Adobe Planning to Introduce Sandboxing Technologies in Reader

Adobe Acrobat Reader and Microsoft Internet explorer have become a top favorite with hackers. Internet Explorer with its innumerable vulnerabilities forms an excellent learning ground for crackers. Another hot favorite with them is Adobe Reader.


Both Adobe and its users are fed up by continuous release of updates and follow up hack attempts in spite of these updates. In a recent announcement, Adobe has announced that it will release its next Reader software as a sandboxed application.

Sandboxing prevents an application from accessing the underlying data and creates a virtual environment for the application to run. This keeps the processes within the application free from each other and prevents them from accessing data from the computer.

Brad Arkin, Adobe’s director of security and privacy says,

With sandboxing, anyone who encounters a malicious PDF will find that a successful exploit is kept within the sandbox.

The sandboxing approach however, cannot ensure complete safety, as the sandbox itself has to be powerful enough. However, it will need two levels of breach before any actual data is compromised.


Indian Call Centers, an Emerging Social Hacking and Scamming Hub

India is popular for its call centers and no matter how crappy the Indian-American accent is it gets the job done. However, now, Indian call centers are doing more than getting the job done. They are reverse engineering their jobs to their personal advantage and this forms an excellent ground to run call-centre scams.

Consider this scenario. A person from India calls you telling that he is from Microsoft and quotes your correct address, phone number and name. Next, he goes on to say that Microsoft has released a fix for some problem and you need to download certain “Windows Event Viewer” software. This software is either a backdoor or, after this sequence, you are asked to pay up £185. Has this ever happened to you?

The Guardian is investigating into this and has figured out that the call center in question is located in Kolkata and has connections with a person from Kota in Rajasthan.

Microsoft has obviously denied making any such calls and having any tie-ups with any such call centers. The age group, which falls victim to this generally, includes the elderly and those people who are not involved and updated about such scams. More information will be revealed as the investigation proceeds.


OAuth and OpenID: Serious Security Flaw Discovered

According to Nate Lawson and Taylor Nelson from Root Labs, OpenID and OAuth, used to authenticate third party web applications and desktop applications to use web services like Twitter and Digg are under a risk of a severe security threat. In fact, the security flaw affects a host of other open source authentication services. The matter will be brought up at an upcoming security conference.


The flaw is based on the very controversial timing attack according to which, the attacker checks for the time required to analyze signatures and estimates if the first few characters of his attempted signature is correct or not. This process, if repeated can lead to a successful hack in theory. However, in practice, it is very hard to carry out or, that was the common belief until three years ago.

Three years ago, a timing attack was used to hack into  Xbox and the people who did this became geek gods. However, that was a direct interaction with the host. In case of a network, we need to consider many factors like network load, jitter and a varying latency.

What is remarkable is that Lawson and Nelson have claimed that they have executed this on a network as well as on a cloud and have gained sensitive information successfully. Any further details on this will be revealed at the upcoming BlackHat conference at Las Vegas.


FamilyShield Blocks Phishing, Malware and Adult Websites

family-shield-icon A few weeks ago, a good friend of our family posted a question to me in Facebook.

How can I block adult content on my kid’s computer?

Fortunately, I already knew about several methods, but I wanted to give them something free and easy to use. I pointed them to the free OpenDNS service.

Why OpenDNS?

There’s no software to download and it’s always up to date with the latest information on what websites need to be blocked. It also works on Windows, Mac, Linux or almost any operating system.

To use the free OpenDNS Basic service, you will have to register an email address to be able to change the settings that control what types of web content you wish to block. However, OpenDNS is now offering   a new service, called FamilyShield, which doesn’t require registration and is even easier to set up.

What does FamilyShield block?

• Adult websites that are unsuitable for kids
• Proxy and anonymizer sites commonly used by savvy kids to bypass traditional Web filters
• Phishing sites that aim to trick you into handing over personal or financial information
• Some virus-spreading malware websites

How does FamilyShield work?

