Facebook, a website with an estimated of 5 to 10 Million in US Dollars, a number of 250-1000 employees, a website ranked number 8 GLOBALLY by alexa.com’s traffic standards, is not capable of securing their data base. Millions (LOTS OF MILLIONS) of accounts, email addresses and passwords up for grabs by anyone. Let me show you a few concrete examples of vulnerable parameters.

Not only is the website vulnerable to sql injection but it also allows load_file to be executed making it very dangerous because with a little patience, a writable directory can be found and injection a malicious code we get command line access with wich we can do virtualy anything we want with the website: upload phpshells, redirects, INFECT PAGES WITH TROJAN DROPPERS, even deface the whole website.

But let’s see what else is interesting in the data base. Because I was accused for making personal info public, I didn’t concatenate the username, email, and password syntax, but only the userid and session key column along with the date the key was created. If you don’t know what a session key is to facebook read http://wiki.developers.facebook.com/index.php/Authorizing_Applications.


Let’s move on to another SQL injection vulnerable parameter. This time it’s blind sqli. Interesting in the image is that, firstly, the error wich reveals proof that server data can be accessed from this point.


Let’s see another vulnerable parameter. In the image you see the version of the data base software, and the name of the number 55 table in the database wich is : users. How could the columns of this table be named other than email and password ? You guessed it, they are named like that. To be continued.

Credits URL : http://hackersblog.org/2009/02/04/facebook-hacked-o-baza-de-date-cu-milioane-de-conturi-ce-pot-fi-accesate-de-oricine/

Operating system suppliers Red Hat, which is the leading commercial Linux distro by some measures, and Microsoft, the only maker of Windows, today announced a cross-platform support agreement that will allow operating systems from one to run on the hypervisors of the other.

The interoperability agreement has been forced on the two companies, which are not exactly natural allies or even particularly friendly even if they are mostly civil, by their respective customer bases, software partners, and resellers, explained Mike Evans, vice president of corporate development at Red Hat, and Mike Neil, general manager of virtualization strategy at Microsoft, in a webcast this morning.

The Red Hat-Microsoft deal is short and sweet, and bears little resemblance to the landmark interoperability, licensing, and patent protection deal that Red Hat rival Novell signed with Microsoft in November 2006.

That deal irked plenty in the open source community because of licensing issues relating to Linux and the applications that ride atop it. But it has boosted Novell's financials, with Microsoft buying hundreds of millions of dollars in licenses for SUSE Linux Enterprise Server 10 and distributing them to its Windows customer base.

Testing times

The two Mikes were at pains in the short announcement to make it clear that all that Red Hat and Microsoft have agreed to do were to test, validate, and jointly support each others operating systems when running on each other's server virtualization hypervisors. Red Hat's Evans said the agreement has no provisions for patent rights, or open source licensing, or any financial arrangements beyond the standard testing and qualification fees that Red Hat and Microsoft charge their ISV partners to get certified and an agreement to work together to provide cooperative support for products.

Virtualization is, according to Evans, moving out of the early adopter stage and into mainstream use in data centers. It is still early in the server virtualization game on x64 iron, but both Red Hat and Microsoft think that the lack of an interoperability arrangement between the two companies has been hindering the adoption of server virtualization.

Better virtualization management tools are available now, and the underlying x64 iron is able to do more sophisticated support for memory and I/O as it relates to virtual machines and their hypervisors. And with Gary Chen, research manager for enterprise virtualization software at IDC calculating that Windows and RHEL comprise 80 per cent of all guest operating systems on virtualized servers, now is the time for Red Hat and Microsoft to bury the hatchet. Well, it is more like a paring knife. But you get the idea.

As part of the deal, Microsoft is now a partner in Red Hat's virtualization certification program, and Red Hat has joined Microsoft's server virtualization validation program. The latter was set up by Microsoft last June, and includes Cisco Systems, Citrix Systems, Novell, Oracle, Sun Microsystems, Unisys, Virtual Iron, and VMware; so far, only Cisco, Citrix, Novell, and VMware have fully validated their programs with the Windows stack.

