe></div> </div> <div style="background-color: white; border: 0px; font-family: 'Open Sans', arial, sans-serif; font-size: 15px; font-stretch: inherit; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"> <br /></div> This vulnerability can cause many more nasty attacks, like DDoS, Ransomware etc.<div> <br /></div> <h2 style="text-align: left;"> How to protect yourselves?</h2> <br /> As for now, no patch is being released and every version of android is vulnerable. To be on the safer side stick to apps from Playstore and other trusted app stores.  By default google checks apps for hijacking and phishing attacks with Android's Verify Apps and Safety Net features.<br /> <br /> <b><span style="color: red;">Also read</span></b> <a href="http://www.hackcave.net/2015/08/stagefright-worst-android-rce-bug-ever.html" itemprop="url" style="background-color: white; display: inline !important; font-family: 'PT Sans'; font-size: 20px; font-weight: 600; text-decoration: none;"><span style="color: #38761d;">StageFright: Worst Android RCE Bug ever</span></a></div>

Task Hijacking Attack: Another Dreaded Android Vulnerability

It's really hard time for Android, as yet another serious vulnerability was discovered recently. The issue resides in the multitas...

Read more »

Using Deprecated RIPv1 Routing Protocol for Reflection DDoS Attacks

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-qxOzYP2xYhU/VdkTZ7PLDHI/AAAAAAAAAlg/yCizvItsm3E/s1600/unnamed%2B%25285%2529.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="RIPv1 Routing Protocol Reflection DDoS Attacks" border="0" height="472" src="https://2.bp.blogspot.com/-qxOzYP2xYhU/VdkTZ7PLDHI/AAAAAAAAAlg/yCizvItsm3E/s640/unnamed%2B%25285%2529.jpg" title="Reflective DDoS Attack" width="640" /></a></td></tr> <tr><td class="tr-caption">Image credits: Prolexic Security Engineering and Research Team</td></tr> </tbody></table> <br /> <h2 style="text-align: left;"> RIPv1 Protocol</h2> <br /> RIPv1, the short form of <b>routing Information protocol first version</b>, is a long-deprecated routing protocol used still in some home office and small business routers. It has been discontinued since 1996.<br /> <br /> <h2 style="text-align: left;"> Old, Yet has Massive Potential For DDOS Attacks</h2> <br /> As observed by the researchers at Akamai’s <b>Prolexic Security Engineering and Research Team (PLXsert)</b>, hackers were able to produce a DDOS attack peaked at 12.9 Gbps just by using 500 out of 53,693 devices which still uses the RIPv1 protocol. Imagine the power if they leveraged all the vulnerable devices !! Further, the unused devices could be put to work in larger and more distributed attacks.<br /> <br /> <h2 style="text-align: left;"> Reflection attacks</h2> <br /> The attacker forges its victim’s IP addresses in order to establish the victim’s systems as the source of requests sent to a massive number of machines. The recipients of those requests then issue an overwhelming flood of responses back to the victim’s network, ultimately crashing that network.<br /> <br /> <h2 style="text-align: left;"> List Of Vulnerable devices</h2> <br /> It would be a better idea to check if your old router falls into any of these series and if yes it's time to upgrade. <b>Netopia 2000 and 3000</b> series routers are still running the vulnerable and ancient RIPv1 protocol on devices. Also, more than <b>5,000 ZET ZXv10 and TP-Link TD-8000 series routers</b> collectively are vulnerable. Most of the Netopia routers are issued by AT&T to customers in the U.S. BellSouth and MegaPath also distributes the routers so it would be wise to check them too.<br /> <br /> <h2 style="text-align: left;"> Remedial Measures</h2> <br /> The depreciated RIPv1 protocol is the culprit here, doesn't obviously the first solution would be to <b>switch to RIPv2</b> or a later version. <b>Turn on authentication</b> -this attack leverages devices don't ask for authentication. <b>Restricting RIP access</b> through an access control list and allowing only known routers through is also suggested.<br /> <div> <br /></div> </div>

Using Deprecated RIPv1 Routing Protocol for Reflection DDoS Attacks

Image credits: Prolexic Security Engineering and Research Team RIPv1 Protocol RIPv1, the short form of routing Information prot...

Read more »

Car Hacking : Megamos Crypto Transponder Vulnerability.

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-85S4QuPa_dI/VdexLYptQHI/AAAAAAAAAkw/3dgHa0XZxUI/s1600/car%2Bhck.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="366" src="https://3.bp.blogspot.com/-85S4QuPa_dI/VdexLYptQHI/AAAAAAAAAkw/3dgHa0XZxUI/s640/car%2Bhck.jpg" width="640" /></a></div> <div> <br /></div> Car hacking ain't new anymore, we've seen the demonstration by <b>Charlie Miller and Chris Valasek</b> on hacking an internet connected car remotely. Adding to the list, recently publicized research findings shows the presence of some serious vulnerabilities which the hackers can exploit to start the cars without the need of a key.<br /> <br /> <h2 style="text-align: left;"> Vulnerability found in Megamos Crypto transponder</h2> <br /> The <b>Megamos Crypto transponder</b> is used in most <b>Audi, Fiat, Honda, Volkswagen and Volvo cars.</b> It is a part of the anti-theft system which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive <b>RFID</b> tag which is usually embedded in the key of the vehicle. Audi, Ferrari, Fiat, Cadillac, Volkswagen are just a few names automakers include in a list or two dozen companies that adopt the flawed components.<br /> <br /> <h2 style="text-align: left;"> Exploiting The Vulnerability</h2> <br /> As per the paper titled <a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/verdult" rel="nofollow" target="_blank"><span style="color: #38761d;"><b>'Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer</b>'</span></a>, researchers reverse-engineered the software running on the transponder, with their prime focus on the analysis of proprietary security mechanisms implemented by the manufacturers. They have found <a href="http://cybergibbons.com/reverse-engineering-2/reverse-engineering-megamos-crypto/" rel="nofollow" target="_blank"><span style="color: #38761d;"><b>three ways</b></span></a> to run an attack against the transponder and bypass the authentication mechanism by recovering the 96-bit transponder secret key. According to them,<br /> <br /> <blockquote class="tr_bq"> “Our <b>first attack</b> consists of a cryptanalysis of the cipher and the authentication protocol. Our second and third attack not only look at the cipher but also at the way in which it is implemented and poorly configured by the automotive industry.” </blockquote> <br /> <div> It exploits the following weaknesses:<br /> <br /> · The transponder lacks a pseudo-random number generator.<br /> <br /> · The internal state of the cipher consists of only 56 bits, cipher-text comparing to the 96-bit secret key.<br /> · The cipher state successor function can be inverted, given an internal state and the correspond ciphertext it is possible to compute the predecessor state.<br /> <br /> · The last steps of the authentication protocol provides and adversary with 15-bits of known plain text.<br /> <div> <br /> <blockquote class="tr_bq"> “Our second attack exploits a weakness in the key-update mechanism of the transponder. This attack recovers the secret key after 3 × 216 authentication attempts with the transponder and negligible computational complexity. We have executed this attack in practice on several vehicles. We were able to recover the key and start the engine with a transponder emulating device. Executing this attack from beginning to end takes only 30 minutes.</blockquote> <br /> <blockquote class="tr_bq"> Our third attack exploits the fact that some car manufacturers set weak cryptographic keys in their vehicles. We propose a time-memory trade-off which recovers such a weak key after a few minutes of computation on a standard laptop.”</blockquote> <br /> <blockquote class="tr_bq"> “It is also possible to foresee a setup with two perpetrators, one interacting with the car and one wirelessly pickpocketing the car key from the victims pocket,” explained the researcher. “Our attacks require close range wireless communication with both the immobilizer unit and the transponder.”</blockquote> <br /> <h2 style="text-align: left;"> Conclusion.</h2> <div> <br /></div> These research findings are, however, a few years old. An attempt to present the paper at the 22nd USENIX Security Symposium in 2013 was <b><a href="http://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars" rel="nofollow" target="_blank"><span style="color: #38761d;">prevented by Volkswagen</span></a>.</b> Even though 3 years have passed since the first discovery of the flaw, more or less the security issues addressed are still relevant as the components present in modern connected more or less similar.</div> </div> </div>

Car Hacking : Megamos Crypto Transponder Vulnerability.

