Monday, April 13, 2009

National Satellites are they Hackable ...!

According to
" "
reported on 9th april
"Security experts are reporting today that Amish hackers equipped with reverse engineered VCIM's have hacked into Instar's vehicle satellite navigation systems and are extorting Instar."
while some witnessess were also reported saying
"It's horrible. I was headed down Main Street and my Garmin told me to turn right. 20 minutes later not only was I was late for my interview, I went from being in Colorado to driving down Fifth Avenue in New York City." stated a visibly shaken John McSmith.

The article which reports the incident also shows pictures of the INstar device showing altered text. Although the authenticity of such news is a question in in itself but IMHO it seems practical to a point that the hacked VCIM can change the behavior of that particular device but not the satellite transmission itself. I would be looking forward for the details if any are released from some reliable source.

Thursday, March 12, 2009

Adobe Vulnerability takes a new turn

The new adobe vulnerability is now exploitable not only by reading the infected pdf file but also by at least three different methods using metadata which is used by windows to show file information. It turns out that adobe has a shell extension which get the file information. Security Researcher "Didier Stevens" have released a short video on his blog which shows how this vulnerability can be easily exploited in windows. The dangers associated with this vulnerability have leveraged the threat level using the JBIG2Decode exploit. Meanwhile a new exploit have also been released today which shows foxit pdf viewer (the alternative to adobe viewer) as the victim. The only tip that I can give you guys now is to only open files or should I say receive files from trusted sources.

The video and the original blog post can be found on the following links.

Thursday, January 29, 2009

Heartland Sniffer Hid In Unallocated Portion Of Disk

While I was surfing online today, this news was something really interesting.
“The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud alerts went off at both Visa and MasterCard, according to Heartland CFO Robert Baldwin.”
“A significant portion of the sophistication of the attack was in the cloaking,” Baldwin said.
Payment security experts pretty much agreed that hiding files in unallocated disk space is a fairly well-known tactic. But it requires such a high level of access—as well as the skill to manipulate the operating system—that is also indicates a very sophisticated attack. One of those security experts—who works for a very large U.S. retail chain and asked to have her name withheld—speculated that the complex nature of the hiding place, coupled with the relatively careless leaving of temp files, could suggest a less-skilled cyberthief who simply obtained some very powerful tools.

The complete article can be found on

Thursday, January 22, 2009

FBI, CIA and NSA websites susceptible to XSS attacks.

Popular xss archive website is reporting that government websites like, and are susceptible to XSS attacks found by independent researchers. Cross site scripting attacks are not new and have been causing damage since 2007, numerous trainings, presentations and books have been in market since its time of discovery but this has still been around like the SQL Injection bug and hundreds and thousands of websites are still susceptible to these sorts of attacks. Vulnerabilities of these kinds have been exploited to craft powerful phishing attacks and browser exploits. Impersonation of a legitimate website to run malicious code is one of the most effective attacks other then stealing cookies and running exploits using JavaScript with this sort of vulnerabilities. There are a host of other high profile websites that are affected by cross site scripting vulnerabilities including,,, and many others. The fact the headline of this blog reads the name of government agencies is that people trust them the most and their websites are vulnerable to such common flaws. Being a security researcher I do understand that pretty much no piece of code is completely secure but the time it takes to patch such security holes should be considered as a measuring point of the seriousness of security agencies. The flaw was reported on 9th January regarding the xss flaw but it is still not patched (22nd January) which shows that either they do not know about the flaw or they are not very serious in patching such issues. Whatever the case may be this post is to alert the users to be cautious as legitimate domains on your browser Navigation Toolbar may end up downloading malicious software on your computer. A precaution that you guys can take is installing NoScript on your firefox browsers which pretty much all Security Professionals do use nowadays while for IE users I suggest changing your browser to Mozilla Firefox.

Thursday, January 1, 2009

MD5 Practically Attacked

Although MD5 was theoretically cracked in 2004 by Chinese professor Wang Xiaoyun its practical attack scenario was not shown to the world which was mainly in my opinion due to the complexity of the method and ongoing research to minimize processing and computational power required and therefore detecting collision was not thought a practical approach. MD5 has already been abandoned by the more security savvy organization as their preferred mean of calculating hashes and digitally signing them.

In 2008 researchers from different parts of world gathered again knowing that enough research has been done to practically present the threat to those still using this weak algorithm and worked on finding collision - different messages having same MD5 hash - on MD5 signed SSL certificates and finally succeeded by the end of the year 2008 to create a fake CA certificate issuer and prove the practical implementation of the attack. The irony of the situation is that despite of the fact that MD5 has been proven to contain weakness in its hashing mechanisms many renowned Root CA's still use it.

The researchers disclosed their work at the 25C3 conference in Berlin on the 30th of December by creating a fake ssl certificate signed by RapidSSL which the researchers thought was the weakest of all. VeriSign, the issuers of RapidSSL certificates stopped using MD5 as their checksum algorithm for RapidSSL once the vulnerability was announced

More details can be found on the links mentioned below. 25C3 has also released the videos of the presentation on their website.

Although the private key of this was not released due to the danger of being misused by phishers the method itself was elaborated to a point that this could be done in a lesser amount of time.