25-11-05

Google Talk a vehicle for a DOS attack

Google Talk connects at random intervals (about once every day or so
in testing) to dl.google.com via HTTP and fetches a .txt file
(http://dl.google.com/googletalk/google-talk-versioncheck....) which
lists the current version of Google Talk, as well as a digital
signature of the new installer executable. If the version number is
greater than the version currently running, Google Talk will download
the .exe and, after checking its authenticity, execute it to
automatically update.

Assuming a user's DNS cache can be poisoned, a denial of service
attack is possible. Thanks to the digital signature, malware will not
execute. Yet, it is possible to force Google Talk to download a large
file which it will then analyze to determine whether the signature
matches. This will consume 100% CPU and large amounts of memory,
resulting in an unstable machine which requires a reboot in some
cases. It is also possible to plant incriminating files on a user's
machine, as the files are at first downloaded and saved to the
"Temporary Internet Files" directory before they are verified and
moved to Google Talk's data directory

comment  it is not that simple to set up a DNS spoof, but once it is said you can oblige each computer in that zone with Google talk to download a file that would be trojan or just a too big file that would hung or crash the compuers

http://seclists.org/lists/fulldisclosure/2005/Nov/0681.html   No patch

idea  too much vulnerabilities, following one after another, maybe the honeymoon is over and the real battle begins or is Google still in the honeymoon and is it still lax on the security of its products and services.  Wake up, big Google

 


00:43 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

22-11-05

the exploit code for the IE javascript exploit

http://www.computerterrorism.com/research/ie/ct21-11-2005
and the poc http://www.computerterrorism.com/research/ie/poc.htm 
 
and you will find some other proof of concepts here
 
The mistake was found as a functional bug in may and due to the problems with patching it for an universal tool als internet explorer wasn't patched. Nobody thought you could execute code remotely this way. We know better know.  

23:16 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

International security alert about Internet Explorer Javascript exploit

This happened to Mozilla some months ago and than the advice was to turn Javascript out (which is not really a good idea with most of the websites) or to change browser (but they can have the same programming problem next week.....)  It poses no problem to Internet Explorer on windows2003 because there it is not possible to execute code from the Internet explorer.
 
It also proves the necessity of Internet Explorer 7 but also the mistake Microsoft makes by limiting these defenses to only xp. Every computer should have secured Internet Explorer. The only way to do this is to make a light and secure Internet Explorer for websurfing that doesn't have any links to interior programs or does downloads directly to the root but only to a seperate folder and that doesn't make any changes to any registry or other code at your computer without asking your approval.
 
On www.securingit.tk you will find more freeware tools to put on your computer to make your computer and surfing more secure.
 
Microsoft also tells that it is important that you should use a simple user account when possible and that if you use Outlook (express) that you should have installed the latest security patch. http://go.microsoft.com/fwlink/?LinkId=33334 or go to www.windowsupdate.com
 
http://www.microsoft.com/technet/security/advisory/911302...
 
There si an exploit in the wild and the code is published even if nobody has already used it, but any person or organisation with hacking or spyware intentions can now use this method in spam or on websites. So be very very very prudent in the coming weeks on what you open or what you visit

22:58 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

20-11-05

new kind of dns attack

What's it mean? Well, since the DNS Server location is now also changing at will, taking down an attackers (phishing, spyware, scam, botnet) operation by contacting legitimate DNS providers will no longer work quickly, if at all. How effective is this attack methodology in the real world? Well, it isn't a "flash" attack, but it is very effective.
 
because the dns server and domainnames and so on change all the time.
http://isc.sans.org/diary.php?storyid=866
 
example  careerbuilder scam http://isc.sans.org/diary.php?storyid=861

coordination at the government level together with the ISP's and other CERT centers is the only way foreward

23:36 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

5 free belgian domainnames for 1 year

go here  http://www.gratisdomeinnaam.be 
you can refer them to another site

23:01 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

19-11-05

what are belgian political parties running as server

http://uptime.netcraft.com/up/graph?site=www.sp.be IS 6.  2003
http://www.cdv.be was running Apache on Linux 
Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-12 mod_ssl/2.8.22
http://www.vld.be was running Microsoft-IIS on Windows 2000 when last queried at 15-Nov-2005 11:52:20 GMT
http://www.nva.be was running Apache on Linux when last queried at 18-Nov-2005 23:53:40 GMT Apache/1.3.12 Cobalt (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.0.3pl1 mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24
http://www.meerspirit.be was running Apache on Linux when last queried at 18-Nov-2005 23:54:26 GMT  Apache/1.3.23 (Unix) Debian GNU/Linux mod_jk/1.1.0
http://www.mr.be was running Apache on Linux when last queried at 18-Nov-2005 23:55:14 GMT    Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
http://www.ps.BE was running Microsoft-IIS on Windows 2000 when last queried at 18-Nov-2005  Windows 2000  Microsoft-IIS/5.0 
http://www.cdh.be was running Apache on Linux when last queried at 18-Nov-2005
Apache/1.3.26 (Unix) PHP/4.0.6
http://www.ecolo.be was running Apache on Linux when last queried at 18-Nov-2005
Apache/1.3.29 Sun Cobalt (Unix) mod_jk mod_ssl/2.8.16 OpenSSL/0.9.6m PHP/4.3.2 FrontPage/5.0.2.2510 mod_perl/1.26
http://www.groen.be was running Microsoft-IIS on Windows Server 2003
 
 
OpenSSL vulnerabilities  are not patched here http://secunia.com/advisories/17151/
http://secunia.com/search/?search=PHP  2018 vulnerabilities
http://secunia.com/product/72/  apache vulnerabilities and some have an older version here
and yeah running windows 2000 and IIS 5 on a server of a political server is just stupid.

 

01:13 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

18-11-05

who will clean up the zombies when the generals are arrested

http://www.crime-research.org/news/11.17.2005/1636/
Francis-Macrae was arrested minutes before he could carry out a threat to crash Britain’s internet system using his army of 200,000 zombie computers
 
so who will clean up the infected computers or will they just be taken in by another zombie-master ?

00:10 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |