Apr 27 2011

How the PlayStation Network was Hacked ?

PS3 HackedAfter 7 days of speculation-ridden downtime, Sony has finally announced that the PlayStation Network (PSN) outage was due to a massive hack that exposed the names, birthdays, email addresses, passwords, security questions, and maybe credit card details, of all PSN users.

At first, the most likely explanation for the PSN’s downtime was a continuation of Anonymous’s DDoS reprisal for Sony’s persecution of PlayStation 3 jailbreaker, George Hotz (geohot). Then, as the outage extended past a few days, and Sony announced that it was “rebuilding” its network due to an “external intrusion,” it became apparent that this was much more than a simple, brute force denial of service attack. Today’s announcement by Sony confirms that the PlayStation Network’s security mechanisms were fully circumvented, and that at least one of its most sensitive databases was breached and accessed sometime between April 17 and 19.

How was the PlayStation Network hacked, though? Ironically, for security reasons, and because Sony is historically very tight-lipped on such matters, we will probably never know the exact attack vector — but we can certainly make some well-educated guesses about how the PlayStation Network was hacked. First, given its proximity to Anonymous’s recent attacks, it’s likely that the database breach is somehow related. It’s safe to assume that Anonymous could have learned about a weakness in the PSN’s security mechanisms, and then passed that data on to another group of hackers — and from there, if the hole was big enough, the attackers might have been able to simply step right in with an SQL injection attack.

Moving forward, there’s no indication of when the PlayStation Network will return. Sony has warned its users to look out for mail or telephone scams, and to lodge a “fraud alert” with credit bureaus like Experian and and Equifax, which should prevent your credit card from being used by the hackers. If you’re a PlayStation Network user, check the PlayStation Blog for more information.

As we move towards a lifestyle that is dominated by cloud-based services like Gmail, Steam, Xbox Live, and Netflix, these attacks will become more and more commonplace. It’s infinitely convenient to have your data all in one place and accessible from any net-connected computer — but likewise, these services represent the juiciest imaginable hacking target. A large database of email addresses is worth millions if sold to a spam baron!

Apr 26 2011

UK Firm Offered Custom Malware to Egyptian Security Services

MalwareDocuments spilled into public by the political unrest in Egypt in recent months has shone a spotlight on the shadowy world of for-profit, custom malware creation for governments around the world.

The anti malware firm F-Secure first called attention to documents uncovered by protesting Egyptians back in March. They included a proposal to sell a product dubbed “Finfisher” to the Mubarak regime.

That “Governmental IT Intrusion” product is targeted at the law enforcement community, but Gamma apparently had no qualms about offering it to the Egyptian government, according to 12 page proposal, dated June 29, 2010. A scanned copy of the proposal is available from the F-Secure Web site.

The documents were reportedly obtained by Egyptian psychiatrist and protester Mostafa Hussein during a takeover of the headquarters of Egypt’s State Security in Nasr City on March 5.

Written in Arabic, the proposal is addressed to the State Security Investigation Department in Cairo, Egypt and purports to offer a wide range of Gamma’s products to the country’s security apparatus, including a “remote intrusion solution,” the FinSpy management software and agent. The total deal was projected to cost the government just over 287,000 Euros.

An attorney for the company, speaking to The Washington Times, denied that Gamma completed its sale to the Egyptian regime and claims that the firm broke no laws in pursuing the sale of the FinFisher technology.

Still, the spectre of state sponsored hacking has come to the fore in recent months, as leaked diplomatic cables from Wikileaks, the Stuxnet worm outbreak targeting Iran and plans uncovered with the compromise at security firm HB Gary Federal raised the spectre of state-sponsored hacking and malware distribution.

The Obama Administration issued guidance in March clarifying the use of the term “cyberspace” to describe a domain analogous to air, land, space and maritime operations.

Apr 14 2011

WordPress Hacked, Source Code Stolen

Wordpress AutomatticServers belonging to Automattic, which makes the popular WordPress blogging software, say that their servers were hacked and that the company’s source code is believed to have been “exposed and copied,” according to a company blog post Wednesday.

The post, by Matt Mullenweg, Automattic’s co-founder, said that the company had a “low-level (root) break-in to several of our servers.” Whi While the company doesn’t know the exact target of the hackers, “potentially anything on those servers could have been revealed.”

Mullenweg said the company was operating under the assumption that its source code was copied and, while much of it is open source, the copied data did contain “bits of our and our partners’ code” that are sensitive.

Automattic has taken “comprehensive steps to prevent an incident like this from occurring again,” but Mullenweg declined to speculate on whether the hundreds of thousands of blog operators that use WordPress need to be concerned about security vulnerabilities. He encouraged blog owners to make sure they are using strong passwords to secure their WordPress installations, and to refrain from reusing passwords – generic “good housekeeping” advice that wasn’t specific to the breach.

This isn’t the first time Automattic has found itself in the crosshairs. In March, the company was the target of a large denial of service attack. WordPress installations hosted on infrastructure managed by Network Solutions were also the target of attacks in April, 2010 that redirected thousands of WordPress blogs to malware-laden drive by download Web sites.

Apr 12 2011

sqlmap 0.9 Released – SQL Injection Tool

sqlmap 0.9After a year of hardcore development, sqlmap 0.9 is out!

Introduction:
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

New Features:

  • Rewritten SQL injection detection engine
  • Support to directly connect to the database without passing via a SQL injection, -d switch
  • Added full support for both time-based blind SQL injection and error-based SQL injection techniques
  • Implemented support for SQLite 2 and 3
  • Implemented support for Firebird
  • Implemented support for Microsoft Access, Sybase and SAP MaxDB
  • Added support to tamper injection data with –tamper switch
  • Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack
  • Added support to fetch unicode data
  • Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch
  • Implemented several optimization switches to speed up the exploitation of SQL injections
  • Support to parse and test forms on target url, –forms switch
  • Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

Demo:

Download: sqlmap-0.9.tar.gz