| 

Twitter XSS getting abused

  • Post author: Omid Farhang
  • Post published: September 21, 2010
  • Reading Time: 1 min
  • Word Count: 126 words

On Twitter a new security flaw gets currently exploited. Hackers found a way to inject malicious JavaScript code into tweets with the onMouseOver event. This can lead to pop-ups appearing, redirecting to websites, re-tweeting spam, or even worse things like cookie stealing (compromising the user accounts). The problem is that Twitter doesn’t properly filter out some tags in tweets. Users should be very cautious when seeing colored text blocks (background and text colors are the same, called “rainbow tweets”) – these are currently mostly used to exploit the security vulnerability. Hopefully, Twitter closes the security hole soon! Until then, using the NoScript web browser extension or disabling JavaScript on Twitter helps against the attack. Also, using twitter applications which rely upon the Twitter API aren’t affected. ...

Continue Reading Twitter XSS getting abused

Flash Player Updates fix 0-day-vulnerability

  • Post author: Omid Farhang
  • Post published: September 21, 2010
  • Reading Time: 1 min
  • Word Count: 105 words

Adobe fixed the vulnerability in Flash Player in a record time again. Just one week after the 0-day became public and started to get exploited, an update is available to close the security hole. Even though Adobe Reader and Acrobat are affected (which are supposed to get an update in 2 weeks), until now we’ve only seen exploits against the Windows Flash Player. Users and administrators should update their Flash Player as soon as possible! The version 10.1.85.3 fixes the issue for Windows, Unix, Solaris and is available through Adobe’s download center. Android users can get the update to 10.1.95.1 on the Android Market Place. ...

Continue Reading Flash Player Updates fix 0-day-vulnerability

Security issues on Android

  • Post author: Omid Farhang
  • Post published: September 20, 2010
  • Reading Time: 4 min
  • Word Count: 670 words

One unique security feature of Android is the permission check when installing 3rd party apps. The system lists all permissions that an app requires and asks the user to check if that’s alright. Such permissions are the ability to receive your location, send or receive text messages, internet access, phone calls and many more. The user can be sure that the app is not doing any of such activities without the appropriate permission. In case the developer forgets to add a particular permission then the operating system will simply block the corresponding function which leads to a “Force Close”, which means the app will be terminated. ...

Continue Reading Security issues on Android

New 0-day Exploit for Adobe Reader

  • Post author: Omid Farhang
  • Post published: September 9, 2010
  • Reading Time: 2 min
  • Word Count: 344 words

A malicious PDF file has turned up which exploits a new security vulnerability in Adobe Reader and Acrobat – even in the most current version 9.3.4 and 8.2.4, on all supported platforms. There is currently no update available from Adobe which fixes the vulnerability. The company is aware of the problem though. The weakness is a buffer overflow within the CoolType.dll of the Adobe Reader and Acrobat installation. While parsing a PDF document with specially prepared SING (Smart INdependent Glyphlets) fonts it is possible to abuse the vulnerability to execute malware. ...

Continue Reading New 0-day Exploit for Adobe Reader

Mitigation for Windows Applications DLL-Search-Path Vulnerabilities

  • Post author: Omid Farhang
  • Post published: September 4, 2010
  • Reading Time: 2 min
  • Word Count: 241 words

A whole bunch of Windows applications is vulnerable to a so-called binary-planting attack which allows for remote code execution. Microsoft released a security advisory about this issue which isn’t easy to fix properly. This issue arises due to the (defined and well documented) behavior of Windows when loading libraries by an application. A .dll to load gets searched in a certain standard path list. This list also includes the current working directory, which is the place a document gets opened from for example. When a file with the name of a DLL which the corresponding application needs to load is placed into the working directory, it will get loaded – this can be a malicious DLL though. ...

Continue Reading Mitigation for Windows Applications DLL-Search-Path Vulnerabilities

Microsoft releases work-around tool for DLL loading vulnerability

  • Post author: Omid Farhang
  • Post published: August 29, 2010
  • Reading Time: 1 min
  • Word Count: 106 words

Microsoft has posted an advisory that explains the “DLL preloading attacks” and offers a work-around tool that “allows customers to disable the loading of libraries from remote network or WebDAV shares. This tool can be configured to disallow insecure loading on a per-application or a global system basis.” When an application loads a .dll file, but doesn’t name a full path name,Windows searches a pre-defined set of directories for it. Exploiting this, an intruder could social engineer a victim into loading a malicious .dll from a USB drive or from a network and execute arbitrary code. ...

Continue Reading Microsoft releases work-around tool for DLL loading vulnerability

Brand new 0-day Exploit. The world is going to end! Yet again


  • Post author: Omid Farhang
  • Post published: August 27, 2010
  • Reading Time: 3 min
  • Word Count: 440 words

Sigh
 The latest “exploit” that affects hundreds of programs and will be the end of the world as we currently know it is actually a well documented feature of Windows. It has actually been around since the DOS days. In the old days we used to call these Companion viruses. It worked by using a different file extension that will be executed before the real executable. For example if you had a “gwbasic.exe” you would create a “gwbasic.com” anywhere in the path and if the user just typed “gwbasic” he would execute the “gwbasic.com” and not the “gwbasic.exe”. If the author of the “gwbasic.com” was ‘nice’ he could execute the “gwbasic.exe” so as to make the existence of the “gwbasic.com” file harder to detect. ...

Continue Reading Brand new 0-day Exploit. The world is going to end! Yet again


How to Install LNK Update (KB2286198) on Windows XP SP2

  • Post author: Omid Farhang
  • Post published: August 14, 2010
  • Reading Time: 2 min
  • Word Count: 352 words

Microsoft discontinued support for Windows XP Service Pack 2 on July 13th, and that means there is no SP2 update for the recent LNK shortcut vulnerability (KB2286198). If you review the comments from this SANS Diary post, you’ll see that there was some initial confusion regarding SP2 support, due to a typo in Microsoft’s Security Bulletin (MS10-046). The bulletin is now corrected. However, even today, the download for Windows XP still includes SP2 in the file properties. ...

Continue Reading How to Install LNK Update (KB2286198) on Windows XP SP2

Worried about Adobe's malware vulnerability then secure your Adobe Reader

  • Post author: Omid Farhang
  • Post published: August 14, 2010
  • Reading Time: 3 min
  • Word Count: 454 words

It should go without saying that the best way to deal with malware is of course, not to get infected in the first place. Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites. ...

Continue Reading Worried about Adobe's malware vulnerability then secure your Adobe Reader

Running executables in PDF: it’s a feature

  • Post author: Omid Farhang
  • Post published: March 31, 2010
  • Reading Time: 1 min
  • Word Count: 210 words

Didier Stevens, security professional and blogger, has found a “feature” in the PDF file format that makes it possible to package an executable in a PDF file which will run in Foxit PDF reader or run in Adobe Reader with a bit of social engineering. “With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this (I don’t use JavaScript in my PoC PDF), and patching Adobe Reader isn’t possible (I’m not exploiting a vulnerability, just being creative with the PDF language specs).” ...

Continue Reading Running executables in PDF: it’s a feature