This short article details how the attack works.

Enabling the passcode lock on your iPhone is, for now, not enough to prevent someone using your device and adding to your bill!
This should worry you if your concerned about iPhone security.

How the vulnerability works

1. Hit “emergency call”
2. Type in a random number.
3. Hit the call button.
4. Shortly after, press the lock button on top of the phone.
4.1 That’s it! Your now an uber l33t haxor -_-

This isn’t a major security risk (yet) as full access to the phone’s operations isn’t granted, but it does point out yet another fundamental flaw in Apple’s iPhone software.
Let’s hope the team working on security for iOS have a good look through the crappy code their producing to iron out any more surprises.

The video below shows how simple and quick this can be.

There is no fix for this hack yet and will probably only be patched on the next iOS update, 4.2.
If you use an iPhone with iOS version 4.1 the only real way to keep it safe is to be careful who you let use it.

The card game in question is similar in nature to Magic: The Gathering.
Unless you want to pay to play you are stuck with 11 tutorials, culminating in a match against a computer opponent.

This seems very limited to me and I wanted a little more before I decided to shell out any of my hard earned cash on a game I may never play!
So… I messed about a little bit and found a way to get a free deck, 2 booster packs and many other cards (including “foils”) without spending a penny / cent.

I’m not sure this if this is how SOE wanted the system to work, but I’m going to share my findings anyway.

As the scenario button from the homepage is greyed out and clicking the scenario button at the end of the tutorial gives an error similar to:

“You must purchase a deck to play the scenarios”

It would seem they didn’t intend this to be possible.

• Log into Everquest 2 (you can use a free-2-play account) and type “/claim”
• Claim the “OathBreaker Starter Deck and booster pack” and the “Kurnak Reward” (another booster pack)
• Quit EverQuest and log into Legends of Norrath
• Click “Casual Games” and join any room
• Click “Fippy’s Revenge” (on the right) and select a scenario to play from the complete list!
• You can play Boots of Zorash but won’t win any cards, but all the others I’ve played have given free cards so far

You can get three cards by winning each scenario.
1 for easy, 1 for medium and a foil card (shiny shiny) for hard.
Completing hard mode will mean you get all three cards without the need to repeat each scenario.

Obviously, every card you win won’t fit perfectly into your deck, but it’s free…
If you really want to play Legends of Norrath, by some damn cards!

It’s worth remembering that EverQuest 2 Extended is still in Beta, so this may change.

EDITED::…
This was originally reported as link spam, but could easily be a lot worse.

When registering, the user name field is open to possible attack.
Code will be processed on the members page.
The code can be overflown to the homepage fairly easily.
XSS can be used.

I would now consider this as a serious exploit.
I would suggest fixing this bug A.S.A.P

The Fix:

• Backup then open yoursite.com/register.php
• Find:
  $info2 = htmlspecialchars($info);
• Add below:
  $username = htmlspecialchars($username);
• Backup then open yoursite.com/admin/manage_users.php
• Find:
• while($row = mysql_fetch_array($sql)){
• Add below:
• $username = htmlspecialchars($username);
• Save and upload all files.
• Search your members list for any user names shown as code and delete (You could also I.P. ban them).

This function could easily be expanded for further validation. ]]> http://abeontech.com/324-security-avarcade-xss-exploit-patch/feed 3 http://abeontech.com/309-gaming-easy-game-cheating-guide http://abeontech.com/309-gaming-easy-game-cheating-guide#comments Wed, 17 Dec 2008 04:19:40 +0000 admin http://www.abeontech.com/?p=309 There are many ways to cheat PC games while playing.
If you’re looking to increase your health to beat a boss or get infinite cash to build an empire, there will usually be many ways to make your game time easier!

This article will cover the easiest method and how to implement it on most games…

Why Cheat?

I have always been an RPG fan, which can be time consuming. I have played most RPGs worth noting and usually decide to replay at a later date. I always try to complete a game before I try cheating but

When I restart a game, I don’t need to do every little quest or pickup every item needed to know where to go next.

