Brainfoldb4u's Blog

Just another WordPress.com weblog

Archive for the ‘Google’ Category

Where do popular browsers and Chat applications store their passwords

Posted by brainfoldb4u on March 16, 2010

I got this question raised in an interview with Google “Where do browsers and popular messengers store their password” I kind of wondering for an answer to this questions. After some search i found answers for those question which i thought of sharing it with you all.

Fact is major browsers and applications tend to store the password in a way to hide/prevent you from altering it. Even by knowing the location its hard to move it from one machine to another.

Google Chrome:

Google chrome browser stores the password in windows machine at [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data.

Google Chrome uses SQLite as the storage space for passwords and other web page related critical data’s. Google done a appreciate work by extracting windows specifif code from the cross-platform stuff. The only Windows specific code here is the encryption function, which can easily be ported by creating a different Encryptor object for each OS. The important piece here is CryptProtectData, which is a Windows API function for encrypting data. Data encrypted with this function is pretty solid. It can only be decrypted on the same machine and by the same user that encrypted it in the first place

For more technical explanation click here :  how Google chrome stores password

Mozilla Firefox

The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version) These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name] Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.

Firefox is much better than Internet Explorer in terms of managing “remembered” logins. In Internet Explorer, there is no built-in feature where you can manage or view your saved login information. That’s why you need third party tools to reveal the passwords hidden under asterisks. As for Firefox, you can access remembered passwords with a few clicks.

To view your remembered passwords in Firefox browser, go to Tools, and click on Options. Go to Security tab and click on the Show Passwords button. A remember password dialog box will appear. Click on the Show Passwords button again and a new column with password will appear.

Upon clicking the saved password location (tools-options-security-saved passwords), you won’t need any tools to reveal the hidden passwords under asterisks. It’s a feature that’s included in Firefox browser. So any one who has access to your work station can typically spy into your password by going around to security tab in the options location.
One useful tool that worth sharing about Firefox browser password management  is “Firepassword” . FirePassword is the console tool designed to decrypt the username and password list from Firefox sign-on database. Firefox records the login details such as username and password for every website authorized by the user and stores them in the sign-on database file in encrypted format.  It works on similar line as Firefox’s built-in password manager but it can be used as offline tool to get the username/password information without running the Firefox. It is DOS based and the manual says that FirePassword requires only 3 files which is key3.db, cert8.db and signons.txt. This 3 files can be found in Firefox profile directory.

All you need to do is place the 3 files together with FirePassword and run FirePassword.exe. Weirdly, I am able to decrypt all my username and password by copying ONLY the signons.txt file. Looks like it’s not necessary to include the other 2 files.

For detailed technical explanation click here

Internet Explorer > 7.0 (hope you all have updated from version 6.0):

  • Auto complete passwords are stored under Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
  • Documents and Settings\Application Data\Microsoft\Credentials is the credential file location used to save  HTTP authentication passwords

An automatic tool that used to retrieve IE password is IE PassView can be used to recover these passwords

Opera: The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile

Safari: Safari stores password data via Keychain. /Applications/Utilities/Keychain Access (on Mac)

On PC, All that data is stored in plist files at: C:\Documents and Settings\(UserName)\Application Data\Apple Computer\Safari

I believe it is FormValues.plist

ThunderBird: The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name] You should search a filename with .s extension.

Google Talk: All account settings, including the encrypted passwords, are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]

MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[Account Name]

Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with “WindowsLive:name=”. These passwords can be recovered by both Network Password Recovery and MessenPass utilities.

Yahoo Messenger 7.5 or later: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager – “ETS” value. The value stored in “ETS” value cannot be recovered back to the original password

Posted in Auditing, Browser Security, Google, Security tools, vulnerability assessment | Tagged: | 1 Comment »

How to update Google Chrome

Posted by brainfoldb4u on January 23, 2010

Google Chrome is becoming increasingly popular mostly because of its light weightiness and simple design, its being very simple that some of its cool features went hidden. How do i update Google chrome is one among those question frequently asked by users.  A bit of research reveals how this works in Chrome: the update subsystem is displayed as part of the About Google Chrome window, including an indication that there’s a new version.

Steps to get there is click the settings button on top right hand corner of your browser.

Clicking the “About Google Chrome” button will take you to a windows like below picture looking for updates

If you do got an update, you will notice the windows shows a update as below picture.

Upon installing the updates, window will turn into”Your browser is up to date”

Now your browser is up to date. As per Security predictions for 2010, Google Chrome will be the browser after IE and Firefox that attacker may target. So we may receive updates from Google to help us stay protected.

Posted in Cool Techniques, Google | Tagged: | Leave a Comment »

Goolge Funny pic

Posted by brainfoldb4u on January 15, 2010

Google it!!!

