h4ck3r _ N3w5

It’s better for smokers to quit smoking. Are you using electronic cigarettes (E-cigarettes) instead normal ones?? Still, you should quit your smoking habit, because it not only damages your health, but could pose a danger risk to the health of your computer.

E-cigarettes have become the latest vector for hackers to distribute malicious software. E-cigarettes manufactured in China are reportedly being used to spread malware via a USB port to computers when users plug in for charging it up.

The report broke when an executive at a “large corporation” had been infected with malware from an undetermined source after he quit smoking and switched to e-cigarettes made in China, detailed a recent post to social news forum Reddit.

Further investigating the matter, he found that the chargers of the e-cigarettes – bought from the online auction site eBay for $5 – are hard-coded with the malware that infected his workstation despite having latest virus and anti malware programs installed.

“The executive’s system was patched up to date, had antivirus and anti-malware protection,” Reddit user Jrockilla said. “Web logs were scoured and all attempts made to identify the source of the infection but to no avail.”

“Finally after all traditional means of infection were covered, IT started looking into other possibilities. They finally asked the executive: ‘Have there been any changes in your life recently?’ The executive answered: ‘Well yes, I quit smoking two weeks ago and switched to e-cigarettes.’ And that was the answer they were looking for.”

Rik Ferguson, a security consultant for Trend Micro, also considers the matter plausible and says, “Production line malware has been around for a few years, infecting photo frames, MP3 players and more.” In 2008, for instance, a photo frame produced by Samsung shipped with malware on the product’s install disc, the Guardian reported.

“Hackers are able to exploit any electronic device to serve malware to a poorly protected network,” Pierluigi Paganini, chief information security officer at ID management firm, said in a blog post. “Despite the [fact the] idea could appear hilarious, many electronic cigarettes can be charged over USB using a special cable or by inserting one end of the cigarette directly into a USB port.”

The idea is similar to the BadUSB, whose source code was released by the researchers last month on the open source code hosting website Github. BadUSB was capable to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. Ferguson explained that “a very strong case can be made for enterprises disabling USB ports, or at least using device management to allow only authorised devices.”

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Swati Khandelwal’ on Google+, Twitter or LinkedIn or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/1y4qVxD

Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately it’s a good time for cyber criminals and scammers as well.

With Black Friday (28th November 2014) and Cyber Monday (1st December 2014) coming up, you need to be more careful while shopping. These are the two very busy shopping days where shoppers spend millions online.

Every eye will be on retailers to ensure that consumers’ online shopping experiences are straightforward and, most importantly, secure. So, at the major part, retailers need to pay attention to extra security measures in order to prevent themselves from massive data breaches, like Target data breach that occurred last year during the Black Friday sales in which over 40 million Credit & Debit cards were stolen.
Not just Target alone, multiple retailers including Neiman Marcus, Michaels Store were also targeted during last Christmas holiday, involving the heist of possibly 110 million Credit-Debit cards, and personal information.

So, in an effort to secure yourself from scammers you need to be aware of some top scams and tips to keep yourself safe online.

1. COPYCAT & FAKE WEBSITES

In order to fraud an online account holder’s financial information, scammers could pose their website as a legitimate one. Like you got an email from Amazan.com for the hottest deals, and not Amazon, make sure before providing your financial details.

Check properly thrice who emails are from and if it’s an unknown, best way is to avoid the email and the so-called hottest deal. Always go for a website using an HTTPS URL, before entering a password or any information like address or credit card number.

There are thousands of websites that closely resemble legitimate domains like Amazon, Google, Apple, Facebook and Microsoft. Apart from these, there are so many new sites offering online shopping, that it’s quite difficult for customers to say which one is legitimate and which is not.

Many of these websites host exciting contests or advertisements for dodgy services to gain your attention and force your finger to click it, while others host malware that can infect your system when you browse to these websites.

So, to be in safer side, always shop from websites which you or your friends know. Just keep one thing in mind while shopping online that Website ratings and security seals can be faked and the website could look too good to be true, but probably it’s not.

2. PHISHING WEBSITES

Phishing scams are typically fraudulent email messages, masquerading as a well known and trustworthy entity in an attempt to gather personal and financial information from victims. However, phishing attacks have become more sophisticated recently.

Keep an eye on scams emails claiming to come from legitimate sources which will ask you to visit a website actually hosted by cyber crooks in order to steal your personal information like email addresses, passwords, credit card numbers, expiration date, verification code, and more.

Always type website name in Google Search Engine and then visit the particular website from those search results, instead visiting through any link provided in messages or emails. Don’t go to websites you’ve never heard of.

