Monday 7 July 2014

Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security.

But, if you are using the mobile version of most popular password manager from Password management company RoboForm to manage your passwords then you might be at a risk, claimed a UK based Security researcher.

I am personally using RoboForm from last few months, which is a great password manager application developed by Siber Systems Inc. for various platforms that stores your sensitive data all in one place, protected at RoboForm account and encrypted by a secret master password. RoboForm user be able to then quickly access those passwords and notes anytime, anywhere.

But a IT security consultant and tech enthusiast Paul Moore discovered one critical vulnerability in its app and one Privacy loophole in the RoboForm's service, that could allow attackers and prying eyes to get users’ personal data, including stored login credentials of various websites and payment card details.

Note: Yesterday we published this article with a conclusion that RoboForm is secure, but later after re-evaluating and discussing all factors, attack vectors with Moore, we found that RoboForm may leak your private data to attackers.

1) BYPASSING ROBOFORM DEVICE PIN PROTECTION
Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager
The vulnerability disclosed by Paul Moore in the security of RoboForm affects its Android and iOS app users, which could allow anyone to bypass RoboForm’s PIN Protection in order to access users’ sensitive data.

RoboForm mobile apps offer a PIN protection which only protects the app interface from unauthorized access, just like Android’s popular ‘AppLock’ application.

Moore claimed that simply by deleting a specific line (pref_pincode) in the RoboForm’s preferences file placed in a folder on the device file system, It was possible for Moore to access confidential data and bypass authentication process on an Android device, even without the requirement of the Master Password, as shown in the Video demonstration uploaded by him.
The important point to be noted here is that the RoboForm’s app folder which Moore claims to access is actually placed in root directory of the device, which can’t be accessed by the user or any 3rd party app on a non-rooted device.

miniLock - Open Source File Encryption Tool from CryptoCat Developer

miniLock - Open Source File Encryption Program from CryptoCat Developer
It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy.

To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported.

The encryption program is dubbed as miniLock, which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection.
The tagline is that this is file encryption that does more with less,” says Kobeissi, activist and security consultant. “It’s super simple, approachable, and it’s almost impossible to be confused using it.

Sunday 30 March 2014

A BEGINNERS GUIDE TO HACKING UNIX

 


*************  *       A BEGINNERS GUIDE TO:        *  *          H A C K I N G             *  *                                    *  *                U N I X             *  *                                    *  *       *  * **


   IN THE FOLLOWING FILE, ALL REFERENCES  MADE TO THE NAME UNIX, MAY ALSO BE  SUBSTITUTED TO THE XENIX OPERATING  SYSTEM.    BRIEF HISTORY:  BACK IN THE EARLY  SIXTIES, DURING THE DEVELOPMENT OF  THIRD GENERATION COMPUTERS AT MIT,  A GROUP OF PROGRAMMERS STUDYING THE  POTENTIAL OF COMPUTERS, DISCOVERED  THEIR ABILITY OF PERFORMING TWO OR  MORE TASKS SIMULTANEOUSLY.  BELL  LABS, TAKING NOTICE OF THIS DISCOVERY,  PROVIDED FUNDS FOR THEIR DEVELOPMENTAL  SCIENTISTS TO INVESTIGATE INTO THIS  NEW FRONTIER.  AFTER ABOUT 2 YEARS OF  DEVELOPMENTAL RESEARCH, THEY PRODUCED  AN OPERATING SYSTEM THEY CANLMD "UNIX".    SIXTIES TO CURRENT:  DURING THIS TIME  BELL SYSTEMS INSTALLED THE UNIX SYSTEM  TO PROVIDE THEIR COMPUTER OPERATORS  WITH THE ABILITY TO MULTITASK SO THAT  THEY COULD BECOME MORE PRODUCTIVE,  AND EFFICIENT.  ONE OF THE SYSTEMS THEY PUT ON THE UNIX SYSTEM WAS CALLED  "ELMOS". THROUGH ELMOS MANY TASKS (I.E. BILLING,AND INSTALLATION RECORDS) COULD  BE DONE BY MANY PEOPLE USING THE SAME  MAINFRAME.    NOTE: COSMOS IS ACCESSED THROUGH THE  ELMOS SYSTEM.    CURRENT:  TODAY, WITH THE DEVELOPMENT  OF MICRO COMPUTERS, SUCH MULTITASKING  CAN BE ACHIEVED BY A SCALED DOWN  VERSION OF UNIX (BUT JUST AS  POWERFUL).  MICROSOFT,SEEING THIS  DEVELOPMENT, OPTED TO DEVELOP THEIR OWN  UNIX LIKE SYSTEM FOR THE IBM LINE OF  PC/XT'S.  THEIR RESULT THEY CALLED  XENIX (PRONOUNCED ZEE-NICKS).  BOTH  UNIX AND XENIX CAN BE EASILY INSTALLED
ON IBM PC'S AND OFFER THE SAME FUNCTION
(JUST 2 DIFFERENT VENDORS).