Car hacking ain't new anymore, we've seen the demonstration by Charlie Miller and Chris Valasek on hacking an internet conne...

Read more »

Hacking Android Pattern Lock (ALP)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-yg1wEupPof8/VdZC9MU1npI/AAAAAAAAAkQ/WKRGIBGlcds/s1600/unnamed%2B%25282%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hack Cave " border="0" height="360" src="https://2.bp.blogspot.com/-yg1wEupPof8/VdZC9MU1npI/AAAAAAAAAkQ/WKRGIBGlcds/s640/unnamed%2B%25282%2529.jpg" title="" width="640" /></a></div> <br /></div> Android pattern lock is the password alternative Google introduced in 2008 with the launch of its Android mobile OS. New studies show that it may appear strong but can be cracked in a matter of seconds. New data uncovers the surprising predictability of Android lock patterns.<br /> <div> <br /> <h2 style="text-align: left;"> Android Lock patterns(ALP) Are Not Safe.</h2> </div> <div> <br /> Android Lock patterns(ALP) frequently adhere to their own sets of predictable rules and often possess only a fraction of the complexity they're capable of. Android lock Patterns (ALPs) are so new and the number of collected real-world-patterns is comparatively minuscule. Still, the predictability suggests the patterns could one day be subject to the same sorts of intensive attacks that regularly visit passwords.<br /> <br /> <h2 style="text-align: left;"> Patterns Are Easy To Guess</h2> <br /> According to the study conducted by Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology,44 percent of patterns started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier. More than 10 percent of the ones she collected were fashioned after an alphabetic letter, which often corresponded to the first initial of the subject or of a spouse, child, or another person close to the subject. The discovery is significant because it means attackers may have a one-in-ten chance of guessing an ALP with no more than about 100 guesses. The number of guesses could be reduced further if the attacker knows the names of the target or of people close to the target.<br /> <br /> <h2 style="text-align: left;"> Solution-Choose a Complex pattern.</h2> <div> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-dYmvclHHaME/VdaLU1ncwZI/AAAAAAAAAkg/CvJzqX2l0Ps/s1600/Strong%2Bpattern%2Block-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="378" src="https://1.bp.blogspot.com/-dYmvclHHaME/VdaLU1ncwZI/AAAAAAAAAkg/CvJzqX2l0Ps/s640/Strong%2Bpattern%2Block-1.png" width="640" /></a></div> <br /> The best way to be on the safer side is not to use simple patterns. Use more nodes, choose a pattern difficult to guess. The specific sequence of nodes is also key in how complex a pattern is. Assigning the nine nodes the same digits found on a standard phone interface, the combination 1, 2, 3, 6 will receive a lower complexity score than the combination 2, 1, 3, 6, since the latter pattern changes direction.</div> </div>

Hacking Android Pattern Lock (ALP)

Android pattern lock is the password alternative Google introduced in 2008 with the launch of its Android mobile OS. New studies show t...

Read more »

Circuit Fingerprinting-Unmasking Tor Users without Decrypting Traffic.

<div dir="ltr" style="text-align: left;" trbidi="on"> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-ZYdUsVNuPD4/Vdh85-EAN6I/AAAAAAAAAlA/MgjEww4aE4Y/s1600/Capture.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Circuit Fingerprinting attack" border="0" height="334" src="https://2.bp.blogspot.com/-ZYdUsVNuPD4/Vdh85-EAN6I/AAAAAAAAAlA/MgjEww4aE4Y/s640/Capture.PNG" title="" width="640" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Image source : <i style="background-color: white; font-size: medium; text-align: justify;"><span style="color: #333333; font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 14.85px; line-height: 20.79px;">https://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf</span></span></i></td></tr> </tbody></table> <br /> <br /> Well.., Looks like the reliability of <b>Tor</b> Is Peeling off like an onion. Tor is no more safe, proved again. A team of security researchers from <b>Massachusetts Institute of Technology (MIT)</b> has developed <b><a href="https://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf" rel="nofollow" target="_blank"><span style="color: #38761d;">digital attacks</span></a></b> that can be used to unmask Tor hidden services in the Deep Web with a high degree of accuracy.<br /> <div> <span style="font-size: small; font-weight: normal;"><br /></span></div> <h2 style="text-align: left;"> Circuit Fingerprinting Attack</h2> <div> <br /></div> A new vulnerability was found in the Tor's Guard gateway which can be exploited to detect whether a user is accessing one of Tor's hidden services. <b>Tor's Guard</b> Gateways could be masqueraded and the packets coming from the user could be made to travel through attacker’s malicious ‘setup’ node acting as an Entry node. This includes a series of passive attacks which allows spies to unmask Tor users with 88 percent accuracy even without <b>decrypting the Tor traffic. </b>The researchers described this technique as "<b>Circuit Fingerprinting</b>,"<br /> <div> <div style="text-align: left;"> <br /></div> </div> <div> <h2 style="text-align: left;"> Passive De-Anonymization Of Tor Users</h2> <br /> This new alternative approach not only tracks the <b>digital footprints</b> of Tor users but also reveals exactly which hidden service the user was accessing; just by analyzing the traffic data and the pattern of the data packets. According to the research team, Tor exhibits finger-printable traffic patterns that allow an attacker to efficiently and accurately identify and correlate circuits involved in the communication with hidden services. So an attacker would be adopting the technique of identifying suspicious circuits with high confidence instead of monitoring every circuit. The technique nowhere breaks down the layered encrypted route of Tor network, so being encrypted doesn't make your identity anonymous from others.</div> <div> <br /> <h2 style="text-align: left;"> Tor-Is it hacked or becoming unreliable? </h2> <div> <br /></div> <div> <div style="background-color: white; text-align: justify;"> <div style="color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 14.8500003814697px; line-height: 20.7900009155273px;"> Tor is considered to be one of the cheapest and simplest ways to ensure Anonymity while accessing the Internet. With the time and a couple of successful breaches in the past, it seems that the reliability of Tor is questioned. However, the <span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;">Tor project leader </span><b style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;">Roger Dingledine</b><span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;"> raises a question to the researchers asking about the genuineness of the accuracy that the </span><b style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;">Traffic fingerprinting technique</b><span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;"> delivers. </span><span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;">According to the MIT News article, the fix was suggested to Tor project representatives, who may add it to a future version of Tor.</span></div> <div style="color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 14.8500003814697px; line-height: 20.7900009155273px;"> <span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;"><br /></span></div> <div> <i><span style="color: #333333; font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif; font-size: 14.8500003814697px; line-height: 20.7900009155273px;">The full paper can be found at </span><span style="color: #333333; font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;">https://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf</span></span></i><br /> <i><span style="color: #333333; font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="font-size: 14.8500003814697px; line-height: 20.7900009155273px;"><br /></span></span></i></div> </div> </div> <h2 style="text-align: left;"> Tor Alternative?</h2> <div> <br /></div> Yes, there are better alternatives to Tor. One such promising Tor Alternative is <b>HORNET- High-speed Onion Routing at the Network Layer</b>. I have written a detailed post about HORNET before. It can be read from the below link.<br /> <div style="text-align: center;"> <b><a href="http://www.hackcave.net/2015/08/hornet-ultra-high-speed-secure-tor.html"><span style="color: #38761d;">HORNET: Ultra High Speed & Secure TOR Alternative</span></a></b><br /> <b><span style="color: #38761d;"><br /></span></b></div> </div> </div>

Circuit Fingerprinting-Unmasking Tor Users without Decrypting Traffic.

Image source :  https://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf Well.., Looks like the reliability of Tor Is Peeling of...

Read more »

The Quantum Cryptography System: Uncrackable encryption.

