Few good links that can help you unbrick your iPhone.

Nice facts here, 5 things you need to know about the iPhone

My 5 steps to unbrick the iPhone would be to ...
Download the 1.0.2 image from Apple's website
Use home + power button to get to the restore screen
Restore your phone's firmware image from updated version to 1.0.2
Then add a contact with the jailbreak and upload anySIM to your iPhone as shown >> here <<
Last but not least, take sometime to read the iPhone wiki which as plethora of information that will come in handy down the road.

Files that you'd require for the process can be found >> here << , arranged neatly.

Have fun hackin your phone.

Cheers :)
Kish

It's XSS snack time of the day...

Paypal is secure, you can use it for all transactions... Recommended by HackerSafe seal

https://mobile.paypal.com/cgi-bin/wapapp?cmd=_wapapp-static&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

While I was messing with the website, I came across this XSS bug in Paypal, which can be used with Javascript to steal passwords ;))

/Quit

Google chat can be blocked, without blocking google.com on the whole.You must block chatenabled.mail.google.com with the ports 443 and 80 to talk.google.com.Linux users can use iptables to redirect the traffic to 127.0.0.1 (your local loopback address) You can also use the old fashioned /etc/hosts for the same...

I had to write this post here, because there's been a lot of attention to blocking google's chat lately.

Cheers :)
Kish

I was invited to speak in LegionSec 07 conference, but due to professional engagements, Iam unable to deliver the talk as promised. The conference organizer has been informed about the glitch.

Cheers :)
Kish

THE website is back, yes, the one and only CRIMEMACHINE !

Refused by heaven, and feared by hell ... http://www.crimemachine.com

Keep watching for a few or more updates to the site from time to time.

Cheers :)
Kish

The code displayed below is from MXtreme firewall, and this is a perfect example how NOT to code a web page, especially for an appliance as critical as this... Possibly a 0day ;)



Cheers :)
Kish

A picture of the M927 warhead, containing 2.63 kg of TNT explosive filling.This cartridge is designed to be used with the Howitzers used by U.S. National Army guard's light artillery forces.



This article talks about a web-exploitation toolkit, which is Mpack. The comments are really funny, it was a good read, the article is originally from Security Focus website.

I personally feel the russian programmers, from DCT have come no close to this invention for destructive usage ;)

PS: Iam not supporting them, it's just that the whole issue is funny.

Then again it could be equally destructive like the m927, ahem !

As per one of the comments, from the article,
"It's just software deal with it", and that is all there is to it, period.

/Quit

Actual tests website bug ;)

A specially crafted url can grab the "Exact" file from the site,
that's sold, for FREE :D

PoC CCNA : http://downloads.actualtests.com/Pdf-Down/uploads/640-801.zip

hint: replace 640-801 with your favorite exam number, and get it for free

BTW, with stuff like this why would people want to register for the Actual Tests Subscription that costs 99 USD... Then again, Iam not that smart ... hehe !

Bug reported ... and screenshot attached below.

Bug1 - Actual tests website, main



Bug2 - Actual tests website, sub-domain



PS: We can offer ACTUAL TESTS a web penetration test if they're interested.



/Quit

A random line from my arsenal of quotes ...

HE'S A PEOPLE SPECIALIST, THAT'S WHY HE GOT CONNED ! :))

/Quit

Time for serving today's pwnsauce (morning_wood* tm), hehe !

Just to prove my re-phrasing right in the previous post, www.appinonline.com comes with a few or more XSS, SQL injection, and buffer overflow bugs ... lol !

They got almost 45 patterns of XSS, 5 patterns of SQL injection, including numeric and string input/multiple input types ... They provide security for top companies, and here's a photograph of their great president, Mr.Rajat Khare ...



PS: They provide WEB-SECURITY, AND APPLICATION SECURITY ... WOW !
Wonder how good they're ?? Here's the proof

PPS: It also proves my argument, that all graduates aren't intelligent, not even the ones from IIT.

In the end, we see that, even today ... the cobbler still goes barefoot ;)

This also goes to say, the security product / vendor / service providers themselves need some security to start with ... and who knows, time will tell if this company can survive the harsh lashes from the cruel media...

