Sunday, January 22, 2012

So who heard about 0xOmar lately?

 The guy has been literally silent for over 4 days (ever since he tried, and thankfully failed, attacking Israeli institutes via distributed and more dedicated attacks).

So what about 0xOpportunism? Just showed up really. Many people are riding on 0xOmar fame (whether he's underground or simply waiting). Since Omar posted most of the details over, it appears people are "abusing" it to publish ad-sponsered links claiming "more success" by 0xOmar.

Here's an example:

So what have we got here? An link – making sure SOMEONE is making money out of page entrance. However, I figured, most opportunists would simply refer you to (after they've tricked users into thinking they're actually reading genuine Omar materials).

But no.

That’s what we get (attached is a text file).

Anyone notices something odd? I can't verify whether these cards are genuine – however, two things are possible:

1)      Someone simply made an English prediction program that simply finds Israeli names, Israeli cities and Israeli streets – and builds a custom, fake credit card information file.
2)      (more plausible) – Someone extracted Hebrew information. GOOGLE TRANSLATED IT, and published. Omar? Friends of his? Someone else?

Why google translate? Because it seems, some people in the file live in an Israeli town called "PRIME EYE". Isn't this a lousy translation for "Rosh Ha'ayin"?

What about "Group Transit" city? Kibbuts Maabarot? Could be.

 Is this genuine? Is someone making money of Omars fame and Israeli paranoia? Interesting.

Thursday, January 12, 2012

New exploit for recently patched Windows Web Server leak

There is a new exploit for a recently patched Windows Web Server leak. It’s about the hash collision DoS vulnerability in ASP.NET. By sending a special prepared HTTP request, the attacker is able to make the web server use 100% of its CPU.

More information can be found here:

Exploit can be found here:

Tuesday, January 3, 2012

Following the breach & exposure of the credit information of more than 400 thousand Israelis

Technologically, there is no nothing new in these kind of breaches.
These types of attacks, techniques and tools, are identified and are well known. The motivations of the various hackers, assault and theft, were and are still there. Maybe just in another form, by adding a dimension of cyber-terrorism or vandalism.
It is important to note that the relevant organizations are investing effort and money to enable secure payments online, Including credit card companies, as well as many online businesses. Commercial sites that do not properly handle the security aspects hurt themselves but also other industrial and consumer users.''
Word of advice to the private user:
1. Certainly one can trade online securely, including credit card use. It is important to understand that appropriate solutions to the challenges of security do exist and many companies do implement these solutions.
2. When you purchase online, it is important to be aware of information security issue in the specific site, and bring that into account when selecting  your shopping place.

A Saudi Arabian hacker has released information of 400,000 Israeli people - Free uncensored text hosting

Sunday, January 1, 2012

Major design flaw found on most web platforms, leading to DoS

Two guys from Germany conducted a presentation two days ago at the 28c3 conference in Berlin about efficient Denial-of-Service attacks.
The described attack utilizes a common mechanism design flaw that can lead to an easy to conduct DoS, the vulnerability was found in most of web technologies including .NET, PHP, and Java, amongst others.
On the technical side they have harnessed a feature in the POST mechanism that translates the data to a deterministic hash table and by engineering the provided input to result in a hash collision condition, they can achieve a very efficient Denial-of-Service.

They released an advisory containing the details on the attack and some numbers to glance over.
The actual video of their presentation can be downloaded here or by torrent.

Ruby was fast to respond and Microsoft responded with a partial fix yesterday. Others are expected to be releasing their appropriate patches over the weekend.