Wi-fi Hacking and Grabbing Your Cookies

Things just get worse and worse for mobile users who take advantage of cheap or free wireless hotspots, this attack involves the cookies that are used on websites to keep users information so they don’t have to login every time they go there, Gmail is a great example and one they used to demonstrate how easy it really is.

Prior to the demonstration, which involved the live hijacking of a Google mail account (GMail), many sites were thought to be safe because they encrypted the data swapped back and forth when people login.

However, Mr. Graham carried out his attack on the unencrypted cookies, tiny text files, many sites use to identify people that regularly return.

The tools created by Mr. Graham, called “Hamster” and “Ferret”, watch the traffic flowing in and out of public wi-fi hotspots and let attackers grab cookies as they are passed back to people logging in to their webmail or social network account.

Using the cookie an attacker could pose as a victim and enjoy almost the same level of access to an account as its rightful owner. Source: Warning of webmail wi-fi hijack

I will check out the tools myself and see how easy it is to do, I doubt they are available anywhere yet, but I have not searched for them. Hopefully, most sites that use cookies in this way will at least ask for a password should the hacker try to change your information, such as your password etc. If you have a VPN for your work, you should definitely connect to it before using any wireless hotspot, or any unsecured wireless network, as that will encrypt the data flowing and keep the hackers from being able to use it. When using Gmail, some extra protection can be had by starting at as that is a secure connection, not 100% sure if it will completely block it as of yet, opinions are definitely varied.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - August 3, 2007 at 7:00 pm

Categories: Security, Wireless   Tags: , , ,

Todays Tech Notes 7/20/2007

Digital DNA could finger Harry Potter leaker A few lines of ‘digital DNA’ could allow the publishers of Harry Potter to find and finger the person apparently responsible for leaking the final adventures of the boy wizard.

Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability Remote exploitation of a dangling pointer vulnerability in Opera Software ASA’s Opera web browser could allow an attacker to execute arbitrary code with the privileges of the logged in user.

Microsoft?s Annual Revenue Surpasses $50 Billion Microsoft Corp. today announced revenue of $13.37 billion for the quarter ended June 30, 2007, a 13% increase over the same period of the prior year. Diluted earnings per share for the quarter were $0.31. Excluding $0.08 of previously announced charges primarily related to Xbox 360 warranty policies, earnings per share would have been $0.39, an increase of 26% over the same period of the prior year when also adjusted for certain items.

Microsoft Hit With A Second Xbox 360 Class Action Suit “Microsoft improperly and/or negligently manufactured the Xbox 360 console in a manner that causes the expensive game discs … to be scratched, rendering the games unusable,” the suit alleges. The complaint was filed Monday in the U.S. District Court for Southern California by two residents of the state: Christine Moskowitz and Dan Wood. The suit is seeking not less than $5 million in damages for Xbox 360 buyers affected by the alleged glitch.

Class Action Suit Against Microsoft Alleges XBox 360 Skwatches Disks, Makes Baby Saaad! Tongue in cheek(?) article describing the Xbox 360 lawsuit.

Facebook: the new data black hole Scoble continues to pimp Facebook, which is cool with me, if he likes it, he likes it. I haven’t tried it yet myself, he commented in the comments the exact reason, no time to keep up with everything.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 20, 2007 at 6:07 pm

Categories: Security, Tech News   Tags:

Security, Mostly Malware, News

Microsoft patents the mother of all adware systems Instead of quoting the whole article or trying to re-write it here, click the link and read for yourself some of the information unearthed in a patent filing by Microsoft which Ars Technica says would be the mother of all adware. But that?s a good thing because the patent says so. “It would inspect “user document files, user e-mail files, user music files, downloaded podcasts, computer settings, computer status messages (e.g., a low memory status or low printer ink),” and more. How could we have been so blind as to not see the marketing value in computer status messages?” Sounds great……not.

Ransomware… Holding Corporate America Ransom! Have you been targeted by ransomware? Did you get a message similar to this one?

“Hello, your files are encrypted with RSA-4096 algorithm ( You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300. To buy our software please contact us at: and provide us your personal code -xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system. If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data — Glamorous team.” says hold up before you pay anything, they already have a decryptor for the files. They have a good program, it has removed some stuff on computers I have scanned that nothing else would, Spybot, Adaware, Ewido, etc.

How Good Are You at Recognizing Fake Websites and Spam Emails ? Think you are good at spotting phishing websites and emails? Take the test from McAfee and see for yourself.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 18, 2007 at 2:42 am

Categories: Adware, Malware, Ransomware, Security, Spyware Info   Tags:

Critical Windows Update Causing Problems

One of the updates that Microsoft sent out on Tuesday, the MS07-040: Vulnerabilities in the .NET Framework could allow remote code execution, has issues. There are already 6 kb articles discussing problems caused by this update, from the SANS Internet Storm Center,

The reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire. We really do appreciate the heads-up warnings we get from our readers as it allows to write little warnings like this one.

