Posts tagged: Google

Jan 26 2014

Google Pwnium 4 Invites Hackers to Attack Chrome OS at CanSecWest

google pwnium 4 Google holds regular competitions to encourage involvement in improving the security of the Chromium project. Contests like Pwnium helps to better patch specific exploits and issues to make Chromium even more secure.

This year Pwnium 4 will once again set sights on Chrome OS, and will be hosted in March at the CanSecWest security conference in Vancouver.

With a total of $2.71828 Million USD in the pot, Pwnium rewards will be issued for eligible Chrome OS exploits at the following levels:

— $110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.
— $150,000 USD: compromise with device persistence: guest to guest with interim reboot, delivered via a web page.

Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS.

Participants need to register in advance for a timeslot. To register, e-mail pwnium4@chromium.org. Registration will close at 5:00 p.m. PST Monday, March 10th, 2014. Only exploits demonstrated on time in this specifically-arranged window will be eligible for a reward.

More Info:
The Chromium Blog : Announcing Pwnium 4 Targeting Chrome OS
Pwnium4@CanSecWest2014 : Official Rules
Chromium OS : Developer Guide

Aug 14 2013

Android Malware Exploiting Google Cloud Messaging Service

Google Cloud Messaging Hacking Researchers have discovered a number of malicious Android apps are using Google’s Cloud Messaging (GCM) service and leveraging it as a command and control server to carry out attacks.

A post on Securelist today by Kaspersky Lab’s Roman Unuchek, breaks down five Trojans that have been spotted checking in with GCM after launching.

  • Trojan-SMS.AndroidOS.FakeInst.a
  • Trojan-SMS.AndroidOS.Agent.ao
  • Trojan-SMS.AndroidOS.OpFake.a
  • Backdoor.AndroidOS.Maxit.a
  • Trojan-SMS.AndroidOS.Agent.az

These trojans having a relatively wide range of functions:

— Sending premium text messages to a specified number
— Sending text messages to a specified number on the contact list
— Performing self-updates
— Stealing text messages
— Deleting incoming text messages that meet the criteria set by the C&C
— Theft of contacts
— Replacing the C&C or GCM numbers
— Stopping or restarting its operations
— Generate shortcuts to malicious sites
— Initiate phone calls
— Collect information about the phone and the SIM card & upload on server

Kaspersky Lab detected millions of installers in over 130 countries and Kaspersky Mobile Security (KMS) blocked attempted installations for these Trojans.

No doubt, GCM is a useful service for legitimate software developers. But virus writers are using Google Cloud Messaging as an additional C&C for their Trojans. Furthermore, the execution of commands received from GCM is performed by the GCM system and it is impossible to block them directly on an infected device.

The only way to cut this channel off from virus writers is to block developer accounts with IDs linked to the registration of malicious programs.

Aug 30 2011

Hackers Acquire Google Certificate, Could Hijack Gmail Accounts

Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider.

Google SSL Certificate

Criminals could use the certificate to conduct “man-in-the-middle” attacks targeting users of Gmail, Google’s search engine or any other service.

Attackers could poison DNS, present their site with the fake cert and bingo, they have the user’s credentials.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.

Details of the certificate were posted on Pastebin last Saturday.

The SSL certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA.

It’s unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company’s certificate issuing website.

Given their ties to the government and financial sectors it’s extremely important to find out the scope of the breach as quickly as possible. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web’s biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been fraudulently issued after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran’s government may have been involved in the theft. Days later, however, a solo Iranian hacker claimed responsibility for stealing the SSL certificates.

Aug 29 2011

Using Google Servers as a DDoS Tool

Google’s servers can be used by cyber attackers to launch DDoS attacks, claims Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting firm AIR Sicurezza.

Google Servers

Quatrini discovered that two vulnerable pages – /_/sharebox/linkpreview/ and gadgets/proxy? – can be used to request any file type, which Google+ will download and show – even if the attacker isn’t logged into Google+.

By making many such request simultaneously – which he managed to do by using a shell script he’s written – he practically used Google’s bandwidth to orchestrate a small DDoS attack against a server he owns.

He points out that his home bandwidth can’t exceed 6Mbps, and that the use of Google’s server resulted in an output bandwidth of at least 91Mbps.

“The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs,” says Quatrini. “But beware: igadgets/proxy? will send your IP in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.”

He says he has discovered the flaws that allow the attack on August 10 and that he contacted Google’s Security center about it. After 19 days of receiving no reply from Google, he published his findings.

Oct 29 2008

Goolag – GUI Tool for Google Hacking

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:
* There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
* Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
* Goolag Scanner comes with its own dorks-database, but it is not limited to such.
* gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

Download Goolag Beta 1.0.0.41 :
http://goolag.org/download.html

More Info :
http://goolag.org/specifications.html