3. UNEXPECTED GIFTS SCAM

A year ago during Black Friday, one of the major scams was the cyber criminals offering $1,000 Best Buy gift cards, which nobody won. But, a lot of people ended up in giving away their personal information for no reason at all.

Online users are recommended to avoid such “unexpected gifts” scams, just like your dear ones recommend you to not accept unexpected gifts from strangers. Emails could be a major medium to offer you unwanted gifts, so be careful when opening attachments you receive by email – that special delivery could end up costing you.

4. FAKE ADS AND COUPONS

Customers on holiday season are always on search for great deals, especially on Black Friday and Cyber Monday, but your just a small mistake can lead you to danger. Miscreants use your desires by creating ‘click-bait’ ads or posting links to ‘the best deal ever’, which will always lead to either a survey, a scam site or even drive-by exploits.

Customers are advised to treat such offers with skepticism, especially when the source is unknown and unfamiliar to you. You are also advised to keep an updated Antivirus software onto their systems, so if any convincing advert does trick you and gain your click, your AV protects you against infection.

In addition to fake ads for Best Buy, users also want to look out for fake online coupons in general. If it sounds too good to be true, visit directly to reputable websites, and, by some miracle, the offer is true because it’s Black Friday sales, it’s all yours.

via The Hacker News http://ift.tt/1ygdLMq

Adobe has rolled-out an urgent out-of-band update for a critical remote code-execution vulnerability in its popular Flash Player that is currently being exploited by hackers.
The critical vulnerability (CVE 2014-8439) in Flash Player for Windows, Mac and Linux was originally mitigated more than a month ago in October 14, 2014 patch release, but a French researcher Kafeine found its exploits in the Angler and Nuclear malware kits after Adobe released a patch, according to security vendor F-Secure.

“The vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does,” Kafeine said in a blog post.

The vulnerability allows an attacker to execute arbitrary code due to a weakness in the way a dereferenced pointer to memory is handled. An attacker could serve a specially crafted Flash file to trigger the vulnerability, which would lead to the execution of attacker’s code in order to take control of a target system.

Adobe rated the vulnerability as critical and recommended users and administrators to update their software on Windows, Mac OS X and Linux systems to the latest iteration as soon as possible.

“We considered the possibility that maybe the latest patch [from October] prevented the exploit from working and the root cause of the vulnerability was still unfixed, so we contacted the Adobe Product Security Incident Response Team,” Timo Hirvonen, a senior researcher at F-Secure, wrote on Tuesday.

“They confirmed our theory and released an out-of-band update to provide additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution.“

According to the recent security bulletin, Adobe has released the latest update for its Flash plugin, version 15.0.0.239 for Windows and Mactintosh users, version 13.0.0.258 for those that use the Adobe Flash Player Extended Support Release, and version 11.2.202.424 for Linux users.

Microsoft will soon be releasing security updates for Internet Explorer 10 and 11 and Google will be releasing for Chrome to fix the Flash Players embedded in them.

This will be Adobe’s second attempt to snap shut this particular security vulnerability in Flash, and the company said the updates for the Windows, Linux and Apple OS X versions of Flash Player will “provide additional hardening” against the previous CVE-2014-8439 flaw that was patched in the past.

In order to know the version of Flash Player you are running currently, visit the About Flash Player page. Users can update the latest iterations from Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Mohit Kumar’ on Google+, Twitter or Facebook or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/1uVA1ub

It’s a bad day for Sony yesterday!! Sony appears to be hacked once again by hackers, but this time not its PlayStation, instead its Sony Pictures Entertainment – the company’s motion picture, television production and distribution unit.

According to multiple reports, the corporate computers of Sony Picture employees in New York and around the world were infiltrated by a hacker, displaying a weird skeleton, a series of URL addresses, and a threatening message that reads:

“Hacked By #GOP Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data, including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT).”

News broke after a user, who claimed to be a former Sony staff, posted allegations of the security breach with the defacement image on Reddit.

Hackers group that identifies itself as #GOP (Guardians of Peace) claimed responsibility for the defacement across staff computers at Sony Pictures, and apparently stolen reams of internal corporate data as well.

Some reports also claims that the group also gained access to dozens of the company’s Twitter accounts linked to movies such as Stomp The Yard, Soul Surfer, and Starship Troopers, but the company has since regained control of those.

A source within Sony has anonymously confirmed to TNW that the hack and the defacement image that have appeared on Staff computers inside Sony Pictures is real. They said that “a single server was compromised and the attack was spread from there.”