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/-1EBHrP_Mt9A/VdL0VvzTI3I/AAAAAAAAAjw/VKQn7YE6gKA/s1600/AAEAAQAAAAAAAALjAAAAJDRkZGMxMGM1LThkNjktNDJiYy1iZjFlLThlZmYyNzU2Y2IzYQ.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hack Cave" border="0" height="364" src="https://4.bp.blogspot.com/-1EBHrP_Mt9A/VdL0VvzTI3I/AAAAAAAAAjw/VKQn7YE6gKA/s640/AAEAAQAAAAAAAALjAAAAJDRkZGMxMGM1LThkNjktNDJiYy1iZjFlLThlZmYyNzU2Y2IzYQ.png" title="" width="640" /></a></div> <br /> <h2 style="text-align: left;"> Absolutely Unbreakable Encryption</h2> <br /> Japanese tech giant Toshiba is all set to create the next level of encryption technology that the firm claims are <b>absolutely unbreakable</b> and "<b>completely secure from tapping</b>". The best way to ensure the complete security of the communication is to make use of a one-time key to decode encrypted data. However, the problem remains to transfer this key from one place to another safely when even mail carriers may be spying on you.<br /> <br /> <h2 style="text-align: left;"> Quantum Cryptographic Communication</h2> <br /> Toshiba is creating a '<b>foolproof</b>' Quantum Cryptography System that uses photons sent over a custom-made fiber optic cable that is not connected to the Internet. Quantum cryptographic communication uses <b>quantum physics </b>to ensure that genomic data encrypted with digital keys remains secret. Standard optical communications can be intercepted and read by measuring a part of the optical signal.<br /> <br /> <h2 style="text-align: left;"> Quantum Cryptographic communication system</h2> <br /> However, in quantum communications bits are carried and sent by individual photons, which cannot be tampered with without leaving a trace of the intrusion. As a consequence, the secrecy of untampered encryption keys, and the genome data they protect can be guaranteed.<br /> <br /> This technology guarantees secure transfers of confidential information and personal information. Potential users will include public agencies and medical institutions.<br /> <br /> In an era of mass surveillance, spying NSA etc this technology will provide a breakthrough in safe and private communication.<br /> <div> <br /></div> <div> <i>Source: http://blogs.wsj.com/japanrealtime/2015/06/22/toshiba-working-on-unbreakable-encryption-technology/</i></div> </div>

The Quantum Cryptography System: Uncrackable encryption.

Absolutely Unbreakable Encryption Japanese tech giant Toshiba is all set to create the next level of encryption technology that the f...

Read more »

Vulnerability In BitTorrent Can Be Exploited For DDoS Attacks

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-I_kwZ-g7pEE/VdHPqnG7dDI/AAAAAAAAAjg/zRdqN2k5noQ/s1600/Hack%2BCave.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="350" src="https://2.bp.blogspot.com/-I_kwZ-g7pEE/VdHPqnG7dDI/AAAAAAAAAjg/zRdqN2k5noQ/s640/Hack%2BCave.png" width="640" /></a></div> <br /> The <b>BitTorrent </b>protocol is a file-sharing protocol used by Millions of online users to exchange files over the Internet on a daily basis. A new research by <b>Florian Adamsky</b> of the <b>City University London</b> shows that open BitTorrent protocol can be exploited to carry out <b>Distributed Reflective Denial of Service (DRDoS) attacks</b>. This Makes all BitTorrent applications like <b>uTorrent, Vuze </b>etc could be used to carry out a devastating distributed denial of service (DDoS) attack. It is to be noted that this makes possible for a single undetectable hacker to take down big sites.<br /> <br /> <h2> BitTorrent protocol is Vulnerable to DRDoS attack</h2> <br /> <b>DRDoS </b>attack is a more sophisticated form of conventional DDoS attack where open and misconfigured DNS (Domain Name System) can be used by anyone to launch high-bandwidth DDoS attacks on target websites. In a paper, titled <a href="https://www.usenix.org/conference/woot15/workshop-program/presentation/p2p-file-sharing-hell-exploiting-bittorrent" rel="nofollow" target="_blank">"<b>P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks</b></a>," the researchers shows that the weakness in various BitTorrent protocols can be exploited to amplify <b>Denial of Service attacks. </b>According to them, the vulnerability affects BitTorrent protocols <b>(Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE)) </b>as well as <b>BitTorrent Sync (BTSync)</b> protocols.<br /> <div style="text-align: left;"> <br /></div> <h2 style="text-align: left;"> High Bandwidth DDoS Attacks Are easy Now</h2> <br /> As per the tests conducted it was successful in using BitTorrent peers to flood a third-party target with data traffic up to a factor of 50 to 120 times bigger than the original request. High bandwidth DDoS attacks are very common nowadays. Hacking groups like <b><span style="color: #274e13;"><a href="https://en.wikipedia.org/wiki/Lizard_Squad" rel="nofollow" target="_blank">Lizard Squad</a> </span></b>and <b>Anonymous </b>were successful in attacking big targets by DDoS. Lizard Squad even made a commercial tool named "<b>Lizard Stressor</b>" which is a paid DDoS tool available to anyone.  Two years ago, a massive <b>300Gbps DDoS</b> attack launched against Spamhaus website almost broke the Internet, not to mention the new heights of DDoS achieved against <b>CloudFlare</b>, reaching more than<b> 400Gbps</b> at its peak of traffic, last year.<br /> <div style="text-align: left;"> <br /></div> <h2 style="text-align: left;"> Patches are on its way. Update Soon.</h2> <br /> <b>BitTorrent</b> company has already patched some of its applications in a recent beta release. However, <b>uTorrent</b> is still vulnerable to a <b>DHT</b> attack. <b>Vuze</b> is also yet to release a patch, even though it was informed. So to be on the safer side you may need to use the patched products for the time being.<br /> <b>Check: <a href="http://www.hackcave.net/2015/08/hornet-ultra-high-speed-secure-tor.html" target="_blank"><span style="color: #38761d;">HORNET: Ultra High Speed & Secure TOR Alternative</span></a></b><br /> <br /></div>

Vulnerability In BitTorrent Can Be Exploited For DDoS Attacks

The BitTorrent protocol is a file-sharing protocol used by Millions of online users to exchange files over the Internet on a daily bas...

Read more »

Firefox stealthily loads webpages arising Privacy & Security concerns.

<div dir="ltr" style="text-align: left;" trbidi="on"> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-glZCZfyLeWY/VdBphCvQQfI/AAAAAAAAAjE/ZpyQUnL4Bqs/s1600/image001.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Firefox Vulnerability " border="0" height="446" src="https://4.bp.blogspot.com/-glZCZfyLeWY/VdBphCvQQfI/AAAAAAAAAjE/ZpyQUnL4Bqs/s640/image001.jpg" title="" width="640" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;"><i style="font-size: medium; text-align: left;">Image courtesy: geeky-gadgets.com</i></td></tr> </tbody></table> <br /> Many browsers do <b>pre-fetching</b> and caching of web pages for speed and performance optimization. But Mozilla Firefox has taken one step forward,<b> it stealthily loads web pages when you hover over links.</b> Yes! Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link.<br /> <div> <br /> <h2> Privacy and Security Concerns</h2> <div> <br /></div> While this sounds potentially helpful, it is also something of a privacy and security concern, not to mention a waste of bandwidth. You might hover over a link simply to check out the destination in the status bar and if there is a link to a malicious or unsavory website, these stealthy connections to those sites made in the background would be the last thing you would like to see. </div> <div> <br /> <h2 style="text-align: left;"> How it works?</h2> <div> <br /></div> This concerning behavior is the result of <b>Mozilla speculative connect API.</b> </div> <div> <br /></div> <div> According to Mozilla Developer blog, </div> <blockquote class="tr_bq"> "<b>nsISpeculativeConnect</b> lets the networking layer begin setting up TCP and, if appropriate, SSL handshakes to save time when the connection is actually opened later."</blockquote> <div> In it pre-loads the web pages so that browsing would be easy and time-saving.</div> <div> <br /> <h2 style="text-align: left;"> How to fix this?</h2> <div> <br /></div> Follow the below simple steps to turn off this annoying <b>'speculative pre-connections' </b>feature<br /> <div> <br /> 1. Type "<b>about:config</b>" into the address bar (and you'll see a list of variables)</div> <div> <i>(The first time you look at "about:config", Firefox might ask you "Are you sure you know what you're doing?" Click "yes" and proceed.)</i><br /> <br /> 2. Copy-paste "<b>network.http.speculative-parallel-limit"</b> into the search bar at the top of that page and hit Return.<br /> <br /> 3. You'll now just have that one line on the page. Double-click it (or right-click on it and select "Modify")<br /> <br /> 4. A box pops up, change the value to 0, and hit OK.</div> <div> <br /> Done.</div> <div> <br /> <h2 style="text-align: left;"> Conclusion</h2> <div> <br /></div> One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different. Hope this bug would be fixed in the future Firefox releases.<br /> <br /></div> </div> <div> <br /></div> </div>

Firefox stealthily loads webpages arising Privacy & Security concerns.

