Well i just got a couple of emails recently requesting me to comment on the vulnerability released sometime ago on Micro$oft's COM and OLE storage vulnerability.

Well many of us know of this as a infamous MS05-012 bug, but, however ... i think theyre loads of people out there who are still VULNERABLE. This is because, simple... when they tried the updates , it caused "unexpected results" *smile* on their machine, and thus having them to rollback the update.

Well there is 2 parts to this problem / vulnerability.

The first flaw exists in the way , affected Os'es and programs access memory when they process COM structured storage files, which allows attackers to gain elevated privileges. The second problem exists in OLE because of the way it handles input validation, and may be exploited by by constructing a malicious document that could potentially allow remote code execution.

Affected Products :-


Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Office XP Service Pack 3
Microsoft Office XP Service Pack 2
Microsoft Office XP
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003

PoC Code available here .


Solution ?

Well you could try to take a look at this.. in my definitions, i dont consider this as a solution *smile*

Microsoft Technet Solution

"International travelers should get used to having their fingerprints taken or their irises scanned because traditional airport security tests are outdated and open to abuse, a leading U.S. official said Thursday.

'As a general principle, certainly in the area of international travel, biometrics is the way forward in virtually every respect,' said Michael Chertoff, Homeland Security secretary.

'When we screen based on names, we're screening on the most primitive and least technological basis of identification -- it's the most susceptible to misspelling, or people changing their identity, or fraud.

Krishna's views : I remembered the facial recognition systems in the US airports which i personally felt was much more of a farce than an actual effective solution. I said to myself, what next ? " Body movement recognition ? - Ah there he goes ! He walks just like a terrorist, so he has to be a terrorist ! "

But this step forward with retina and thumbprint scans are something commendable.


'Biometrics is the way ahead.'

US wants to be able to access Britons ID cards

For all you bloggers out there on Wordpress, be careful ! If youre still using version 1.5 and prior , then you may be at risk.

A vulnerability was identified in WordPress, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "template-functions-category.php" script that does not properly filter the "cat_ID" parameter, which may be exploited by remote users to conduct SQL injection attacks.

Solution ?

Upgrade to the newest version of Wordpress version 1.5.1.2

Now many have emailed me recently asking me whether Firefox is good to abandon, ever since i posted the firefox vulnerability. Well, my proposition is simple. Firefox has had "some" vulnerabilities and well theyre fixed at this point in time. However if youre thinking of going back to the big bad IE, then think again.

For all those who emailed me, here is a taste of what IE still holds for you *smile*.

Description:
There is a bug in Microsoft Internet Explorer, which causes a crash in
NTDLL.DLL.

This occurs, due to Microsoft Internet Explorer's inability to handle many stack overflows.Typically this happens when there is 110 or more stack overflows.

On Windoze 98 *smile* you will get an error in KERNEL32.DLL.

Affected software:
Big Bad IE

Workaround:
Deactivate "Active Scripting" in the IE options menu.

PoC exploit available here .



Date of discovery:
17. August 2003, Yes guys .. note the date !

Tested software:
Microsoft Internet Explorer 6 SP2 on a fully patched Windows XP SP2 system.

DLL versions:
MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)

So there you have it !

Made your choice yet ?

*smile*

For now , Im gonna make myself a cuppa tea and enjoy surfing on Mozilla's Firefox !

For all you FreeBSD patriots out there , here is an important update !

There has been a flaw in FreeBSD's Hyper-Threading Technology (HTT) and this has been reported due to an unspecified error in the HTT, which may cause a normal user to perform privilege escalation attacks.

So before your normal users out there start using this exploit and start screaming " I g0t r007 (I got root) !" , it would be a good idea to do the following :-

[FreeBSD 4.10]
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch.asc

[FreeBSD 4.11]
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch.asc

[FreeBSD 5.x]
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch.asc

Have a lovely weekend !

FreeBSD HTT Advisory

I was inspired to write this post as I encounter an amazing act of a "genius" today.

As i got in to the "office" , I was put to handle a situation of a client who had their security systems tapped and breached, by their own computer vendor ! The vendor apparently sold Computer systems which were "complete". Well, complete it was... complete with hardware key loggers ! Now these key loggers were embedded into the keyboards, and the reason for this ?

Corporate Espionage !

The vendor was paid by the client's competitors to do such things !

Amazing....