Reported the stuff to him :)

/Quit

Quote from "For a few dollars more" , 1960 something ...

In this world where life has no value, death sometimes has it's price...

I tried to rephrase this for Infosec, hehe ! :P

In this world where a computer's data has no value, a break-in sometimes has it's price.

That's why the hackers sprung up ...

The loss of customer/client/consumer, and bad public-relations ... lol, a news brief will be "almost mean the end" of a company in mainstream IT.

/Quit, enough of blaming

We present to you ... www.usablesecurity.com !



Security blog's XSS ;)

Ironically their page has their last post on "phishing" and "Open ID"...

/Quit

Presenting the XSS Trio ;)

Site: www.googlefont.com, www.netscape.com, and www.mtv.com
Multiple XSS bugs
Risk: High



Google font - XSS



Netscape XSS



Mtv.com - nice music channel !

XSS is not an ordinary threat anymore which can just bring pop-ups, advanced and planned attacks, XSS worms like the myspace one, and nice shellcodes (like the ones showed by bill hoffman of SPI @ shmoocon are examples of ... sophistication in this area) And we can't forget XSS Proxy ... uauauauauauaua !

/Ph33r to click ...

Hew Griffith, the ex-DoD council member, has been extradited to the USA for sentencing.
Personally I feel he must have had his chances to serve time in Australia.

Read the full story here...

/Quit

Quoted from ArsTechnica, a kid got kicked outta school for creating a counter-strike map of the school... sounds funny, but logical as well, seems as though schools are on high alert, after the massacre at Virginia Tech...

/Quit

Full headers of the phishing email ...

X-Apparently-To: @yahoo.com via 209.191.87.92; Thu, 22 Mar 2007 01:38:34 -0700
X-YahooFilteredBulk: 64.151.53.220
X-Originating-IP: [64.151.53.220]
Return-Path:
Authentication-Results: mta222.mail.re3.yahoo.com from=paypal.com; domainkeys=neutral (no sig)
Received: from 64.151.53.220 (HELO 192.168.1.252) (64.151.53.220) by mta222.mail.re3.yahoo.com with SMTP; Thu, 22 Mar 2007 01:38:34 -0700
Received: from 60.76.174.246 by ; Thu, 22 Mar 2007 04:35:46 -0500
Message-ID:
From: "service@paypal.com"
Reply-to: "service@paypal.com"
To: @yahoo.com
Subject: Compromised PayPal Account
Date: Thu, 22 Mar 2007 13:35:46 +0400
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--202896902971285"
X-Priority: 1
X-MSMail-Priority: High
Content-Length: 1308

This is a very bad way to send "scam" emails. Honestly no "smart" phisher would send his emails from AOL.com and using Outlook express... Why do all people want Paypal... ??

LOL !

How does this work ?
The phisher redirects the user to his host pointed with the arrow, rather than paypal, and collects data for his "own profit"

Reported to a APWG & F-Secure.

What can you do ? Don't click on the link blindly, take a minute to check the status bar, and copy/paste links on your browser, if you're suspicious of the person who sent this, then send it to reportphishing >at< antiphishing >dot< org

/Quit

Update from jf -at- danglingpointers -dot- net.

Seems the variable name was googled a bit, and apparently it was a considered a vulnerability, not just a bug... if the wiki was embedded in another frame, the by injecting javascript the attack can occur.So that's what was shown below in the code(see previous blog post).The Authors have anyhow disabled it by default in newer versions of the wiki software.

My bit, is that I have just been digging code decently.We will conclude that I found a bug in OWASP website.(which was considered a vulnerability in the past)

Cheers :)
Kish

Is OWASP vulnerable ?



Check this out, the code shown above has the variable wgBreakFrames as undefined.

I expect some feedback on the same... Posted to full disclosure list.

The wgBreakFrames variable is vulnerable to injection...
It is confirmed just as a bug, with minimal impact,not a vulnerability.
There could probably be attacks if we could inject javascript in the window.

