IE9 exploit puts Windows 7 SP1 at risk

A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen.
The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year.(MS11)

Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.
"The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allows the bypass of the sandbox to achieve full code execution," Vupen's CEO Chaouki Bekra told Dutch IDG news site Webwereld.
The risk of this exploit so far is limited: exploit code has not been spotted in the wild. The vulnerabilities were discovered by researchers from Vupen, who made their own exploit. "We confirmed the exploitability of the vulnerability and we created a code execution exploit which works with Internet Explorer 9 on Windows 7 and Windows 7 SP1," Bekra said.
Bekra stressed that the vulnerabilities have not been publicly disclosed. "Access to our code and to the in-depth analysis of the vulnerability is restricted to our government customers who use the information to protect their critical infrastructures," he said.
IE9 is not much in use by governments or even companies. However, the vulnerability is not limited to the latest version of Microsoft's browser. The security hole is also present in IE8, 7 and 6, for which Vupen has not made a working exploit.
"The flaw affects Internet Explorer 9, 8, 7, and 6, and results from a use-after-free error within the 'mshtml.dll' library when processing a specific combination of HTML and JavaScript code." Vupen advises all IE users to disable JavaScript or use another Web browser which is not affected by the vulnerability.
Vupen's exploit code is only effective on IE9, which can run on Windows 7 and predecessor Windows Vista. IE9 has recently been released and is not yet being distributed through Windows Update. Microsoft will start that rollout in the coming weeks. An exact date for the wider distribution and installation of the latest Windows browser has not been disclosed.
IE9 currently has a market share of 3.6 percent amongst Windows 7 users, according to figures from market researcher NetApplications. Windows 7 itself has a global market share of nearly 25 percent. Windows XP still has a larger installed base.
Measured across all PC users IE9 has a market share of only 1.04 percent, reports NetApplications. Competitor StatCounter doesn't even show IE9 as a separate browser in its market share overview, but puts it in the category "other."

Microsoft Security Essentials

Brief Description


Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.

Overview

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up-to-date so you can be assured your PC is protected by the latest technology.

Microsoft Security Essentials runs quietly and efficiently in the background so you’re free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

Before installing Microsoft Security Essentials, we recommend that you uninstall other antivirus software already running on your PC. Running more than one antivirus program at the same time can potentially cause conflicts that affect PC performance.

*Your PC must run genuine Windows to install Microsoft Security Essential


DOWNLOAD for 64 bit

for 32 bit

Cracking Password-Protected ZIP Files

This tutorial for Ubuntu or Backtrack users to crack password-protected zip files with wordlists. 

1. Install FCrackZIP packages.
   -  apt-get install fcrackzip
2. Crack it with Dictionary or Brute Force Attack.
   - Brute Force Attack.

•      fcrackzip -v zipfiles.

   - Dictionary Attack.

•      fcrackzip -v -D -p /pentest/passwords/wordlists/wordlists zipfiles.

      *** Wordlist is the file that contain a lists of words (one word per line)
      *** My wordlist is /pentest/passwords/wordlists/wordlists
3. That's you crack the file.

Mobile Security:Hakin 9 E-Book

Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet as a FREE download. It is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications.

• Passware Forensic Kit 10.3 Review by MICHAEL MUNT
• SpyShelter Application review by DAVID KNIFE
• How to use Netcat by MOHSEN MOSTAFA JOKAR
  Netcat is a network utillity for reading and writing network connections that support TCP and UDP protocol. Netcat is a Trojan that opens TCP or UDP ports on a target system and hackers use it with telnet to gain shell access to the target system.
• Security – Objectives, Process and Tips by RAHUL KUMAR GUPTA
  In a world where business is moving towards e-commerce and happening over the Internet, B2B, B2C, and C2C applications have always been an area of major security concern due to the pitfalls of HTTP security and the number of integration points.
• The Backroom Message That’s Stolen Your Deal by YURY CHEMERKIN
  Do you want to learn more about bigwig? Is someone keeping secrets from you? Need to silently record text messages, GPS locations and call info of your child or employee? Catch everybody at whatever you like with our unique service.
• Smartphones Security and Privacy by REBECCA WYNN
  All the threats that attack your enterprise computer centers and personal computer systems are quickly encompassing mobile devices.
• Defending Cell Phones and PDA’s by GARY S. MILIEFSKY
  We’re at the very early stages of Cell Phone and PDA exploitation through ‘trusted’ application downloads, Bluetooth attacks and social engineering. With so many corporations allowing these devices on their networks or not knowing how to block their gaining access to corporate and government network resources, it’s a very high risk situation.
• Special report: My RSA Conference 2011 Trip Report by GARY S. MILIEFSKY
  Annual Trek to the Greatest INFOSEC Show on Earth. What’s New and Exciting Under the Big Top of Network Security.
• Mobile Malware Trends and Analysis by JULIAN EVANS
  Over the past few years there has been much speculation about when mobile malware will start to proliferate, but as yet it doesn’t appear to have happened. Over the past 12 months though there has been some interesting developments concerning mobile malware. This feature will look at some of these and also highlight some of the mobile trends. Firstly let us look at the mobile malware life cycle.
• Why are Zero-Days Such a Big Deal? by MATTHEW JONKMAN
  Sounds like a stupid question at first. They’re a big deal because they’re vulnerabilities, and vulnerabilities are bad. Right? So why do we freak out about zero-days?
• Death Knell Sounds For Traditional Tokens by Andrew Kemshall
  There is an often used phrase that the stars have aligned but, in 2011, it is the technology that has come together to hammer the final nail into the physical tokens’ coffin. The cynical among you would argue that this statement has been made before and yes, I concede that tokens have survived and are still prevalent, so, why is this year different? Let’s examine the evidence.