With these situations occuring more commonly by the day, I said to myself , " Krishna you have to post this ! "

Most of the administrators or infosecurity managers often have the mentality , that "Hey , I have a firewall.. Anti-virus.. I have my vendor to do the rest ! - I AM SAFE"

Yea rite. Think again buddy.

The 10 Worst Security Practices

Now , here's a cheer for you H4X0rZ (Hackers) out there !

A huge amount of confusion, disbelief, and " WTFs" were felt in White House after Pres. Bush announced that an Arizona man, had stolen Bush's identity, veto'ed a bill, and met with the Mexican President Vicente Fox !

This man was known to authorities only as "H4xX0r1337" .

"I feel so violated", Bush said.

"I'm with you brother ! Yea rite ! Hehe " Krishna said.

"I've got another idea ! Search for weapons of mass destruction ! Hehe" Krishna added.

Now , Not only does "H4xX0r1337" have the credit-card information, he also has Bush's Social Security number, all his personal information, and the launch codes for a number of ballistic intercontinental nuclear missiles !

Someone is finally feeling the "threat" .

The Onion | Arizona Man Steals Bush's Identity, Vetoes Bill, Meets With Mexican President

Internet Attack Called Broad and Long Lasting by Investigators "SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet."

This is an interesting article , on an interesting event. I hope the 16-year old from Uppsala , Sweden, keeps his noise clean.

Nobody appreciates superheroes these days. So stop trying to be one.

Learn from peoples mistakes.

Since Apple released iTunes for Windows, I know of a lot Winamp , Musicmatch users out there who migrated to the world of iTunes !

Here is something , you should take note ! For those who aren't running iTunes version 4.8, beware.

Apple has updated iTunes to version 4.8, due to a MPEG-4 file parsing buffer overflow vulnerability !

This vulnerability is caused due to a boundary error within the MPEG-4 file parsing and can be exploited to cause a buffer overflow thru a specially crafted MPEG-4 file.

So, all you iTunes users out there, don't wait... Upgrade to the new version which was officially release on May 9th 2005.

Apple - Support - Downloads - iTunes 4.8

Firefox users ! Beware of a UNPATCHED , UNSOLVED vulnerability which affects firefox browsers (1.0.3) !

There are two exact vulnerabilitys and this would allow an attacker to conduct Cross Side-Scripting attacks and compromise your system.

The first one is a problem with the IFRAME Javascript URLs which are being executed in relation to another URL in the history list. Through this the attacker could exploit to execute his/her malicious code !

The second is the fact that the IconURL param in "InstallTrigger.install()" is not properly verified. This is particularly useful for an attacker to execute privilege escalation attacks , simply through a specially crafted URL !

Solution ?

Well , the easiest solution at this point in time, would be to disable Javascript, or disable the "Allow web sites to install software" option > Tools > Options > Web Features.



Example of exploit code - Only Proof of Concept !

Windows users ! Beware , as of Friday a variant of the well known Sober family is out in the wild again. A virus author has once again "married" the concepts of bilingual viruses and sober viruses together and created the sixteenth variation of Sober, Sober.p--W32.sober.p@mm, also known as Sober.N (Sophos), Sober.S (Trend Micro), and Sober.O (Symantec).

Look out for the following registry keys :-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run "_WinStart" = C:\WINDOWS\Connection Wizard\Status\services.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run " WinStart" = C:\WINDOWS\Connection Wizard\Status\services.exe

And also the following files in these directories :-

%Windows%\Connection Wizard\Status\fastso.ber
%System%\adcmmmmq.hjg
%System%\langeinf.lin
%System%\nonrunso.ber
%System%\seppelmx.smx
%System%\xcvfpokd.tqa

Quick Facts

Name: Sober.p (w32.sober.p@mm)

What it does: Sends e-mail in either German or English

Means of transmission: E-mail

How to recognize: German version involves World Cup events; English version mentions password information

Who is at risk: Windows users


Users of Linux, the Mac OS, and Unix are not affected by this outbreak. *smile*

Sometime ago, some scumbags from AKATI Technologies , left and created a mushroom firm called Sakra Associates. I'd rather refer to them as Suckers Associates ! *smile*

When they decided to launch their site, I emailed to some of our clients about the origin of the content on their. Naturally , being suckers they ripped it of our AKATI's Capability Catalog. The similarity percentage, well just about 100 % exact word for word rip off !

