Wednesday, 28 May 2014

Registry hack enables free Windows XP security updates until 2019

Microsoft ended its support for Windows XP officially more than a month ago on April 8, 2014. This made a large number of users to switch to the latest version of Windows, but still a wide portion of users are using Microsoft oldest and most widely used operating system, despite not receiving security updates.
While some companies and organizations who were not able to migrate their operating system’s running Windows XP to another operating system before the support phase ended, are still receiving updates by paying Microsoft for the security patches and updates.
Now a relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019.
It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are inevitably the same updates Microsoft would have rolled out for its Windows XP, if it was still supporting XP Operating System.
Windows Embedded POSReady 2009 is the operating system installed in “point-of-sale” (POS) systems such as restaurant machine, ticket machines or other customized version of Windows Embedded systems. POS machine most likely uses the XP operating system, therefore receives the same updates that are delivered by Microsoft for the officially unsupported version of Windows XP.
You are not allowed to directly install these Windows updates for your OS. In order to download new security updates for your Windows XP, you just need to perform a simple intervention into the Windows registration database.
  • Open Notepad and create a new file.
  • Add Below given code to it:
Windows Registry Editor Version 5.00
  • Save file as .reg extension and run it by double clicks.
  • Once executed, you will find lots of pending updates in your Windows Action Center.
Because the extended support for Windows Embedded POSReady 2009 systems ends after 5 years, Microsoft will continue to deliver new security updates and patches for this version of its embedded operating system till April 9th, 2019, so users can use this trick to get security updates of Windows XP for another five years.
Important Note for our Readers - Despite receiving security updates for Windows XP by using such tricks, it is not possible to secure the complete system appropriately. So we highly recommend all of you to upgrade your operating system to the latest versions, i.e. Windows 7 or 8 or any Linux Distro.

Cookies flaw lets hackers steal WordPress accounts

Yan Zhu, a researcher at the Electronic Frontier Foundation (EFF) noticed that the blogs hosted on WordPress are sending user authentication cookies in plain text, rather than encrypting it. So, it can be easily hijacked by even a Script-Kiddie looking to steal information.

When WordPress users log into their account, servers set a web cookie with name “wordpress_logged_in” into the users’ browser, Yan Zhu explained in a blog post. He noticed that this authentication cookie being sent over clear HTTP, in a very insecure manner.
One can grab HTTP cookies from the same Wi-Fi Network by using some specialized tools, such as Firesheep, a networking sniffing tool. The cookie can then be added to any other web browser to gain unauthorized access to the victim’s WordPress account and in this way a account could be easily compromised.
Wordpress hacking cookies
Using stolen cookies, an attacker can get access to the victim’s WordPress account automatically without entering any credentials and fortunately the vulnerability does not allow hijackers to change account passwords, but who cares? as the affected users would have no knowledge that their wordpress account has been hijacked.
Hijacking cookie on WP gives you login for 3 years. There’s no session expiration for the cookie, even when you log out.” Yan tweeted.

Using this technique, one can also see blog statistics, can post and edit articles on the hijacked WordPress blog and same account also allows the attacker to comment on other WordPress blogs from the victim’s profile. Sounds Horrible! Isn’t it?
But, an attacker “couldn’t do some blog administrator tasks that required logging in again with the username/password, but still, not bad for a single cookie.” she explained.
She recommends that WordPress ‘should set the “secure” flag on sensitive cookies so that they’re never sent in plaintext.’
The Good news is that, if you own a self-hosted WordPress website with full HTTPS support, then your blog is not vulnerable to cookies reuse flaw.

