Category: redirection

The Seriousness of the Twitter Vulnerability?

Paul

twitter_110 The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer.  Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

TINYURL being used by scammers and hackers — How to prevent it!!

Paul

With Phishing attempts going on with the TINYURL redirect website, I thought I would show you how you could prevent from going to a site you don’t want. Tinyurl.com has a great little feature, although it is a feature based on your cookies. It however will help prevent you from going to a site that you don’t know anything that about. It’s called the Preview Feature, and is available to any user who wants to use it.

previewtiny

As you can see if you enable it and you go to a click on a tinyurl, you will see this:

http://tinyurl.com/6t7ukk

previewtiny1

[ad#ad2-right]As you can see, if you click any TINYURL links you will automatically be told where that link is redirecting you to. This however only works with there being a cookie left behind in your system to let tell Tinyurl that is has to show the link first. So if you clean your cookies out from time to time, you will need to enable it every time after you clean the browser cookies. This will help prevent you from being phished because you will be able to tell if it is the right site in the first place. If not then you don’t have to visit that site. This should be enabled on all Short URL Sites, I hope they make it a mandatory for any site that redirects. This would help stop phishing and scammers because they can’t hide behind unknown url. Only time will tell though, these sites are always going to have problems but this would solve so many problems.

Some program Vulnebilities Detected!!

Paul

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure.   if I find any others I’ll let you know!!!