break
Aug 26

Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.

The flaws, rated “high risk,” have been addressed in Google Chrome 2.0.172.43, which is released automatically to Chrome users.

Details on the serious issues:

CVE-2009-2935 (High Severity): A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code. Technical details are being withheld until the fix is shipped to a majority of Chrome users. An attacker might be able to run arbitrary code within the Google Chrome sandbox
CVE-2009-2416 (High Severity) Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
With this update, Google Chrome will no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site,
google explaind

Date August 26th, 2009 Filed in ITsec News, Security 1 Comment »
Aug 18

It was a long time i made a vid so thaught to make on WEPBuster script

thanks for markjayson.alvarez for such a nice tool and saving our time while doing Wireless pentest.

decrypt WEP  using WEPbuster

1)download the tool here

check the project page http://code.google.com/p/wepbuster/

wget http://wepbuster.googlecode.com/files/wepbuster-1.0_beta_0.6.tgz
tar -xvf wepbuster-1.0_beta_0.6.tgz
cd wepbuster-1.0_beta
perl wepbuster

DONE

Video is here

http://blip.tv/file/2488100

note:testing should be done only if u have permissions on the AP,otherwise check ur local laws or u may come in newspapper or TV ;)

Punter

Date August 18th, 2009 Filed in Security 6 Comments »
Aug 10

After nearly five years in draft, the next-generation Wi-Fi standard is set to be finalized in September. Officially known as 802.11n and often referred to as “Wireless N,” the new standard paves the way for blazing fast high definition video and data at home.

Products based on the final 802.11 n standard could offer up to 600 Mbps connectivity speeds, plus the ability to have up to four simultaneous streams of high-definition video, voice and data through the house. The standard also promises easy backward compatibility, which means new devices will work smoothly with older products. in detail

For consumers, the difference in speed and range will be palpable, says Will Strauss, an analyst with Forward Concepts.  “Speed is everything and videos are the main driver for this technology,” he says. “When you are home you want to get to YouTube fast and watch video and have a phone connection and surf.”

The 802.11n standard is the successor to the 802.11g Wi-Fi protocol, which offers speeds of up to 54 Mbps. The 802.11n standard’s most important addition has been the multiple-input multiple-output capability, also known as MIMO. MIMO allows for multiple antennas to resolve more information quickly.

Although 802.11n won’t be final until next month, manufacturers have been making products based on a draft version of the standard for several years. These typically offer two or three channels to send and receive data or voice respectively.  They also limit the overall speed to much less than the 600 Mbps that newer standard offers.

Date August 10th, 2009 Filed in ITsec News No Comments »
Aug 9

As Another version of Defcon happens and as all kinds of spieces enter the Cyberden Cybergates , it is  also home to the world’s most hostile wired and wireless networks..

This, understandably, creates challenges for the people in DefCon’s Network Operations Center (NOC), who were tasked with keeping the networks up and running and relatively clean of malicious traffic during the four days the conference ran this year.
back stage pics .

About 10,000 hackers, crackers, feds, spies and noobs shared space on the networks this year.

The wireless network consisted of 50 wireless access points, each on its own virtual local area network, or VLAN. The NOC also set up 25 other wired VLANS to accommodate special groups, such as the security staff, speakers, journalists, and others.

The staff offered mirrored ports to anyone who wanted to access and analyze a copy of all traffic traveling on the network set up for conference attendees. This is where the Wall of Sheep organizers examined the traffic to search for log-ins and passwords traveling unencrypted on the wireless network. Once found, they projected the information onto a conference wall to raise awareness about information security.

Last year Threat Level presented the first-ever look inside the DefCon NOC. This year the NOC opened its doors for another exclusive tour of the network infrastructure that powers the convention.

Date August 9th, 2009 Filed in ITsec News, Security No Comments »
Aug 7

The U.S. Cyber Challenge aims to identify 10,000 patriotic geeks and make them experts

The potential threats against the United States from malicious foreign hackers are as poorly understood as they are scary. China’s military has trained more than 60,000 “information troops,” and its official doctrine calls for pre-emptive strikes on networks of nations it sees as a threat. Russian hackers—probably with Kremlin support—have attacked Internet sites in pro-Western Estonia and Georgia. And a mysterious “worm,” Conficker, infects an estimated 5 million computers around the world. Authorities don’t know who controls it; cyberintelligence expert Jeffrey Carr calls it “the equivalent of a nuclear bomb” that could shut down the entire Internet.

entire details here

source

http://www.usnews.com/articles/news/national/2009/08/06/government-recruits-geeks-to-blunt-cybersecurity-threats.html

Date August 7th, 2009 Filed in ITsec News No Comments »