Reddit (reddit.com) is a social news website, and it’s much better than Digg or Slashdot. However, it got hit today by a XSS worm that was spreading via comments on the site.
When xssfinder got his script working, he tested it by posting one comment to a popular link called “Guy on a bike in New York ‘high fives’ people hailing cabs”.
After this, things happened quickly.
People reading comments ended up sending massive amounts of new comments to Reddit threads.
Right now things have calmed down. Reddit was never down, and Reddit administrators have closed this vulnerability. Malicious comments are being mass deleted right now.
Source: F-Secure Weblog
A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a “Chat-in-the-Middle” phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud. The phishing attack may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.
During the live chat session, the fraudster behind the attack presents himself as a representative of the bank’s fraud department and attempts to dupe customers who are online into divulging sensitive information – such as answers to secret questions that are used for online customer authentication. This attack is currently targeting a single U.S.-based financial institution.
Upon detecting the attack RSA immediately informed the affected financial institution and commenced a standard phishing attack shut-down procedure through the RSA Anti-Fraud Command Center and its RSA FraudAction service. (RSA cannot identify this bank in order to protect its security and privacy.) The attack is hosted on a well-known fast flux network for “hire” from fraudster to fraudster, which hosts a wealth of malicious websites such as phishing attacks, Trojans infection points, mule recruitment websites, and more.
Source: RSA FraudAction Research Lab
The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device’s MAC address to the largest known Bluetooth MAC address Vendor list.
The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible.
- Python 2.6
- Unpack to a directory
- Run python haraldscan -b to build database
- python haradscan [Options] to run Harald Scan
How I cross-site scripted Twitter in 15 minutes, and why you shouldn’t store important data on 37signals’ applications
“Today the Ruby on Rails security team released a patch for a cross-site scripting issue which affected multiple high-profile applications, including Twitter and Basecamp. If you’re concerned about the issue and would like to see the patch, please read the advisory from the Rails security team. In this post, I discuss the overall process of finding the issue, and the reason why I’d suggest that no important information be stored on the 37signals applications (Basecamp, Highrise, Backpack, and Campfire).
After seeing a bug in Unicode handling in an unrelated program a few weeks ago, I suddenly had an idea: “I wonder if there are any web applications which have Unicode handling problems that might be security issues?”
- Brian Mastenbrook
Source: Brian Mastenbrook
MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Linux, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.
Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution, compared to other platforms. This tool is written to demostrate how remote code execution can be performed on a database connector that do not support stack queries.
Platform supported: Linux
- SQL Injection detection using time based injection method
- Database fingerprint
- Web server directory fingerprint
- Payload creation and execution