Microsoft will certify Red Hat Enterprise Linux 5.2, and 5.3 will run as a guest operating system on its Hyper-V hypervisor, which is associated with Windows Server 2008; both 32-bit x86 and 64-bit x64 servers will be certified, apparently. And Red Hat is to certify that Windows 2000 Server SP4, Windows Server 2003 SP2, and Windows Server 2008 will all run Red Hat's virtualization hypervisor inside Red Hat Enterprise Linux.

Hypervisor

While Evans did not say it by name, the open source Xen hypervisor is still the default hypervisor with RHEL 5. But with RHEL 6, Red Hat is expected to shift to its own KVM hypervisor, which it acquired last summer when it bought Qumranet. KVM is part of the mainstream Linux kernel, while Xen is not.

But Microsoft already has experience supporting Xen, through its agreements with XenSource, which sponsored the Xen project and which was acquaried by Citrix Systems two summers ago. Presumably, the deal calls for Red Hat to certify Windows Server instances running atop Xen now with RHEL 5 and atop Xen and KVM in RHEL 6. Anyway, Windows guests will be certified atop RHEL in the second half of this year.

Red Hat has a partnership with VMware that validates RHEL runs on its ESX Server hypervisor, but thus far, Red Hat does not have a similar deal with Citrix for its XenServer commercial version of the Xen hypervisor. Mainly because it sells its own implementation of Xen, which it wants customers to use.

And if Red Hat wants customers to use the embedded Xen, and in the future the embedded KVM hypervisor, it needs an interoperability agreement with Microsoft so it can try to out-Xen Citrix. And you can bet that Red Hat wants to get KVM certified to run Windows Server instances well ahead of when it goes commercial in RHEL 6.

Credits URL : http://www.theregister.co.uk/2009/02/16/redhat_microsoft_server_virtualization/

We know what's coming on desktops and notebooks. But what about Intel's 32 nanometer server silicon?

Intel's 32 nanometer process will be used to make a family of desktop, laptop, and server processors known as "Westmere," kickers to the Nehalem chips that will roll out throughout the year. Earlier this week, the company divulged that it was pulling its ramp to 32 nanometer chip making processes into 2009 for desktop and laptop processors, and it gave us a pretty idea of what these chips will look like.

What Intel didn't say is how it will deploy cores or crank up clock speeds on 32 nanometer server chips. Intel has some interesting options, as the Nehalem and Westmere desktop and laptop chips show.

On its desktop lineup, Intel is taking two different paths. With the Nehalem chips, which are implemented in its current 45 nanometer processes, the company is deploying quad-core "Lynnfield" chips, which have two threads per core, and it will offer a similar "Clarksfield" chip for laptops. These chips are similar to the current Core i7 desktop chips, which have been shipping for high-end desktops since last November and will arrive in volume this year across the full PC spectrum.

In the second half of this year, Intel is going to use the 32 nanometer shrink not to increase the core counts in its desktop and laptop chips, but rather to move an integrated graphics controller onto a two-chip package. The future Westmere desktop and laptop chips will have only two cores, and the main memory controller that is integrated on the Nehalem chips is being moved over to the graphics controller that will sit beside the Westmere two-core chip.

That graphics chip and memory controller will be implemented in a 45 nanometer process, which will undoubtedly deliver higher yields and lower costs than if they had been done in 32 nanometer processors as a single chip Westmere package. The processor and graphics chips on the Lynnfield and Clarksfield packages will be connected by a QPI (Quickpath Interconnect) link.

Server processors do not need to have integrated graphics chips on their packages, unless you want to use the GPU as a math co-processor. (Not a dumb idea, provided the programming model is easy). Even if Intel doesn't want to do that, the 32 nanometer shrink for Westmere Xeons could allow the company to do all sorts of things: add more processor cores in the same thermal envelope, crank up clock speeds to boost single-thread performance while holding core counts the same or even decreasing them, or integrate other features (such as network controllers) into the chip package.

In addition to the Westmere roadmap this week, Intel confirmed that the launch of the Nehalem EP processor for two-socket servers was imminent. It's expected before the end of this quarter. The Nehalem EPs (aka Xeon 5000s) will plug into the Tylersburg server platform and use a chipset by the same name, as this roadmap shows:

Back in november, we gave you the feeds and speeds on Nehalem EP motherboards from Super Micro, which makes boards as well as whitebox servers that it and other vendors sell. The Nehalem EP chips, which sport integrated DDR3 memory controllers and which will be the first servers to use QPI, are expected to have somewhere between three and four times the memory bandwidth of existing Xeons and their antiquated front side buses.