On the other hand, if I ever get really stuck on (or bored with) a game – I tend to skip ahead to save time and hassle.

I don’t agree on cheating without being stuck or used as a time saving device. So, let’s continue…

Game Cheat Tools

As with most niche software groups, game cheating (commonly referred to as “Trainer Making”) has several tools which can make the process easier.

A huge amount of skill isn’t required to start cheating your own games. But if you want to make a game loader or trainer, you will need to learn at least the basics of programming.

The tools below are some of my favourite for the task at hand:

• TSearch – Find and alter information stored in memory.
• Universal Save Game Editor – Modify saved games, surprisingly enough!
• Hex Editor Neo – Simple file editing.
• Game Trainer Studio – Make “Game Trainers”. Programs to allow other people to use your cheats.
• OllyDbg – 32 Bit disassembler used for many purposes. Not for beginners!

Cheat the easy way

I recently started playing Fallout Tactics, eagerly awaiting Fallout 3′s release (which I now have, but doesn’t work -_-)… Anyway, this seems like a good example to start with.

I knew from the reviews that I wouldn’t play Fallout Tactics all the way through.
I had about 5 days to complete it before Fallout 3 was released, so I need a way to get more ammo, health and experience.

Run Fallout: Tactics and start a new game. Create a new character or pick a pre-made one.
Make a note of some info you want to change. Let’s take the ammo counter as an example.

Open the inventory and note the number of bullets available, as shown below:
     

Run TSearch then open the process you want to modify (BOS.exe for Fallout: Tactics):
     

Click Init New Search Search using the settings below:
     

The first search will produce a huge amount of unwanted results. So go back to the game and change the number by shooting a few rounds into the ground.

Then switch back to TSearch and continue the search by subtracting the amount of bullets you shot:
     

This time, only one result is shown. So add it to the right hand side.
     

Edit the number and switch back to the game to see if it has any effect.
     

It worked! So we know simple using TSearch will work on this game.
We could, in theory, edit most other items in the game using the same process.

The change will not always be instant. Sometimes you will need to force a change from within the game before it will register the changes made outside. The character generation process of the Fallout games doesn’t show the edited numbers until you add or take a point to each attribute.

This method can be used on many, many games because of the way they utilize windows memory.
There is one obvious drawback; Don’t expect to power level your WoW character. I can imagine they have a system in place to ban you as fast as you can say Memory Debug!

]]> http://abeontech.com/309-gaming-easy-game-cheating-guide/feed 2 http://abeontech.com/147-security-sockstress-tcp-ip-vulnerability http://abeontech.com/147-security-sockstress-tcp-ip-vulnerability#comments Thu, 09 Oct 2008 19:30:09 +0000 admin http://www.abeontech.com/?p=147 A serious TCP/IP Vulnerability known as “SockStress” has been found, exploited, and information released by a Security group called Outpost24.

This latest vulnerability not only has severe implications for many web masters, designers and programmers, but also affects routing servers and any system with TCP stack processes exposed to the outside world.

After the latest DNS poisoning vulnerability, webmasters seem on edge about how insecure the very foundations of the internet are (mainly due to being created before security was even thought of).

Sockstress is the name of the tool created by Outpost24, which they are still testing before releasing it. They have, however, walked through how the attack could be achieved in great detail. Some security experts have showed concern over how they handled the information released.

The sockstress attack seems to be limited to the TCP stack, but mixes several techniques to allow a very low-bandwidth hacker to deplete local resources (memory, swap file and even kernel file abuse). Just a few packets a second and a little amount of time are needed to take down a server. As little as nine packets and a few minutes are all that is suggested to be needed!