Don’t know why netcat is referred to a Trojan in here though! Inorder to download the free magazine, you need to be registered with the site. So, what are you waiting for? Go ahead and register yourselves and download the free e-book here.

Android Trojan Highlights Risks of Open Markets

Android enthusiasts have long championed Google’s “open” philosophy towards the smartphone platform. The recent appearance of a new Trojan horse in unofficial Android app venues, however, may cause users to think twice about how open they want the platform to be.

The app in question, Android.Walkinwat, appears to be a free, pirated version of another app, “Walk and Text.” The real version is available for purchase in Google’s official Android Market for a low price ($1.54).

If you download the fake app (from unofficial markets for Android apps) and install it, it redirects you to the actual app on the Android marketplace — but in the background, it sends the following embarrassing SMS message to your entire phone book:

Hey,just downlaoded [sic] a pirated app off the internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Dont steal like I did!

Egregious spelling and grammatical errors aside, the text message serves as a reminder of the risks to those willing to go outside of the official Market for apps.

“Someone downloaded the app, inserted their malware, and uploaded it onto other non-official marketplaces,” Symantec mobile team product manager John Engels told Wired.com in an interview.

In other words, if you go outside the official Market, things may not be what they seem, and there’s no guarantee that what you download is what you actually want.

Google maintains clear content policies on all apps that are uploaded to the official Android Market, and developers know well enough in advance what those policies are, and how not to break them. Whenever an app in clear violation of Google’s policies shows up in the Market — like, say, a piece of malware — Google’s Android engineers are often quick to quash it.

But if you’re not one for pesky rules and regulations and want to see what the non-Google-sanctioned markets have to offer, all it takes to access them on an Android device is for you to uncheck a box on a settings page, allowing your phone to install apps from “unknown sources.”

To a certain degree, this isn’t a huge issue for the novice user. Many outside applications are hosted on file sharing websites that users like your grandmother probably aren’t frequenting. And unless they’ve tried to install these outside applications by sideloading them, they’ve probably never unchecked the unknown source’s permissions box to begin with.

But last week’s debut of Amazon’s new App Store may have changed that. In order to install Amazon’s App Store on an Android device, you first must uncheck that permissions box. While there may be no immediate risks associated with downloading apps from Amazon’s App Store, it opens the door for users to allow other unofficial — and therefore riskier — apps to be installed on their devices, from other sources.

“As soon as you flip that switch and go away from the Android Market, which is the one place where most people go, then you are putting yourself at some risk,” security researcher Charlie Miller told Wired in a previous interview.

“The threat will persist so long as people continue to download pirated software from peer-to-peer networks,” Webroot threat research analysts Armando Orozco and Andrew Brandt told Wired.com.

They say sticking to the Android Market is your safest bet, but if you’re still compelled to go outside the official box for your apps, whether it be to Amazon’s App Store or another unofficial market, you should “scrutinize the permissions the App requests, and don’t install it if it wants access to certain functions (like the ability to send SMS messages) that the app shouldn’t need to access.”

But doesn’t staying within the confines of the Android Market defeat the purpose of choosing a platform with such an “open” philosophy? If you want a stricter, closed system with stringent regulation on its apps via a review process, you might as well buy an iPhone.

“Android users enabling sideloading doesn’t necessarily lead to piracy or installation of apps from unsafe sources,” says Alicia diVittorio, a spokewoman for Lookout Mobile Security. “In fact, it’s great to have another source for consumers to download apps from a reputable brand like Amazon.”

Indeed, Amazon’s Appstore isn’t a great deal different from Apple’s App Store: Both companies require an intense review and approval process before making any developer’s submitted applications available for purchase.

Essentially, there’s an inherent risk that comes with downloading apps for a device with an attitude of openness like the Android. Even the official Market is susceptible to infiltration by malware, as evidenced by the swath of malicious apps pulled from the store earlier this month.

But in a relatively free and open domain such as Android’s, the risk remains the price of admission.

Geo location&Information Gathering

Gelocation has been a hot topic in the social engineering world for quite some time. As a social engineer it is important to be able to profile your targets efficiently. Tools like SET and Maltego make social engineering engagements easier.

Yet up until now there wasn’t a tool out there that helped a social engineer track the physical where-a-bouts of their targets. Of course you could go to their twitter, facebook, 4square and other social media accounts and gather all their messages and then find posts that have geo data in them and then take the time to gather all the details and make sense of them.