We’d like to offer a double advise at this time:

If you run into trouble do call Microsoft and open a case, it’s the only way to get attention to the problem from those who know best how to fix it. It should be free. In the US: call 1-866-PCSAFETY, check their website for other countries, support with patches should always be free.
Do read through for your specific combination of .NET framework version and you specific OS the relevant KB, some of them were prepared in anticipation of certain problems. They are all linked from KB 931212. Source: MS07-040: .NET update trouble

So, if you have been having trouble since you updated, it could be causing you some problems, here are the kb articles that have been released, so far, concerning this update.

Description of the security update for the .NET Framework 1.0 for Windows XP Media Center and Windows XP Tablet PC: July 10, 2007

Description of the security update for the .NET Framework 1.0 for Windows Vista, Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007

Description of the security update for the .NET Framework 1.1 for Windows Server 2003: July 10, 2007

Description of the security update for the .NET Framework 1.1 for Windows XP and Windows 2000: July 10, 2007

Description of the security update for the .NET Framework 1.1 for Windows Vista: July 10, 2007

Description of the security update for the .NET Framework 2.0 for Windows Vista: July 10, 2007

Description of the security update for the .NET Framework 2.0 for Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 12, 2007 at 6:23 pm

Categories: Security, Windows Update   Tags:

Windows Live OneCare 2.0 Public Beta

Interested in testing out the new beta version of Windows Live OneCare? Then get yourself over to the Windows Live OneCare 2.0 Beta website, signup and download it now. They mention you won’t be able to activate it if you already are running a version using your current login information, but they give you the info on what you need to do on the blog post listed below. Windows Live OneCare is one of those set it and forget it protection programs that gives you persistent protection against viruses, hackers, and other threats. It also performs regular tune-ups to help keep your PC running at top speed, and helps you back up important documents. Not interested in beta testing? They also have a 90 day free trial of the current release of the product.

You’ll need to fill in your email address and country to get the download, which has the following new features:

  • Multi PC management – designate a hub PC and then add additional PCs to your
  • OneCare circle using a common Windows Live ID. You can then see the status of the other PCs within the group.
  • Printer Sharing – share your printer with all the PCs in your OneCare circle
  • OneCare Online Photo Backup – paid storage is available online for photo backups
  • Securing wireless networks – if your router is supported OneCare 2.0 will allow you to secure your wireless network
  • Startup tuneup
  • x64 support

Source: Windows Live OneCare 2.0 goes into public beta

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 11, 2007 at 7:22 pm

Categories: Security   Tags: ,

Windows Security Bulletins and Security News

Lots and lots of computer security related news recently, the IE and Firefox brouhaha concerning a high security risk with how IE handles a “firefoxurl://” URI (uniform resource identifier), Haute Secure blocks malware, Microsoft security bulletins and Facebook pimping da crudware baby.

Firefox and IE together brew up security trouble article about the Firefox and IE combo flaw that could allow someone to compromise their machine remotely.

Site Advisor 2.0: Haute Secure Launches To Detect and Block Malware Little review of Haute Secure from Michael Arrington, he says, “Haute Secure launched moments ago: it?s a new browser plug-in that the company says will detect and block malware before it has a chance to infect your computer. The timing couldn?t be better as news spreads of more Windows-based vulnerabilities.”

Haute Secure They block bad sites and then let you decide if you want to allow it or not. Sounds like the UAC feature of Windows Vista, but I haven’t tried it yet myself.

Microsoft Security Bulletin MS07-036 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) This critical security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities as well as other security issues identified. These vulnerabilities could allow remote code execution on your computer if a user opens a specially created Excel file. Users whose accounts are not configured to run as Administrator will be less impacted than those who do. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Microsoft Security Bulletin MS07-039 – Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) This critical security patch resolves a vulnerability in Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition, and remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software. Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it’s a bargain.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - at 3:04 am

Categories: Firefox, IE7, Security   Tags: , , , , , , , , ,

Security News Roundup 7/06/2007

Hacker?s eBay: Legitimate Marketplace or Organized Blackmail? Well, there are only 4 items listed, so it’s hardly an eBay, but it is interesting nonetheless. From Techcrunch, The product FAQs state that all purchasers will be ?carefully evaluated? to ?minimize the risk of selling the right stuff to the wrong people.? But there is only one appropriate buyer for most vulnerabilities (Yahoo, in the case above); it?s unclear who else should be authorized to purchase such information.

The company says that they are simply trying to take activity that?s happening underground into a legitimate marketplace. Perhaps, but this thing doesn?t seem to be fully baked.

It doesn’t seem fully baked for sure, I wonder what the real intent is? The server ip address is owned by California Regional Intranet, Inc. in San Diego, a company that sounds like a regional jail.

MPack Clearance Sale! Looking to create some mischief or make some money? The Mpack is on sale at 85% off, now, I wonder why they would drop the price so low? Must’ve realized people could get it for free somehow.

