ethicalhack3r

Just to let everyone know that we are now running the latest version of wordpress, finally! If you haven’t noticed already there’s a ‘Security Jobs’ RSS feed which grabs RSS feeds off a number of job sites, the link can be found in the sidebar above the google ads.


Ive fixed the footer as it was out of line and also made the pagination a little bit nicer however during the process of updating the site I seem to have messed up the ‘pages’, the ones in the green bar at the top. Haven’t a clue whats gone wrong, spent the past few hours staring at CSS, PHP and HTML and still cannot figure out what I have done!!! I’m going to leave it for now and come back to it another day.


Some exiting news…

Me and some other lads from university have started a project called ‘ScreenStamp!’ I will be posting about it shortly.

Abstract:
Any one can post an image anywhere that allows the posting of remote images, grab the http header information of any one who views the image and save it to a log file on a remote server. This has been done for a while by the advertisement industry to track users activities. It can also be used by mail clients to check that an email has been read by the recipient. It is known as a ‘web bug’.

How its done:

1. You need a php script that will capture the GET HTTP headers, echo an image and have the content-type header set as a jpg.

2. A directory called /image.jpg/

3. htaccess file to automatically load index files within directories

3. Some where you can post the <img> HTML tag.

Exploit:

Post the following code into any forum, blog, guestbook, website that accepts images from remote servers.

<img>http://www.mysite.com/image.jpg</img>
OR
<img src=”http://www.mysite.com/image.jpg“>

How it works:

The php script has a jpg header, echos an image and stores http header information to a log file. This is great but still has the .php extension rather than the .jpg extension.

You create a directory called /image.jpg/

You tell the htaccess to show any file named index when you access the /image.jpg/ directory. So when you access www.mysite.com/image.jpg it will automatically load the php script (index.php) which looks like an ordinary jpg.

So we now have a php script that acts and looks like an image, that records http headers and we also have it looking like it has the .jpg extension rather than the .php extension.

So what you can do is post the image.jpg directory to a forum as an image and it will record any one who views its http header information. e.i. ip, referer, user-agent, etc…

Impact:

You can grab sensitive information from any one you can social engineer into viewing an image.

This is legal behaviour however maybe considerd unethical depending on the intent of the person doing it. I have not included the PHP file that stores the GET HTTP header information due to posible misuse.

So far it has been tested on:

vBulletin 3.8.1 – in posts – not in avatar
vBulletin 3.6.8 – in posts – not in avatar
phpBB 3.0.3 – in post – in avatar
Facebook – not vulnerable
imageshack – not vulnerable
Joomla com jomcomment – Vulnerable

More info:

http://en.wikipedia.org/wiki/Web_bug

As for the post underneath about weather or not what the BBC did was legal or illegal, in short it was illegal however who’s going to legally challenge them?

Here’s a good debate on the topic:

http://www.guardian.co.uk/technology/blog/2009/mar/12/bbc-botnet-legality-questioned

Just to let everyone know that I’m still alive. Haven’t posted in nearly a month! Been busy with university and also had a couple of jobs on the side.


Damn Vulnerable Web App got a mention on irongeek.com this month! Thanks irongeek!
Deliberately Insecure Web Applications For Learning Web App Security


I will be posting about my views regarding BBC Click Online hacking into botnets, using them to carry out tests and then changing the computers wallpapers to make the users aware that they were zombies. Is that legal? I will be posting about this over the next few days.


Mean while check out the video: BBC team exposes cyber crime risk