NOTE: DUE TO THE MANY DIFFERENT
VERSIONS OF UNIX (BERKLEY UNIX,
BELL SYSTEM III, AND SYSTEM V
THE MOST POPULAR) MANY COMMANDS
FOLLOWING MAY/MAY NOT WORK. I HAVE
WRITTEN THEM IN SYSTEM V ROUTINES.
UNIX/XENIX OPERATING SYSTEMS WILL
BE CONSIDERED IDENTICAL SYSTEMS BELOW.

HOW TO TELL IF/IF NOT YOU ARE ON A
UNIX SYSTEM:  UNIX SYSTEMS ARE QUITE
COMMON SYSTEMS ACROSS THE COUNTRY.
THEIR SECURITY APPEARS AS SUCH:

LOGIN;     (OR LOGIN;)
PASSWORD:

WHEN HACKING ON A UNIX SYSTEM IT IS
BEST TO USE LOWERCASE BECAUSE THE UNIX
SYSTEM COMMANDS ARE ALL DONE IN LOWER-
CASE.
LOGIN; IS A 1-8 CHARACTER FIELD. IT IS
USUALLY THE NAME (I.E. JOE OR FRED)
OF THE USER, OR INITIALS (I.E. J.JONES
OR F.WILSON).  HINTS FOR LOGIN NAMES
CAN BE FOUND TRASHING THE LOCATION OF
THE DIAL-UP (USE YOUR CN/A TO FIND
WHERE THE COMPUTER IS).
PASSWORD: IS A 1-8 CHARACTER PASSWORD
ASSIGNED BY THE SYSOP OR CHOSEN BY THE
USER.
      COMMON DEFAULT LOGINS
   --------------------------
   LOGIN;         PASSWORD:
   ROOT           ROOT,SYSTEM,ETC..
   SYS               SYS,SYSTEM
   DAEMON     DAEMON
   UUCP           UUCP
   TTY              TTY
   TEST            TEST
   UNIX           UNIX
   BIN              BIN
   ADM            ADM
   WHO           WHO
   LEARN        LEARN
   UUHOST     UUHOST
   NUUCP        NUUCP

Tuesday 25 March 2014

CASH! CASH! Hacking ATM Machines with Just a Text Message

Hacking ATM Machines for Cash with Just a Text Message
As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE
Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.

"What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible, but this technique is being used in a number of places across the world at this time." researchers said.

HARDWIRED Malware for ATMs
According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.

Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

Microsoft Word Zero-Day Vulnerability is being exploited in the Wild
Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010…” company said.

According to Microsoft's security advisory, Microsoft Word is vulnerable to  a remote code execution vulnerability (CVE-2014-1761) that can be exploited by a specially crafted Rich Text Format (RTF).

An Attacker can simply infect the victim's system with malware if a user opens a malicious Rich Text Format (RTF), or merely preview the message in Microsoft Outlook.