from The Register:

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn’t always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

From all sorts of vulnerabilities of the Linux operating system, this is the most severe. Unfortunately, the details of the bug has been announced before the vendors patching their systems. The hacker can easily penetrate the system access that the previous user privileges to be root privileges. Fortunately, this vulnerabilities occurred in the local operating system, not remotely. We still can say “fortunately”

Update and Patch your system with the distro’s way.

How many people download pirated programs on the internet? Pirated programs always include a keygen or a crack to open the protection of the commercial software. But, do you realize that most people do not know that keygen and crack are very dangerous against a computer?
Sometimes people do not know that when they use a crack or a keygen, they also run malicious programs such as worm, trojan, virus, or spyware. Here I provide a screenshot of a registry scan in my computer after I run the keygen.exe.

In the screenshot above, I use Process Monitor to see the process tree from file keygen.exe. As you see, they altered the registry. In some cases, they are not only alter the registry but also create a hidden backdoor, planted into the DLL which will connect silently and you will never realize it (unless you use some utility tools like TCPView). Moreover, they steal private data such as passwords, credit cards information, product keys, capture keystrokes, capture login information, upload our private documents, etc.

So, do you still want to download pirated programs?

Think before click..

Here is my dirty way to make BT4 running on USB disk instead of run from DVD.

1. Boot Live DVD Backtrack 4
2. Split your pendrive into 2 partitions, the 1st is for your BT4 files, and the 2nd is for your changes. I have 4 GB pendrive, so i made 2 partitions with 1500MB for BT4 files (with FAT32 FS) and the rest of disk space went to another partition with Ext3 FS. You can use fdisk of cfdisk to make those things.
3. Format it using mkfs:
   • mkfs.vfat -F 32 -n BT4 /dev/sdb1
   • mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
4. Mount them:
   • mkdir /mnt/BT4
   • mount /dev/sdb1 /mnt/BT4
5. Copy all BT4 files from mounted DVD to our new mounted partition (/mnt/BT4)
   • rsync -avh /media/cdrom/ /mnt/BT4/
6. Instal GRUB boot loader
   • grub-install –no-floppy –root-directory=/mnt/BT4 /dev/sdb
7. Edit the menu.lst file
   • nano /mnt/BT4/boot/grub/menu.lst

Start Persistent Live CD <———- find this line
bla bla bla quiet vga=0×317 <———- add vga=0×317 like this

8. umount /mnt/BT4
9. reboot

That’s it. Can’t wait for the official release ^^

reference: Offensive-Security

HD Moore menambahkan beberapa fitur baru dalam payload meterpreter di metasploit versi 3.3-dev yang masih dalam tahap pengembangan. Anda bisa mengaksesnya di subversion metasploit (karena dalam pengembangan, disarankan untuk tidak menggunakannya sehari-hari / kegiatan pentest resmi). Bagian itu adalah..

Stdapi: User interface Commands
===============================
 Command        Description
 -------        -----------
 grabdesktop    Take over the active input desktop (needed for keyboard sniffing)
 idletime       Returns the number of seconds the remote user has been idle
 keyscan_dump   Dump they keystroke buffer
 keyscan_start  Start capturing keystrokes
 keyscan_stop   Stop capturing keystrokes
 uictl          Control some of the user interface components

Terdapat pada payload meterpreter setelah berhasil di injeksi ke korban. Apa kegunaannya? Intinya HD Moore mau menghidupkan interaktifitas yang terjadi antara hacker dengan korbannya. Bentuk interaktifitas tersebut antara lain dengan mengaktifkan opsi keyscan_dump yang akan mengambil ketikan keyboard dengan cara menginjeksi (hooked) ke proses seperti winlogon.exe atau explorer.exe, yang notabene memang menerima input dari user. Semakin canggih saja Metasploit Framework, semakin sejajar dengan Core Impact, CANVAS, dan rekan sejawatnya ^^

Pernah ketemu kasus seperti ini ketika lagi asik-asiknya menginjeksi paket di jaringan wireless?

Saving ARP requests in replay_arp-0123-104950.cap
You should also start airodump-ng to capture replies.
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Read 17915 packets (got 3 ARP requests), sent 5854 packets...

Yup, kasus tersebut terjadi karena alamat MAC korban tidak lagi berasosiasi dengan Access Point setempat atau bisa dibilang lagi putus-putus, entah akibat proses de-authentication yang kita buat sendiri atau memang sinyalnya ga bagus untuk sampai di laptop/pc korban. Nah, untuk menyiasatinya ada 3 cara:

Read More >>

Periset keamanan dari perusahaan Elcomsoft Rusia menemukan cara terbaru yang paling ampuh untuk menembus keamanan wireless WPA/WPA2 dengan cara memanfaatkan gabungan kemampuan GPU (Graphical Processing Unit) dua buah kartu grafis Nvidia atau biasa disebut teknologi SLI. Teknologi SLI memungkinkan kita untuk menggunakan dua buah kartu grafis yang tentunya meningkatkan performa kartu grafis tersebut.

dari Elcomsoft:

With the latest version of Elcomsoft Distributed Password Recovery, it is now possible to crack WPA and WPA2 protection on Wi-Fi networks up to 100 times quicker with the use of massively parallel computational power of the newest NVIDIA chips. Elcomsoft Distributed Password Recovery only needs a few packets intercepted in order to perform the attack.

Dengan menggunakan program Elcomsoft Distributed Password recovery, dan sekitar 20 komputer terpasang Nvidia GeForce GTX280 SLI, maka membongkar passphrase WPA/WPA2 tidak membutuhkan waktu tahunan, mungkin bisa minggu-an atau harian.

Siapa yang mau beli Nvidia GeForce GTX280 buat cracking passphrase? hehehe, mending buat maen game-game baru ya

Powered by ScribeFire.