To tell you how it works, I’m going to use one of the 650+ free wallpapers from VladStudio.

Image: How the Internet Works by VladStudio:


When you are using FamilyShield or any other OpenDNS service, you are telling your PC to use OpenDNS as your default DNS server. Do you see the owl in the third frame of the picture? The DNS server (the owl) tells your computer the real address (IP address) of all the websites that your computer tries to access.

OpenDNS is a smart owl. If you ask it for the IP address of a website that contains something bad, OpenDNS won’t give you the address and you won’t be able to access the bad website. If you set up FamilyShield on your home network router, all the devices in your home are protected from the bad stuff out there.

Below, I’ll show you the typical FamilyShield setup for protecting your home.

1. Sign in with an email address or skip it by clicking the link labeled continue. They don’t require your email address.


2. Choose to set up FamilyShield on a single PC or on your home network (router).


3. If you choose router, you can find specific instructions for the most popular router models.


4. Below you can see the instructions for a Linksys router.


5. Once you have the router set up, you can test to see if FamilyShield is working by using the Test your new settingslink at the top of the instruction page.


That’s it. No software needed and your PC or your home network is protected. Your kids and you will be much safer using the FamilyShield from OpenDNS.

Techie Buzz Verdict:

I can’t tell enough people about this awesome free service. If you are reading this, you should tell all of your friends. It’s not a replacement for knowing what your kids are doing on the PC, but it’s an easy way to help protect them.


Windows Phone 7 Will Offer Out of the Box Theft Protection

Windows-Phone-7 Misplacing a smartphone can be an agonizing experience. Not only do you lose your prized possession, but you also lose all your contacts and data, while potentially exposing yourself to a privacy and security nightmare. It’s no wonder that operating system developers are working towards providing mobile security services to all users.

After RIM, Microsoft has also revealed that they are developing an anti-theft solution dubbed Find My Phone, which will ship with all Windows Phone 7 devices. Find My Phone will be able to remotely lock, ring and wipe stolen handsets, besides tracking it online. Online synchronization will take care of syncing miscellaneous information including calendar, contacts and notes. Also included will be SkyDrive integration, which will provide you with 25 GB of free web storage.

Windows Phone 7 based devices will begin appearing in time for this holiday season. To begin with, they will be restricted to 5 languages – English, French, German, Italian, and Spanish. With Windows Phone 7, Microsoft will also introduce their new online app store called Windows Phone Marketplace, which will be initially available in 17 countries including US, UK, Canada, Australia and India.

REMnux, an Ubuntu Fork to Reverse Engineer Malware

REMnux is a nifty security tool based on Ubuntu. It is essentially a stripped down version of Ubuntu to create a sandbox environment and test for exploits remotely. The  official website defines REMnux as,

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on  Ubuntu and is maintained by Lenny Zeltser.

REMnux comes pre-loaded with an array of security related tools to check network activity, check memory activity and to debug and understand code execution.

The features of REMnux are best explained as,

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for  analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

Setting up of virtual environments is an essential step in checking security hacks and REMnux does exactly that. The download is a VMware virtual machine file, which is actually a stripped down version of Ubuntu. Adobe and JavaScript vulnerability scanning tools are available by default making this an excellent tester for browser security.

Try REMnux  here.

Hacker Pwnes Google Chrome’s Security Brags with a Plugin

Google has made every attempt to keep Chrome secure and safe from hackers. However, it was only a question of days before someone outsmarted their annoying sandbox and today is the day.

Google Chrome has been hacked by a browser plugin! The plugin checks for login account details on Gmail, Twitter and Facebook and runs with the help of JQuery. Once again, this is a proof of concept hack and will not leak any information retrieved in the process.

The hack has exploited the access to DOM, which the plugins are allowed. The hack can also be used to steal cookies and hijack sessions as reported by the hacker Andreas Grech on his blog.

He writes,

The Google Chrome browser allows the installation of third-party extensions that are used to extend the browser to add new features. The extensions are written in JavaScript and HTML and allow manipulation of the DOM, amongst other features.

