Monthly Archives: January 2018

Automatic autofill of credentials

Automatic autofill of credentials, is it really safe?

Category : Blog

Automatic autofill of credentials, is it really safe? Nowadays, Trackers found silently grabbing your information as you surf the web.

Automatic autofill of credentials

Is your browser’s built-in login manager leaking your username (and possibly your password too)?

Researchers at Princeton’s Centre for Information Technology Policy have uncovered two third-party tracking scripts that can scoop up information provided by your browser’s login manager to create a persistent identifier tracking you as you move between web pages.

Here’s how it happens:

  • You visit a webpage and fill out a login form. Your browser asks you if you want to save the login details.
  • Later, you visit a different page on the same website, which includes the third-party tracking script. The tracking script inserts a login form that is invisible to the naked eye onto the webpage, and your browser’s password manager automatically fills in your credentials.
  • The third-party script snaffles up your email address from the invisible form’s field and sends a hash to a third-party server.

Automatic autofill of credentials

Fed up with Automatic autofill of credentials? What’s the solution? Simple. Don’t use a login manager that autofill’s forms without you giving it explicit permission to do so. You might be wiser using a product like 1Password, whose developers confirmed was designed to always insist on user approval before filling forms.

If you allow your browser to automatically submit your username and password into forms silently and invisibly, there is always the danger that a malicious site or script may steal the information.

The two scripts spotted by the Princeton researchers – Ad Think and On Audience – appear to have been designed to grab hashed usernames to identify web visitors for ad-tracking purposes, but there is no technical reason why the same approach couldn’t also be used to steal auto filled passwords.

The researchers have built an online demo, where you can test whether you might be vulnerable.

It should go without saying – don’t enter real credentials on that demo page!

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


phpmyadmin-hacking

phpMyAdmin – A critical security vulnerability has been reported

Category : Blog

phpMyAdmin – A critical security vulnerability has been reported. One of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link.

phpmyadmin-hacking

Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability is a cross-site request forgery (CSRF) attack and affects phpMyAdmin versions 4.7.x (prior to 4.7.7).

Cross-site request forgery vulnerability, also known as XSRF, is an attack wherein an attacker tricks an authenticated user into executing an unwanted action.

According to an advisory released by phpMyAdmin, “by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc.”

phpMyAdmin is a free and open source administration tool for MySQL and MariaDB and is widely used to manage the database for websites created with WordPress, Joomla, and many other content management platforms.

Moreover, a lot of hosting providers use phpMyAdmin to offer their customers a convenient way to organize their databases.

Barot has also released a video, as shown above, demonstrating how a remote attacker can make database admins unknowingly delete (DROP) an entire table from the database just by tricking them into clicking a specially crafted link.

“A feature of phpMyAdmin was using a GET request and after that POST request for Database operations such as DROP TABLE table_name; GET requests must be protected against CSRF attacks. In this case, POST requests were used which were sent through URL (for bookmarking purpose may be); it was possible for an attacker to trick a database admin into clicking a button and perform a drop table database query of the attacker’s choice.” Barot explains in a blog post.

However, performing this attack is not simple as it may sound. To prepare a CSRF attack URL, the attacker should be aware of the name of targeted database and table.

“If a user executes a query on the database by clicking insert, DROP, etc. buttons, the URL will contain database name and table name,” Barot says. “This vulnerability can result in the disclosure of sensitive information as the URL is stored at various places such as browser history, SIEM logs, Firewall Logs, ISP Logs, etc.”

Barot reported the vulnerability to phpMyAdmin developers, who confirmed his finding and released phpMyAdmin 4.7.7 to address this issue. So administrators are highly recommended to update their installations as soon as possible.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Forever 21

Forever 21 payment card breached

Category : Blog

Forever 21 payment card breached. First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017.

Forever 21

Although the company did not yet specify the total number of its customers affected by the breach, it did confirm that malware was installed on some point of sale (POS) systems in stores across the U.S. at varying times between April 3, 2017, and November 18, 2017.

According to the company’s investigation, which is still ongoing, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names.

Forever 21 has been using encryption technology since 2015 to protect its payment processing systems, but during the investigation, the company found that some POS terminals at certain stores had their encryption switched off, which allowed hackers to install the malware.

However, according to the company, not every POS terminal in affected stores was infected with the malware and not every store was impacted during the full-time period (roughly 8 months) of the breach.

In fact, in some cases, payment card data stored in certain system logs before April 3rd were also exposed in the breach.

“Each Forever 21 store has multiple POS devices, and in most instances, only one or a few of the POS devices were involved. Additionally, Forever 21 stores have a device that keeps a log of completed payment card transaction authorizations,” the company said while explaining the incident.
“When encryption was off, payment card data was being stored in this log. In a group of stores that were involved in this incident, malware was installed on the log devices that was capable of finding payment card data from the logs, so if encryption was off on a POS device prior to April 3, 2017, and that data was still present in the log file at one of these stores, the malware could have found that data.”
The company also assured its online customers that payment cards used on its website (forever21.com) were not affected by the breach.

Since payment processing systems outside of the United States work differently, it should not be impacted by the security breach, but the retailer said it’s still investigating whether non-US stores were affected or not.

Forever 21 advised customers who shopped at its stores to stay vigilant and keep an eye on their credit transactions for any suspicious activity, and immediately notify their banks that issued the card if found any.

The company has promised to continue working with “security firms to enhance” their security measures.

This breach is yet another embarrassing incident disclosed recently, followed by Disqus’ disclosure of a 5-year-old breach of over 17.5 million Disqus users and Yahoo’s revelation that 2013 data breach affected all of its 3 Billion users.

The recent incidents also include Equifax’s revelation of a breach of potentially 145.5 million customers, U.S. Securities and Exchange Commission (SEC) disclosure of a data breach that profited hackers, and Deloitte’s disclosure of a cyber attack that led to the theft of its clients’ private emails and documents.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training


Show Buttons
Hide Buttons