Google: Our data retention is not data protection watchdogs’ business The retention of search engine query data is a security matter and not one for Europe’s data protection officials, according to Google’s global privacy chief. Peter Fleischer said that its retention of user search data was “just not their field”. Ohh, sounds like a challenge.

iPhone Hacking News Update: iPhoneInterface Tool is Out!! We have successfully written a tool named iPhoneInterface allowing for some basic manipulation of things on the phone, and are releasing it tonight. We are including source code so you can understand the techniques we have used so far. We will be expanding the functionality of this tool significantly tomorrow.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 6, 2007 at 3:50 pm

Categories: Security   Tags:

Security Roundup 6/19/2007

Some interesting security related stories making the rounds.

Is The iPhone Insecure? Analysts are already debating whether the iPhone is going to be secure or not, with some saying Apple did not give one thought to Enterprise security.

Microsoft flaw opened door to scammers Microsoft fixed a bug Tuesday that had been allowing people to signup with fake email addresses, which in turn allowed them to “be” someone else while running Microsoft Messenger. Microsoft has no idea how long the flaw was available to users and had no idea how many fake accounts could have been created.

Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. Solution: They have already released an update that fixes the problem here.

Bundled Products: Where the heck did this new toolbar come from? A researcher on got some extra bundled software he didn’t like with Trillian. Same thing happened to me. That’s what we get for not reading EVERYTHING anymore.

Appeals Court Says Feds Need Warrants to Search E-Mail A federal appeals court on Monday issued a landmark decision (.pdf) that holds that e-mail has similar constitutional privacy protections as telephone communications, meaning that federal investigators who search and seize emails without obtaining probable cause warrants will now have to do so. “This decision is of inestimable importance in a world where most of us have webmail accounts,” said Kevin Bankston, a staff attorney for the Electronic Frontier Foundation.

Phishers and Malware authors beware! Google has released an API that will allow you to download from Google their list of suspected phishing and malware URLs, so now any developer can access the blacklists used in products such as Firefox and Google Desktop. Pretty cool.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 19, 2007 at 6:32 pm

Categories: Security   Tags:

Microsoft Monthly Security Bulletin Released

Microsoft’s June security releases contain 6 new bulletins, 4 of which have maximum severities of “Critical”. They have also re-released 2 bulletins involving remote code execution.

MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051).

MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840).

MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213).

MS07-033 Cumulative Security Update for Internet Explorer (933566).

MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123).

MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839).

They also re-released the two bulletins below:

MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) (Updated to v2.0 to reflect applicability to Windows Server 2003 Service Pack 2, and explicitly noting that Platform SDK is not affected).

MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) Updated to fix an issue whereby custom CMS2002 install paths could be reset in the registry to the default paths, as noted in KB article 924429 “known issues” section).

The Internet Explorer cumulative security update mainly is concerned with ActiveX controls in the browser that could allow hackers to seize total control over a user’s machine or to silently install software using web sites running the ActiveX controls. One update fixed a security hole that was already being exploited, since instructions were posted online.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 13, 2007 at 2:55 am

Categories: Security   Tags:

Microsoft’s June 2007 Patch Tuesday

Microsoft has released the latest bulletin for the monthly patch Tuesday, it includes 4 critical updates and a couple not so critical, affecting most versions of supported Windows, IE and Outlook, to name a few.

This is an advance notification of six security bulletins that Microsoft is intending to release on June 12, 2007.

This bulletin advance notification will be replaced with the June bulletin summary on June 12, 2007. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Source: Microsoft Security Bulletin Advance Notification for June 2007

They have also decided that next Tuesday will be the day they start pusing Windows 2003 service pack 2. You will have to click on the update icon, and accept the agreement to download it, so, it shouldn’t do it automatically, yet. You can block Windows 2003 service pack 2 using this tool provided by Microsoft.

Microsoft announced availability of Windows Server 2003 SP2 in mid-March, and made the update available for download at that time. A number of security experts and Most Valuable Professionals criticized Microsoft?s decision to release SP2 on March 13, which was a Patch Tuesday. Admins usually have their hands full implementing the usual bunch of security fixes; they don?t need to be thinking about a whole new service pack at the same time, Microsoft?s critics said. The proximity of the SP2 release date and the earlier-than-usual start of Daylight Saving Time also angered some admins. Source: Microsoft to push Windows Server 2003 SP2 via Automatic Updates on Patch Tuesday

The patches and fixes in SP2 are cumulative and will work on Windows Server 2003, Windows Server 2003 R2 and Windows Server 2003 SP1 machines. It also will update Windows Storage Server R2; Windows Unified Data Storage Server; Windows Compute Cluster Server; Windows Small Business Server 2003 R2; and Windows XP Professional x64 Edition systems.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 8, 2007 at 6:26 pm

Categories: Security, Windows 2003, Windows Update   Tags:

« Previous PageNext Page »