The group leaked a large ZIP file containing a list of filenames of a number of documents pertaining to Sony Pictures financial records along with private keys and passwords for access to servers. There is even a text file that contains the list of last 10 recently used passwords for something at Sony.

The defacement message shown on staff computers mentions “demands” that must be met by November 24th at 11:00PM GMT or the files named will be released.

While the motives behind the hack are still unclear, but the group says it will expose more details to the public if what appeared to be a reference to demands quietly sent to the company earlier were not fulfilled by them.

According to Variety, Sony Pictures information-technology departments have instructed employees to turn off their computers as well as disable Wi-Fi on all mobile devices. Sony Pictures hasn’t confirmed the intrusion yet, instead saying it was investigating “an IT matter” in a statement.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Swati Khandelwal’ on Google+, Twitter or LinkedIn or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/15kXz1U

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale.
The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named “CryptoPHP.“ Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal. However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor.
In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins’ server.

“By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social-engineering site administrators into installing the included backdoor on their server,” Fox-IT said in its analysis on the attack.

Once installed on a web server, the backdoor can be controlled by cyber criminals using various options such as command and control server (C&C) communication, email communication and manual control as well.

Other capabilities of the CryptoPHP backdoor include:

• Integration into popular content management systems like WordPress, Drupal and Joomla
• Public key encryption for communication between the compromised server and the command and control (C2) server
• An extensive infrastructure in terms of C2 domains and IP’s
• Backup mechanisms in place against C2 domain takedowns in the form of email communication
• Manual control of the backdoor besides the C2 communication
• Remote updating of the list of C2 servers
• Ability to update itself

Miscreants are using CryptoPHP backdoor on compromised Web sites and Web servers for illegal Search Engine Optimization (SEO), which is also known as Black Hat SEO, researchers said in its report. It is because the compromised websites link to the websites of the attackers appear higher in search engine results.

Black hat SEO is a group of techniques and tactics that focus on maximizing search engine results with non-human interaction with the pages, thus violating search engine guidelines. These include keyword stuffing, invisible text, doorway pages, adding unrelated keywords to the page content or page swapping.

The security company has discovered 16 variants of CryptoPHP Backdoor on thousands of of backdoored plugins and themes as of 12th November 2014. First version of the backdoor was appeared on the 25th of September 2013. The exact number of websites affected by the backdoor is undetermined, but the company estimates that at least a few thousand websites or possibly more are compromised.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Swati Khandelwal’ on Google+, Twitter or LinkedIn or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/11qdHNw

Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008.

The nasty malware, dubbed “Regin”, is said to be more sophisticated than both Stuxnet and Duqu, according to the researchers at antivirus software maker Symantec Corp.

DEVELOPED BY NATION STATE

The research showed that the Regin malware is believe to be developed by a wealthy “nation state” and is a primary cyber espionage tool of a nation state because of the financial clout needed to produce code of this complexity with several stealth features to avoid detection. But, the antivirus software maker didn’t identify which country was behind it.

“It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber espionage tools used by a nation state,” said Symantec Security Response team.

“The security firm did not name a nation as the source of Regin, but is willing to say most of its victims were from Russia and Saudi Arabia and were targeted between 2008 and 2011 with a since decommissioned version of the malware that re-surfaced after 2013.”

Regin uses a modular approach allowing it to load features that exactly fit the target, enabling a customized spying. The malware’s design makes it highly suited for persistent, long-term mass surveillance operations against targets, the company said.

The nasty malware’s main targets include Internet service providers and telecommunications companies, where it appears the complex software is used to monitor calls and communications routed through the companies’ infrastructure. Other targets include organisations in hospitality, energy, airline, health sectors and research.

HIGHLY CUSTOMIZABLE FIVE STAGE STRUCTURE

Regin’s highly customizable nature allows large-scale remote access Trojan capabilities, including password and data theft, hijacking the mouse’s point-and-click functions, and capturing screenshots from infected computers. Other infections were identified monitoring network traffic and analyzing email from Exchange databases.

“Customisable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organisations, infrastructure operators, businesses, researchers, and private individuals,” Symantec said.

In order to remain stealthy, Regin is organized into five layers, each “hidden and encrypted, with the exception of the first stage.” It’s a multi-stage attack and each stage reveals the overall attack. Executing the first stage starts a domino chain in which the second stage is decrypted and executed, and that in turn decrypts the third stage, and so on.

NASTY MODULES

The whole picture of the malware only emerges when you have acquire all five stages because each individual stage provides little information on the complete package. Regin contains dozens of payloads, including code for capturing screenshots, seizing control of an infected computer’s mouse, stealing passwords, monitoring network traffic, and recovering deleted files.

