Web Mayhem: Firefox’s JAR: Protocol issues

One of the things that we enjoy the most, here at GNUCITIZEN, is finding issues in features. Unlike bugs, insecure features tend to be more severe and usually last longer due to uneasy and rather long decision making process on whether the feature should be continued or discontinued once and for all. In my previous post I outlined some of my concerns about the data: protocol. Today, I would like to draw your attention on the insecurities that come with my personal favorite: jar:. [...]

more | comments | comments rss | posted by

Hacking without 0days: Drive-by Java

From Wikipedia, the free encyclopedia, drive-by download is: Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. [...]

more | comments | comments rss | posted by

0day: Hacking secured CITRIX from outside

In the true spirit of GNUCITIZEN half(partial)-disclosure movement, we announce that it is possible to gain user access level on CITRIX. The bug/feature does not rely on any client/server vulnerabilities nor client/server misconfiguration issues. All an attacker needs to do to exploit the weakness is to lure a victim to a malicious website or trick him/her into opening specially crafted ICA files. [...]

more | comments | comments rss | posted by

Remote Desktop Command Fixation Attacks

The attack is rather simple. All the attacker needs to do is to compose a malicious RDP (for Windows Terminal Services) or ICA (for CITRIX) file and send it to the victim. The victim is persuaded to open the file by double clicking on it. When the connection is established, the user will enter their credentials to login and as such let the attacker in. [...]

more | comments | comments rss | posted by

Google GMail E-mail Hijack Technique

In this post I am going to show you how someone can remotely install a simple, persistent filter within a GMail account and download all previous as well as snoop onto all future email conversations.

The following sequence of screenshots describes how the attack works.

The victim visits a malicious page while being logged into GMail. [...]

more | comments | comments rss | posted by

Google Urchin password theft madness

There is a trivially exploitable XSS vul on Google Urchin Web Analytics 5‘s login page. The vulnerability has been tested on versions 5.6.00r2, 5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely to be affected as well. In case you didn’t know, Google Urchin is the install version of Google Analytics.

I reported the issue to Google back on Jul 25 and was confirmed by their security team. They are now working on a fix. [...]

more | comments | comments rss | posted by

0day: PDF pwns Windows

I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.

The issue is quite critical given the fact that PDF documents are in the core of today’s modern business. [...]

more | comments | comments rss | posted by

IE pwns SecondLife

First of all, I must say that I am not really a bug hunter. I am more on the side of tactical exploitation – you know figuring out your way through the system even if it requires bug hunting and reverse engineering at the end. Anyway, the news is that IE (Internet Explorer) pwns SecondLife.

Before going into details why and how it happens, I would like to bring your attention on SecondLife for a moment. [...]

more | comments | comments rss | posted by

0DAY: QuickTime pwns Firefox

It seams that QuickTime media formats can cause Firefox to misbehave. The result of this vulnerability can lead to full compromise of the browser.

Before we move on, I have to say a few things. Last year I disclosed two QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the spot light on the second vulnerability one more time over here without much of success. [...]

more | comments | comments rss | posted by

Congratulation! You’ve been nominated for a Pwnie Award.

Ok, hmm, I’ve been nominated for a Pwnie Award for Mass 0wnage. From the Pwnie Awards website, the Mass 0wnage Pwnie Award is Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the Pwnie for Breaking the Internet. [...]

more | comments | comments rss | posted by