Breach Security has released their annual Web Hacking Incidents Database (WHID) report. The focus is on the massive SQL Injection (SQLi) attacks seen online last year, and according to the data, more than 500,000 sites were compromised. The report states that SQLi attacks, with the aim of planting Malware on a compromised site, were the number one vector of attack in 2008.
Another interesting aspect of the report centers on the site defacements seen in 2008.
Source: Tech Herald
Xbox Live is being targeted by malicious hackers selling services that kick players off the network.
The booting services are proving popular with players who want a way to get revenge on those who beat them in an Xbox Live game.
The attackers are employing data flooding tools that have been used against websites for many years.
Microsoft is “investigating” the use of the tools and said those caught using them would be banned from Xbox Live.
Source: BBC News
This tool provides a demonstration of the HTTPS stripping attacks.
It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
To get this running:
* Flip your machine into forwarding mode.
* Setup iptables to redirect HTTP traffic to sslstrip.
* Run sslstrip.
* Run arpspoof to convince a network they should send their traffic to you.
That should do it.
How does this work?
First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).
At this point, sslstrip receives the traffic and does its magic.
Hackers are targeting a zero-day vulnerability affecting Adobe Reader and Acrobat with malicious PDF files. Adobe officials say a fix for the issue will be available for Adobe Reader and Adobe Acrobat in the coming weeks.
Hackers have once again turned to PDF files to spread their wares, this time assaulting a zero-day flaw affecting Adobe Reader and Acrobat.
Fortunately, the unpatched bug is on the company’s radar, and fixes for Adobe Reader 9 and Acrobat 9 are slated to be available March 11. Updates for earlier versions will come later, company officials said in an advisory.
The bug is due to an error in the parsing of certain structures in PDF files. If exploited successfully, the bug could allow a hacker to take complete control of a vulnerable system.