Thursday, May 4, 2017

Uncover (very) sensitive info from Google Chrome

In this post I am going to show how we can uncover very sensitive info from Chrome thumbnails in three easy steps. The current, can also be titled as what a bad user can see whenever he/she has physical access to your box.

Google Chrome take screenshots from sites we visited in order to provide them for easy & quick access on the new tab action (image 1).
Image 1: Ops, There is an e-banking thumbnail here!

In the above picture we can see that the 4th thumbnail indicates a logged-in screen-shot from an e-bank account. Also, note that the specific user has already logged-out from this bank-account but Chrome still keeps the screen-shot taken when the user was logged-in!

The question now is, how (and if) it is possible to enlarge this specific thumbnail to a more readable size. The answer to the above questions is "Yes we can", just pay attentions to the following two images. First (image 2), we delete all non-interested thumbnails (using the default Chrome browser developer tools - aka F12) in order to relocate out target thumbnail into the upper left corner.

Image 2: remove non-interested thumbnails
Then, we can just change the main IDs of the Class tags to a non-existence name in order to make the thumbnail change to its original size (image 3)...
Image 3: Just change some div IDs... and voila!

Note that the above info is just an example. Chrome will take screen-shots at any time, any site w/o asking your default permissions, independent you are logged-in or not! Thus, e-banking images, emails, blogs, personal and private sites can be exposed randomly!

I consider this as a violation of the first factor of the Security Triad, the Confidentiality! The above issue has been referred to Chrome Bugs Matrix references here, (currently Unconfirmed).

Monday, April 13, 2015

Is PHP vulnerable and under what conditions?

We are going to analyze a special method of attacking Web Servers. It is known as LFI with PHP Info vulnerability [1]. It was first publish by Insomnia Sec at 2011. The method clever handles some PHP build-in features (such as upload and wildcards [2]) to accomplish a well formed attach that will end up with an arbitrary code execution (call me remote shell) on the victim's server. Requires two specific flaws on the server: A phpinfo() function must be available along with a LFI vulnerability. By combining the above two, a high risk attack can be implemented. The method has been tested successfully on Windows as well as Linux operating systems on IIS and Apache web servers. The same method failed on NginX web server.

Wednesday, February 25, 2015

How safe is our personal information?

What you will learn

  • How bad guys use information already exists on the net to gain access to:
    • your email accounts,
    • your financial information such as credit cards, PayPal accounts etc,
    • your internet hosting accounts (if you have any),
    • your personal web sites,
    • your personal life in general!
  • How you can protect yourself by such bad situations by following some very simple but very efficient security rules.
The actual incident that this article is based on was 100% real but for privacy reasons all referred user names are not the real ones and they have been chosen randomly. According to the same reason all images have been obscured.

Sunday, December 28, 2014

Testing Web Server Performance

Talking about Web Server Performance is a serious matter and for sure is not an easy one to perform. We can safely say that it is one of the few things that make the difference when we are involved in a professional site project development.

One of the main questions that the client ask is how many simultaneous visitors  can the site handle. Well, we are all know that this is a very general question and can be affected by many factors. To state our client's question in a more technical view, let say this:  
We want to check our web server responsiveness when many simultaneous requests hit on it.