Archive for the ‘Privacy’ Category
You are currently browsing the archives for the Privacy category.
17
May
2010
Facebook’s Privacy Troubles on the Horizon
Back in February of 2009 there was a big debate over the new terms of agreement that Facebook adopted. Due to the negative feedback over this decision, Facebook’s executives caved from the pressure and reverted to the old terms. Now a little over a year later, this same group is at it again.
If you have a Facebook account and haven’t bothered to check your privacy settings lately, you may be surprised to learn just how much any and everyone can find out about you. Due to recent changes in the company’s privacy policy, more of your personal information is now easily accessible in more ways than you can imagine.
Facebook’s idea of privacy is that you, the user, have to police what you share. In other words, it is your responsibility to constantly check your privacy settings to see if any changes have been made and opt out of these changes if you don’t agree. I’m sure that most of you would agree when I say, there are better things to do with your time than to constantly check privacy settings on a website.
Feel free to see for yourself:
- Once logged in, click on the ‘Account’ button and then ‘Privacy Settings’.
- Next click on ‘Applications and Websites’, ‘What you Share’ and hidden almost at the bottom of the page click ‘this page’.
- Make sure you go through each application listed by clicking on ‘Edit Settings’ and secure them to your liking.
- Now, go back to the ‘Applications and Websites’ page and click on ‘What your friends can show about you’ to edit the options here as well.
- Finally, back on the ‘Applications and Websites’ page, click on the ‘Instant Personalization Pilot Program’ link and uncheck the box that allows Facebook partners to access your public information when you arrive on their websites.
Once you finish, ask yourself, should I really be forced to put up with this?
GHTime Code(s): becb9 nc
13
May
2010
Should MySpace Be Put Out to Pasture?
For years I have heard many people talk about how MySpace has been losing popularity and that it will soon be gone. As of today, these predictions have yet to come true.
I can’t help but remember when everyone I knew was talking about this great new site called MySpace. I remember feeling like maybe I was missing the boat because I hadn’t bought into the hype of creating my account, customizing the page and reconnecting with all of my friends. Don’t get me wrong, I think the social networking phenomenon is a great concept and is obviously widely popular. Many starting bands have had great success using this medium to get their music out there for the world to hear and we are able to communicate with friends and family all over the world for free. With that said, I don’t really regret not buying in to this concept, I just regret not coming up with the idea first. Let’s face it, the idea of exploit my members at every turn in order to make myself more money is just genius.
So why is it that MySpace is not as popular as it once was? Where did they go wrong and can they come back from their downward spiral? Well, to be honest, I’m not really sure and personally don’t even care.
The idea of putting my personal life out there for the world to see, doesn’t appeal to me. Most people will agree that they like their privacy and are often offended when it is violated. However, these same people will put all of their information, pictures and videos out there for the world to see. I haven’t even begun to mentioned the spam and phishing attacks that have plagued these sites since their creation that so many people are fooled by daily. Does anyone see a problem here? What better playground for social engineering and identity theft can you ask for? It’s like a one stop shop for all your criminal needs.
So what are your thoughts on the future of MySpace and/or social networking?
GHTime Code(s): nc 094dd
10
May
2010
WordPress Sites Hacked in Bulk
By now, I’m sure we have all heard about the numerous WordPress sites that have been hacked on several of the major hosting providers. From all of the reports so far, no one can seem to figure out what the problem is or how the breaches are happening.
Is the problem a server misconfiguration, outdated WordPress blog, weak passwords or a serious bug in WordPress itself?
If your site has been hacked and you have access to the access_logs, post them along with any other relevant information that you have and as a community let’s go through the information to see if we can find the problem.
GHTime Code(s): fa962 d7fed
9
Dec
2009
DM-FileManager 3.9.6 Cookie Injection and Authorization Bypass Vulnerability
The nDarkness community has recently been working with the wonderful developers over at DutchMonkey.com to review and point out security flaws in some of their freely available software.