I would like to thank, jf -at- danglingpointers -dot- net & andfarm -at- gmail -dot- com, for the assistance provided through the Full-disclosure list :)

Full-Disclosure - We believe in it !

Cheers :)
Kish

Site: www.techworks.in
Multiple XSS bugs
Risk: Medium-High



They're ""Official EC-Council distributor, India""



Full-Disclosure - We believe in it ;)

/Quit

Originally posted on the 14th of Feb, Yeah, Iam sorry, late by 2 weeks. Still worth a laugh.

Acunetix survey says : 70% of websites, out of it's 3200 scanned ones were vulnerable to attacks.

Then, Network world and it's "go-to-guy" Joel Snyder, a.k.a Security expert, replies back

Thomas Ptacek, a guru at Matasano, gives his take on the issue.

Acunetix gives back some statistics and it's report...

I learnt to laugh like an Italian friend of mine, UAUAUAUAUAUAUAUAUAUAUAUAUA !!
You must try it too ... it's fun to laugh, it's the best way to forget all your worries...

Jokes apart, the truth is conveyed here humorously... You must note that somewhere in the context is mentioned, Acunetix's numbers are low ...

/Ale vide

Site: www.tcs.com (Tata Consultancy Services)
Multiple SQL Injection/XSS bugs
Risk: Medium-High



The company which can't secure it's site is providing services on Security. WOW !!!
http://www.tcs.com/esecurity => Check this out ;)



SQL Injection - Do you want me to be the DBA ;) ??



Cross Site Scripting - Do you see phishing coming your way ;) ??




I sent an email back in December 2006, they're so responsible not to fix their bugs even after 2 months. I sent the email to their Information Security Manager, Chennai, not to admin/webmaster/or any default address. No response until date (see picture)

Email sent to "Full-Disclosure - We believe in it ;)"

Cheers :)

Got a reply from them, they want to fix it now :)



My reply for their email.
With this, Iam closing this issue. Seems they've come to terms with me :)

Full-Disclosure - We believe in it ;)

Cheers :)

Posted to Full-Disclosure list, copied to LegionSec



Full-Disclosure - We believe in it

On a sidenote, this post got dugg !

Cheers :)

I never expected them to reply but they did ! What a surprise ;)




So here's my reply... to them.

Full-Disclosure - We believe in it

Cheers :)

Update to my previous post :)

Possibility to fetch files such as /etc/passwd
http://www.flconferences.com/download.php?file=/legionsec_1/archive/LegionSec'06___Vicente.pdf => Example

Click on the above link to see "Function.fopen"

When it lists out "fopen(/hsphere/local/home/flconf/flconferences.com/user_conference/legionsec_1/archive/LegionSec\'06___Vicente.pdf"

What amount of time will it take for an attacker, to manipulate this function and retrieve critical files as /etc/passwd or /etc/shadow

With this kind of information in hand, the extent of damage that can be done is "maximum"

Documentation for Function.fopen from PHP Website.

Full-Disclosure - We believe in it.

Cheers :)

Advisory by Kishfellow

Site: www.flconferences.com (LegionSec)
Multiple XSS vulnerabilities
Risk: Medium-High




Picture says it all ...

Full-Disclosure - We believe in it.

/Quit

Whoa ! ... I just can't believe that I got myself a BOSE headfone [considered to be really the best money can buy, for a headfone or any sound equipment]

You have the "Right to laugh ;)" ... >> See this post <<
I don't believe that he is such a geek, he uses V=IR to describe parallel dating ;))
~ Hats off to you bro ~

Cheers :)

The new HD-DVD [High definition DVD] already cracked ?

Rumors arose early on the new year that a hacker named muslix64 has compromised the encryption called AACS [both blu-ray & hd-dvd use the same encryption]

Read the news brief from three sources :)

NewYork Times - >> Read more <<
ComputerWorld - >> Read more <<
ZDnet - >> Read more <<

On a side note, happy new year to all of you :)

I heard from a friend of mine, that this year starts and ends with a monday, it has the most number of saturdays & sundays... and no public holidays fall on sunday. Hence, this is a new year with least working days according to the anonymous friend who informed me :)

/Quit