Post Category Security

[Java 0day exploit] – Protect yourself – Turn off Java in browser

A new Java 0-day exploit is running around the Internet this week.

Every browser which use the newest Java version is vulnerable! No matter which operating system you use.
If you think about installing older version of Java, that’s also bad idea, because older versions are full of security bugs as well!

What you need to do is to turn off Java in your browsers! 

If you want to check if Java in your browser is vulnerable, go to http://www.isjavaexploitable.com/ and you will see.

To disable Java in your browser, in Windows, do next:

Mozilla Firefox: From the main menu select Add-ons, and then disable any plugins with the word “Java” in them. Restart the browser.

Google Chrome: Click the wrench icon in the upper right corner of the browser window, then select Settings. In the search results box to the right in the next screen, type “Java”. A box labeled “Content settings” should be highlighted. Click that, and then scroll down to the Plug-ins section. Click the “Disable individual plug-ins” link, find Java in the list, and click the disable link next to it.

jovica ilic blog

For those who want to find out more about exploit

For those who are interested in details of this exploit, check here good analysisThe beauty of this bug class is that it provides 100% reliability and is multiplatform. PoC exploit was first published by Jduck and exploit itself you can see here

Experience tells us that Oracle will not be fast with an update, so most probably this bug will not be fixed soon.

Picture source.


If you liked the post, we should get connected - follow me on Twitter

Tunneling applications with TSocks for anonymity using TOR

Have you ever thought how great it would be if you could run your hacking tools for information gathering/scanning/exploiting anonymously from terminal?

Here is one of the ways to do this, even your tools are without options for proxy.

 

You will need TSocks, and Tor installed. Nothing more.
In my BackTrack machine, TSocks is already installed. If you don’t have it, install it first.
After you do this, open /etc/tsocks.conf and edit server_port line, to port 9050 (default Tor port):

server_port = 9050

Then, you need to install Tor. Here you have simply explained how to install Tor. Install just Tor, you don’t need Privoxy.
After configuring tsocks, try to check if it’s working good by using the lynx web browser to connect to a website which will show you your current IP address. So when you want to run your tool anonymously, just add tsocks at the beginning. For example, to run lynx:

tsocks lynx whatismyip.net

If everything works fine, you will get some address from Tor network, and not your private:

 

Just to make sure, run the same application without tsocks:

lynx whatismyip.net

Here is how it looks now, with my real IP address:
lynx - jovica ilic

 

So now, when you are sure that tsocks tunelling works fine, you can run all your nasty tools anonymously. Also, you can start f.e. Firefox and surf anonymously this way, just with typing:

tsocks firefox

That’s it! It’s just one of the ways. Have fun ;)

 


If you liked the post, we should get connected - follow me on Twitter

Google as DoS Tool?

This is a technique that can be used to launch a denial of service attack against a website hosted on Amazon (or even elsewhere). The steps:
  • Gather a large number of URLs from the targeted website. Preferably big media files (jpg, pdf, etc)
  • Put these URLs in a Google feed, or just put them in a Google Spreadsheet
  • Put the feed into a Google service, or use the image(url) command in Google spreadsheet
  • Sit back and enjoy seeing Google launching a Slashdot-style denial of service attack against your target.

Jovica Ilic

 

Interesting :)

 

source: behind-the-enemy-lines.com


If you liked the post, we should get connected - follow me on Twitter