Image courtesy: geeky-gadgets.com Many browsers do pre-fetching and caching of web pages for speed and performance optimization. But ...

Read more »

Hackers Can Attack Gas Stations and Blow It Up.

<div dir="ltr" style="text-align: left;" trbidi="on"> <br /> <h2 style="text-align: left;"> Anything can be hacked, not just cars, snipers, smartwatches or skateboards.</h2> <br /> Hackers are attacking anything that is connected to the Internet and not even gas monitors are safe. Earlier this year hackers possibly affiliated with Anonymous were successful in hacking a Gas station, leveraging a vulnerability in internet connected <b>Automated Tank Gauges (ATGs)</b> that were used to monitor fuel tank inventory levels.<br /> <br /> <h2 style="text-align: left;"> GasPot –a honeypot experiment by Trend Micro.</h2> <div> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-eH-ONx36Yy8/Vc9eUPJkVOI/AAAAAAAAAik/x2yIj2S30c8/s1600/image001.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="328" src="https://2.bp.blogspot.com/-eH-ONx36Yy8/Vc9eUPJkVOI/AAAAAAAAAik/x2yIj2S30c8/s640/image001.png" width="640" /></a></div> <div> <br /></div> <br /> In the wake of observing increased attacks on gas stations, researchers of <b>Trend Micro</b>, <b>Kyle Wilhoit</b> and <b>Stephen Hilt</b> set up a <b>honeypot</b> named <b>"GasPot</b>" to monitor the activities of hackers. And they observed a number of attacks on their GasPots within a period of six months, with US-based ones being the most targeted. Some instances were clearly for reconnaissance purposes as they were merely automated scanners pinging the monitors. It was also found that the hackers renamed the Gas-Pots such a way that it would appear to be hacked by some infamous hacking groups across the globe.<br /> <br /> <h2 style="text-align: left;"> Country wise targeted Attacks.</h2> <br /> GasPot were placed in several countries like <b>Russia, Germany, Brazil, US, Great Britain, the United Arab Emirates, and Jordan</b>. According to Trend Micro’s research, the most targeted gas tanks was US (44%), Jordan (17%), Brazil, Great Britain, and the United Arab Emirates (11%). Hackers began their attack and even shared the scripts on underground forums and text snippets on Pastebin. In another instance, a <b>2Gbps DDOS</b> (distributed denial of service) attack was made on one of the GasPot located in Washington, possibly by <b>Syrian Electronic Army(SEA)</b>.<br /> <br /> <b><span style="color: red;"><i>Don't forget to check this post: <a href="http://www.hackcave.net/2015/08/lenavo-caught-installing-rootkits-in.html" target="_blank"><span style="color: #38761d;">Lenovo Caught Installing Rootkits In Their PCs!</span></a></i></span></b><br /> <br /> <h2 style="text-align: left;"> Vulnerability in automated tank gauges (ATG)</h2> <br /> Gas monitoring systems or <b>automated tank gauges (ATG)</b> keep an eye on fuel levels, volume, and temperature, among other stats. Many of them are easy to get into because they're not protected by passwords. ATGs can typically be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a <b>TCP/IP</b> circuit board. In order to facilitate remote monitoring over the Internet, ATG serial interfaces are often mapped to an internet-facing port. This opens door to potential trouble, especially since serial interfaces are rarely password protected.<br /> <br /> <h2 style="text-align: left;"> Potential Risks</h2> <br /> <b>Trend Micro</b> researchers warn that ATG cyber attacks could cause serious issues. Hackers can monitor one to find out when a facility is expecting the next fuel delivery or hold it hostage. They can and demand ransom and disrupt the activities. They can also fake fuel levels to induce overflow and put the lives of people in the area in danger.<br /> <br /> <h2 style="text-align: left;"> Hackers might hack a Gas Station remotely and Blow It Up!</h2> <br /> Hacking and <b>executing commands</b> in these systems can not only modify tank labels, but also tank levels and overflow limits, temperature compensation values, tank tilt and diameter values, and other units of measurement. Given certain conditions, attackers can, for instance, set a tank overflow limit to a value beyond its capacity, thus triggering an overflow. Since gas overflows are extremely dangerous because the liquids they contain are highly combustible. Thus by successfully manipulating these values, the possibility of a potential hacker <b>blowing up a gas station</b> is not negligible.<br /> <span style="color: red;"><br /></span> <i><b><span style="color: red;">You might be interested </span><span style="color: red;">in</span>: <a href="http://www.hackcave.net/2015/08/hacking-team-data-breach-overview-of.html" target="_blank"><span style="color: #38761d;">Hacking Team Data Breach-Overview Of Leaked data</span></a></b></i><br /> <a href="http://www.hackcave.net/2015/08/hacking-team-data-breach-overview-of.html"></a><br /> <h2 style="text-align: left;"> Conclusion</h2> <br /> Internet-connected devices worldwide can be found easily using services like <a href="http://www.shodanhq.com/" rel="nofollow" target="_blank"><b><span style="color: #274e13;">Shodan</span></b></a>. This puts not only personal & home Internet of Things (IoT) devices like routers, baby monitors, heating systems, but also surveillance cameras, traffic lights, medical equipment, and power plants too under the risk of attack. As per the researchers, it is better not to leave <b>Supervisory Control and Data acquisition (SCADA) </b>and <b>ICS</b> systems connected to the internet, unless absolutely necessary. If they really need to be, their security should be hardened so that access to them is extremely limited and private as these devices use the barest or no security barriers at all.<br /> <br /> <b>Source: <span style="color: #274e13;"><i><a href="http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-gaspot-experiment" rel="nofollow">The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems</a></i>. </span></b><br /> <br /></div>

Hackers Can Attack Gas Stations and Blow It Up.

Anything can be hacked, not just cars, snipers, smartwatches or skateboards. Hackers are attacking anything that is connected to the In...

Read more »

Lenovo Caught Installing Rootkits In Their PCs !

