OpenX Ad Server Source Compromised

Posted on August 8, 2013 by kohi10

OpenX is a tool used by hosting providers and webpage developers to provide ads on webpages. Rotating banner ads have been an attack vector that has been quite popular and effective in the recent past. This is probably one reason why.

An announcement this week from the OpenX ad server team noted that a backdoor had recently been discovered in their official source code distributions, that has been present since November 2012. This vulnerability only applies to the free downloadable open source product, OpenX Source.

Exploitation is occurring in the wild, with attacks consisting of simple POST requests to a specific file that allows for remote code execution on the affected server. Users are urged to follow instructions being provided by the community for checking their servers, and rebuilding any that are impacted immediately.

References:

Anonymous ‘FFF’ Attack Schedule

Posted on February 17, 2012 by kohi10

Oh, for crying out loud. Why don’t these guys just go away? According to Wired, Anonymous is giving itself a weekly deadline now, a new attack every Friday. How entertaining. Following the Tuesday compromise of tear gas maker Combined Systems’ website, Antisec attacked a Federal Trade Commission webserver which hosts 3 FTC websites. They claim this hack was in opposition of the controversial international ACTA copyright treaty, widely protested around the world for its potential impact on freedom of expression.

Those responsible for this week’s attacks spoke with Wired, and claimed that the attacks renewed a promise, previously noted in the defacement of CSI, and reiterated on the FTC websites, “every Friday will bring a new attack against government and corporate sites under the theme of #FFF” (‘F’ the Feds Friday).

They’ve decided try to balance between protest defacements like these two most recent ones, and posting material that can damage firms and agencies. Jerry Irvine of the National Cyber Security Task Force told the New York Times last week that attacks would become more frequent, describing the collective as “unstoppable,” because of the poor state of online security.

Canadian’s Online Privacy At Risk

Posted on February 14, 2012 by kohi10

From the “I can’t believe this is Canada” file, the government is pushing a new “lawful access” bill, basically granting the police and government officials the rights and means to freely and on a hunch, spy on your internet usage. Assuming that if you have nothing to hide, you should have no fear of arbitrary search and seizure, of course.

Michael Geist has a good article about the bill and why it is crazy. The insanity first becomes evident when Public Safety Minister Vic Toews tells people “You can stand with us, or you can stand with the child pornographers“. As if everyone with a desire for online privacy and against widespread internet surveillance is somehow automatically “for” child pron! Yep, there is no middle ground here. Line up with the rest of ’em, mate.

I agree with Tech Dirt’s post, this is totally ridiculous, and a cynical political move that assumes the Canadian public is stupid and will just roll over. I sincerely hope that is not true, that there is enough outcry against this bill that it is thrown out faster than last week’s Metro. Yes, it may be difficult and time consuming to obtain a judge’s consent in the form of a warrant, but you don’t just subtract an individual’s rights from the equation in the name of expediancy and convenience for law enforcement. You cannot and should not assume that the entire public is suspect, and then launch a witch hunt to see who floats and who sinks! Continue reading →

Foxconn Hacked

Posted on February 9, 2012 by kohi10

As if it wasn’t toxic enough out there, it looks like we have another group of hackers playing their little games on the Internet. They claim that they are only in it for the thrill of destroying networks and impacting businesses. Their claim to fame target? Foxconn, the Asian firm that is under the microsocope after a NY Times article exposing dismal working conditions and recent deaths of employees.

The Swagg Security group has released information on both Foxconn and its clients, which include Microsoft and Apple, stolen during an attack on the company, through Pastebin and Pirate Bay posts.

“Now as a first impression Swagg Security would rather not deceive the public of our intentions. Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an iPhone 5, we are not hacking for this reason. We hack for the cyberspace who share a few common viewpoints and philosophies. We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure”.

The information released contains contact details of a number of Foxconn’s global sales managers, usernames, IP addresses, credentials, and a list of clients’ purchases.

Of Skimmers & Scumbags

Posted on February 7, 2012 by kohi10

A skimming device came off in the hands of a Bank of America customer when she tried to use her debit card at an ATM recently, police said. The man who had planted the credential stealing device appeared and asked for it back. The woman refused to return the card and growled at the man who fled.

Sixth Precinct police are seeking two male suspects in connection with the incident. The first is about 40, stands 5 feet 10 inches tall, and weighs 170 pounds. The second male is about 30, stands 5 feet 8 inches tall, and weighs 160 pounds, police said.

The two suspects face felony forgery charges and up to 15 years in prison. I wouldn’t advise anyone to do this, but that 23 year old woman sure has moxxy. I hope the bank rewards her for her valiant stance. DNAinfo

The reason that I don’t advise people to take this kind of action? Read the article just published in The Compliance Exchange blog about Aaron Hand, already convicted in a $100 million mortgage-fraud scheme and serving a sentence of eight years and four months to 25 years. He was sentenced to 8 – 16 more for plotting to have a key witness in his case killed.

Please remember that these guys mean business, and that there is more than just your current balance at stake. These guys are all in it for the big money payoff. If you find yourself involved in a confrontation or an investigation, a little paranoia is healthy, and caution is not cowardice, in my humble opinion.

How Was FBI Call Compromised?