LulzSec informant Sabu helped FBI stop 300 cyber attacks

LulzSec logo
Former LulzSec leader Hector Xavier Monsegur, aka "Sabu", helped the FBI prevent more than 300 cyber attacks following his arrest in 2011, court documents have revealed.
Monsegur's role combating cyber attacks from the Anonymous hacker collective and LulzSec group was revealed during his sentencing hearing on Tuesday.
During the hearing, prosecutors praised Monsegur for his "extraordinary" contributions combating the threats and recommended he receive a sentence of time served.
"Through Monsegur's co-operation, the FBI was able to thwart or mitigate at least 300 separate hacks. The amount of loss prevented by Monsegur's actions is difficult to fully quantify, but even a conservative estimate would yield a loss prevention figure in the millions of dollars," read the document.
"In light of the foregoing facts, the government respectfully requests that, pursuant to Section 5K1.1 of the guidelines, the court grant the defendant a substantial downward departure at sentencing."
Monsegur was exposed as an informant for the FBI in 2012, when law enforcement agents arrested key members of the LulzSec hacker group, including Ryan Ackroyd, aka "Kayla"; Jake Davis, aka "Topiary"; Darren Martyn, known as "pwnsauce"; Donncha O'Cearrbhail, called "palladium"; and Jeremy Hammond, aka "Anachaos".
During its heyday, LulzSec successfully mounted cyber attacks on numerous high-profile targets, including the UK Serious Organised Crime Agency (SOCA), Fox Television, Nintendo and Sony.
The documents revealed Monsegur's co-operation with the Feds led to threats on himself and his family from within the hacker community.
"Monsegur repeatedly was approached on the street and threatened or menaced about his co-operation once it publicly became known," read the document.
"During the course of his co-operation, the threat to Monsegur and his family became severe enough that the FBI relocated Monsegur and certain of his family members."
Monsegur originally pleaded guilty to multiple counts of computer misuse and fraud on 15 August 2011. Monsegur's final sentencing was delayed in February 2013 for an unknown reason.
He is yet to receive his final sentence, though he has already served seven months for his involvement in cyber attacks.

That Snowden chap was SPOT ON says China

China is ramping up its war of words with the USA over online espionage, releasing a report by its Internet Media Research Center that – surprise! - concludes Uncle Sam does a lot of spying online.
There's lots of pompous language in the report, such as this opening paragraph:
“As a superpower, the United States takes advantage of its political, economic, military and technological hegemony to unscrupulously monitor other countries, including its allies. The United States' spying operations have gone far beyond the legal rationale of "anti-terrorism" and have exposed its ugly face of pursuing self-interest in complete disregard of moral integrity. These operations have flagrantly breached International laws, seriously infringed upon the human rights and put global cyber security under threat. They deserve to be rejected and condemned by the whole world.”
China's specific allegations suggest the USA conducted the following activities against it and other nations:
  • Collecting nearly 5 billion mobile phone call records across the globe every day
  • Spying over German Chancellor Angela Merkel's cell phone for more than 10 years
  • Plugging into the main communication networks between Yahoo's and Google's overseas data centers, and stealing data of hundreds of millions of customers
  • Monitoring mobile phone apps for years and grabbing private data
  • Waging large-scale cyber attacks against China, with both Chinese leaders and the telecom giant Huawei as targets
The document goes on a bit, mostly repeating Snowden allegations and throwing in a few other incidents reported by other nations. Expressions of outrage about NSA activities voiced by the United Nations and privacy groups others are given a new airing, as is just about every report from any newspaper anywhere about Snowden-sourced NSA activities.
That China has put this all on letterhead is significant inasmuch as it shows the nation is very, very grumpy indeed and wants the USA to know it. That the document doesn't miss a chance to paint the USA as a declining imperial power unfairly seeking to nobble its likely new superpower successor will also go down well with local audiences.
Actions like China's new vetting program for imported IT products and possible ban on IBM servers are likely to have more impact on the US because they hit it in the wallet.
And of course let's also note that there's colossal hypocrisy on both sides: if China could do the things the NSA is accused of, would it really back off? Or would it decline the grubby practice of same “pursuing self-interest in complete disregard of moral integrity” just like it did in Tiananmen Square?

I saved Pinterest's business and all I have to show for it is a t-shirt

Pinterest is gearing up a bug bounty programme which will pay security researchers to plug holes in the popular kittens'n'cupcakes site.
The programme today launched in an early phase where researchers could report bugs through managed bounty service BugCrowd although cash rewards are not yet on offer.

The digital scrapbook has also updated its own vulnerability reporting guidelines offering t-shirts in place of cash that have seen 13 researchers report bugs to the site.
Security engineer Paul Moreno said the site valued in May at $5 billion hosted events where its in-house dedicated teams competed to crush bugs.
"We even host internal fix-a-thons where employees across the company search for bugs so we can patch them before they affect Pinners," Moreno said in a post.
"Even with these precautions, bugs get into code ... starting today, we’re formalising a bug bounty programme with Bugcrowd and updating our responsible disclosure, which means we can tap into the more than 9000 security researchers on the Bugcrowd platform."
The BugCrowd deal was a "first step" which would evolve into a paid cash programme that Moreno expected would result in a more efficient disclosure process.
Detailed public Pinterest bug reports appear to be scarce. In February 2012 security researcher Shadab Siddiqui disclosed to Softpedia cross-site scripting, iframe injection and SQL injection flaws that he said could allow user accounts to be hijacked. Pinterest plugged the holes shortly after.