Archive for August, 2012

Yesterday someone anonymously posted onSlashdot that The Pirate Bay had launched a free VPN service called PrivitizeVPN ( But Just today team at torrentfreak confirms on behalf of team The Pirate Bay that its not a Pirate Bay project.

They’re just running it as an ad next to the regular download links. According to people close to PrivitizeVPN they are working on the connectivity issues. Till now according to PrivitizeVPN statics more than 45,091,927 users Downloads VPN client after the fake news that “The Pirate Bay team is going to be making the RIAA angry, with the launch of a new ad-supported VPN service”



Microsoft yesterday warned Windows users of possible “man-in-the-middle” attacks able to steal passwords for some wireless networks and VPNs, or virtual private networks.

It won’t issue a security update for the problem, however.

The security advisory was Microsoft’s reaction to a disclosure several weeks ago by security researcher Moxie Marlinspike at the Defcon conference.

In a blog post written shortly after his Defcon talk, Marlinspike explained his interest in MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2). “Even as an aging protocol with some prevalent criticism, it’s still used quite pervasively,” Marlinspike said. “It shows up most notably in PPTP VPNs, and is also used quite heavily in WPA2 Enterprise environments.”

At the same time, Marlinspike published “Chapcrack,” a tool that parses data for passwords encrypted with MS-CHAP v2, then decodes them using theCloudCracker password cracking service.

Microsoft acknowledged the threat. “An attacker who successfully exploited these cryptographic weaknesses could obtain user credentials,” the Monday advisory stated. “Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource.”

MS-CHAP v2 is used to authenticate users in PPTP-based (Point-to-Point Tunneling Protocol) VPNs. Windows includes a built-in implementation of PPTP.

To use Chapcrack, an attacker must first capture data packets being transmitted over a VPN or Wi-Fi. The most likely scenario: Spoofing a legitimate wireless hotspot, say at an airport, to sniff out VPN or other traffic, then grab it out of the air.

But Microsoft won’t ship an update to fix the problem. “This is not a security vulnerability that requires Microsoft to issue a security update,” Monday’s advisory read. “This issue is due to known cryptographic weaknesses in the MS-CHAP v2 protocol and is addressed through implementing configuration changes.”

Instead, Microsoft recommended that IT administrators add PEAP (Protected Extensible Authentication Protocol) to secure passwords for VPN sessions. Asupport document described how to configure servers and clients for PEAP.

As Marlinspike noted, MS-CHAP v2, which harks back to Windows NT SP4 and Windows 98, has been denounced as insecure for years, primarily because it’s been vulnerable to “dictionary” attacks, where hackers try large numbers of possible passwords.

Windows 7 supports MS-CHAP v2, as does Windows XP and Vista, and Windows Server 2003, Server 2008 and Server 2008 R2.

MS-CHAP v2 cracking tools go back at least to 2007 with the publication ofAsLEAP 2.1.

Source :

A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm.

After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It’s been dubbed Gauss (although Germanic-linguistic purists will no doubt be complaining that it should be written Gauß).
Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following functions:

  • Intercept browser cookies and passwords.
  • Harvest and send system configuration data to attackers.
  • Infect USB sticks with a data stealing module.
  • List the content of the system drives and folders
  • Steal credentials for various banking systems in the Middle East.
  • Hijack account information for social network, email and IM accounts.
The researchers at Russia-based Kasperky Labs who discovered it have christened it Gauss, and say it is aimed at pinching the pocketbooks of its intended targets, whoever they may be, by stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal.
An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700.

Two groups Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys are detecting the malware by looking for a font that shows up on infected machines called Palida Narrow.Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.

Have a look on  relationship between Flame, Gauss, Stuxnet and Duqu:


One of the firm’s top researchers said Gauss also contains a module known as “Godel” that may include a Stuxnet-like weapon for attacking industrial control systems. Kaspersky researchers said Gauss contained a “warhead” that seeks a very specific computer system with no Internet connection and installs itself only if it finds one.

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices.

Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it’s been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on.
ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’.
Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator.
The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled OK’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected. Instead of ‘BLOCK ON’ or ‘BLOCK OFF’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’ and ‘UNBLOCK’ commands. Other commands which are received via SMS remain the same.” Denis Maslennikov, a researcher at Kaspersky Lab.

The tactic is designed to help the criminals circumvent the out-of-band authentication systems used by many European banks, by hijacking the one-time password authentication password sent via SMS.
Earlier this year, Kaspersky warned of a set of malicious Android applications posing as security software. Zeus was sitting behind those apps, ready to siphon off text messages.

The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications. Since the launch of Attack Surface Analyzer, the company has received positive feedback about the value it has provided to customers.
The tool also gives an overview of changes to the system that Microsoft considers important to the security of the platform, and it highlights these changes in the attack surface report,” wrote a TwC representative in a blog post.
This release includes performance enhancements and bug fixes to improve the user experience. Through improvements in the code, they were able to reduce the number of false positives and improve Graphic User Interface performance. This release also includes documentation and guidance to improve ease of use.
As well as helping IT departments, the tool is also designed to help application developers ensure that their products don’t weaken Windows computers’ cyber defences.
The Attack Surface Analyzer enables:
  1. Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
  2. IT Professionals to assess the aggregate attack surface change by the installation of an organization’s line of business applications
  3. IT Security Auditors to evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
  4. IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)

download the tool on following link

Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka “Malformed Request Code Execution Vulnerability.”
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)