Other modules appear to be tailored to specific targets. Specialist modules were found monitoring the traffic of Microsoft Internet Information Services (IIS) server, parsing mail from Exchange databases, and collecting administration traffic for mobile base station controllers.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Swati Khandelwal’ on Google+, Twitter or LinkedIn or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/1v1IlqZ

Security researchers have discovered a new type of “Man-in-the-Middle” (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world.

The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim’s traffic of major websites such as Google, Facebook and Twitter to a device controlled by the attacker. Once done, cyber crooks can steal victims’ valuable personal data, such as email IDs, login credentials and banking information as well as can deliver malware to the targeted mobile device.

San Francisco-based mobile security firm Zimperium detailed the threat in a Thursday blog post, revealing that the DoubleDirect technique is being used by attackers in the wild in attacks against the users of web giants including Google, Facebook, Hotmail, Live.com and Twitter, across 31 countries, including the U.S., the U.K. and Canada.

DoubleDirect makes use of ICMP (Internet Control Message Protocol) redirect packets in order to change the routing tables of a host — used by routers to announce a machine of a better route for a certain destination.

In addition to iOS and Android devices, DoubleDirect potentially targets Mac OSX users as well. However, users of Windows and Linux are immune to the attack because their operating systems don’t accept ICMP re-direction packets that carry the malicious traffic.

“An attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP,” Zimperium warned. “As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device.“

“Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Side vulnerability (e.g.: browser vulnerability), and in turn, provide an attack with access to the corporate network.“

The security firm tested the attack and it works on the latest versions of iOS, including version 8.1.1; most Android devices, including Nexus 5 and Lollipop; and also on OS X Yosemite. The firm also showed users how to manually disable ICMP Redirect on their Macs to remediate the issue.

“Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect attacks as there are attacks in-the-wild,” the post reads.

The company has provided a complete Proof-of-Concept (PoC) for the DoubleDirect Attack, users can downloaded it from the web. It demonstrates the possibility of a full-duplex ICMP redirect attack by predicting the IP addresses the victim tries to connect to, by sniffing the DNS traffic of the target; the next step consists of sending an ICMP redirect packet to all IP addresses.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Wang Wei on Google+, Twitter or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/1HyKMaQ

Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously??

Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users’ master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one.

Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack.
The malware has previously targeted users’ credentials stored in the password management applications included in popular Web browsers, however, third-party password managers have typically not been targeted by the attackers.

But, researchers at IBM Trusteer noted that the configuration file of the notorious malware had been modified to activate a keylogger when users opened either Password Safe or KeePass, two open-source password managers. Designed to steal the “Master Password” that protects access to the database of the end-user’s passwords.

“Password management and authentication programs are important solutions that help secure access to applications and Web Services,” Dana Tamir, director of enterprise security at Trusteer, wrote on IBM’s Security Intelligence blog.

“If an adversary is able to steal the master password and gains access to the user/password database of a password management solution or compromise authentication technology, the attacker can gain unfettered access to sensitive systems and information.”

In addition, the new Citadel variant also targets the enterprise authentication solution Nexus Personal Security Client used to secure financial transactions and other services that require heightened security, according to research from data-protection company IBM Trusteer.

Once the malware infected a computer, it waits until one of the configured process is launched. The malware then logs keystrokes to steal the master passwords, allowing cybercriminals complete control over the machine and victims’ every online account protected by that password manager.

The Citadel Trojan has been in existence since 2011 that has already compromised millions of computers around the world. According to the security researchers, Citadel is “highly evasive and can bypass threat detection systems.“

“[The Citadel variant] might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions,” reads the blog.

In June last year, the tech giant Microsoft along with the FBI and financial services companies launched a “takedown” operation against Citadel botnets, which had stolen more than $500 million from bank accounts over the past 18 months. At the time, the group claimed it disrupted more than 90% of Citadel botnets.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Mohit Kumar’ on Google+, Twitter or Facebook or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/1uinwDV

Thanks to recent events involving certain celebrities’ stolen pictures, “brute-force attack” is now one of the hot buzz words making its rounds. As an IT professional – do you know what a brute force attack is, how to spot one when it happens, and how to prevent it?

A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried.

Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you’ll usually see a crazy amount of failed login attempts, usually originating from the same IP address. You might even see the same account logging in over and over with different passwords from different IP addresses. The login url will show unusually high amounts of volume, and you might see odd and/or malformed referring urls (e.g. http://ift.tt/1Cy5HIE).

