Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Free Tool Hacks Banking, Webmail, and Social Networking Sessions
Man-in-the-middle attack tool automates hacks for non-Web security expertsOct 06, 2008 | 09:55 AM
By Kelly Jackson HigginsDarkReading
A researcher will demonstrate a free, plug-and-play hacking tool this week that automatically generates man-in-the middle attacks on online banking, Gmail, Facebook , LiveJournal, and LinkedIn sessions -- even though they secure the login process.
Jay Beale, who recently released the so-called "Middler" open-source tool, will show it off at the SecTor conference in Toronto. Aside from the unnerving capability of hacking into sites that perform secure logins and then use clear-text HTTP, Middler is also designed for use by an attacker with no Web-hacking skills or experience. "The Middler allows an attacker with no Web application-hacking experience to launch attacks that previously required substantial time and skill," according to Beale.
The Middler basically clones the victim's online session by using the same cookies and HTML form parameters as the victim. Then the attacker can inject malicious JavaScript onto the Web pages, redirect the user to another page, or log the victim's session.
Beale's tool can override a secure banking session by rewriting the URLs on the page to remove the Secure Sockets Layer (SSL) protection.
Beale, who is co-founder of security consultancy InGuardians Inc., formerly Intelguardians LLC , says many organizations don't realize that only encrypting the password form leaves users vulnerable to man-in-the-middle attacks. LinkedIn, for example, first has users sign in at its HTTPS address. But after you're in, you get sent back to the regular HTTP address, http://www.linkedin.com/home.
Then the attacker can access the LinkedIn user's contact information and inbox, and even add himself to the victim's"network," or add the victim to his network.
The researcher also plans to demonstrate at SecTor how to use Middler for injecting JavaScript into browser sessions, which the tool uses to infect the user's browser with the Browser Exploitation Framework, which is considered a browser-level botnet tool.
Beale says Middler can also detect vulnerabilities in a browser and then use Metasploit to exploit them. It can also launch its own cross-site request forgery (CSRF) attacks, he says. And the Python-based tool can be set up to "fire and forget" so the attacks can execute automatically.
Beale also plans to show how Middler can meddle with software installations and updates and inject Trojans, both in computers and on the iPhone.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Hackers Miss Their Target -- By About 2,000 Miles 09/03/2010
Qualys Releases QualysGuard PCI 5.0 with New Dashboard and Interactive Workflows 09/03/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
Extend Security to the Edge with Web App Security
09/02/2010
Subscribe to RSSHackers Miss Their Target -- By About 2,000 Miles
Firewalls Top Purchase Priority In 2010, Survey Says
Misconfigured Networks Are Easiest Prey, Hacker Survey Says
MORE KEYHOLE
Published:2010-08-19
Severity:High
Description:Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Published:2010-08-19
Severity:Low
Description:Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
|
