Category: Blog

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650610590731{margin-bottom: 0px !important;}”]GDPR in Short

1. Any company either based in the EU or which deals with any data involving EU citizens or organizations are required to comply.
2. Under the GDPR, personal data includes anything that might identify an EU citizen, including IP addresses and cookie IDs.
3. Companies will now need to report incidents that could risk customer data to their country’s Data Protection Authority within 72 hours of discovery. For major breaches, the affected company has an additional requirement of informing their customers or users themselves.

Application Security Requirements in the GDPR

1. In order to discover any weak points in how data is processed or handled, the GDPR mandates that organizations assess their current systems and processes for how they currently handle data and perform a gap analysis to find what works and what needs to be changed or removed.
2. There needs to be Security by Design and by default to ensure data is secured from the beginning of the application or system. This concept describes the idea that security and privacy need to be considered during the planning phases.
3. Encryption and pseudonymization of personal data.
4. The ability to restore personal data availability in the event of a security incident or technical issue in a timely manner.
5. Ensuring ongoing confidentiality, integrity, and availability (the tenets of InfoSec) of data processing systems and services.
6. Establishing a process for regular security testing and assessment of the effectiveness of security practices and solutions in place.
7. Organizations should practice the principle of least privilege, as well as regularly ‘cleaning house’ and removing any data that is no longer needed.
8. Lastly, it is recommended, though not mandated, the organizations, especially larger ones, create centralized application and data repositories to maintain better control over customer data.

Web Applications must follow

1. Encrypting data end to end – Make sure any data you collect from your customers is encrypted.
2. Make sure all data is able to be “forgotten”. Under the GDPR, users have the right to be forgotten – all of their data that is stored about them can be wiped at any moment upon their request. This also applies to any 3rd-party integrations where you send data. It’s also a best practice to dispose of temporary data as soon as possible after it is used.
3. Provide individual consent checkboxes for each data processing capability. How many times have you checked “I accept the terms and conditions” without reading what you actually just consented to? A major change in the GDPR’s data protection regulations includes specifying how data is processed and allowing the user to consent to (or revoke consent to) each activity. This does not just apply to new users. It’s also required that you contact existing users who may have joined under less specific terms and conditions and request their consent.
4. Allow users (and non-users) the ability to see if you have their personal data stored. Ideally, any person would be able to submit their email address and find out if your company has any personal information stored about them in your databases. Beyond that, the ability for a user to see all of the data that they have given you in a non-spreadsheet format is desired.
5. Allow users to edit collected data. If you’re collecting information about a user (phone number, shipping address, etc.) they should also be able to edit this information if it’s incorrect, ideally without needing to contact you to do so.
   GDPR is no burden. It has been introduced for benevolence of customers and companies.

[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650609616592{margin-bottom: 0px !important;}”]A 16 years old high school student from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts.

Student told the authorities that he hacked Apple because he was a huge fan of Apple and he always wanted to work with them.

The embarrassing part he hacked the company’s servers not once, but multiple times over the course of more than a year, and Apple’s system administrators failed to stop their users’ data from being stolen.

When Apple finally noticed the intrusion, the company contacted the FBI, which took the help of the Australian Federal Police (AFP) after detecting his presence on their servers and blocking him.

The AFP caught the teenager last year after a raid on his residence and seized two Apple laptops, a mobile phone, and a hard drive.

After analyzing the seized equipment, authorities found the stolen data in a folder called “hacky hack hack.” Besides this, authorities also discovered a series of hacking tools and files that allowed the 16-year-old boy to break into Apple’s mainframe repeatedly.

According to the authorities, the teenager also used Whatsapp to share his offending with others. At Apple’s request, authorities did not disclose details regarding the methods the teenager used to hack into its secure servers, though investigators said his ways “worked flawlessly” until the company noticed.

The FBI and the AFP kept everything secret until now, as the teen’s defense lawyer said the boy had become so well known in the international hacking community that even mentioning the case in detail could expose him to risk.

