ClubHack 2007 Presentations

Reading today some feeds I found the Clubhack 2007 presentation online.

I have taken a quick look to this and there are some interesting topics as:

Vulnerabilities in VoIP Products and Services.

Hacking Web 2.0 Art and Science of Vulnerability Detection.

Backdoor 2.0: Hacking one’s Firefox to steal his web secrets.

Analysis of Adversarial Code: The Role of Malware Kits!

Subtle Security flaws: Why you must follow the basic principles of software security.

and much more.

You can find it here. Also you can find some photographs of the event here.

BT Home hub/Speedtouch 7G vulnerability

High Critical vulnerability has been discovered in this multifunctional device, quite popular all around the UK.

The problem:

The router can be totally owned remotely (Full Admin control).


The “victim” has to visit a malicious site. That’s it, no more no less, this could be easily done with a bit of Social engineering.


Using an exploit to enable a backdoor.

What an attacker can do:

– Stealing VoIP credentials (Spying calls).

-Exposing internal hosts on the DMZ.

– Fake the DNS to steal bank credentials.

– Steal WEP/WPA key.

– Change the autoupdates to avoid this fix to be corrected.

and so on…

Here you are a little video showing it (Poor quality):

We have to thank all this information to GNUcitizen.

 More details about the vulnerability here.

Adobe vulnerability in versions 8.1 or earlier.

I know this is not brand new, but again all points to Microsoft fault, I mean it’s not only Adobe’s fault, at least this last one published a workaround to avoid the problem, you can find it here.

 Surprisingly this bug doesn’t affect to Vista machines which is a point for Microsoft and for Vista too but considering all the vulnerabilities that remains in Vista from XP it will not be a great difference in the total score.

The description you can find in FrSIRT is:

 “A vulnerability has been identified in Adobe Acrobat and Reader, which could be exploited by attackers to take complete control of an affected system with Internet Explorer 7 installed. This issue is caused by an input validation error when processing a specially crafted “mailto:” link, which could be exploited by remote attackers to inject and execute arbitrary commands by tricking a user into opening a specially crafted PDF document.”

Another PDF bug with “remote code execution” included, I think Adobe is not doing really right. (Even if no all the fault is theirs).

Attack to CISCO

Special thanks to

Are you thinking in sharing your wifi?

Please before doing it please be aware of the risks you are taking.

 There is a very good article about it.

 A simple risk analysis

 Take a look.

 If you are on the other side…


More tools

Hope you enjoy it!!

“iPods, What You Don’t Secure Could Hurt You”

I read before about this kind of “in-security”, and many test about physical security but I found this article and I thought maybe someone interested in this kind of security should know, the whitepaper only shows in paper what most of us know yet.

 For me there are some facts about users in IT World:

 – They always lie about what they have done with the system. (No matters the role of the user in the company)

– They will use all the un-safe stuff they can if you let them (USB drives, Floppys, will open any executable file they find, etc…)

– If any program GUI asks for a NUMBER they will type any other character and viceversa. 

– If you touch their computer any other electric/electronic stuff that fails all around will be your fault.

and so on…

Here you are the white paper I have told you.

“iPods, What You Don’t Secure Could Hurt You”

Source: Astalavista Security Group and CREDANT 

Another XSS vulnerability

This time the vulnerability comes through Google’s hands, yes, The Google Appliance has a vulnerability that allows to steal cookies, sessions, etc,  the appliance is affected by everything you can do running a browser script, which is not very good for Google and for many organizations that use this device, for example the British MI-5, MI-6, and so on.

This vulnerability was discovered by “Mustlive” but if you are interested in this kind of Google Vulnerabilities the following links will help:

 Google Systems blog

 The Metasploit Project