What if there was a way to retrieve information from Twitter as well as FourSquare. In addition, if you could then gather any geolocation data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com would that be impressive?

Enters Mr. Yiannis Kakavas. Yiannis approached Social-Engineer.Org with a beta of a tool he calls Cree.py…. and all I can say is creepy it is.

After a few minutes of installation it is up and running in BackTrack 4, Linux or Windows and you can track any targets gelocation from their tweets and social media.

Installation:

As I mentioned, installation in BackTrack is quite simple:
In a command console type:
Nano /etc/apt/sources.listAnd add this to the end:
deb http://people.dsv.su.se/~kakavas/creepy/ binary/Then in the console type:
apt-get updateThen to install cree.py type:
apt-get install creepyCreepy is now in the global menu under Applications-> Internet.
Or can be run by typing
CreepymapInto the console.

Running Cree.py

Once you start creepy up you are greeted by a very nice GUI interface:

Creepy Interface

In the “Search For” box you type in the full name of your target and hit “search”:

Searching with in Creepy

Once the search is done you can scroll through all your choices and double click them.  Which will place their nick into the Username field.
After that click the “Geolocate Target” button:

The Geolocation Map

That opens up the map view tab and starts to scrape through the targets tweets and other information looking for geolocation data.  When it is done searching:

Geo Data Galore

Some of the other great features of Cree.py is that you can export your targets map as a Google Earth filter and then open it up in Google Earth.

Google Earth Data

As you can see Cree.py is just that – CREEPY, but what a great tool to gather information and building profiles on targets.

source:social-engineer . org

Installing Ubuntu - A tutorial for All

Recently I installed Ubuntu [Linux] as a dual boot OS with Seven already installed on my Machine. I faced a lot of problems, but the end result was worth all the trouble as Ubuntu rocks

In this thread I will post the step by step method to install Ubuntu (or any of its other versions such as Mint) as a dual boot OS on Seven machine. I will also specify some mistakes I made and what I learned outta those.

The first step to install Ubuntu was to creat a partition on my existing hard drive. There are two ways how you can do it in Seven:

1. In built 'Shrink Disc' feature in Seven
2. Use a disk partition software to do it for you.

Ubuntu or Mint comes with an inbuilt disk partitioner. What is required is a unallocated free space on your hard drive so that it can be partitioned while installing Ubuntu.

1. Making Space using "Shrink Disc" feature in Seven:
a. Log on to Seven.
b. Right-Click on "My computer" in the main menu and select "Manage"
c. It will ask for administrator password, enter it and click "allow"
d. Click on Disc Management.
e. There is will show the available partitions and external storage devices if any
f. Right Click on the disc partition you want to shrink and select "shrink volume"
g. Seven will assess how much space can be made free.
h. It will suggest the value which can be made free. Be sure that this is at least 10-15 GB. If you dont have this space, you will have to delete some data to make space for the partition.
i. Then select "shrink"
j. Seven will shrink the volume and show the new freed space as "unallocated" space.
k. After this close the window. You are done with shrinking

2. Making Space using a Disk Partition software:
a. I had problem that Seven used to say "access denied" when I tried to shrink the main C: Drive (I had only on partition )
b. So I used a Free Disk Partition Software to shrink the space.
c. You can use the following software: EasyUS partition Master-Home Edition which you can download here:
d. Using this it is easy to create space for a new partition.
e. Using the above program, select the partition you want to shrink/resize
f. Using the "Resize" tool you can shrink the volume and the rest of the space would be shown as "unallocated space"
g. Apply the changes and you are done


The next step is to install Ubuntu

1. You will need to download the latest ISO for Ubuntu or Mint from here:

2. You will need to burn this ISO image on to a CD (700 MB or more).
3. For burning this ISO you will have to use an ISO burning software. One such free software is: Free ISO burner:
4. Be sure to burn the ISO image at a very slow speed. This extra time spent will help you install Linux trouble-free.
5. When the disc is ready, restart the computer. Be sure that in BIOS setup the CD drive is above the hard disc in boot priority.
6. Once restarted the disc will boot before the hard disc.
7. In the menu that is displayed, select "run installer" and follow the instructions.
8. Once you have selected language, Location and Keyboard configuration....the disk partitioner of ubuntu will run and show you various options as to where Ubuntu should be installed.
9. Select "Largest continuous free space" as this will select the "unallocated space" that we have created in the earlier step.
10. After this follow the next instructions to complete the installation.
11. The installation will prompt you to import the settings from Seven. If you want do import these.
12. I preferred not to import as it will copy the documents from Seven partition to the new partition of Ubuntu and just eat up the partition space. You can always access the Seven documents from Ubuntu as Seven partion will be shown as a hard disk in "My computer".
13. Complete the installation. It will prompt to restart the computer. Do so.
14. After restart, the menu will show Ubuntu and Seven a dual boot OS and now you are free to choose the OS you want to load