"Metasploit is pleased to announce the immediate free availability of the Metasploit Framework version 3.0 from http://framework.metasploit.com/. The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits 104 payloads 17 encoders and 3 nop modules. Additionally 30 auxiliary modules are included that perform...
The bug disclosure debate continues
"Software makers are at the mercy of bug hunters when it comes to flaw disclosure, Mozilla's security chief said Saturday. The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder...
JavaScript bug hunting tool demonstrated, and ethical release of POC code
"The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said. But, in a change of plans, Hoffman did not publicly release Jikto. "The higher-ups first say we can, and then they change their mind,"...
There is no Data, there is only XUL: Using XUL to spoof a web browser and next generation UIML phishing attacks
The following outlines how to utilize XUL applications to 'spoof' an entire firefox/mozilla window. This allows one to phish people across all domains simply by visiting any webpage where popups and JavaScript is allowed to execute. This is merely a demonstration on how to fool people with UIML's. I started poking around...
Javascript is everywhere
DSHIELD has a published a writup about some of the places that JavaScript can exist called Javascript hiding everywhere. Some of those places include - Quicktime - Flash - PDF Files - MP3's "Frequent readers will know that we often recommend to ease up on allowing scripting as it's used by the...
Big trouble if PCI-DSS requires CSRF
Jeremiah Grossman has a post asking the question 'what if PCI-DSS requires CSRF protection?'. Short answer, just about everybody is vulnerable (more than XSS) and making people be compliant to it is going to be almost unrealistic. Article Link: http://jeremiahgrossman.blogspot.com/2007/03/big-trouble-if-pci-dss-requires-csrf.html
Security Development Lifecycle (SDL) Banned Function Calls
Michael Howard has a very good article on bad API calls to use when developing c/c++ applications. "When the C runtime library (CRT) was first created about 25 years ago, the threats to computers were different; machines were not as interconnected as they are today, and attacks were not as prevalent. With...
Compliance As Kick-Starter
"Regulation is a boon to security. Without the government and other private organizations leading security around by its nose, we would be eternally trapped in the "just strap another pizza box into the rack" solutions offered by clueless vendors. There were zillions of them at RSA this year. One problem is that...
WASC Threat Classification Project - Call for Participants
"I'm sending this email to the list seeking people to contribute towards The Threat Classification Version 2.0. Time has passed since the initial TC release, and it's important to keep this widely utilized document up to date. Project Homepage http://www.webappsec.org/projects/threat/ Interested participants can contact 'contact_@_webappsec.org" Announcement Link: http://www.webappsec.org/lists/websecurity/archive/2007-03/msg00041.html
Article: ASP Session Cookies
Paliside has published an article providing an introduction to cookies in ASP, how session state management works, and expiration handling. Article Link: http://palisade.plynt.com/issues/2007Feb/asp-session-cookies/
PHP Month of bugs status update #2
Here is another status update for the month of PHP Bugs. Here are the latest vulnerabilities. * MOPB-11-2007:PHP WDDX Session Deserialization Information Leak Vulnerability * MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability * MOPB-09-2007:PHP wddx_deserialize() String Append Buffer Overflow Vulnerability * MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu) * BONUS-07-2007:Zend Platform ini_modifier Local...
Security's Symbiosis
"In a recent paper titled "Teaching an Old Dog New Tricks," security guru Marcus Ranum argues that independent "security researchers" who spend their time constantly looking for security bugs are a drain on the security community. He even has a name for these people: vulnerability pimps. He thinks that if these people...
Wordpress website compromised, wordpress backdoored
The Wordpress development team has posted an announcement that the download server had been hacked, and wordpress 2.1.1 had a backdoor included in it allowing for remote code execution. "This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated,...
PHP Month of bugs begins, current status update
The month of PHP Bugs has started. Here are the current vulnerabilities disclosed. * MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability * MOPB-02-2007:PHP Executor Deep Recursion Stack Overflow * MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow * MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow * MOPB-05-2007:PHP unserialize() 64 bit Array Creation...