This has reminded me of a post I read on zdnet.net back in July. Its kind of the same concept, but instead it deals with their names and emails. There is a vulnerability in Google Documents, which when clicking on a invitation link, your name and email is automatically recorded.

The steps to accomplish this as follows:

1.) Create a document under a Google account at http://docs.google.com.

2.) Email yourself the invitation link by clicking share on the top right corner.

3.) This concept can be extended by using frames to record the information.

Ex. ( < iframe src="http://docs.google.com/Doc?id=dcvdcks6_0d53j52g6&invite=g7365jj">< /iframe> )

4.) Now If you look at the sharing list, you will see your victims email and name.

An attacker can use this method to add hundreds of documents to your Google account without your consent, while recording your name and email in the process.

Share/Save

October 14, 2008 - Google has fixed this issue, by adding a session token.

What is a CSRF?
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

A Cross-site request forgery exists in youtube, which allows a user to add their video of choice to anyones favorites.

Simply, all the user would need to do is request the URL as an image (< img src="http://m.youtube.com/add_favorite?v=VIDEOIDHERE&client=mv-google&warned=1&is_adult=1&locale=en_US" >), and the video would now be added to the viewers favorites.

Share/Save

Right now on youtube, there is still a big potential for you to make yourself some money.
I was experimenting with youtube in the summer, and it was pretty successful.
Firstly, you would need your niche. Don’t use something that everyone else and their mother is promoting, instead pick a niche that is in your interest. Be unique! The key is to make the targeted audience offended. For example, if you were promoting the widely known offer Acai Berry, you would need to target towards overweight users and offend then while doing so. Make them feel ashamed of themselves for being fat fucks and not doing anything about it. The Acai Berry offer is a whopping 30$ a lead, on a 3$ trial submit. You can grab this offer over at Ads4Dough.com.

Now that you are all set, you need to make the video that is offending the targeted audience. As I mentioned above, the key is being unique. Now that you have your video, create a new youtube account and upload your video with a eye catching title. If you would like to upload your video to 30+ sites at once you can use a service called Hey!Spread, but for now lets stick with youtube.

Your video would be worthless without any views, correct? Yes.. This is where the promotion part comes in. I would have my video top ranking for the most viewed video of the day with my method. I gained my views simply from the website Cam4.com, which is a popular free live sex cam site. There was a vulnerability (which is fixed now) within the profiles that allowed javascript with filter evasion techniques. Youtube doesn’t count a video view if the video is directly iframed and auto started, but if you iframe the youtube page itself, it does count. From here on out, it was now easy to get my video on top rankings. I simply iframed my video several times on a external site, then linked it on cam4. I had most of the popular profiles on Cam4 with stats such as 10,000 live viewers. Think about it… 10,000 Lives viewers viewing your youtube video several times each 10,000 x 4 = 40,000 views on your video! Now 40,000 x the 5 other popular profiles, you can see how my video reached top rankings. With the views, I also combined an vulnerability I found in youtube that allowed me to add my video to any users favorites. The most favorites I had on one of my videos was 20,000+. My video on 20,000 users channels. I notified youtube of this issue and still had no response, and if I do not receive a response within the next 5 days I will disclosure the vulnerability here for you to use.
Heres some motivation for you, this is my earnings using the youtube technique only with ONE network I was using. The network below is actually EliteCommission. Highly Recommended.

Earnings on August 24, 2008 from youtube. 553 leads.
Click here to view the image

One of my videos stats on August 24, 2008

Share/Save

Hackers knocked Comcast.net offline late Wednesday night, preventing customers from getting to their Comcast Web mail and account records on the company’s Internet portal.

The criminals somehow got their hands on passwords used to alter domain-name registration information with Comcast’s registrar, Network Solutions, said Susan Wade, a Network Solutions spokeswoman. With access to the Comcast.net record, the hackers were able to switch the DNS (Domain Name System) servers associated with Comcast.net and redirect Internet traffic to their own server. They also added offensive comments to the Comcast.net record.

Visitors who went to Comcast’s portal between approximately 11 p.m. Eastern time Wednesday and 12:30 a.m. Thursday were greeted with either a “Site under construction” message or a cryptic note reading: “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven” an apparent reference to the hackers who had compromised the site and to their friends.

This attack is connected to recent defacement of the MySpace.com profiles of Justin Timberlake, Hilary Duff and Tila Tequila, said security researcher Dancho Danchev.

No one knows how the hackers gained access to Comcast’s Network Solutions account. In the past, registrars have been tricked into handing over control of Internet domains. But Danchev said that lately, criminals have also been using phishing attacks to try to take control of Web domains.

Throughout Thursday, the Comcast.net Web page continued to experience problems. For many visitors, the page was missing graphics and had the look and feel of an early 1990s Web site.

“We believe that our registration information at the vendor that registers the Comcast.net domain address was altered, which redirected the site, and is the root cause of today’s continued issues as well,” Comcast said Tuesday in a statement. ” We have alerted law enforcement authorities and are working in conjunction with them.”

Neither Comcast nor Network Solutions can say how the hackers got their hands on the Comcast password, but this type of problem is not unheard of, Wade said. “It’s not frequent, but it does happen,” she said.

There are steps that companies can take to secure their domain name registration accounts, Wade said. “We tell folks, especially big companies, to consolidate domains so you have someone in charge of all the domains,” she said. “We encourage people to update their passwords on a regular basis and make sure the passwords are complicated.”

[Yahoo News]

Most new sources worldwide reported this story, as you may know my handle, “coll1er”, was shown on the defacement page. This was simply a shoutout as I had nothing to do with the actual defacement of Comcast.net

Share/Save

One of the researchers behind ScanAlert, the “Hacker Safe” certification company McAfee recently acquired, is facing fraud charges in Indiana.