Motherboard Glue

Exactly how this will translate into application performance will depend on how sensitive those applications are to memory. The Nehalem EP chips, code-named "Gainestown," are expected to come in two-core and four-core variants, with each core having two threads and with either 4 MB or 8 MB of L3 cache. These chips are basically a version of the Core i7 desktop chip reimplemented with symmetric multiprocessing extensions. Clock speeds are expected to range from 1.9 GHz to 3.2 GHz.

The high-end Nehalem EX processors, code-named "Beckton," will have up to eight cores, will be delivered by the end of the year and will use the "Boxboro" chipset that will also be used in the future "Poulson" Itanium processor. The Boxboro chipset will work with QPI to allow a "glueless" SMP configuration with up to eight processor sockets. Technically, the initial Opterons could do this two, by gluing together four two-way motherboards into a single system image, and it looks like Boxboro will glue together two four-socket machines to get an eight-way. The question with either approach is whether server OEMs will do it. Very few adopted the eight-way Opteron configuration.

The low-end Nehalem EN chips are tweaked versions of the Lynnfield chips used in desktops and made with 45 nanometer processes. They plug into a server platform called "Foxhollow" and use the Intel 5 series chipset used on desktops. If history is any guide, these single-socket server boards will have more I/O slots and possibly more main memory than their desktop counterparts.

Looking ahead to the Westmere generation, the future 32 nanometer chips will plug into the Foxhollow, Tylersburg, and Boxboro platforms. This is obviously something that server manufacturers want very much, since they do not like revving their hardware every year. It looks like Foxhollow gets launched in the second half of 2009, and Boxboro at the end of the year, and Tylersburg should have been here already if this roadmap is to scale.

The Westmere kickers to Nehalem EP chips (which have not been given a code name yet) are due around mid-2010, then, and the Clarkdale chip with its integrated graphics processor gets plunked into single-socket servers in early 2010. Don't expect a Westmere kicker to the high-end Nehalem EX until early 2011, it looks like.

The 32 nanometer shrink from Nehalem to Westmere should allow Intel to get clock speeds up around 4 GHz or so, compared to a little more than 3 GHz with Nehalems and their 45 nanometer processes. Or Intel could boost the core count and keep clocks about the same. The expectation is that Intel will go for speed, not cores. But the company could just as easily put two Westmere chips side-by-side in a single package instead of revving the cores, or leave graphics processors into some Westmere Xeons (as it did for the low-end Clarkdale chip) to use as a co-processor for applications.

It would be interesting to see HPC variants of Westmere chips with the graphics units embedded and then two-chip Westmere packages for regular commercial processing workloads. Intel could put other features inside a package as well - or just make the chip smaller and keep the thermals low, offsetting some of the higher heat that DDR3 main memory kicks out compared to DDR2 memory.

Out beyond that, Intel will launch a new "Sandy Bridge" chip architecture in 2010 or 2011 (it depends on the roadmap you look at) with 32 nanometer processes, and it will eventually shrink this family of chips using 22 nanometer processes in 2011 or 2012.

Credits URL : http://www.theregister.co.uk/2009/02/13/intel_westmere_servers/

New OS X research warns of stealthier Mac attacks ( In-memory code injection covers tracks )

A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices.

The technique, which Italian researcher Vincenzo Iozzo plans to detail at the Black Hat security conference in Washington next month, makes it possible to carry out stealthy Mac attacks that until now have not been possible. The in-memory injection approach allows unauthorized software to be installed on a Mac without leaving traces of the attack code or other tell-tale signs that the machine has been compromised.

Similar stealth techniques have existed for more than two years for infecting Windows and Linux machines, but until now, researchers knew of no reliable way to cover their tracks when attacking Macs. It's likely only a matter of time until malware developers begin using the method in the wild, said researcher Charles Miller, who has reviewed Iozzo's work.

"The importance is it makes forensics much harder," Miller wrote in an email to The Register. "In the past, you could rely on seeing the trail of the bad guy on the disk, even if they tried cleaning up and deleting their files. This provides a practical method to eliminate that evidence."

Miller said he is in the process of extending the technique to installing unauthorized applications on the iPhone.

