Online Game League of Legend hacked, credit cards at Risk

/0 Comments/in /by

An interesting article on online gaming site being hacked by HackersNewsBullentin.com:

 

Online Gaming Lovers who plays the popular online game “League of Legends” must change their passwords because it seems that you have been hacked, according to a security bulletin released by Riot Games,  portion of our North American account information was recently compromised.

According to officials, what has been hacked:

  • First Name
  • Last Name
  • Usernames
  • Email addresses
  • Salted password hashes

Something Major is here to worry more because approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed.

Read more on their site here.

 

Putty Security Update (SSH Tool)

/0 Comments/in /by 
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2736-1                   security () debian org
http://www.debian.org/security/                      Salvatore Bonaccorso
August 11, 2013                        http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : putty
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852
Debian Bug     : 718779

Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client
for X. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2013-4206

    Mark Wooding discovered a heap-corrupting buffer underrun bug in the
    modmul function which performs modular multiplication. As the modmul
    function is called during validation of any DSA signature received
    by PuTTY, including during the initial key exchange phase, a
    malicious server could exploit this vulnerability before the client
    has received and verified a host key signature. An attack to this
    vulnerability can thus be performed by a man-in-the-middle between
    the SSH client and server, and the normal host key protections
    against man-in-the-middle attacks are bypassed.

CVE-2013-4207

    It was discovered that non-coprime values in DSA signatures can
    cause a buffer overflow in the calculation code of modular inverses
    when verifying a DSA signature. Such a signature is invalid. This
    bug however applies to any DSA signature received by PuTTY,
    including during the initial key exchange phase and thus it can be
    exploited by a malicious server before the client has received and
    verified a host key signature.

CVE-2013-4208

    It was discovered that private keys were left in memory after being
    used by PuTTY tools.

CVE-2013-4852

    Gergely Eberhardt from SEARCH-LAB Ltd. discovered that PuTTY is
    vulnerable to an integer overflow leading to heap overflow during
    the SSH handshake before authentication due to improper bounds
    checking of the length parameter received from the SSH server. A
    remote attacker could use this vulnerability to mount a local denial
    of service attack by crashing the putty client.

Additionally this update backports some general proactive potentially
security-relevant tightening from upstream.

For the oldstable distribution (squeeze), these problems have been fixed in
version 0.60+2010-02-20-1+squeeze2. This update also provides a fix for
CVE-2011-4607, which was fixed for stable already.

For the stable distribution (wheezy), these problems have been fixed in
version 0.62-9+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 0.63-1.

We recommend that you upgrade your putty packages.

How To Install Armitage on Kali Linux

/5 Comments/in /by

As an avid BackTrack Linux distribution user, I recently started to use the newly released Kali Linux distribution.  Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution.  Some of the tools I normally use as a practitioner, researcher, educator or  hobbyist are OpenVAS vulnerability scanning tool, Metasploit penetration testing software and Autopsy the forensics toolkit to just name a few of the available products.

I noticed almost immediately, Armitage a GUI front-end for the Metasploit Framework developed by Raphael Mudge was not preinstalled like in the BackTrack version.

So here is what I did to install it on my Kali Linux install:

  1. Open up a terminal window
  2. Issue command cd /etc/apt/
  3. Issue command vi sources.list
  4. Add the following lines to the list:
    • deb http://http.kali.org/kali kali main non-free contrib
    • deb-src http://http.kali.org/kali kali main non-free contrib
  5. Save the file
  6. Open another terminal window and issue the following commands
    • apt-get update
    • apt-get install armitage
    • service postgresql start
    • service metasploit start
  7. Program is located in /usr/bin/armitage

Good luck and please comment if you had success in the process.

The SecurityOrb Show – Interview with Hans Bosch about BlackHat USA and DEFCON 2013

/0 Comments/in /by

Listen to SecurityOrb.com’s Kellep Charles talk about the BlackHat 2013 and DefCon 2013 events in Las Vegas.  The discuss the keynote address, atmosphere and many other interesting topics.

How Safe is Your Website? [Infographic]

/0 Comments/in /by

An Infographic from whoishostingthis.com, the original post can be located here:

As the modern marketplace has come to rely on virtual media, storefronts, and relationship management, the need for cybersecurity measures has increased exponentially. Gone are the days of casual GeoCities storefronts, secured only with a (it is hoped) strong password and a vigilant eye.

Today, the World Wide Web has nearly 15 billion web pages (spread across more than 600 million websites), and cybersecurity has become big business. Terms which meant little to anyone outside the then-rarefied Information Technology field twenty or even ten years ago—hacking, phishing, Denial of Service (DoS) attack—have entered the mainstream as businesses and individuals alike find themselves on the receiving end of Internet mischief.

You can read the rest on their website here.

Android-based Bitcoin digital wallets vulnerable to theft

/0 Comments/in /by

Another interesting article from our content partner at HackersNewsBulletin.com:

Bitcoin developers warned Sunday about a critical Vulnerability in Android which leaves digital wallets on the mobile platform vulnerable to theft.

A component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app, developers wrote in a Bitcoin.org blog post.

Get rid of this:

If you want to get rid of this, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself.

Read more here.