The teen has pleaded guilty to a Children’s Court, but the magistrate has postponed his sentencing till 20th September 2018.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650607655760{margin-bottom: 0px !important;}”]In December-2016, attackers were exploiting misconfigured open-source MongoDB databases and holding them for ransom. Bitcoin chart The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. Bitcoin exchange chart 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking control of over 10,000 database instances.

Mongo databases which were not password protected have paid heavy price for this vulnerability. Well it was not a vulnerability. Vulnerability is a quality or state of being exposed to the possibility of being attacked or harmed. It was ignorance and when you ignore serious aspects like security, you have to pay unbearable price.[/ra_section_title]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650607878004{margin-bottom: 0px !important;}”]Above is a screenshot, which shows how hacker hacked into vulnerable mongo databases. Now after taking control of the database, they are simply removing the existing db and putting a ransom note in the table.

In above example, they removed the database and created a db name warning.

Here is ransom note in collection warning :

Send 0.1 Bitcoin to walletaddress 131qpnP9v2qGKbrAQirCZzunyw5x3dADsB and contact m3lk@sigaint.org to get your databases back.

Remedy :

Mongo DB admin must need to implement strong password for their databases as well as if code is on same server, they need to close the port 27017. They do not need an opened port for remote access if code is able to access database locally.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650548021525{margin-bottom: 0px !important;}”]WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the EternalBlue exploit to enter a computer, taking advantage of a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. It installs DoublePulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. It is also being called WanaCrypt0r 2.0.[/ra_section_title] [ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549264490{margin-bottom: 0px !important;}”]

Main Functionality

The WinMain of this executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. It doesn’t actually download anything there, just tries to connect. If the connection succeeds, the binary exits.

It was probably some kind of kill switch or anti-sandbox technique. Whichever it is, it has backfired on the authors of the worm, as the domain has been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the executable. This only applies to the binary with the hash listed above; there may well be new versions released in the future. The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT), so the worm will still work on any system that requires a proxy to access the Internet, which is the case on the majority of corporate networks.[/ra_section_title]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549317843{margin-bottom: 0px !important;}”]After this check passes, the first thing the worm does is check the number of arguments it was launched with. If it was run with less than two arguments passed, it installs a service called mssecsvc2.0 with display name Microsoft Security Center (2.0) Service (where the binary ran is itself with two arguments), starts that service, drops the ransomware binary located in the resources of the worm, and runs it.

If it was run with two arguments or more—in other words, if it was run as a service—execution eventually falls through to the worm function.[/ra_section_title]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549356799{margin-bottom: 0px !important;}”]The initialization function called first calls WSAStartup() to initialize networking, then CryptAcquireContext() to initialize the crypto API so it can use a cryptographically-secure pseudo-random number generator. It then calls a function that initializes two buffers used for storing the worm payload DLLs, one x86 and one x64. It copies the payload DLLs from the .data section of the worm and then copies the entire worm binary after it.[/ra_section_title] [ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549394786{margin-bottom: 0px !important;}”]The code of each payload DLL is very small, just getting the resource content (i.e. the worm binary), dropping to disk as C:\WINDOWS\mssecsvc.exe (this path is actually hardcoded) and executing it.[/ra_section_title] [ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549468700{margin-bottom: 0px !important;}”]

SMB Vulnerability

After initializing the functionality used by the worm, two threads are created. The first thread scans hosts on the LAN. The second thread gets created 128 times and scans hosts on the wider Internet.