<div dir="ltr" style="text-align: left;" trbidi="on"> <div> <br /></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/-PrnTEBjUUvk/VczgLO_LeeI/AAAAAAAAAiQ/HHdDvz2bS4k/s1600/oiekFfliyLBFpAH.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hack Cave" border="0" height="228" src="https://4.bp.blogspot.com/-PrnTEBjUUvk/VczgLO_LeeI/AAAAAAAAAiQ/HHdDvz2bS4k/s320/oiekFfliyLBFpAH.jpg" title="" width="320" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <h2 style="text-align: left;"> Lenovo Does It Again!</h2> <br /> Lenovo has a bad track record, as they were found to be selling laptops pre-installed with <b><a href="https://support.lenovo.com/us/en/product_security/superfish_uninstall" target="_blank"><span style="color: red;">Superfish</span></a></b> malware a few months ago. Not just that, Lenovo got banned from supplying network equipment for defense services in various countries due to hacking and spying concerns.<br /> <h2 style="text-align: left;"> Rootkit dubbed as "Lenovo Service Engine (LSE)"</h2> <br /> According to Lenovo it is a piece of code inbuilt into the firmware on the computer's motherboard. During windows is installation process, the LSE automatically downloads and installs Lenovo's own software during boot time before the Microsoft operating system is launched, which overwrites Windows operating system files. It injects software that updates drivers, firmware, and other pre-installed apps onto Windows machine, even in case of a clean reinstall of OS. This causes the hidden LSE in the firmware will automatically bring them back as soon as the machine powered on or rebooted.<br /> <div> <br /> <span style="color: red; font-style: italic; font-weight: bold;">Check out this too : </span><b><a href="http://www.hackcave.net/2015/08/windows-mount-manager-bug-birth-of-next.html" target="_blank"><span style="color: #6aa84f;">Windows Mount Manager Bug - Birth of Next StuxNet ?</span></a></b><br /> <div style="text-align: left;"> <br /></div> <h2 style="text-align: left;"> Impact Of The LSE Rootkit</h2> <div> <br /> It has varying destructive impacts for <b>Desktops</b> and Laptops. As per the company claims it sends some basic information like the system model, date, region, and system ID etc to a Lenovo server, just for one time, except any personal data. In case of <b>Laptops</b> it's a different story. LSE installs a software program called <b>OneKey Optimizer (OKO)</b>, which according to the company enhances the computer performance by updating the firmware drivers,pre-installed apps, removes junk files and find ways to optimize system performance. But in reality the OneKey Optimizer falls under the category of "<a href="http://operationstech.about.com/od/glossary/g/crapware.htm" rel="nofollow" target="_blank"><span style="color: red;"><b>crapware</b></span></a>" and both LSE as well as OKO appears to be insecure. Holy crap! Isn't it?</div> </div> <div> <br /> <h2 style="text-align: left;"> Who Are Affected?</h2> <div> <br /></div> According to official statements from Lenovo the new systems that were built since June don't have the BIOS firmware that causes the issue and it's no longer installing Lenovo Service Engine on new PCs. Many Flex and Yoga machines running operating systems including Windows 7, Windows 8, and Windows 8.1 are affected by this issue. Full list of affected notebooks and desktops can be seen on Lenovo's website.</div> <div> <br /> <span style="color: red; font-style: italic;"><b>You might also be interested in</b> : </span><b><a href="http://www.hackcave.net/2015/08/stagefright-worst-android-rce-bug-ever.html" target="_blank"><span style="color: #6aa84f;">StageFright: Worst Android RCE Bug ever.</span></a></b><br /> <br /> <h2 style="text-align: left;"> How to Remove LSE Rootkit?</h2> <div> <br /></div> It should be done manually and the below given steps would be sufficient to get rid of this Rootkit.<br /> <ul style="text-align: left;"> <li>Know your System Type (whether it’s a 32-bit or 64-bit version of Windows)</li> <li>Browse to the <a href="https://support.lenovo.com/us/en/product_security" rel="nofollow" target="_blank"><b><span style="color: #274e13;">Lenovo Security Advisory</span></b></a>, and select the link for your specific Lenovo machine.</li> <li>Click the "Date" button for the most recent update.</li> <li>Search for "Lenovo LSE Windows Disabler Tool" and Click the download icon next to the version that matches your version of Windows.</li> <li>Run the program as administrator and It will remove the LSE software.</li> </ul> <br /> Did you like the article? Please send your feedback as comments. Also don't forget to share it to your friends and people you care so that they can be safe.<br /> <br /></div> </div>

Lenovo Caught Installing Rootkits In Their PCs !

One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinsta...

Read more »

Windows Mount Manager Bug - Birth of Next StuxNet ?

<div dir="ltr" style="text-align: left;" trbidi="on"> <br /> <h3 style="text-align: left;"> Windows Mount Manager Bug</h3> <br /> Microsoft recently patched a vulnerability in <b>Windows Mount Manager</b>, a driver in <b>mountmgr.sys </b>that assigns drive letters for dynamic and basic disk volumes. The flaw is being exploited in targeted attacks and patching this vulnerability is supposed to be prioritized. However, it requires local access to a machine to exploit.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-8ZZa-xik18g/Vcuig1Kg96I/AAAAAAAAAgs/JtNu-UlTD0s/s1600/usb-skull-300x200.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Windows Mount Manager Bug" border="0" height="426" src="https://3.bp.blogspot.com/-8ZZa-xik18g/Vcuig1Kg96I/AAAAAAAAAgs/JtNu-UlTD0s/s640/usb-skull-300x200.jpg" title="" width="640" /></a></div> <br /> According to experts, this vulnerability can allow an attacker to run malicious code on a system if they can gain access to a USB port. Since this attack does require physical access to a system, its impact is limited to specific environments and circumstances.<br /> <br /> <h3 style="text-align: left;"> Similar To Stuxnet.</h3> <br /> Windows Mount Manager Bug works similar to the notorious <b>Stuxnet</b>, which can be called as world's first digital weapon. Stuxnet is a Dreaded malware infected over USB drives, malicious .wrecking havoc in industrial <b>PLC & SCADA</b> systems, especially the uranium plants of Iran. It too exploited a flaw in the Windows Shell that allowed local users and remote attackers to execute the malicious.<b>LNK shortcut file</b>. The vulnerability occurs because of the .LNK files are not properly handled during icon display in Windows Explorer and in Siemens WinCC SCADA systems. The malware executes by merely visiting a directory hosting the .LNK file. Stuxnet-infected machines spread the malware to USBs and other peripherals connected to the computer in the hopes of spreading the attack to air-gapped machines.<br /> <br /> <h3 style="text-align: left;"> Fanny Worm too leverages Malicious.LNK shortcut file.</h3> <br /> The .LNK vulnerability was also exploited by the Equation Group, uncovered by researchers at Kaspersky Lab, via the <b>Fanny worm</b>. Fanny exploits two zero days also used by Stuxnet and also spread over USB sticks to air-gapped computers.<br /> <br /> <h3 style="text-align: left;"> Microsoft Issues Patches</h3> <br /> In March, Microsoft patched the.LNK-related vulnerability again after German researcher <b>Michael Heerklotz</b> discovered that the original patch from August 2010 was incomplete. Heerklotz reported the bug to HP’s Zero Day Initiative, which said that Windows users had been exposed all along. Heerklotz said he found a way to bypass Microsoft’s patch by attacking other parts of the .LNK code that was not checked by the original patch.<br /> The Mount Manager vulnerability patched is not remotely exploitable. It does allow for elevation of privilege and affects supported Windows systems, including Windows 10. Microsoft announced that in addition to the patch it was also making an event log available that detects attacks against this vulnerability.<br /> <br /> <h3 style="text-align: left;"> Birth of Next Stuxnet?</h3> <br /> Windows Mount Manager Bug has similar working patterns of Stuxnet. Taking all these aspects into account this obviously paves the way for the development of a similar or more sophisticated malware. It is also possible that another malware based on this zero-day vulnerability is already in released and leveraged in the wild. <a href="http://www.hackcave.net/2015/08/hacking-team-data-breach-overview-of.html" target="_blank"><b><span style="color: #274e13;">Hacking Team and their recent data breach</span></b></a> is the best instance.<br /> <br /> <b>What do you think? Share your thoughts via comments. </b><br /> <b><br /></b> <b><span style="color: red;">Also Read </span>: </b><a href="http://www.hackcave.net/2015/09/hacking-iot-hackers-can-hijack-baby.html" itemprop="url" style="background-color: white; display: inline !important; font-family: 'PT Sans'; font-size: 20px; font-weight: 600; text-decoration: none;"><span style="color: #38761d;">Hacking IoT: Hackers can hijack baby monitors easily.</span></a></div>

Windows Mount Manager Bug - Birth of Next StuxNet ?

Windows Mount Manager Bug Microsoft recently patched a vulnerability in Windows Mount Manager , a driver in mountmgr.sys that assigns d...

