Happy pack#1. I know what you installed last summer
It's really frustrating not to know what applications, patches, hotfixes (virtually any file)...are installed on the system where you are performing a penetration test, isn't it?
I have decided to put for sell, to trusted sources only, a novel technique that takes advantage of a weakness in Microsoft technology that allows remote attackers to gain knowledge of sensitive information like applications, hotfixes,service packs installed on PCs running Windows 2000 or later . The only scenario you need is to trick the victim into visiting a webpage under your control.
Note that...
FAQ
Who can buy the happy pack #1?
If you cannot demonstrate you are working for a company or institution, better you don't waste your time trying it.
How much does it cost?
$800 dollars - €600 euros.
What does the happy pack #1 include ?
Fully comprehensive technical report and exploit code. Obviously, you can request further info if, once purchased, you have doubts on any matter...
Mmm, it seems interesting...Whom should I talk to?
contact [at] wintercore (dot) com
Motorola Timbuktu’s Internet Locator Service real-time data exposed to public
We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email.
More than five months ago we notified Netopia's customer support (http://blog.wintercore.com/2008/04/26/things-that-shouldnt-be-there/), after discovering a hardcoded user/password pair within SALT.dll.
---------------
v 8.6.5.1373
Dll: SALT.dll
Address: 0x604b83D4
PE section: .rdata
user: xa7z8
pass: e74sa9
url: findme.netopia.com/_REMOVE_THIS_findme/
---------------
By using this information it was possible to access, in real-time, to hundreds of users' records containing their IP, email, software version and information related to the license.
We have received no reply since then. 5 months after, we have found out what we would say an "obvious" patch: "if the problem was the user/password, well, let's remove it!. Fixed.".
Really hilarious.
Now, everyone can access those records without having valid credentials.
Taking into account that there are remote exploits available for that software, that everyone can grab your IP and software version, and that there are emails from government, military and high-profile corporate staff, better you disable that feature.