The first thread (in charge of scanning LAN) uses GetAdaptersInfo() to get a list of IP ranges on the local network, then creates an array of every IP in those ranges to scan.[/ra_section_title]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549568304{margin-bottom: 0px !important;}”]The LAN scanning is multithreaded itself, and there is code to prevent scanning more than 10 IP addresses on the LAN at a time.[/ra_section_title] [ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549616541{margin-bottom: 0px !important;}”]The scanning thread tries to connect to port 445, and if so creates a new thread to try to exploit the system using MS17-010/EternalBlue. If the exploitation attempts take over 10 minutes, then the exploitation thread is stopped.[/ra_section_title] [ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650549659342{margin-bottom: 0px !important;}”]The threads that scan the Internet generate a random IP address, using either the OS’s cryptographically secure pseudo-random number generator initialized earlier, or a weaker pseudo-random number generator if the CSPRNG failed to initialize. If connection to port 445 on that random IP address succeeds, the entire /24 range is scanned, and if port 445 is open, exploit attempts are made. This time, exploitation timeout for each IP happens not after 10 minutes but after one hour.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650543385132{margin-bottom: 0px !important;}”]GitLab CI (Continuous Integration) service is to build and test the software whenever developer pushes code to repository. GitLab CD (Continuous Deployment / Delivery) is a software service that makes the changes of code in the staging / production which results in every day deployment of staging and production.

We are going to achieve following tasks using GitLab’s CI/CD

1. Once the code is pushed into repository, make the runner build our application’s Docker container.
2. Once the container is built, push to our project’s GitLab registry.
3. Deploy the container to our production server.

To achieve these tasks, follow the steps below.

Step 1 Create a gitlab Runner

Go to your project repository in gitlab. Open settings > CI/CD > Runners. Here you can create runner for your process. to install gitlab runner on your linux system, follow the guide.

Step 2 Configure gitlab-ci.yml file

Create a .gitlab-ci.yml file in root directory of your project and push the file into repository. Here is the example of .gitlab-ci.yml file

variables:
TEST_BUCKET: “mar-now-test”

stages:
– lint
– unit
– build
– deploy

lint:
stage: lint
image: node:8.9
tags:
– docker
script:
– npm install
– npm run lint
cache:
paths:
– node_modules/

unit:
stage: unit
image: node:8.9
tags:
– docker
script:
– npm install
– wget -q -O – https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add –
– echo “deb http://dl.google.com/linux/chrome/deb/ stable main” > /etc/apt/sources.list.d/google.list
– apt-get update -y
– apt-get install -y google-chrome-stable xvfb
– xvfb-run -a npm run test:ci
cache:
paths:
– node_modules/

build-dev:
stage: build
image: node:8.9
tags:
– docker
script:
– npm install
– npm run build:dev
cache:
paths:
– node_modules/
artifacts:
expire_in: 1 week
paths:
– dist/*
only:
– master

deploy-dev:
stage: deploy
image: python:latest
tags:
– docker
dependencies:
– build-dev
script:
– pip install awscli
– aws s3 cp ./dist s3://$TEST_BUCKET –recursive –acl public-read
environment:
name: development
only:
– master

The stages property simply allows you to define the order in which the jobs should be executed. In this instance, the jobs are “build” and “deploy”. You could name these anything you’d like. Generally, you’d have a “test” job as well to handle your functional and unit tests and maybe a specific job for building a staging container.

Step 3 Deployment

status of Pipeline

If you have successfully set up the Runner, you should see the status of the last commit change from pending to running, passed or failed.[/ra_section_title]

[ra_section_title style=”classic4″ title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650543438899{margin-bottom: 0px !important;}”]If you click on the status of the job, you will be able to see its log. This is very important, because this way you check what went wrong when your task is failed.[/ra_section_title]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650543502388{margin-bottom: 0px !important;}”]Once status is success, it deploys the build with pushed code in a docker container. Everytime code is pushed, it creates a separate container with updated code. Whole process is automated and that is the beauty of it.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650541456194{margin-bottom: 0px !important;}”]Sh00t is a Testing Environment for Manual Security Testers. It acts as a task manager to let testers focus on performing security testing. The biggest advantage is, it helps to create bug reports with customizable bug templates.