Read more »

Bettercap - Advanced MITM tool & Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <h2> </h2> <h2> What is Bettercap?</h2> <div> <br /></div> <b><a href="http://www.bettercap.org/" rel="nofollow" target="_blank">Bettercap</a></b> is a complete, modular, portable and easily extensible <a href="https://hackcave.net/" rel="nofollow" target="_blank"><b>MITM</b></a> tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. It is created by <span style="color: green;"><b><a class="ProfileHeaderCard-nameLink u-textInheritColor js-nav " href="https://twitter.com/evilsocket" rel="nofollow" style="color: green;" target="_blank">Simone Margaritelli</a>.</b> </span> <br /> <span style="color: green;"><b><br /></b></span> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-CRHTAmhoTpI/Vcujo65HcNI/AAAAAAAAAg4/itEc-_iTsXo/s1600/bettercap-v1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="388" src="https://2.bp.blogspot.com/-CRHTAmhoTpI/Vcujo65HcNI/AAAAAAAAAg4/itEc-_iTsXo/s640/bettercap-v1.jpg" width="640" /></a></div> <br /> <h3> How It is better than Ettercap.</h3> <div> <br /></div> The author of Bettercap claims it's better than Ettercap,a popular MITM tool, for the following reasons.<br /> <ul> <li>Ettercap <b>was</b> a great tool, but it made its time.</li> <li>We've found ettercap filters to simple not work in many cases as they are outdated and also haven't been maintained as there aren't as many low-level C programmers interested in maintaining it.</li> <li>ettercap is freaking <b>unstable</b> on big networks ... If you've tried to use ettercap's host discovery feature on any large network you'll see it simply can't scale well.</li> <li>yeah you can see connections and raw pcap stuff, <b>nice toy</b>, but <b>as a professional researcher, I want to see only relevant stuff</b>.</li> <li>unless you're a C/C++ developer, you can't easily extend ettercap or make your own module.</li> </ul> <div> <br /></div> <h2 class="post-title"> <b>Installation</b></h2> <div> <b><br /></b></div> <h3 id="stablereleasegem"> <i>Stable Release ( GEM )</i></h3> <div> <i><br /></i></div> <blockquote> <pre><code>gem install bettercap</code></pre> </blockquote> <br /> <h3 id="developmentrelease"> <i>Development Release</i></h3> <div> <i><br /></i></div> <blockquote> <pre><code>git clone https://github.com/evilsocket/bettercap cd bettercap gem build bettercap.gemspec sudo gem install bettercap*.gem</code></pre> </blockquote> <br /> <blockquote> <pre> </pre> </blockquote> <h3 id="dependencies"> <i>Dependencies</i></h3> <div> <i><br /></i></div> All dependencies will be automatically installed through the GEM system, in some case you might need to install some system dependency in order to make everything work:<br /> <blockquote> <pre><code>sudo apt-get install ruby-dev libpcap-devHow is it possible?</code></pre> </blockquote> <br /> <h2> <b>Features of Bettercap.</b></h2> <div> <b><br /></b></div> <h3 id="dynamichostdiscoveryarpspoofing"> Dynamic Host Discovery + ARP Spoofing</h3> <div> <br /></div> You can target the whole network or a single known address. The ARP spoofing capabilities and multiple hosts discovery agents will make rest of the work easier.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-WRa8j9tf-EU/VcunWiq6I0I/AAAAAAAAAhE/P2Qx59k5paw/s1600/discovery.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="https://1.bp.blogspot.com/-WRa8j9tf-EU/VcunWiq6I0I/AAAAAAAAAhE/P2Qx59k5paw/s640/discovery.png" width="640" /></a></div> <br /> <h3 id="credentialssniffer"> </h3> <h3 id="credentialssniffer"> Credentials Sniffer.</h3> <div> <br /></div> It has got a built-in credentials sniffer which can gather from the network the following information:<br /> <ul> <li>URLs being visited.</li> <li>HTTPS host being visited.</li> <li>HTTP POSTed data.</li> <li>HTTP Basic and Digest authentication.</li> <li>FTP credentials.</li> <li>IRC credentials.</li> <li>POP, IMAP and SMTP credentials.</li> <li>NTLMv1/v2 ( HTTP, SMB, LDAP, etc ) credentials.</li> </ul> <div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-Klj_dafh1v8/VcunfKUB-YI/AAAAAAAAAhM/aIVhNVfktSY/s1600/credentials.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="https://1.bp.blogspot.com/-Klj_dafh1v8/VcunfKUB-YI/AAAAAAAAAhM/aIVhNVfktSY/s640/credentials.png" width="640" /></a></div> <br /></div> <h3 id="modulartransparentproxy"> </h3> <h3 id="modulartransparentproxy"> Modular Transparent Proxy</h3> <div> <br /></div> You can start a <b>modular transparent proxy</b> with the --proxy argument, by default it will be logging HTTP requests. By specifying a <b>--proxy-module</b> argument custom modules can be loaded to manipulate HTTP traffic. Example modules can be found in the <span style="color: green;"><b><a href="https://github.com/evilsocket/bettercap-proxy-modules" rel="nofollow" style="color: green;" target="_blank">dedicated repository</a>.</b></span><br /> <span style="color: green;"><b><br /></b></span> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-tVsctq7f2NY/Vcun3_y5_nI/AAAAAAAAAhU/TxMU-0FdtsE/s1600/proxy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="https://1.bp.blogspot.com/-tVsctq7f2NY/Vcun3_y5_nI/AAAAAAAAAhU/TxMU-0FdtsE/s640/proxy.png" width="640" /></a></div> <span style="color: green;"><b><br /></b></span> <br /> <h3 id="builtinhttpserver"> </h3> <h3 id="builtinhttpserver"> Built in HTTP Server</h3> <div> <br /></div> A built-in HTTP server comes with bettercap, allowing you to serve custom contents from your own machine without installing and configuring other softwares such as Apache, nginx or lighttpd. Bettercap allows custom JavaScript files to be used on the network. Thus custom script or image can be injected into HTTP responses using a transparent proxy module. Sounds Great? Go ahead and try this tool.<br /> <br /> <div style="text-align: center;"> <b>Installation guide => <span style="color: green;">http://www.bettercap.org/install/</span> </b></div> <div style="text-align: center;"> <b>Features and How to use => <span style="color: green;">http://www.bettercap.org/features/</span></b></div> </div>

Bettercap - Advanced MITM tool & Framework

What is Bettercap? Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diag...

Read more »

StageFright: Worst Android RCE Bug ever

<div dir="ltr" style="text-align: left;" trbidi="on"> <h3 style="text-align: left;"> <b><br /></b></h3> <h3 style="text-align: left;"> <b>Android Remote Code Execution Vulnerability</b></h3> <div> <b><br /></b></div> This <b>RCE</b> bug was found to affect almost all versions of android, right from the 2.2 to 5.1 Lollipop, which accounts for nearly 950 Million Android smartphones and tablets. This vulnerability was found by Joshua Drake, vice president of platform research and exploitation at security firm Zimperium.<br /> <h3 style="text-align: left;"> <b>How it works?</b></h3> <div> <b><br /></b></div> Hackers can access the vulnerable device without the owners being aware of it, just by sending an SMS! The vulnerability exists in a core Android component called "<b>Stagefright,</b>" which is a multimedia playback library used by Android to process, record and play multimedia files.<br /> <br /> <h3 style="text-align: left;"> <b>A Simple Text Message Can Hack You!</b></h3> <div> <b><br /></b></div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/-JBZwEh6BRiA/VcooUy9bTRI/AAAAAAAAAfE/BFypsrHsU4A/s1600/wpid-hack-android-phone.png1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="332" src="https://4.bp.blogspot.com/-JBZwEh6BRiA/VcooUy9bTRI/AAAAAAAAAfE/BFypsrHsU4A/s640/wpid-hack-android-phone.png1.jpg" width="640" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div> <b><br /></b></div> To leverage this vulnerability all that is needed by the hacker is the phone number of the victim’s Android device. The hacker then sends the malicious message which will surreptitiously execute malicious code on the target device. No user action is required, and the user will have no clue of being hacked. According to Zimperium blog, n attack can happen when you are asleep, and the attacker can remove any signs of attack before you wake up. You'll continue your daily works with a trojened phone as if nothing happened.<br /> <br /> <h3 style="text-align: left;"> <b>More ways to exploit StageFright Vulnerability.</b></h3> <div> <b><br /></b></div> According to the findings of Joshua Drake this vulnerability can be exploited in several other ways, like luring the victim to open a malicious site. More details, which includes additional six ways to leverage the vulnerability, will be presented by Drake in the upcoming <b>Black Hat security conference</b> in Las Vegas on on August 5 and <b>DEF CON 23</b> on August 7, where he is scheduled to deliver a talk titled, <b>Stagefright: Scary Code in the Heart of Android.</b><br /> <b><br /></b> <br /> <h3 style="text-align: left;"> <b>How to be safe from StageFright Vulnerability?</b></h3> <div> <b><br /></b></div> Google has issued a patch and sent to all device makers. They are supposed to deliver the fix thought OTA updates. Hope that happens soon, before its too late. However in the silent circle's Black Phone and Mozilla's Firefox OS, the issue has been patched already.<br /> <br /> <b><span style="color: red;">Also Read </span></b>: <a href="http://www.hackcave.net/2015/08/task-hijacking-attack-another-dreaded.html" itemprop="url" style="background-color: white; display: inline !important; font-family: 'PT Sans'; font-size: 20px; font-weight: 600; text-decoration: none;"><span style="color: #38761d;">Task Hijacking Attack: Another Dreaded Android Vulnerability</span></a></div>

StageFright: Worst Android RCE Bug ever

Android Remote Code Execution Vulnerability This RCE bug was found to affect almost all versions of android, right from the 2.2 to 5...