During this review process, there were several issues found and we will be posting them in the coming weeks for educational purposes. It is our hope that this information will be used to help others write more secure code and realize the dangers involved with these mistakes.
The first major issue we found was with DM-Albums version 2.0. After reviewing this software and helping to add greater support for WPMU installations, we moved on to DM-FileManager version 3.9.6. The fist major issue we found with this software prompted us to take a deeper look at the authorization model used by this file manager software. Below is the vulnerable code and the method used to exploit it. Please be aware that this has since been fixed and is no longer vulnerable.
I discovered that cookie variables were being used to determine a users ability to access certain features of the software. The cookies I found that mattered were:
GROUP=ADMINISTRATORS; GROUPID=1;
The group id cookie gives you the admin.php button (footer.php, line 49) – Not necessary but it was a start.
if($GROUPID == 1)
{
print(" <a href=\"admin.php\" class=\"admin\"><img src=\"ui/$USERINTERFACE/png/admin.png\" border=\"0\" height=\"15\"/></a> ");
}
Being in the administrator group (admin.php, line 116) lets you use the admin.php page.
if($GROUP != "ADMINISTRATORS") redirect("/?currdir=$currdir");
To exploit this we used javascript injection. From the log in page I entered the following in the address bar and reloaded the page:
javascript:void(document.cookie="GROUP=ADMINISTRATORS");void(document.cookie="GROUPID=1");
When the page reloaded, the admin button was in the footer of the page and it allowed me to use the admin.php page. Once in the admin interface you have full control of the file manager software and can for example, change the admins email address to yours and use the forgot password feature to receive the admins unencrypted password (more on this issue in future posts).
All DM-FileManager users are strongly encouraged to upgrade their software to the latest version.
GHTime Code(s): b0b5f nc
21
Oct
2009
WordPress – DM Albums Version 2.0 Critical Vulnerability
The latest version of DM Albums was released on 10/21/2009 to all WordPress users and it contains a serious flaw that can allow an attacker to remotely delete any file or folder they wish. The author has been notified of the problem and I have listed a work around below to prevent directory traversal.
After upgrading to the latest version of DM Albums I was playing with the new features and noticed the function to delete albums. I dug into the code located at wp-content/plugins/dm-albums/wp-dm-albums-ajax.php and found that there is no check to see if someone has used directory traversal. This means that anyone can delete files or directories outside of the upload directory.
Example:
http://someblogsite/wp-content/plugins/dm-albums/wp-dm-albums-ajax.php?delete_album=../../../public_html
The vulnerable section that allows this to take place is:
-
if(isset($_GET["delete_album"]) && !empty($_GET["delete_album"]) && strlen($_GET["delete_album"]) > 0)
{
//delete the album directory
dm_get_album_delete($DM_UPLOAD_DIRECTORY . $_GET["delete_album"]);
}
In this code there is no check to see what is contained in the GET variable and you don’t even need to be logged in to delete files.
Below is a quick and dirty work around to prevent the problem and I would suspect there will be more checks to ensure that user input is sanitized in the near future. This work around will not prevent malicious users from deleting your albums but it will keep folders outside of the upload directory safe.
-
if(isset($_GET["delete_album"]) && !empty($_GET["delete_album"]) && strlen($_GET["delete_album"]) > 0)
{
//remove the / character from user input
$_GET["delete_album"] = str_replace(“/”, “”, $_GET["delete_album"]);
//delete the album directory
dm_get_album_delete($DM_UPLOAD_DIRECTORY . $_GET["delete_album"]);
}
Once I hear back from the author I will update this post to let everyone know the outcome.
Update: A new release, v2.0.1, with the above mentioned work around has been released. We should also expect to see another update in the next few days that will employ more security checks and some upgrades for WordPress multi user environments as well.
GHTime Code(s): dc678 16e08 522fd 08095 nc 68ef8