Mar 28 2011

MySQL and Sun websites hacked using SQL injection

MySQL.com, the official website of the database management system of the same name, was today subjected to an attack whereby hackers used SQL injection exploits to gain access to a complete list of usernames and passwords on the site.

News of the attack surfaced when the attackers posted details of the compromise on the Full Disclosure mailing list, publicly listing the contents of database tables used to store member and employee data, but also a small sample of user logins and password hashes.

MySQL Sun Hacked

Owned by Oracle, MySQL is used by millions of websites to store and deliver information, with some of the most popular online services and platforms including WordPress and Joomla utilising the software.

The attack was achieved using “blind SQL injection”, targeting MySQL.com, MySQL.fr, MySQL.de and MySQL.it, but also two Sun domains.

It appears that the attacks were not due to flaws in the MySQL software itself, but flaws in the implementation of their websites.

Mar 23 2011

AT&T Facebook Traffic Takes a Loop Through China & South Korea

Traffic destined for Facebook from AT&T’s servers took a strange loop though China and South Korea on Tuesday, according to a security researcher.Facebook Route

As Barrett Lyon wrote on his blog, typically AT&T customers’ data would have routed over the AT&T network directly to Facebook’s network provider but due to a routing mistake, their private data went first to Chinanet then via Chinanet to SK Broadband in South Korea, then to Facebook. This means that anything you looked at via Facebook without encryption was exposed to anyone operating Chinanet, which has a very suspect Modus operandi.

Route to Facebook from AT&T on 22nd March 2011 :

route-server>show ip bgp 69.171.224.13 (Facebook’s www IP address)
BGP routing table entry for 69.171.224.0/20, version 32605349
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 4134 9318 32934 32934 32934

The AS path (routing path) translates to this:
1. AT&T (AS7018)
2. Chinanet (Data in China AS4134)
3. SK Broadband (Data in South Korea AS9318)
4. Facebook (Data back to US 32934)

What could have happened with your data? Most likely absolutely nothing. Yet, China is well known for it’s harmful networking practices by limiting network functionality and spying on its users, and when your data is flowing over their network, your data could be treated as any Chinese citizens’. Does that include capturing your session ID information, personal information, emails, photos, chat conversations, mappings to your friends and family, etc.? One could only speculate, however it’s possible.

This happens all the time — the Internet is just not a trusted network.

One way to prevent this from happening to your account: Enable HTTPS.

In January, Facebook rolled out the HTTPS feature to all browsing done on the site, but it’s opt-in an not automatic setting. Previously, Facebook used HTTPS only when you entered in your password.

To enable this security feature, go to – Account Settings >> Account Security
Click “change”. Check mark “Browse Facebook on a secure connection (https) whenever possible”.

Facebook Account Security

Mar 14 2011

MHTML vulnerability under active exploitation

The flaw, which was first highlighted by Microsoft in an advisory in January, allows an attacker to inject a client-side script into the response to a request made by Internet Explorer.

The script could allow a hacker to compromise the user by performing actions online that appear to have originated from the user; by stealing information from the user; or by otherwise trying to fool them.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file. The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011.

Users browsing with the Internet Explorer browser are affected.

For now, users and corporations seriously consider deploying Microsoft’s temporary Fixit to block this attack until an official patch is available.

Paper: Hacking with mhtml protocol handler

Mar 05 2011

PacketFence – Open Source Network Access Control (NAC) System

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system.

Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks – from small to very large heterogeneous networks.

What you can do with PacketFence :
PacketFence

  • Block iPods wireless access
  • Forbid rogue access points
  • Perform compliance checks
  • Eliminate Peer-to-Peer traffic
  • Provide guest access
  • Simplify VLAN management

Download: packetfence-2.1.0.tar.gz