Brett Oliphant, whose title had been vice president of security services before the Napa, California, company was acquired by McAfee in January, is facing 11 counts of securities fraud in transactions that allegedly brought in more than $1.215 million.

Oliphant and his brother Bryan were charged in December. Their trial is set for November 18 at the Elkhart County Superior Court in Indiana.

ScanAlert built technology for auditing and then certifying websites as “Hacker Safe.” McAfee paid $54.9 million for the company in January and has since renamed the certification service “McAfee Safe.”

The Hacker Safe and McAfee Safe marks are designed to reassure potential customers that the website they are visiting has been tested for vulnerabilities and is unlikely to have been hacked by online fraudsters.

Oliphant’s arrest was not widely known until blogger Ronald van den Heetkamp posted news of it on Monday. Van den Heetkamp has been critical of McAfee’s certification service in the past.

The ScanAlert vice president had led the development of his company’s vulnerability scanning technology and managed the company’s research division.

A McAfee spokesman declined to comment on the matter or confirm whether Oliphant was still with the company. “McAfee does not comment on the private affairs of others, legal or otherwise,” he said in an instant message.

[Full Story]

Share/Save

Websense Security Labs recently was discussing a great topic that sparked my interest. Titled “Who do you trust with your web traffic”, this article discusses the dangers of web proxys. To put it to the test, they installed a CGI web proxy on a test web server. Once setup, they conducted an example by going to myspace.com and accessing a personal myspace account. Myspaces authentication cookie shows your email and password in plaintext which could be read. All your traffic is shown in clear text from your browser, to the proxy server. Its simple for website owner to sniff the packets sent threw the proxy server to get your login details, but I have a simpler way to do so. All it takes is a modification of the popular commonly used proxy script “PHPProxy”. You can record any data sent through it by determining certain keywords. By certain keywords I mean the script looking for terms such “login”, “password”, “email“, “username“, etc. If these keywords are found, it will be logged to a log file on the server. By using regular expressions, you can trigger the logging. The user browsing through the proxy will have no idea this is happening, due to the fact it looks exactly as a normal web proxy would. This is very dangerous and by using a proxy server, your login credentials may be at stake. Even if the server is using SSL to encrypt the traffic, and you think you are safe well guess what… you’re not.

Share/Save

If you are on the website, “Stickam.com” then you must have heard of Team n0d. We were a group on stickam known for “hacking”. In late summer of 2007, Mikeyy and myself had an idea to overlay the add friends button so when you clicked to add us as a friend, it would redirect to a phisher. Once logged in, it would send them to the request form. This was eventually reported to stickam, after them reviewing our profiles, they were banned by an admin. I didn’t understand why they would ban us after all the security related issues we helped them with. Before our profiles were banned, we would report our findings to Newave who is a stickam employee, which were then forwarded to a developer. After reporting several exploits, stickam decided to send me a free webcam. I accepted the offer, and received my webcam a week later. But back to our profiles being banned, we did not deserve this ban in anyway shape or form. We talked to some employees and they refused to unban us. I thought it was rather fucked up what they did, seeing we helped them improve their websites security.. Anyway we made new profiles but we formed the group which is now know today as “Team n0d”. It didn’t take long for Team n0d to get well known on stickam. A week after the ban, we started attacking the website by hacking famous users profiles, and hijacking administrator accounts. Stickam didn’t think we would react in such a destructive manner so they didn’t do anything but let us be. Our profiles still remained banned, so we continued our attacks. After months and months of these hacks, it was in January when it was stickams last string. They must have been tired of us controlling their website so they contacted a lawyer, and mikeyy and I received a cease and desist letter in the mail. This letter stated that if these attacks continued, they would be pressing charges against us. As a result of this letter, Team n0d has disbanded and all attacks on stickam.com have halted.

Share/Save

Recently I was reading an article on Roland’s website about Davidson Companies having their database hacked which contained names, Social Security numbers and account information for 226,000. That is insane. I checkup daily on attrition which reports recent data losses. It seems to me you can’t trust any web application these days.. I mean if you scroll threw the list you see colleges, government websites, hospitals, and huge corporations behind broken into daily. I don’t know about you, but this worries me a whole lot.

Share/Save

A friend of mine showed me the website kidrobot.com, and asked to pick between two different hoodies. Well you know me, every site I go to, I try to see if its vulnerable in any way. Here I noticed kidrobot.com set several cookies. There was first name, last name, username, password, email, and customer_id. The password cookie showed the password in plain-text without any encryption. I was interested to see what this customer_id cookie did, so I went ahead and edited the cookie from my customer id to an id lower.. After changing the content of “customer_id”, I clicked my account and noticed I was logged into another users account. This gave me access to the customers first and last name, address, phone number, username, email, and password. The password was however not shown in plain-text but however with the “web developer” toolbar for firefox I was able to show the password hidden under the asterisks. Wow, now I have all of this personal information in my hands. The funniest thing I thought was the hackersafe logo on the bottom of the page. Kidrobot is actually a big website, and wouldn’t want their customers to know thousands and thousands of credit card information, passwords, and personal information were this pubically available, so I decided to give kidrobot a call. The vulnerabilities are now fixed and they offered to send me a free product.

UPDATE
I have received my free product which just happened to be a 185$ hoodie

Share/Save

I wasn’t feeling the other tumblr.com which I was using for the old j3t, so I decided to switch to wordpress. I will be blogging more frequently from now on, on topics such as web application security and Blackhat SEO.

I posted all the old articles, under the category “Old J3t”

Stay tuned!

CoLL1eR

Share/Save