Posted using ShareThis

Posted in Google | Leave a Comment »

Gmail's GPG Encryption

Posted by brainfoldb4u on January 15, 2010

Better security typically goes hand in hand with increased inconvenience. But some human rights activists who used Gmail right now likely wish they’d put up with a little hardship to help keep hackers at bay. I’m not going so far as to recommend you use e-mail encryption, but I think this is a good time to take a close look at it.

To know how to use a collection of free or open-source software packages: GPG, or GNU Privacy GuardMozilla Messaging’s Thunderbird e-mail software, and its Enigmail plug-in. CNET Download.com also hosts Thunderbird for Windows and Mac and Enigmail for all platforms.

Public key cryptography
Encryption scrambles messages so that only someone with a key (or a tremendous amount of computing horsepower, or knowledge of how to exploit an encryption weakness) can decode them. One form is called, curiously, public key encryption, and this is what GPG and Enigmail use.

Here’s the quick version of how it works. You get a private key known only to yourself and a public key that’s available for anyone else to use. The person you’re corresponding with also has such a pair of keys. Although the public and private keys are mathematically related, you can’t derive one from the other.

To send a private message, someone encrypts it with your public key; you then decrypt it with your private key. When it’s time to reply, you encrypt your message with the recipient’s public key and the recipient decodes it with his or her private key.

Messages in transit from one machine to another are a bunch of textual gobbledygook until decoded. If you’re being cautious enough to encrypt your e-mail, you should be aware that there’s still some information that leaks out to the outside world. The subject line isn’t encrypted, and somebody might take interest in the identity of your active e-mail contacts and the timing and frequency of communications.

So how do you find out what your correspondent’s public key is? You can either fetch the key firsthand from the correspondent, or you search for it on public computers on the Net called key servers–mine is stored at pool.sks-keyservers.net.

This form of encryption has another advantage: you can sign your e-mail electronically so the recipient knows it really is from you. This time the process works in reverse: you sign your e-mail with your private key, then your recipient verifies it’s from you using your public key.

Continue reading Cnet for more insight

Posted in Browser Security, Google, Information Security | Leave a Comment »

Google Turns on Gmail Encryption to Protect Wi-Fi Users

Posted by brainfoldb4u on January 14, 2010

Google is now encrypting all Gmail traffic from its servers to its users in a bid to foil sniffers who sit in cafes, eavesdropping in on traffic passing by, the company announced Wednesday.

The change comes just a day after the company announced it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists. The switch to always-on HTTPS adds more security, but does not help prevent the kind of attacks Google announced Tuesday.

Read More http://www.wired.com/threatlevel/2010/01/google-turns-on-gmail-encryption-to-protect-wi-fi-users/#ixzz0cYsjPs7d

Google Turns on Gmail Encryption to Protect Wi-Fi Users

Posted using ShareThis

Posted in Google, Information Security | Leave a Comment »

Android's malicious apps

Posted by brainfoldb4u on January 11, 2010

Android, a Linux based mobile operating system intially developed by Android Inc., and later purchased by Google. Google recently released their new mobile “Nexus One”with android OS. Google allows developers to write managed code in the Java language, controlling the device via Google developed Java libraries.

So far in 2010 Google android has proven to be a hot topic with increasing popularity. As it popularity increases it becomes the target for hackers and malware writers to explore its security.  As per kaspersky, “2010 promises to be a difficult time for iPhone and Android users,”.

As per kaspersky press release

An increase in attacks on iPhone and Android mobile platforms. 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

They also made five other predictions on greatest threats and new attack vector and they are

  • A rise in attacks originating from file sharing networks. This year, we will see a shift in the types of attacks on users, from attacks via websites and applications toward attacks originating from file sharing networks.
  • An increase in mass malware epidemics via P2P networks. In 2009 a series of mass malware epidemics has been “supported” by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.
  • Continuous competition for traffic from cybercriminals. The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more “grey” schemes in the botnet services market. These so-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.
  • A decline in fake anti-virus programs. The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.
  • An interest in attacking Google Wave. When it comes to attacks on web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

Users of mobile devices with Android software may have noticed several applications available for download in the Android Marketplace. If you see any applications provided by the user Droid09, please do not download these applications. Android applications provided by Droid09 are fraudulent. Please remove any applications by Droid09 from your mobile device and contact your mobile provider to evaluate whether any other applications or information stored on your mobile device have been compromised.”

Here is a link describing the fraudulent app that attempts to steal bank information has made it to the Android app store.

To know more about android and its architecture visit android developer center or click here

Posted in Google, Linux, Open Source | Tagged: , , | Leave a Comment »

Researcher Uncovers Twitter, Google Calendar Security Vulnerabilities

Posted by brainfoldb4u on January 3, 2010

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs…

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk.

In a proof-of-concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site anytime the user viewed his or her Google Calendar agenda events….

For complete article from eweek, click

Posted in Google, Penetration testing, XSS | Tagged: , , | Leave a Comment »