Internet security

Over-the-phone AppleID resets, suspended

Over-the-phone AppleID resets, suspended

After the incident last week where former Gizmodo employee Mat Honan’s Twitter, GMail, Apple accounts were compromised along with his Mac and iPhone being remotely wiped, Apple has taken a step to silence the criticism.

An anonymous Apple employee acknowledged the existence of such a suspension, and has suggested that this most definitely will be a small look into tighter customer verification that Apple is looking into deploying across their services.

On Tuesday, Amazon had also made it more

Read more

4

WPA encryption hacked in under a minute!

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

The Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.
The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts. WPA with TKIP “was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago,” said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said. Wi-Fi-certified products have had to support WPA 2 since March 2006. “There’s certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time,” Davis-Felner said.

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. “It’s not as bad as WEP, but it’s also certainly bad.”
Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.

0

SQL injection tutorial by for3v3rforgott3n


Contents At A Glance:

Introduction

Finding Vulnerable Sites

Getting Number of Columns

Getting MySQL Version

Getting Database Names

Getting Database User

Getting Table Names

Getting Column Names

LIMIT, What is it and why do I need to know how to use it?

End Notes

Introduction

Note: This is a guest post by Jay Huang, founder of Windows7Center. Some of you may know him as a speaker at Defcon and Blackhat. He will be covering a simple SQL injection approach, and how it is executed, to provide webmasters a holistic view on how a simple attack can be detrimental towards their business.

First of all, if you find that I have written something that is wrong, please address it and I will fix it. I have written this tutorial solely for education purposes, do not contact me regarding anything along the lines of me publishing “full disclosure” information on internet security. I have written this in the hopes that it will not only help educate anyone who is interested in SQL injection, it may also help educate any website owners/coders who are unaware of the risks that they put their company/systems in when leaving a simple issue unattended.

Finding Vulnerable Sites

First you need to know what makes a site vulnerable to SQL injection before you can find and inject vulnerable sites.

The most common reason that a site is vulnerable to SQL injection attacks is because the owner/coder didn’t use the built in MySQL feature ‘mysql_real_escape_string()‘. The purpose of this function is to sanitize or remove special characters from an SQL query. The most common side-effect is the simple username/password exploit ‘ or ’1′=’1. Most website administrators today use this function along with stripslashes() or addslashes() to further sanitize the data, which is actually not all that safe.

Well since I gave you a very basic reason for why certain sites are vulnerable, we will move on to finding some vulnerable sites to play with.

When talking about finding sites to inject you will hear the term “dork” a lot, what this refers to is a google search term targeted at finding vulnerable websites. A “google dork” uses the built in google functions inurl:, or allinurl: to search for websites that have certain strings in their URL or website address, an example of a google dork is: inurl:index.php?id=1, entering this string into the google search engine would return all of the sites in google’s cache with the string index.php?id=1 in their URL, Ex: http://www.example.com/index.php?id=1

Here is a list of “dorks” to use:

http://sql-injection-tools.blogspot.com/2009/06/dork-sqli-by-shafiq.html

Now that we know what a google dork is we can start finding vulnerable sites. To be vulnerable the site has to have a GET parameter in the URL: index.php?id=1, id=1 being the GET parameter which ‘gets’ the 1 ‘id’ from the SQL database(Understand? Good.)

So you are going to go to http://www.google.com,http://www.blackle.com, or http://www.dogpile.com and search for your selected dork. When you get your list you can start checking for vulnerabilities. To do this the most common way is to add a back-tick after one of the integers in the URL

Example: http://www.example.com/index.php?id=1′

Now there are many ways for a site to show you that it is vulnerable the most common are errors:

You have an error in your SQL SyntaxWarning: mysql_fetch_array():Warning: mysql_fetch_assoc():Warning: mysql_numrows():Warning: mysql_num_rows():Warning: mysql_result():Warning: mysql_preg_match():

If you receive any of these errors when you enter the ‘ after the number then chances are the site is vulnerable to SQL injection attacks to some extent, but that isn’t the only way to see if a site is vulnerable, the biggest overlooked error is when a main part of the site just simply disappears, such as a news article or a body of text on the main site. If this happens then it is likely that the site is vulnerable also.

Getting Number of Columns

After you find your vulnerable site the first step you need to take is to find the number of columns in the table that is in use.

Read more

3