Lack of timing of the TCP/IP stack and, more specifically, kernel’s response seems to be the most deciding factor. A “Badly designed TCP stack” is referred to and after the 3-way handshake (syn cookie verification and acknowledgment) has completed, resources can be exploited!…
“The worst thing we ever had happen, was, we had Windows reboot and say ‘Operating system not found’”

In theory, a syn cookie validation process could be cycled. Sending for verification and acknowledgment, then a “no buffer space” response could be sent from the attackers end. This would force the target to allocate more resources to the attackers cycled process, with severe consequences.
Please bear in mind that this is not a syn packet attack attack! (the magic happens after the syn ack)

This can result in a denial of service (Dos) by TCP servers (www, ftp, tftp, smtp, pop, etc.) running on Windows, Linux, BSD, certain routing servers, and other Internet applications and protocols!

An excerpt from Outpost24′s website, claims:

Outpost24′s Senior Security Researcher, Jack C. Louis has discovered a generic issue that affects the availability of TCP services. This issue could be used to create a Denial of Service attack. Vendors have been notified. Details are not available to the public at this point, but will be disclosed at an appropriate future date.

Jack C. Louis, along with Outpost24′s Chief Security Officer Robert E. Lee, will be speaking at the T2 conference in Helsinki, Finland on October 16 – 17.

You can read more about the Sock stress talks here:
T2 Schedule or T2′s 08 Conference.

I want to know if there is anyone who can write a program that performs the operation described in this audio podcast.

http://debeveiligingsupdate.nl/audio/bevupd_0003.mp3

Please note, that the English portion of the audio starts about 4 minutes into the segment.
This program must be testable prior to paying for it.

Get A Freelancer has a project asking for the tools creation. How long until someone makes it public?

Podcast Downloads

You can listen to the security podcast in various formats. The Sockstress MP3 files are listed below:

The wonderful guys at GRC (proud Twit army addict myself) have have hosted the interview, just in case the original goes down.
Thanks Steve!
Entire Interview
44 min, 10 sec – 128 kbps – 41.1 MB
Entire Interview
44 min, 10 sec – 16 kbps – 5.3 MB
Trimmed Interview
38 min, 59 sec – 64 kbps – 18.7 MB
Trimmed Interview
38 min, 59 sec – 16 kbps – 4.7 MB

A full transcript is available from CurbRisk.com :
Outpost24′s TCP – Denial Of Service vulnerability interview transcript

At time of posting, there is currently no known work around or fix for this issue. The authors seem to be white hat and want to help vendors resolve the issues. But, like the rest of us, know the internet has a long way to go before being secure.

Sockstress has now also been entered into the NIST CVE database. The list of affected platforms is staggering!

It is widely accepted that “the community” prefers to find workarounds for the flawed foundations of the internet and associated protocols. But would it not be better if, knowing as much about security as we do now, the internet was written from the ground up?
Yes, it is impossible. But I think it would be the only way to make serious, major exploits like this and the recent DNS poisoning exploits avoidable.

]]> http://abeontech.com/147-security-sockstress-tcp-ip-vulnerability/feed 2 http://abeontech.com/81-security-flash-game-hacked http://abeontech.com/81-security-flash-game-hacked#comments Wed, 10 Sep 2008 19:09:54 +0000 admin http://www.abeontech.com/?p=81 A friend of mine just sent me the URL to a flash game (for obvious reasons I will not share the link) which is part of a number of games with a price of 10.000 EUR in the end. One would believe that a game with such a price money is secure. Especially when the organising party is an internet provider.

But guess what… At the end of the flash game you can optionally submit your score to the highscore server, which results in a POST to the file submithigh.php with several parameters, one parameter saying score=XXXX. And of course you can submit whatever score you want. So now I lead the highscore with 10000 of about 900 possible points. I set it that high to ensure that the guys at the ISP will realize that this is faked, but imagine I had just increased the current highscore by 10. I seriously doubt anyone would have noticed and I would have won the competition without even decompiling the flash.

[ Original Post From php-security.org ]

======
Even simple mistakes can cause a lot of trouble.
Think if all the top scores on every game game were hacked to show obscene comments!
It’s best to try and think like a hacker when creating public content

]]> http://abeontech.com/81-security-flash-game-hacked/feed 0