Now due to the humiliation , they've decided to rip AKATI's Capability catalog to about 45 % and the other half of the website is now ripped word for word from a environmental company called ECOLAB.com !

Check this out :
*Taken from Sakra's website *

These values inspire the way we serve our customers, who rely on Ecolab professionals as a true partner in their business success. We not only provide them with the absolute best products, technology and service, but we listen to them, respond quickly to their current needs, anticipate future needs, and earn their business every day.

Compare this to this url ECOLAB (Company Culture and Mission )

Now just how dumb can these guys get ?

Well one things for sure, We at AKATI are rolling on the floor laughing our heads out ! *laughing frantically*

Suckers Associates

A young french lad , Gilbert Nzeka released what is unofficially known as the First Open Source Spyware for Unix !

Sometime back, i shared the news of Kspyware , with a lot of you. Many were delighted to finally have a feel of how spyware work and operate.

So here we have it, the Unix version of a spyware. The source code is phython based, and easy to read and understand.Try it and be amazed !

I know I did !


Kspynix - First Open Source Unix Spyware - Source Code

The International Council of Electronic Commerce Consultants (EC-Council) has recently posted a press article in their press room about AKATI Tech's recent event in Mexico City !

Check it out here : Rave Reviews of EC-Council’s Programmes in Mexico

Oh yes ! This aint a fast one pulled by me or anyone else, if you plan to ditch microsoft products completely, you could actually be on your way to immediately save much much more $ .

A study conducted Britain's Educational Communications and Technology Association found that primary schools in the UK could cut their computer costs by half and secondary schools by quarter if only they just avoided software from Microsoft.

Results of the study, which are due to be released next week, were reported on Friday by The Times Educational Supplement (TES), a British paper. The TES said that the study doesn't actually use Microsoft's name, but this definitely leaves little doubt by actually referring to the world's largest software maker. I personally felt they could have also used the term Darth Vader to refer to Uncle Bill Gates ! *smile*

The British paper also mentioned that the study analysed costs at 33 schools which use commercial software and comparing them with 15 schools have pioneered the use of open source software (free software). Average costs, including software, hardware and support costs, were 24 per cent less per computer in schools using open source software !

I realized that a research done by Luis Alberto Cortes Zavala on a Microsoft Windows vulnerability, was never acknowledged by Bugtraq , neither published.

It refers to the fact , that if an image of size 999999x999999 is rendered, the system , or rather Windows goes to what it does best.. The Blue Screen !

I personally have tried this and it works ! Some have said otherwise, but everytime i try it, it works seamlessly. Even on a patched machine.

IBM added some cool nifty features for XML in their Emerging Technologies Toolkit.

The alpha versions available at their website including an XML document editor and an XML forms generator.

The new editor will allow users to utilize XML documents when working and writing for the web. This will also allow more control over multimedia as Voice XML and Synchronized Multimedia Integration Language are integrated in to the new package.

A compound XML document combines XML markup from several namespaces into a single physical document.There are a few standards that exists today, and continue to be developed, that are descriptions of XML markup within a single namespace. XHTML, XForms, XML Events, Scalable Vector Graphics (SVG), VoiceXML, and MathML are prominent examples of such standards, each having its own namespace.

These products offered by IBM aren't exactly finished products. But what is interesting however is the tendency of IBM to include these technologies/productsin one of their future offerings. These products are available as free downloads for testing and usage.

Click Here to visit IBM's download page.

AKATI | Your Partner in E-Business and Security Training & Consultancy

Check the above page and visit the PGP Webpage , and there you could find my PGP key . Its the second one on the page (CEO PGP Key) .

This way you could send encrypted emails to me !

Its an unsafe world out there !

Looking at this massive structure, it makes me flash-back some popular thoughts people usually say. When faced with a difficult situation, or rather "something impossible" , most of us usually take the easy way out and say " Ah.. Impossible ! I can't do that ! "

Well people who created these and other massive structures would had definitely gone through tumultous times , and challenges before they finally succeeded in building it !

So it's about time we stop procrastinating and negating , and instead lets for once say "We can do that ! All we need is time and effort ! Lets do it !"



The pyramids at Teotihuacan, Mexico.

I always used to send my thoughts and opinions on the wierdest things on planet earth through emails. However people have been bugging me ! "Krishna ...please blog !" "Cmon, you should blog !"

Today is the day i have given myself up to their comments, and here it is ..my humble blogworld !