Maximum PC exploit RSS Feed

Gmail Vulnerability Could Let Hackers Redirect Your Email

Andy Salisbury — Mon, 24 Nov 2008 15:36:04 -0600

If you’re a Gmail user and you’ve got a domain that’s registered through GoDaddy, you’ve been put in danger – from yourself.

A new security flaw in Gmail has caused a new exploit to run wild. The exploit essentially makes you to create a filter all on your own, allowing unwanted eyes to get access of your Gmail account.

In a nutshell, the exploit steals a cookie from you. Once this cookie has been swiped some malicious code creates a hidden iframe with a url that contains the variables required for Gmail to create a filter for your account. Once this is done, the hacker has free reign over your personal emails and whatever else you might associate with your Gmail account.

While this is clearly the shorthand version, be sure to check out the full rundown. If you’re one of the many that uses both Gmail and GoDaddy, we’d suggest that you take some time to check it out.

Google Scrambles to Patch Nasty Exploit in Android G1

Alex Castle — Mon, 27 Oct 2008 14:19:36 -0500

For shame, Google. The G1 has barely even launched, and it’s already faced with its first major breach. An exploit has been discovered by an independent security expert which could potentially allow hackers to hijack the web browser on the G1, allowing them access to users’ passwords, cookies and text messages.

The exploit was discovered by Charlie Miller of Independent Security Evaluators, who first noticed the hole in the Android SDK. He bought an early G1 off a T-Mobile employee on eBay, confirmed that the exploit worked on the real deal, and reported the problem to Google two days before the G1 launched.

The exploit takes advantage of a buffer overrun flaw in one of Androids 80 open-source components. Android uses an out-of-date version of the component, newer versions have addressed the flaw. To protect G1 early-adopters, Miller hasn’t publicized which of the 80 components is the one with the weakness.

Google’s response? “We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform.”

Good News for Lonely Geeks, Bad News For Vista: How To Impress Girls With Browser Memory Protection Bypasses

Mark Edward Soper — Mon, 11 Aug 2008 19:59:58 -0500

As we told you last week, Microsoft rolled out two new security programs, Microsoft Active Protections Program and Microsoft Exploitability Index, during the Black Hat USA 2008 Conference. Unfortunately for Microsoft, the same conference saw a presentation by security experts Mark Dowd and Alexander Sotirov that renders these and other protections for Windows Vista, including its much-touted Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) features, effectively null and void.

Dowd and Sotirov's presentation, How To Impress Girls With Browser Memory Protection Bypasses, made their point by beginning their presentation with a live exploit against IE7 on Windows Vista. And, as the photo at the top of this article suggests (from page 40 of the presentation), it does seem to impress the girls!

How did they do it? The full presentation (available here in PDF format) is quite technical, but here's the short version. according to SC Magazine:

In explaining the problem, the researchers said that most memory protection mechanisms are based on two things: detecting corruption and stopping common exploit patterns, and attempts to reinforce these are integral to Vista. But in many cases, some of the built-in protection mechanisms in Vista are not enabled by default for compatibility reasons.

“At the desktop level, compromises had to be made because of compatibility issues. Exploiters have a lot more control over browsers,” Sotirov said.

And in many cases, third-party applications are not compiled to use the Vista memory protections. For example, Java and Flash are not compiled using the critical protection called ASLR.

What can be done? My take: Microsoft needs to rethink the balance of compatibility versus protection, do a better job of informing users of what's protected and what's not, and get third-party application vendors to take advantage of the protection features in Vista. What about ordinary users like us? Watch out for compromised legitimate websites, and, as always, as our own Will Smith says, think before you click.

What's your take on Vista and other browser security issues? See us after the jump for your chance to sound off.

Microsoft Fights Back Against Zero-Day Exploits with MAPP, Exploitability Index

Mark Edward Soper — Wed, 06 Aug 2008 16:30:59 -0500

Microsoft announced two new security programs at the Black Hat USA 2008 Conference:

Microsoft Active Protections Program (MAPP)
Microsoft Exploitability Index

MAPP provides advance notification to third-party security providers of vulnerabilities that are being addressed by Microsoft security updates, such as the ones rolled out each month on "Patch Tuesday." MAPP is designed to help stop exploits that are launched between the announcement of upcoming patches and the availability of patches. MAPP starts in October, according to eWeek.

Security providers can learn more about MAPP by downloading the fact sheet (MS Word 97-2003 format). For additional insight from a former military and government security specialist who now works for Microsoft, see Steve Adegbite's blog entry about MAPP.

The Microsoft Exploitability Index will provide ratings of how likely each vulnerability is to being successfully exploited. The index will rate each vulnerability at one of three levels:

Consistent exploit code likely
Inconsistent exploit code likely
Functioning exploit code unlikely

Microsoft's fact sheet suggests (MS Word 97-2003 format) that vulnerabilities with the "Consistent" rating should be treated as the most serious threats, followed by the others. To get more insight into the need for this index, see Microsoftie Mike Reavey's blog entry (Reavey is part of the Microsoft Security Response Center). The index will be included with each new security bulletin, also starting in October.

For your chance to sound off about Microsoft's newest security initiatives, see us after the jump.

Survival Rates for Unpatched Systems Shrinking - Here's How to Fight Back

Mark Edward Soper — Thu, 17 Jul 2008 19:29:26 -0500

In a recent Handler's Diary entry on the SANS Internet Storm Center website, Lorna Hutchison points out that the survival time for unpatched systems is currently around 4 minutes. In other words, if you connect an unpatched system to the Internet without a router or firewall, it will probably be infected in about 4 minutes.

Whether you work in a large enterprise, small business, or are the network guru to your own home's PCs, the pressure to connect a new system right now can be overwhelming. To find out how you can head off trouble by hardening a new (or reloaded) system before it gets its first whiff of the Internet, join us after the jump.

Can Intel CPU Bugs Lead to Remote Code Execution Exploits?

Mark Edward Soper — Tue, 15 Jul 2008 19:01:40 -0500

ZDNet's ZeroDay security blog reports that software engineering and reverse engineering expert and author Kris Kapersky is ready to prove that bugs in Intel CPUs can be exploited by various types of attacks. Kapersky will be speaking at the 2008 Hack in the Box Security Conference in Kuala Lumpur, Maylasia, in October.

To find out how Kapersky plans to prove his theory, read on after the jump.

IE (and You) Vulnerable to iFrame Vulnerability

Mark Edward Soper — Wed, 02 Jul 2008 15:38:58 -0500

Framed web pages are everywhere - but IE isn't ready to handle iFrame hijacking. ZDNet's Zero Day blog repots that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1. Even if your version of IE is fully patched, it's not ready to handle this vulnerability.

To find out how the threat works, join us after the break.

The Tip of the Facebook Exploit Iceberg

David Murphy — Thu, 27 Mar 2008 14:42:00 -0500

Who's Byron Ng? A total tool, that's who. He's the one who ran a few Google searches and tipped off the Associated Press about a Facebook exploit that's been passing around the 'net for months now. The AP picked up the story and put it in every newspaper under the sun, making him a minor campus celebrity who's now forever disinvited to Facebook Club. It also tippped off Facebook to what was going on, and the company was quick to plug the exploit.

Click Read More for more.