By allowing access to the DOM, an attacker can thus read form fields…including username and password fields. This is what sparked my idea of creating this PoC.

The extension I present here is very simple. Whenever a user submits a form, it tries to capture the username and password fields, sends me an email via an Ajax call to a script with these login details along with the URL and then proceeds to submit the form normally as to avoid detection.

Google Chrome’s sandbox for plugins just got pwned.


The Pirate Bay Hacked, User Database and Admin Panel Accessible

This is exactly what the RIAA has been praying for years and today, it has finally come true. ThePirateBay, the most stubborn and still going strong torrent and file sharing website has finally been hacked by a group of Argentinian hackers.

The hackers attempted SQL injection vulnerabilities and have claimed access to the user database and admin panel. The compromised user data includes passwords, usernames, IPs and email addresses. However, the group has claimed that it intends no harm to ThePirateBay. It made this attack as a proof-of-concept only. This goes only as far as proving that there are exploitable vulnerabilities.

One of the hackers in the group, Ch Russó who also happens to be a malware researcher claims that,

As any other website, as any other system or mechanism, has robust parts and soft spots. We beleive that the people behind this comunity always acted with the local laws on their side, and so have we. The community caused problems to huge companies and corporations which turned into threats between this companies and them. What we have done, we did not do it with anger, or for commercial value. As always, we saw the change, the moment and decided to take it. The protocol or procedure done to achieve this wasn’t anything out of the ordinary.

The page following the link above also shows a video highlighting the hack process.

However, members on ThePirateBay need not worry. Ch Russó has assured that the information gathered from the hack will not be leaked to any authority by any chance.

The vulnerable component has been removed from ThePirateBay now and it is back to security. However, the homepage currently shows this message:
Update 1: In a totally unrelated event, is performing a hardware upgrade now which is confusing people even more.

(Via: Softpedia News)

Google Introduces Suspicious Login Protection Across all Accounts

Gmail has a service that checks if a login is made from a geographically different location by checking the IP address of the user. Google has extended this feature to all its services and is providing them by default. The Google public policy blog unveils this feature saying,

A few months back we launched a feature in Gmail that notifies you when our servers automatically detect suspicious log in activity on your account. Since this has been effective in helping people identify improper access, we decided to extend it to all our Google Account users, not just Gmail.

Now, if a suspicious login takes place at any of the Google service, a warning will be displayed on your Google account dashboard.  The same page has an option to change your password immediately. However, many users have opinionated that the feature should display messages right into Google services instead of displaying it on a separate dashboard page.

Another feature that was added was a reporting system that could report for problems in the dashboard. This will go a long way in keeping Google users secure. Given the number of hack attempts Google accounts have been having, this will go a long way in keeping Google users secure.

Your AT&T Voicemail is Open to All

AT&T has too many embarrassments to live with. Another one just was added to this list with a security problem in voicemail. Apparently, it is extremely easy to gain access to AT&T voicemail using an Android phone. Do not believe me? Read on.

We have all heard of IP address spoofing. Well, there is also something called Caller ID spoofing. This lets you gain access to any voicemail over an AT&T network. There is an app, which lets you spoof your caller ID number and lets you place a call to the voicemail posing as someone else.

What is even more interesting is that AT&T knows about the problem and is giving lame instructions putting several customers at risk. The official response on this says,

AT&T is committed to providing secure access to your voicemail. Your voicemail service is set up for fast access to voicemail and does not require a password when checking voicemail from your wireless device.

We are aware of companies that offer spoofingtechnology, which enables others to gain unauthorized access to wireless voicemail accounts that are not protected by a password. If you are concerned about unauthorized access to your wireless voicemail account, we recommend you add a password to your voicemail account.

Thus, according to AT&T they are providing a fast access to the voicemail without using a password. AT&T is already losing tech-savvy customers to Verizon. It is time AT&T changes this attitude towards its customers.

Thanks to kdawson for sharing this on Slashdot.