In some cases, the attacker might run usernames and/or password attempts sequentially, providing a nice identifiable trend for your host intrusion detection or log correlation systems to pick up. False positives should be considered as well but should be easy to weed out. For instance, multiple login attempts from the same IP trying to access the same account with the same password might just be a web/mobile app that has yet to be updated or was not supplied the correct credentials in the first place.

While brute force attacks are not exactly an elegant or complex attack type, they can still slip through the cracks when you lack sufficient visibility into your environment’s security. You need a way to minimize the noise so you can prioritize the most immediate threats and respond to them first.

AlienVault Unified Security Management (USM) provides IDS and log correlation powered by built-in correlation rules developed by the AlienVault Labs security research team to notify you immediately when patterns are observed that indicate an attack.

AlienVault USM’s intuitive, easy to use alarms dashboard displays threats and categorizes them as per the kill chain taxonomy, starting with the most serious system compromises. The larger the bubble, the more prevalent that type of threat was in the specified time period. By clicking on an individual alarm’s details, you get even more information about the suspect activity.

Here you can see that the log details have been normalized into easy to interpret events.

And, USM also checks the IP information against our Open Threat Exchange (OTX), the largest crowd-sourced threat intelligence exchange. In the example below, you can see details from OTX on the reputation of the IP, including any malicious activities associated with it.

While these events are being logged, normalized, and supplemented with OTX data, USM is watching out for event patterns that might indicate malicious activity. USM defines these attack patterns through built-in correlation directives that are updated weekly by the AlienVault Labs security research team.

Learn more about USM:

• Demo: Keeping the Bots at Bay with AlienVault USM
• Free 30-day trial of USM
• Video: Security that’s unified, simple & affordable
• Product sandbox: Learn, play & enjoy!

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Swati Khandelwal’ on Google+, Twitter or LinkedIn or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/14Ruwmk

Google on Tuesday launched a Security testing tool “Firing Range”, which aimed at improving the efficiency of automated Web application security scanners by evaluating them with a wide range of cross-site scripting (XSS) and a few other web vulnerabilities seen in the wild.

Firing Range basically provides a synthetic testing environment mostly for cross-site scripting (XSS) vulnerabilities that are seen most frequently in web apps. According to Google security engineer Claudio Criscione, 70 percent of the bugs in Google’s Vulnerability Reward Program are cross-site scripting flaws.

In addition to XSS vulnerabilities, the new web app scanner also scans for other types of vulnerabilities including reverse clickjacking, Flash injection, mixed content, and cross-origin resource sharing vulnerabilities.

Firing Range was developed by Google with the help of security researchers at Politecnico di Milano in an effort to build a test ground for automated scanners. The company has used Firing Range itself “both as a continuous testing aid and as a driver for our development, defining as many bug types as possible, including some that we cannot detect (yet!).”

What makes it different from other vulnerable test applications available is its ability to use automation, which makes it more productive. Instead of focusing on creating realistic-looking testbeds for human testers, Firing Range relies on automation based on a collection of unique bug patterns drawn from in-the-wild vulnerabilities observed by Google.

Firing Range is a Java application that has been built on Google App Engine. It includes patterns for the scanner to focus on DOM-based, redirected, reflected, tag-based, escaped and remote inclusion bugs.

At the Google Testing Automation Conference (GTAC) last year, Criscione said that detecting XSS vulnerabilities by hand “at Google scale” is like drinking the ocean. Going through the information manually is both exhausting and counter-productive for the researcher, so here Firing Range comes into play that would essentially exploit the bug and detect the results of that exploitation.

“Our testbed doesn’t try to emulate a real application, nor exercise the crawling capabilities of a scanner: it’s a collection of unique bug patterns drawn from vulnerabilities that we have seen in the wild, aimed at verifying the detection capabilities of security tools,” Criscione explained on the Google Online Security Blog.

Firing Range tool has been developed by the search engine giant while working on “Inquisition”, an internal web application security scanning tool built entirely on Google Chrome and Cloud Platform technologies, with support for the latest HTML5 features and has a low false positive rate.

A deployed version (public-firing-range.appspot.com) of Firing Range is available on Google App Engine and since the tool is open source you can also find and check out the Source code on GitHub. Users are encouraged to contribute to the tool with any feedback.

Subscribe to our Free Channel

Share On

Google+ Facebook
Follow ‘Wang Wei on Google+, Twitter or Contact via Email.

Latest Stories

Comments

via The Hacker News http://ift.tt/1uVt5Nn