ImaFia - Moving Security Forward: ~..:XoR:..~ - Viewing Profile - ImaFia - Moving Security Forward

Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name.

A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website.

The script is for instance available on this site. Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user’s remote IP and port, as well as the local IP and port.

Adrian Asher, director of product Security, Skype “We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.”

The proof of concept is fairly simple. All an attacker needs to do is download a special Skype variant and alter a few registry keys to enable debug-log file creation.When adding a Skype contact, before sending the actual request, the victim’s information card can be viewed. At this point, the log file records the user’s IP address.

The software, posted on Pastebin, works on a patched version of Skype 5.5 and involves adding a few registry keys that allow the attacker to check the IP address of users currently online. Services like Whois will then give some other details on the city, country, internet provider and/or the internal IP-address of the target.

This particular flaw was discussed in a paper presented by an international team of researchers in November at the Internet Measurement Conference 2011 in Berlin.

There is currently no way of protecting yourself against the lookup of the IP address, other than not logging in to Skype when the software is not needed. The only other option would be the use of a virtual private network or proxy to hide the IP address from users who look it up.


Source: The Hacker News

oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker.


Features:
Free
Multi-GPU (up to 16 gpus)
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated, modern hashes
Focuses single dictionary based attacks
Supports pause / resume while cracking
Supports reading words from file
Supports reading words from stdin
Integrated thermal watchdog
20+ Algorithms implemented with performance in mind
... and much more

Algorithms
MD5
Joomla
osCommerce, xt:Commerce
SHA1
SHA-1(Base64), nsldap, Netscape LDAP SHA
SSHA-1(Base64), nsldaps, Netscape LDAP SSHA
Oracle 11g
SMF > v1.1
OSX v10.4, v10.5, v10.6
MSSQL(2000)
MSSQL(2005)
MySQL
phpass, MD5(Wordpress), MD5(phpBB3)
md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
MD4
NTLM
DCC, mscash
SHA256
descrypt, DES(Unix), Traditional DES
md5apr1, MD5(APR), Apache MD5
SHA512
OSX v10.7
DCC2, mscash2
Cisco-PIX MD5
WPA/WPA2
Double MD5
vBulletin < v3.8.5 vBulletin > v3.8.5
IPB2+, MyBB1.2+
LM
Oracle 7-10g

Download:

http://hashcat.net/oclhashcat-plus/

Source: The Hacker News

A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec.

According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the “-s” switch “show source” to PHP via the query string. For example, You could see the source via “http://localhost/test.php?-s” . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

The team that found the bug, known as Eindbazen. They said that it had been waiting for several months for the PHP Group to release a patch for the vulnerability in order to publish information about the bug.

What this vulnerability can do ? It can help attacker to find out database passwords, file locations etc and Execute any file on the server’s local disk. Most important , using some trick if you have the possibility to upload a file to the server, execute any code.

So, When PHP is used in a CGI-based setup the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.


Source: The Hacker News

THE HACKER NEWS



Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Spreadsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 !

He had accidentally invented a brand new type of internet attack, thanks to an idiosyncrasy in the online spreadsheets Google runs on its Google Docs service, and he had inadvertently trained this attack on himself. He calls it a Denial of Money attack, and he says others could be susceptible too.

On his personal blog Ipeirotis explained that it all started when he saw that Amazon Web Services was charging him with ten times the usual amount because of large amounts of outgoing traffic.

As part of an experiment in how to use crowdsourcing to generate descriptions of images, he had posted thumbnails of 25,000 pictures into a Google document, and then he invited people to describe the images. The problem was that these thumbnails linked back to original images stored on Amazon’s S3 storage service, and apparently, Google’s servers went slightly bonkers. “Google just very aggressively grabbed the images from Amazon again and again and again,” he says.

After analyzing traffic logs he was able to determine that every hour a total of 250 gigabytes of traffic was sent out because of Google’s Feedfetcher, the mechanism that allows the search engine to grab RSS or Atom feeds when users add them to Reader or the main page.

After speaking with Google representatives, Ipeirotis believes that the company is trying to balance user privacy with a desire to present fresh content. It seems that Google doesn’t want to store the information on its own servers so it uses Feedfetcher to retrieve it every time, thus generating large amounts of traffic.

“Google becomes such a powerful weapon due to a series of perfectly legitimate design decisions,” Ipeirotis wrote in a blog posting on the issue.

Ipeiroti personal blog:
http://www.behind-th...f-attacked.html

Hey guys i need a FS premium acc but one which is unique and not shared, one which only the owner and me have