Posted on February 6, 2012 by kohi10

I am pretty sure that everybody knows that the FBI and Scotland Yard were embarassed recently by the notorious hacking group, Anonymous, when they spilled the beans that they were now watching the watchers, listening in to a confidential phonecall taking place between investigators accross the pond. If you haven’t heard it, find it here. The New Statesman has an overheated article here that can provide additional details.

So how did this brazen and seemingly high tech hack take place? A conference call was arranged two weeks earlier by FBI agent Timothy Lauster, who wanted to discuss on-going investigations into Anonymous and other hacktivist groups. In an email to Scotland Yard’s e-crimes unit, the time, date and phone number to call were provided, along with the pass code for entry. Continue reading →

The Anonymous ‘Movement’?

Posted on February 5, 2012 by kohi10

I’ve been reading way too much of this garbage on the Internet lately, and it is starting to stick in my craw. Crap like this. It seems that everyone has accepted that the hacking group Anonymous is above the law, and has some special insight that makes them a voice of reason. 21st century Robin Hoods. I hope that this is just the result of sensational journalism, and not what people are really believing.

“The beginning years have intensified their activities demonstrating great technical skills.”

No, what it has demonstrated is a disregard for your privacy, a lack of moral fiber, a little too much technical knowledge, and the patience that is common in a good criminal.

“As always, the movement gives voice to social dissent and protest against amendments and decisions of governments guilty of not listening to the masses.”

The Movement? What bloody movement? This is a bunch of self-entitled, self-indulgent, egotistical miscreants that are incapable of operating within the confines of the law or rules of society. These are people that have an abundance of tools, have found cracks in programs and protocols, and are taking advantage of those flaws. They are no more a movement than the clowns that walk into a bank with a note in one hand and a formiddable looking pocket in the other. Continue reading →

Toronto Law Firms Targeted

Posted on February 1, 2012 by kohi10

Here is a lesson to us all about the global reach and intent of internet hackers who have an interest in the information assets that we may hold for our own or clients’ interests. China-based hackers have homed in recently on the offices of Toronto’s Bay Street law firms handling a $40 billion acquisition of the world’s largest potash producer by an Australian mining giant. Bloomberg has a great article with all of the details, and outlines discussions undertaken by a group of law firms that got together recently to strategize protective and detective techniques.

The hackers in the Toronto case penetrated and combed through one computer network after another, hitting seven different law firms as well as Canada’s Finance Ministry and Treasury Board, seeking to gather detailed intelligence and potentially undermine the deal. A law firm involved in the deal detected intrusion indicators, including spoofed emails, malicious websites, and network disruptions. Investigators found spyware designed to capture confidential documents, compiled on a Chinese-language keyboard, and using servers in China involved in the attack.

The investigation linked the intrusions to a Chinese effort to kill the developing acquisition. Stolen data of this nature can be worth tens of millions of dollars to those involved on either side of the bargaining table, and gives the possesser an unfair advantage in negotiations. The deal eventually fell apart when the Canadian government declared it wasn’t in the nation’s interest, but the incident highlights the vulnerability of law firm information resources in particular, and the threat of loss of client trust and future business. Continue reading →

Google Won’t Remove CounterClank Apps

Posted on February 1, 2012 by kohi10

Google will not remove the 13 apps reported by Symantec containing “software development tools” that enable the theft of data because they do not violate Google’s terms of service. Lookout Mobile Security said in a blog post Friday that it doesn’t consider the applications malware, but it does appear to be an “aggresive form” of an ad networking scheme, and should be taken seriously. I would agree with that assessment, simply because it is a new pin on an old tactic, however I would still consider this malware to the extent that spyware was once considered in a similar light. It has proven to be a real problem with real impacts, and has been used in a multitude of nefarious endeavors.

See this SC Magazine article for more coverage and details.

Late Breaking Attack Vectors WebCast

Posted on January 31, 2012 by kohi10

Mike Kachmar sent me an email invitation to a monthly webcast that should be interesting, and offers an opportunity to grab a few of those elusive CISSP CPE credits. I thought I’d extend the invitation along. Previous webcasts have been both intersting and informative.

Don’t miss the “Late Breaking Computer Attack Vectors” webcast! They are also giving away a Apple iPad2 at the end of the webcast (already got one, but another one wouldn’t hurt…). You do NOT need to be present to win. Simply register with complete and accurate information and we will announce the winner at the end of the webcast.

The webcast is sponsored by Thawte and hosted by Larry Pesce, from the PaulDotCom Team, Wednesday February 1, 2012 2:00PM ET

Join the paulDotCom Team as they take a practical look at the most recently identified threats IT Security Professionals face on a daily basis. Rather than narrating a lifeless monologue on the most recent global data correlation, they will take an “everyman’s” approach to the Who, What, When, Where and Why of the most recent attack vectors.

Rather than asking them to do the impossible and tell us in advance what the topics will be – after all, how “Late Breaking” can that really be? They will be modifying and editing their presentation up until a few moments prior to the webcast based on the most recently identified attack vectors.

I should be back in the office from my morning interviews by then, so I’m ALL in…

MadMark's Blog

Balance convenience with security.

Tag Archives: exploitation