Its one of the feature is to work as a Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security. It has automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security. It manages custom bug templates for different purposes and automatically generate bug report as well as it supports multiple Assessments & Projects to logically separate one’s different needs.[/ra_section_title]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1650541934778{margin-bottom: 0px !important;}”]Installation Guide on Linux servers :

Using Virtual env wrapper

1. Make sure you have Python 3. You can check by command

• which python3

If you get path of Python, you have Python 3 on your system. If you do not have, you can install from here.

2. Install virtualenvwrapper.

• pip install virtualenvwrapper

3. Find the shell file.

• whereis virtualenvwrapper.sh

4. Suppose you get the location of the file /usr/local/bin/virtualenvwrapper.sh, now run following command to load it.

• source /usr/local/bin/virtualenvwrapper.sh

5. Create virtual environment using python 3

• mkvirtualenv sh00t -p /usr/bin/python3

6. Clone the project from github

• git clone https://github.com/pavanw3b/sh00t.git

7. Go inside the directory and Install the dependencies.

• cd sh00t
• pip install -r requirements.txt

8. Migrate the database

• python manage.py migrate

9. Create super user to login.

• python manage.py createsuperuser

10. Import 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH)

• python reset.py

11. Start sh00t server

• python manage.py runserver 0.0.0.0:8000

12. Access http://127.0.0.1:8000/ on your favorite browser. Login with the user credentials created above.

Now you are ready for action. Add your project and find the imported checklist under Case Master and Module Master. Verify your developed project follows the checks or not.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” title_font_container=”tag:h3|font_size:36px|color:%23129cb1″ title_use_theme_fonts=”yes” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_title=”true” use_custom_fonts_content=”true” css=”.vc_custom_1650265733032{margin-bottom: 0px !important;}”]Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io.

It’s common to see subtitle files (usually a .srt or .sub) included in torrents and other less-than-legal movie downloads, so people tend to simply ignore them. You can load this file into most video players to display subtitles in the chosen language synced to the video. Check Point says that there are roughly 200 million installations of video players vulnerable to this exploit including VLC, Kodi, Popcorn-Time, and Stream.io.

Details can be found here

http://code610.blogspot.in/2017/04/multiple-crashes-in-vlc-224.html

https://www.cvedetails.com/cve/CVE-2017-9301/

Solution : Download Subtitle Hack Fix
Check Point researchers contacted the developers of the affected media players in April 2017. Thankfully, the security patches have been released.

In the case of VLC, the attacker can leverage memory corruption bug. The media player had four vulnerabilities (CVE-2017-8310, CVE-2017-8311, CVE-2017-8312 and CVE-2017-8313) which have been fixed by VideoLan.

A fix for VLC is available as the latest version 2.2.5.1 which is present on the VideoLan’s website. The same is the case of Stremio.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1649688544554{margin-bottom: 0px !important;}”]A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher is making news this week. The vulnerability is billed as the WannaCry equivalent for *nix operating systems, and some are even calling it SambaCry since it affects the SMB protocol implementation and is potentially wormable – which can cause it to spread from system to system.

 

A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.

 

Points :

1. CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)3.
2. This vulnerability is the Linux version of WannaCry, appropriately named SambaCry. A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.
3. The flaw allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it with the privileges of smbd (typically root).
4. This flaw affects all versions of Samba from 3.5.0 onwards, except for the most recent releases of Samba 4.6.4, 4.5.10 and 4.4.14.

 

Exploit samba vulnerability
https://github.com/opsxcq/exploit-CVE-2017-7494

 

Solution :

Updating SAMBA will fix this vulnerability.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” title_font_container=”tag:h3|font_size:36px|color:%23129cb1″ title_use_theme_fonts=”yes” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_title=”true” use_custom_fonts_content=”true” css=”.vc_custom_1649688206397{margin-bottom: 0px !important;}”]Research Team is working to make this place better and safer
Once upon a time, an old man walked down a Spanish beach at dawn, he saw ahead of him what he thought to be a dancer. The young man was running across the sand, rhythmically bending down to pick up a stranded starfish and throw it far into the sea.