Unlike most attacks today, Iozzo's technique allows someone to execute a binary completely within the OS X application or process that's being attacked. That means the operating system doesn't need to open a new process and the exploit code need not ever touch the hard disk of the infected machine. Such activities typically leave a wealth of clues to system administrators trying to tell whether a computer has been compromised.

A student at the Politecnico di Milano, Iozzo was able to fashion the exploit method by carefully monitoring the Mac executable file format known as Mach-O. By mimicking exactly the way OS X lays out executable code in memory, the researcher discovered a way to bypass more traditional ways of loading binaries into the operating system.

Iozzo said OS X's address space layer randomization, which is designed to thwart such attacks by randomizing the memory locations of executable code, can be circumvented by local users. That's because an OS X program known as the dynamic linker is always located at the same address. The dynamic linker in turn allows him to predict the location of other libraries needed to make the attack technique work.

To be clear, attackers who want to use the technique must first have a reliable exploit for an unpatched vulnerability in OS X or in iTunes, Safari, or some other OS X application. The injection method doesn't make it any easier to pierce a Mac's defenses. It only makes it easier for attackers to cover their tracks once they have.

Still, the technique doesn't make attacks completely undetectable. Investigators can still dump the virtual memory and inspect it or detect the attack by using a network intrusion detection system or a host-based anomaly intrusion detection system.

Be that as it may, don't be surprised if it finds its way into real-world attacks in the future.

Credits : http://www.theregister.co.uk/2009/01/21/stealthier_mac_attacks/

As one of the market's best antivirus program, news of Kaspersky website being hacked is quite an embarrasing statement ... But so far they accomplish my work on cleaning viruses ... Tha's what happens when a certain product gets to notice or become popular, someone will try to bring it down, hope Kaspersky experts will resolve this issue ASAP, becuase so far they're the leading protection against various types of malicious codes creeping the our PC's ...

The news : Kaspersky breach exposes sensitive database, says hacker

A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims.

In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a database containing "users, activation codes, lists of bugs, admins, shop, etc." Kaspersky has declined to comment, but two security experts who reviewed the evidence said the claims appeared convincing.

"This looks very real to me," Thomas Ptacek, a researcher at security provider Matasano said via instant message a few hours after the post went live. He pointed to the address bar of one screenshot that showed usa.kaspersky.com along with the text "concat_ws(0x3a,ver" to the right of that. "It's a URL that is being used to alter the database request that's used to generate the page," he added. "One of them can be tricked into pulling arbitrary data from the database. Game over."

Roger Thompson, chief research officer at competing anti-virus provider AVG concurred. "/me feels sorry for Kaspersky," he wrote to El Reg. "Can't tell for certain, but it looks legit."

Representatives from Kaspersky declined to immediately comment.

"Given the hour, we are not able available to talk now, but I will work on answers for you to have early tomorrow," a spokeswoman wrote in an email sent Saturday evening California time, several hours after the post was made.

It claimed that a simple modification of a URL exposed the site's entire database. "Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shot, etc." The screenshots showed the attack was focused on Kaspersky's technical support and knowledge base for the Americas. It included the names of more than 150 tables.

The URLs were edited to redact the page's vulnerable handler, but tools that are easy to come by could help anyone who knows how to use them to identify where the SQL injection weakness is located, Ptecek said.

Assuming the hack is for real, it wouldn't be the first time a Kaspersky site has been hit by a SQL injection attack. In July, Kaspersky's Malaysian site and several subdomains were defaced by hacker who left pro-Turkish slogans. According to ZDNet's Zero Day blog here, Zone-h archives show 36 website defacements of international Kaspersky sites since 2000.

This breach appears to be more serious because it potentially exposes customer information and could also open Kaspersky's site to other types of abuse, security experts said.

"I hope that Kaspersky administrators fix this vulnerability rather quickly as they no doubt have a large customer base, and it would appear that all those customers are now exposed," Gunter Ollmann, the chief security strategist at IBM's Internet Security Systems blogs here.

"On top of that, this type of critical flaw can probably be used to usurp legitimate purchases and renewals of their products - which could include the linking to malicious and backdoored versions of their software - thereby infecting those very same customers that were seeking protection from malware in the first place."

Credits :
~ http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/
~ http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/