Category Archives: Security

Wi-Fi- IEEE 802.11i-2004-Wireless security

In summary an attacker can clone your existing wifi connection. After which point you will connect to the clone connection without knowing. The attack method will also remove any secure connection ( https – SSL ) . Let see you visit this live and vulnerable website http://www.artsandscraps.org/ . This site is a Joomla based website and you enter your login details at http://www.artsandscraps.org/administrator/ . The attacker can grab those details unecrypted because they have clone your wifi connection. The website owner should force all web traffic to https://www.artsandscraps.org/administrator/ . which is a secure connect and encrypted. Here is the downside. The website owner is allowing secure and unsecure connection which puts you the user at risk.

We will documents some work around and ways you can protect yourself. Keep in mind the attacker do not need your wifi key for this to work.

From the searchers who discovered the vulnerability . krackattacks.com
As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info). When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks:

Additional reading arstechnica.com

Heartbleed Bug- clarification

While the media advise you to change your current password. I would not recommend changing your password until the website has been patched. Some sites are also recommending not signing into any secure sites until this is resolve. WOW!!!!! –

 

Continue to use the internet as usual if you notice anything strange with your account. At that point change your password. This method should be used daily and prior to learning about this new vulnerability.

You can check if a website has been flag as vulnerable using https://lastpass.com/heartbleed/

Additional information 

Vulnerability Summary for CVE-2014-0160

Original release date:04/07/2014
Last revised:04/09/2014
Source: US-CERT/NIST

 

Alert: WHMCS Hosting account compromised.

If you are a customer of WHMCS , you may be sitting there wondering what happen yesterday. Well your credit card information may be at risk.  WHMCS website is hosted by Hostgator.com , they are advising that you should change your password asap if you use the client area  on their website. Also you may want to contact your credit card company.

 

Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.

As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.

This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.

We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.


———–

Forum post

http://forum.whmcs.com/showthread.php?t=47650

A little over 4 hours ago our main server was compromised. This server hosts our main website and WHMCS installation.

What we know for sure

1. Our server was compromised by a malicious user that proceeded to delete all files
2. We have lost new orders placed within the previous 17 hours
3. We have lost any tickets or replies submitted within the previous 17 hours

What may be at risk

1. The database appears to have been accessed
2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.

 

http://forum.whmcs.com/showthread.php?t=47660

 

 

Statement released from the group responsible

  1. The reason for the hack and database leak of the WHMCS was due to the vulnerability WHMCS and “Matt” have. As most of you know the database contains credit cards, Really? Yup. WHMCS, the number 1 Web Hosting Client management company stores your credit card on Hostgator’s servers. By Matt hosting this huge domain on Hostgator he made himself and his domain very insecure and that is why we took action and did what we did. It is now 2 days after the attack from us and the site is back up and it still remains on Hostgator after Matt knows it is insecure. Well Matt, guess what… Here at UGNazi We laugh at your security. By releasing your files, we wanted to make it known that we are watching; and will continue to be watching. Stay Frosty.- Cosmo#UGNazi #whoswidme