 

The old man gazed in wonder as the young soul again and again threw the small starfish from the sand into the water. The old man approached him and asked why he spent so much energy doing what seemed a waste of time. The young man explained that the stranded starfish would die if left until the morning sun. “But there are thousands of miles of beach, and miles and miles of starfish. How can your effort make any difference?” The young man looked down at the small starfish in his hand, and as he threw it to safety in the sea, said, “It makes a difference to this one!”

 

Our research team is doing same work in ocean of websites. Their efforts are definitely making a difference to one.

 

Web security is as much essential as web development these days but many web based applications are not taking it seriously. You are not mugged till now it doesn’t mean robbers do not exist. Our security research and analysis team picks random servers from internet and find the vulnerabilities. They act like an ethical hacker and inform them about vulnerabilities.

 

One of the vulnerability we found in the site asapp.com. asapp is Built by a team of leading scientists, software engineers and designers. We reported them and got reply from their young and dynamic founder and advisor Marcus Westin. First he did not believe but when we showed him proof, he was surprised. He wanted to know how it was possible for us to hack into their system. Our security researchers not only showed him the steps, they also suggested their team to fix the vulnerability.

 

Another incident was with the site mypokert.com. It is a site to play poker online. When we sent an email about their vulnerable site, they did not believe but two months later we got an email from site owner Kirill about their site is hacked and it was exact same way what we mentioned in mail. But now it was too late. Their data could not be recovered. Hacker dropped the all the databases.

 

When they asked our help, we provided solutions to make their site more secure and robust on security front.[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]

[ra_section_title style=”resolve” title=”” alignment=”align-left” content_font_container=”tag:p|font_size:18px|color:%23b0b0b0|line_height:24px” content_use_theme_fonts=”yes” use_custom_fonts_content=”true” css=”.vc_custom_1649687743934{margin-bottom: 0px !important;}”]What is Clickjacking

Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

For example, imagine an attacker who builds a web site that has a button on it that says “click here for a free iPod”. However, on top of that web page, the attacker has loaded an iframe with your mail account, and lined up exactly the “delete all messages” button directly on top of the “free iPod” button. The victim tries to click on the “free iPod” button but instead actually clicked on the invisible “delete all messages” button. In essence, the attacker has “hijacked” the user’s click, hence the name “Clickjacking”.

The server didn’t return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Set the X-Frame-Options header for all responses containing HTML content. The possible values are “DENY”, “SAMEORIGIN”, or “ALLOW-FROM uri”

X-Frame-Options Header Types
There are three possible values for the X-Frame-Options header:
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://example.com/

DENY, which prevents any domain from framing the content. The “DENY” setting is recommended unless a specific need has been identified for framing.
SAMEORIGIN, which only allows the current site to frame the content.
ALLOW-FROM uri, which permits the specified ‘uri’ to frame this page. (e.g., ALLOW-FROM http://www.example.com) Check Limitations Below this will fail open if the browser does not support it.

Examples
Configuring Apache :
Header always set X-Frame-Options SAMEORIGIN
Header set X-Frame-Options DENY
Header set X-Frame-Options “ALLOW-FROM https://example.com/”

Configuring nginx :
add_header X-Frame-Options SAMEORIGIN;

Configuring IIS :
To configure IIS to send the X-Frame-Options header, add this to your site’s Web.config file:
<system.webServer>
…
<httpProtocol>
<customHeaders>
<add name=”X-Frame-Options” value=”SAMEORIGIN” />
</customHeaders>
</httpProtocol>
…
</system.webServer>[/ra_section_title]

[ra_button style=”btn-solid” title=”Back” link=”url:https%3A%2F%2Fsplendornet.com%2Fblog%2F” text_color=”#ffffff” htext_color=”#ffffff”]