家庭小木屋

家是什么?众说纷纭。社会学家说,家是社会的最小细胞;婚姻学家说,家是风雨相依的两人世界;文学家说,家是宝盖下面养着的一群猪……究竟什么是家呢?记得在一个朋友的结婚典礼上司仪饱含深情的那句话:家不是讲理的地方,家不是放钱的地方,家不是两个人凑合过日子的地方……

谷雨 醉心 冬小麦:

IT 计算机信息网络安全技术:

Google DoubleClick.net (Advertising) System URL Redirection Vulnerabilities Could Be Used by Spammers



Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective to date.



However, Google might have overlooked the security of its DoubleClick.net advertising system. After some test, it is found that most of the redirection URLs within DoubleClick.net are vulnerable to Open Redirect vulnerabilities. Many redirection are likely to be affected. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.



These redirections can be easily used by spammers, too.



Some URLs belong to Googleads.g.Doubleclick.net are vulnerable to Open Redirect attacks, too. While Google prevents similar URL redirections other than Googleads.g.Doubleclick.net. Attackers can use URLs related to Google Account to make the attacks more powerful.



Moreover, these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Yahoo, Netease, e.g. by bypassing their Open Redirect filters (Covert Redirect). These cyber security bug problems have not been patched. Other similar web and computer attacks will be published in the near future.



Discover and Reporter:

Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

http://www.tetraph.com/wangjing/




(1) Background Related to Google DoubleClick.net.


(1.1) What is DoubleClick.net?


"DoubleClick is a subsidiary of Google which develops and provides Internet ad serving services. Its clients include agencies, marketers (Universal McCann, AKQA etc.) and publishers who serve customers like Microsoft, General Motors, Coca-Cola, Motorola, L'Oréal, Palm, Inc., Apple Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters is in New York City, United States.



DoubleClick was founded in 1996 by Kevin O'Connor and Dwight Merriman. It was formerly listed as "DCLK" on the NASDAQ, and was purchased by private equity firms Hellman & Friedman and JMI Equity in July 2005. In March 2008, Google acquired DoubleClick for US$3.1 billion. Unlike many other dot-com companies, it survived the dot-com bubble and focuses on uploading ads and reporting their performance." (Wikipedia)




(1.2) Reports Related to Google DoubleClick.net Used by Spammers


(1.2.1) Google DoublClick.net has been used by spammers for long time. The following is a report in 2008.


"The open redirect had become popular with spammers trying to lure users into clicking their links, as they could be made to look like safe URLs within Google's domain."

https://www.virusbtn.com/blog/2008/06_03a.xml?comments


(1.2.2) Mitechmate published a blog related to DoubleClick.net spams in 2014.


"Ad.doubleclick.net is recognized as a perilous adware application that causes unwanted redirections when surfing on the certain webpages. Actually it is another browser hijacker that aims to distribute frauds to make money.Commonly people pick up Ad.doubleclick virus when download softwares, browse porn site or read spam email attachments. It enters into computer sneakily after using computer insecurely.Ad.doubleclick.net is not just annoying, this malware traces users’ personal information, which would be utilized for cyber criminal."

http://blog.mitechmate.com/remove-ad-doubleclick-net-redirect-virus/


(1.2.3) Malwarebytes posted a news related to DoubleClick.net malvertising in 2014.


"Large malvertising campaign under way involving DoubleClick and Zedo"

https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/



(2) DoubleClick.net System URL Redirection Vulnerabilities Details.


The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.


Used webpages for the following tests. The webpage address is "http://securitypost.tumblr.com/". We can suppose that this webpage is malicious.




...




Detail:

http://seclists.org/fulldisclosure/2014/Nov/28


谷雨 醉心 冬小麦:

IT 计算机信息网络安全技术:

行者路上有風有雨有彩虹:

IT 计算机&信息网络 技术:

Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs



Domain:
http://www.facebook.com



"Facebook is an online social networking service headquartered in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes. The founders had initially limited the website's membership to Harvard students, but later expanded it to colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities and later to high-school students. Since 2006, anyone who is at least 13 years old is allowed to become a registered user of the website, though the age requirement may be higher depending on applicable local laws. Its name comes from a colloquialism for the directory given to it by American universities students." (Wikipedia)


"Facebook had over 1.44 billion monthly active users as of March 2015.Because of the large volume of data users submit to the service, Facebook has come under scrutiny for their privacy policies. Facebook, Inc. held its initial public offering in February 2012 and began selling stock to the public three months later, reaching an original peak market capitalization of $104 billion. As of February 2015 Facebook reached a market capitalization of $212 Billion." (Wikipedia)


Discover:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/





(1) General Vulnerabilities Description:

(1.1) Two Facebook vulnerabilities are introduced in this article.

Facebook has a computer cyber security bug problem. It can be exploited by Open Redirect attacks.  This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Since Facebook is trusted by large numbers of other websites. Those vulnerabilities can be used to do "Covert Redirect" to other websites such as Amazon, eBay, Go-daddy, Yahoo, 163, Mail.ru etc.


(1.1.1) One Facebook Open Redirect vulnerability was reported to Facebook. Facebook adopted a new mechanism to patch it. Though the reported URL redirection vulnerabilities are patched. However, all old generated URLs are still vulnerable to the attacks. Section (2) gives detail of it.

The reason may be related to Facebook's third-party interaction system or database management system or both. Another reason may be related to Facebook's design for different kind of browsers.


(1.1.2) Another new Open Redirect vulnerability related to Facebook is introduced, too. For reference, please read section (3).



Detail:
http://seclists.org/fulldisclosure/2015/Jan/22





Related Articles:
https://packetstormsecurity.com/files/129914/facebook-redirect.txt
https://rstforums.com/forum/archive/index.php/t-95459.html
https://progressive-comp.com/?l=full-disclosure&m=142104333521454&w=1
http://whitehatpost.blog.163.com/blog/static/24223205420155501020837/
http://webtechhut.blogspot.com/2015/06/facebook-old-generated-urls-still.html
http://qianqiuxue.tumblr.com/post/120750458855/itinfotech-facebook-web-security
http://www.weibo.com/5099722551/Cl8mZk3Q3?from=page_1005055099722551
https://infoswift.wordpress.com/2015/01/15/facebook-old-generated-urls
https://twitter.com/buttercarrot/status/606696103329693696
https://www.facebook.com/permalink.php?story_fbid=891088980930247
http://itinfotech.tumblr.com/post/120750347586/facebook-web-security-0day-bug
http://frenchairing.blogspot.fr/2015/06/facebook-old-generated-urls-still.html
http://essaybeans.lofter.com/post/1cc77d20_7300027
http://japanbroad.blogspot.jp/2015/06/facebook-old-generated-urls-still.html
http://ittechnology.lofter.com/post/1cfbf60d_72fd108
https://inzeed.wordpress.com/2015/01/18/facebook-old-generated-urls-still
https://www.facebook.com/permalink.php?story_fbid=745417422235670
http://www.inzeed.com/kaleidoscope/computer-security/facebook-open-redirect/