Tuesday, January 6, 2015

Please secure your cookies,

For the love of god, please secure your cookies.

  1. If you are going to pass login information via cookie back to the client to insure that the client is going to make it easier for them to login .. Please pass it back via same secure channel over the same SSL stream not over a diff http stream.
  2. 2nd thing, always and always hash or encrypt the contents of the cookie. So if it is in the clear or if the client gets owned the cookie is that much harder to get Personally Identifiable Information (PII).
  3. Last, this is as easy as grade 5 HTML class.. Do not name things username, user, pass, password, pw, usr. as these key words are easy to find. It’s better to hide in code.

For all the bad coders out, we love you. You keep us busy and employed. 

Saturday, January 3, 2015

Hacking as a service !!!!!

-=ALERT=- do not visit this sites from your computer as due embedded malware. -=ALERT=-

A New Russian hacking site, promises to sell you hacking account to Facebook, classmate and the popular Russian social media site ВКонтакте. 
CanadaCyber have discovered this after one of our underground contact informed us about a new website that is selling services to allow users to hack into other users accounts.  
The innovative thing about this is the service model. Previously most Russian hacking sites would sell you just tools, so you would pay, then you get some link to download the tools and that would be the end of it.  Also for the most part the tools usually would stop working after 1-2 weeks as they are then detected by Av vendors.
Now this is a different as the site does the work. And not the tools you have downloaded that can easily be identified. So you have no idea what new exploit they are doing at that time.
This also insure if the advisories have found a 0 day in something like Facebook only they know how to use it and exploit for financial gain. As the clients is pivoting through the hackers and the hackers are doing the work in a service model aspect.
Below are screens from the site, after using Google translator to translate it. 

As we at Canada cyber continue to fight the cyber threats we have submitted this to some of the big vendors we deal with.

We also love this part LOL.
Информация указанная Вами при регистрации полностью конфиденциальна и не подлежит разглашению третьим лицам.

In English .. 

The information provided by you at registration is completely confidential and will not be divulged to third parties.
We started looking deeper in what is this site exactly doing. And we noticed that the source code they are using comes from another site that offers the same thing. 

So we went to the site and it’s the same thing.
And this is what they do:
1.     You place an order on hack
Leave an order for hacking the account in our system and it will be available to carry out by the hackers. You can pay money for hacking the account when it will be done.
2.     A hacker will fulfill your order
A hacker gets your order and then after breaking he informs our system login, password, and a screenshot of the victim whose account he has hacked.
3.     We will check the hacked account
We will check the hacked account (login and password whether they are valid). If the login and password are hacked, then the system will change the status of your order for Done.
4.     Get login and password from a hacked account
As soon as the order is given the status Done, you can see a screenshot from the personal account of the victim, so we affirm the fact of a successful hack. You need to make a payment for your order and our system will automatically inform you login and password from a compromised account. 

-=ALERT=- do not visit this sites from your computer as due embedded malware. -=ALERT=-