The Security Risk of Minecraft 1.8

A few months ago, an exploit of Minecraft 1.8 was released to the public. This exploit involved forcing the Minecraft Client to download a malicious file from a 3rd-Party website or server. Once the severity of the exploit was seen by Mojang (The creators and owners of Minecraft), the exploit was quickly fixed in the next update of Minecraft, which was Minecraft 1.8.4.

Since then, the Minecraft developers have released several updates fixing other exploit/security risks and a minority of those exploits allowed players to get operator/administrator status on servers, which again was only fixed by Mojang once it had been revealed to the public.

Summary

If you find any exploit, vulnerability or security risk in any software (Including games), please report them the the developers/company that own that program. It is important that you do report them, as they could pose as a threat to your security later if they do get released to the public.

30/08/2015

Advertisements

WordPress was comprimised!

WordPress was comprimised by the Nuetrino Exploit Kit.

This exploit kit installs backdoors on WordPress sites running older versions of the content management system (4.2 and older). It then redirects the victim through a series of iFrames to a landing page hosting a Flash exploit.

The exploit targets users running Internet Explorer and the victims computers are infected with CryptoWall 3.0 ransomeware.

Researchers of the Nuetrino Exploit Kit have said that the IP of the landing page is 185[.]44[.]105[.]17 which is registered to a “Max Vlapet” in Moscow.

Moreover, researchers say the goal of the exploit kit was to harvest credentials and inject an iFrame to redirect users to the landing page. They also said that people who are not using IE should not get the malciious iFrame and those using IE will not get attacked over and over again due to a cookie that the attackers injected.

The CryptoWall ransomware has recently been used in a lot of 0-day exploits leading some to believe that an APT group is behind this attack.

Like other ransomware, CryptoWall 3.0 encrypts files on a compromised computer and demands a ransom to decrypt them, usually over $400 in Bitcoin. This particular piece of ransomware uses numerous channels to communicate stolen traffic to its keepers, including I2P and Tor anonymity networks.

Summary

WordPress remains a soft spot for hackers and attackers and the Nuetrino Exploit Kit is still active. More often than not, attackers will find and exploit vulnerabilities in plugins (Such as Java and Flash), however there have been occasions where the WordPress Core Engine was attacked.

Also, if you haven’t noticed, this webpage is running on the WordPress Core engine, which is why I made this blog post and is why this is relevant.

24/08/2015

How safe do you keep your credentials?

So I’ve noticed that a lot of us do not keep our credentials (Usernames, passwords, pins and others) safe from attackers and people who use remote access.

In fact, a few days ago, I discovered that my brother keeps some of his passwords and usernames in an un-encrypted text file. Which, if you ask me, is a pretty dumb thing to do. Considering the amount of malware he accidentally downloads regularly.

Also, many people do not truly know what a hacker is. Many people think a hacker is someone who logs into your account without permission or someone who guesses your password over and over again. Well, no. Hacking is the use of malicious software (Malware) to steal confidential data (aka credentials).

If the attacker does not use malware, then it is not hacking. It would probably be either Phishing or a Brute Force attack.

Summary

The best way to keep your credentials safe is to simply remember them and not store them anywhere. Don’t use password managers and don’t store them in text files or other documents like my brother did.

Also, always use a decent Anti-Malware / Anti-Virus program to keep you safe from ransomware, trojan backdoors and keyloggers. Some of the best programs to do that are listed below:

Kaspersky Internet Security, BitDefender Internet Security, Emsisoft Anti-Malware and Malwarebytes Anti-Exploit.

21/08/2015

XSS: Loading a https logon form over http

Ok, so I saw this on twitter and I decided to take a look at it:

The response from EnglishNationalOpera was amazing, I couldn’t believe it:

Now, you are probably thinking “What’s going on?” – It’s simple, EnglishNationalOpera does not understand the risks of having a https logon form being loaded over http.

The Explanation:

Loading a https logon form over a http connection makes the website and people who visit that website vulnerable to XSS attacks. XSS (Short for Cross Site Scripting) is a client-side script that when exexcuted, performs a malicious action in the clients web browser.

Most of the time, attackers who exploit this XSS vulnerability will attempt to steal customers’ cookies, which (if you dont know what a cookie does) holds sensitive data, such as usernames, passwords and session ids. Another thing that attackers usually do is redirect customers off to a potentially malicious website.

How dangerous is XSS?

Well, lets put it this way, Facebook and other companies offer bounties (Money) to people who find and report XSS vulnerabilities. Over 50% of websites are vulnerable to XSS.

How can I avoid XSS attacks?

  1. Don’t click on random links on social media websites (Especially Facebook, over 53% of all phishing attacks are from people on Facebook)
  2. Try to avoid shortened or obfuscated links (Such as bitly or adfly)
  3. If you see a website with a logon form and a http address. Then report it to the website owner/hoster.
  4. If you own a website, make sure that everything is loaded over https. (Even your advertisements if you have any) Some XSS attacks are from someone comprimising your adverts, because most adverts are loaded over http.
  5. If you own a website and your website uses cookies, make sure that the cookies are http only, this will stop attackers stealing the cookies, as http only cookies cannot be accessed by the client. This will prevent some XSS attacks to your website. XSS is a client side script, but since the http only cookies cannot be accessed by the client, the XSS attack will not affect your customer if the XSS script is trying to access the cookies to your website.

An example of an XSS attack would be this. Note that the link you see there is a safe and non-malicious.

Summary

XSS should not be underestimated, a few years ago, someone created an XSS worm on MySpace, which infected over 1 million PCs in the space of about a week. This worm rose awareness of XSS in the web security community, however the amount of XSS attacks are still growing, which is why we need everyone to be aware of it.

Note that it’s a good idea to clear your cookies, form data and history regularly to be safe of XSS.

Thanks to Troy Hunt, he informed me about XSS through his YouTube videos here.

17/08/2015

About this blog

This blog page will be used by me to talk about recent news and concerns in the security world.

If you dont know, I am a cyber-security researcher and enthusiast, and I decided that this place would be the best place for me to talk to the public about recent security issues.

By iFuzion77 – 16/08/2015