Read more »

HORNET: Ultra High Speed & Secure TOR Alternative

<div dir="ltr" style="text-align: left;" trbidi="on"> <h3 style="text-align: left;"> <b><br /></b></h3> <h3 style="text-align: left;"> <b>Tor network alternative</b></h3> <div> <b><br /></b></div> For many years until now, userTor has been the favorite option to maintain anonymity on the Internet. Tor was initially developed by the US Naval Research Lab and works based on ‘<b>onion routing</b>’ principles. Even though it handles over 2 Million users on its network daily comprising mostly journalists, activists, law enforcement and hackers etc, Tor has its faults. It is often slow and frustrating because its performance is based on the number of systems that make up the network. <b>HORNET</b> aims to resolve this issue. <b></b><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-l-55dnR0HgE/VcoqnU6iKQI/AAAAAAAAAfQ/SD4luWnJFQQ/s1600/wpid-aaeaaqaaaaaaaavlaaaajgrkogi4owqylthkmzmtnda0mc1hzjmyltmzytvmogrjytewoa.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="HORNET - TOR Alternative" border="0" src="https://2.bp.blogspot.com/-l-55dnR0HgE/VcoqnU6iKQI/AAAAAAAAAfQ/SD4luWnJFQQ/s1600/wpid-aaeaaqaaaaaaaavlaaaajgrkogi4owqylthkmzmtnda0mc1hzjmyltmzytvmogrjytewoa.jpg" title="" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <h3 style="text-align: left;"> <b> HORNET: High-speed Onion Routing at the Network Layer.</b></h3> <div> <b><br /></b></div> <b> </b> High-speed onion routing network HORNET is capable of handling anonymous traffic at speeds of more than 93 Gbps while maintaining privacy.The new anonymous network is built by researcher Chen Chen of Carnegie Mellon University, along with Daniele Enrico Asoni, Adrian Perrig and David Barrera of the Zurich's Federal Institute of Technology, and George Danezis of University College London. <b></b><br /> <br /> <h3 style="text-align: left;"> <b> Hornet - the better alternative to Tor.</b></h3> <div> <b><br /></b></div> <b> </b> The research team who developed HORNET, in their n a paper (PDF) titled<b> HORNET: High-speed Onion Routing at the Network Layer</b>, says it is a low-latency onion routing system that enables end-to-end anonymous channels with a quicker and more secure alternative to Tor.<blockquote> <blockquote class="tr_bq"> "[HORNET] is designed to be highly efficient," reads the paper, "instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients." </blockquote> </blockquote> <b></b><br /> <h3> <b>High Speed(93Gbps) with High Security.</b></h3> <div> <b><br /></b></div> HORNET does not keep per-session states or <b>"perform computationally expensive operations for data forwarding,"</b> thus allowing to scale as required with no limitations, speeding up to <b>93Gbps</b> !. From Security perspective, spying on HORNET users is not so easy because spy agencies or hackers would need to control <b>"a significant percentage of ISPs"</b> across multiple geopolitical areas, keeping their surveillance activities quiet. For people who are relying on Tor and other similar services this new anonymous network would be greatly useful.<br /> <br /> Update: New Better Tor Alternative has been developed. Check it out: <a href="http://www.hackcave.net/2016/07/riffle-better-tor-alternative-to.html" target="_blank"><b><span style="color: #38761d;">RIFFLE – A Better TOR Alternative To Protect Privacy.</span></b></a><br /> <br /> Source: HORNET: <a href="http://arxiv.org/pdf/1507.05724v1.pdf" rel="nofollow" target="_blank">High-speed Onion Routing at the Network Layer.</a></div>

HORNET: Ultra High Speed & Secure TOR Alternative

Tor network alternative For many years until now, userTor has been the favorite option to maintain anonymity on the Internet. Tor was...

Read more »

R.I.P Adobe Flash. Final Nail in The Coffin By Google.

<div dir="ltr" style="text-align: left;" trbidi="on"> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-havjRuSPUxQ/VcotP-c_2TI/AAAAAAAAAfk/3M0Arx9JcTc/s1600/flash-trouble.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="R.I.P Adobe Flash | Hack Cave" border="0" height="480" src="https://2.bp.blogspot.com/-havjRuSPUxQ/VcotP-c_2TI/AAAAAAAAAfk/3M0Arx9JcTc/s640/flash-trouble.jpg" title="" width="640" /></a></div> <div style="text-align: left;"> <br /></div> <h2 style="text-align: left;"> Google to kill Adobe Flash </h2> <br /> Adobe flash has been sentenced to death by most of the applications and platforms and now it seems to be the last nail in its coffin. Google plans to block non-essential <b>Adobe Flash</b> content from Sept 1, 2015, onwards. Starting by September 1, 2015, Google will stop some Flash content from automatically playing. It has been decided earlier as a part of browser performance improvement strategy. Chrome browser will automatically freeze Flash files that are not important. This means that you will have to click on the files you wish to see so that you can manually enable them, otherwise they will be frozen by default. However Adobe Flash, even after the company issued timely patches and security updates, appears to have lost its credibility already.<br /> <div> <br /></div> <h2 style="text-align: left;"> <b>Third Flash Zero Day!</b></h2> <div> <b><br /></b></div> Yet another <b>0day Flash Vulnerability</b> was found which could've put user data at risk. <b>The Hacking Team</b>, a group of professional hackers who supplied governments with hacking tools and whose entire information <a href="http://www.hackcave.net/2015/08/hacking-team-data-breach-overview-of.html" rel="nofollow" target="_blank"><b><span style="color: #38761d;">database was recently leaked</span></b></a>, used this exploit to attack computers without the user’s knowledge. The new vulnerability, <b>CVE-2015-5123</b>, follows two other 0day exploits. This exploit, according to Adobe, “could cause a crash and potentially allow an attacker to take control of the affected system.”<br /> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <h2 style="text-align: left;"> <b>Firefox & Chrome Against Flash Player.</b></h2> <div> <b><br /></b></div> In the wake of two new zero-day flaws in Flash Player, <b>Mozilla</b> has disabled the plugin for all versions of its <b>Firefox</b> browser. The Flash Player Plugin 18.0.0.203 (the most current and vulnerable version) has been blocked for users' protection. Now <b>Google Chrome</b> also has started displaying warnings on opening sites with flash content.<br /> <br /> <h2 style="text-align: left;"> <b>Facebook too calls for the end of Flash player.</b></h2> <div> <b><br /></b></div> <blockquote class="tr_bq"> Facebook's new chief security officer wants the web plugin to be put out to pasture.In tweets posted over the weekend, <b>Alex Stamos</b> said the popular web plugin used for videos and games had to go. </blockquote> <blockquote class="tr_bq"> "It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day," he said in one tweet. He followed up in another tweet, adding: "Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once."</blockquote> <br /> <h2 style="text-align: left;"> <b>HTML5-Best Alternative for Flash?</b></h2> <div> <b><br /></b></div> Many alternatives have been suggested to replace Flash. Many prominent video streaming services, including Sky TV and Netflix, switched to Microsoft’s Silverlight instead of Flash. However, silverlight has been rejected by major browsers forcing to use the only HTML5.<br /> <blockquote> <blockquote class="tr_bq"> "Nobody takes the time to rewrite their tools and upgrade to HTML5 because they expect Flash to live forever. We need a date to drive it,” <b>Alex Stamos</b>,Facebook’s head of security.</blockquote> </blockquote> The move towards using native HTML5 for the majority of Flash uses has been welcomed by most, although some services that require digital rights management to secure licenses have resisted the move.<br /> <br /> <h2 style="text-align: left;"> Farewell Adobe Flash :P</h2> <div> <br /> <b>Bye flash. Hope nobody will miss you. Below cartoon says it all. :) </b><br /> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-R-lgkxkFx14/Vcotn7PDp5I/AAAAAAAAAfs/bNxICJo4Gvg/s1600/Strip-La-vie-de-Flash1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Adobe Flash Bugs" border="0" height="640" src="https://3.bp.blogspot.com/-R-lgkxkFx14/Vcotn7PDp5I/AAAAAAAAAfs/bNxICJo4Gvg/s640/Strip-La-vie-de-Flash1.jpg" title="" width="456" /></a></div> <div> <br /> <span style="color: red;"><b>Also Read:</b></span><span style="color: #38761d;"> </span><a href="http://www.hackcave.net/2015/08/stagefright-worst-android-rce-bug-ever.html" itemprop="url" style="background-color: white; display: inline !important; font-family: 'PT Sans'; font-size: 20px; font-weight: 600; text-decoration: none;"><span style="color: #38761d;">StageFright: Worst Android RCE Bug ever</span></a></div> <br /></div>

