What’s HOT in Application Security Vol #20

Yahoo left red-faced after SQL injection vulnerabilityApplication Security News Image reveals nearly half a million passwords!

A hacking group who name themselves ‘DD3Ds Company’ have, within the last few days leaked 453,492 yahoo text passwords for Yahoo accounts. DD3Ds Company now claim that they attained the passwords by means of SQL injection against a poorly secured Yahoo subdomain. Security experts have named the it as Yahoo Voices.

Yahoo bought the company Associated Content in 2010 for $100 million and renamed the company Yahoo Voices. Industry experts have narrowed the source of the passwords to Yahoo Voices as the attackers most likely forgot to remove the host name ‘dbb1.ac.bf1.yahoo.com even though most of the stolen data was taken from the data bump.

This Yahoo security breach follows other very recent high profile attacks including large online companies such as LinkedIn and Last.fm as well as others. However, unlike the Yahoo Voices attack, the passwords were at least encrypted. According to ‘DD3Ds’ the Yahoo passwords were not even in encrypted format and thus made it very simple for the group to leak the passwords on online forums. Most security experts who investigated the Yahoo breach agree that Yahoo failed to take even very basic steps to guard the passwords of its users. This is going to be another high profile security breach that will again shake Yahoo users’ faith in the service.
For more information please go to:
http://www.informationweek.com/news/security/attacks/240003587

Russian Developer claims to have hacked into Apples I-App purchase program for iOS

A Russian hacker, Alexey Borodin has openly claimed that he has successfully hacked Apples In-App Purchase program for iOS. This he claimed will allow users of the iPad, iPod and iPhone to bypass the payment system and steal in app content.
What’s even worse is that the use of Store receipts is simply not enough protection. Borodin claims that he only needs a donated store receipt in order to authenticate anyone’s store purchase. Borodin has spent several hundred dollars on purchasing In-App servicesand generating receipts.

What technique was used to make circumvented purchases?

The purchasing of services from Apple’s App Store relied on more than just installing fake certificates to ‘push through’ illegitimate purchases. Boridin is essentially emulating the receipt Verification server on the Apple App Store. As a result, the app treats Boridin’s server as an official Apple communication.

For more information please go to:
http://www.zdnet.com/apple-investigating-ios-in-app-purchase-hack-7000000900

Microsoft hurriedly releases ‘patches’ to internet Explorer and Window vulnerabilities

Microsoft released this week 9 security updates that were intended to protect against security vulnerabilities for a number of Windows applications including Explorer and Microsoft Office. 3 were labeled as critical by Microsoft.
‘Patches’ included MS12-044 which is an update for Internet Explorer 9 and addresses vulnerabilities through a malicious web page which also give the attacker remote code execution. Interestingly, the new security update only applies to Internet Explorer 9 indicating a shift in Microsoft focus to this new version of their browser.
Microsoft has admitted that the code for a number of exploits has been made public. A user using Internet Explorer that visits a malicious website is vulnerable to remote code execution without the ‘patches’.

For more information please go to:
http://www.scmagazineuk.com/microsoft-patches-internet-explorer-and-windows-flaws/article/249736

Yahoo and others takes heavy criticism for its lack of protection against SQL Injection

The well-known SQL injection vulnerability has caused serious harm, of late, to many large companies such as Google, Yahoo, Amazon- and that’s only mentioning the heavyweights!
What exactly is SQL Injection?

The name SQL injection sounds very destructive and if for vulnerable websites it can be. Basically, it involves forming a rogue SQL command that tricks a site into delivering high value contents straight to the attacker.

What can be done to protect ourselves?

SQL injection is not new and as such there are a number of precautions that can be taken in order to prevent the success on such an attack. Experts in the industry know that this form of attack is far from cutting edge and is completely preventable. Unfortunately, it appears as if large online companies such as Yahoo are not following basic protocol in order to protect sensitive user data. Yahoo’s leak of unencrypted passwords and email addresses earlier this week is clear testament to this.

Security experts have heavily criticized Yahoo for not following basic practice that would have most probably prevented the attack. SQL injection whilst by no means the oldest tool at the hands of skilled hackers, it is well enough known that Yahoo should have thwarted the attack. Industry security experts agree that this is by no means a new exotic form cyber-attack and was preventable by following basic known security procedures, such as analyzing the source code.

For more information please go to:

http://www.technewsworld.com/story/75632.html

Former Pentagon analyst: China has ‘pervasive access’ to 80% of World’s communication

A former Pentagon analyst has leaked a report that claims that 80% of the World’s communications are within reach of the Chinese Government and that access to the remaining 20% is being worked on. The Chinese companies Huawei and ZTE are reportedly behind the industrial espionage!

As of 2009 the Chinese Huawei Corporation has become huge, second only to Erricson. As a result any information travelling along a ‘Huawei’ equipped network is vulnerable. Sources site the fact that most corporate telecommunication networks use ‘light’ encryption on their private networks and VPNs. The only affective prevention is military encryption.

The Huawei and ZTE Corporation supply equipment to 45 out of the world’s 50 biggest telecom centers in 145 countries across the world in; Europe, Asia, The Middle East and are expanding. According to reports the Chinese Government and the People’s Liberation Army have access to any information they require from the above mentioned corporations.

For more information please go to:
http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908

The following two tabs change content below.

Checkmarx

Latest posts by Checkmarx (see all)

Jump to Category