R.I.P Adobe Flash. Final Nail in The Coffin By Google.

Google to kill Adobe Flash  Adobe flash has been sentenced to death by most of the applications and platforms and now it seems to ...

Read more »

Hacking Team Data Breach-Overview Of Leaked data

<div dir="ltr" style="text-align: left;" trbidi="on"> <h3> <b>Hacking Team got Hacked!</b></h3> <div> <b><br /></b></div> Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies. Recently they got hacked badly which resulted in a massive data breach. The attackers have published a Torrent file over 400GB containing internal documents, source code, and email communications. In addition, the attackers have taken to Twitter, defacing the Hacking Team account with a new logo, biography, and published messages with images of the compromised data.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-Bb3kATGXQ9Y/VcowD1lfshI/AAAAAAAAAf4/bDw8WlYwlTI/s1600/hacking_team.0.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://1.bp.blogspot.com/-Bb3kATGXQ9Y/VcowD1lfshI/AAAAAAAAAf4/bDw8WlYwlTI/s320/hacking_team.0.png" width="320" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <div class="separator" style="clear: both; text-align: center;"> </div> <h3 style="text-align: left;"> <b>Overview of hacked Data.</b></h3> <div> <b><br /></b></div> The breached data amounts to a massive 415.77G in size. Downloading the whole file is not so feasible but there is a workaround. A refined version is available, which is about 1.3 GB in size. The original files contain numerous the email communications, which explains its huge size. However, the refined version of the database is very useful if you are really interested in digging for something useful. You can visit the following URL for searching and downloading the data.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/-cm0YN4c_C4Q/VcowJMAGMLI/AAAAAAAAAgE/lDf7QG1ktMc/s1600/2015070723045410436.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="https://4.bp.blogspot.com/-cm0YN4c_C4Q/VcowJMAGMLI/AAAAAAAAAgE/lDf7QG1ktMc/s320/2015070723045410436.png" width="320" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <h3> <b>HACKING TEAM PASSWORDS AND TWEETS.pdf</b></h3> <div> <b><br /></b></div> This contains accounts and passwords of Christian Pozzi, the person whose computer was hacked and eventually lead to the data breach.<br /> <br /> <h3> <b>Android Data Files</b></h3> <div> <b><br /></b></div> This is a collection of snooped data gathered from various android devices. Their surveillance app not only monitors telephone calls but also intercepts the audios on wechat, Whatsapp and skype.<br /> <br /> <h3> <b>iOS & Mac OS</b></h3> <div> <b><br /></b></div> It mainly uses <b>dylib injection</b> to monitor user input, GPS, and the screen information.<br /> <br /> <h3> <b>Windows Phone & Symbian & blackberry</b></h3> <div> <b><br /></b></div> A RCS Trojan for Windows Phone was found. The implementation of "Activation Track" on WP devices leverages a 0day exploit in the system, which allows the third-party code application to run it as trusted on the system. This RCS can also retrieve information such as contact list, calendar, call history, locations, SMS, and sensor status.<br /> <br /> <h3> <b>Fuzzer</b></h3> <div> <b><br /></b></div> The source code of a fuzzer for Windows was found which includes the Fuzzer testing system targeting IE and fonts. A source code of fuzzer for Android which includes the Fuzzer testing system targeting jpg, SMS, and system call etc was found in the data dump.<br /> <br /> <h3> <b>Bypass Antivirus Detection</b></h3> <div> <b><br /></b></div> Contains a collection of tools which are used to guarantee their products can bypass the AV detection. From the data, it can be seen that the Hacking Team's tools could bypass almost all major antivirus programs including BitDefender, Kaspersky, AVG, Avast, Norton etc.<br /> <br /> <h3> <b>Exploit & 0day</b></h3> <div> <b><br /></b></div> There are two major zero day exploits affecting flash, in namely <b>ActionScript ByteArray Buffer Use After Free</b> and the other one <b>CVE-2015-0349</b>. Hacking Team also leverages a kernel driver in <b>Windows: Adobe Font Driver(atmfd.dll)</b> which has a font 0day exploit which can escalate privilege and bypass the sandbox mechanism.<br /> <h3> <b>Hacking Team's Tools List</b></h3> <div> <b><br /></b></div> Some dangerous tools used by the Hacking Team is available for free on Github. Those who hacked them uploaded the tools under the name 'Hacked Team'(Suits well :P ). Head over here for over 53 repositories of tools. <b><i>https://github.com/hackedteam</i></b> <br /> <b><i><br /></i></b> <br /> <h3> <b>WikiLeaks Posts Over I million Hacking Team Emails!</b></h3> <div> <b><br /></b></div> WikiLeaks has created a searchable database of more than 400 GB of private emails and source codes dumped on the Internet after unknown hackers breached into Hacking Team's systems and leaked their files online. The WikiLeaks database has around 415 GB of information about Hacking Team's affairs ripe for the picking right there, so it might not be surprising if we find out more governments have been in contact with the Italian firm to purchase its surveillance software. So far, Russia, Chile, Spain, Honduras, Panama, and Malaysia have been exposed to be Hacking Team clients, and no one knows for sure which other countries come up as journalists dive into the treasure trove of information. It can be accessed here <b><a href="https://www.wikileaks.org/hackingteam/emails" rel="nofollow" target="_blank">Hacking Team Email Database</a></b> <br /> <br /> <h3> <b>Want More?</b></h3> <div> <b><br /></b></div> Here is a list of sites from where the sensitive & Interesting data can be obtained.<br /> <br /> <b>Audio recordings</b>: <b><i>http://ht.transparencytoolkit.org/audio/</i></b><br /> <b><br /></b> <b>SQL backdoor</b> left by Hacking Team in in their products:<b><i>http://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/ALoR/htdocs/conf.php</i></b><br /> <br /> legal <b>Keys for VMProtect Professional.</b><br /> <b><i>https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/ALoR/VMProtect.key</i></b> <b> <i> https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/Ivan/vmprotect/</i></b><br /> <br /> Check if you are vulnerable to <b>flash 0day</b>. Open this URL <b><i>http://zhengmin1989.com/HT/index.htm.</i></b> If the browser pops up a calculator the flash version has this 0day vulnerability. Update it immediately.</div>

Hacking Team Data Breach-Overview Of Leaked data

Hacking Team got Hacked! Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcem...

Read more »