"Cross-site scripting (XSS) may be the poster child for what's wrong with Web security, but an updated vulnerability report from Mitre suggests that two lesser-known attack vectors are quietly growing as well. Mitre has quietly released the final version of its 2006 Common Vulnerabilities and Exposures (CVE) report, which it previewed last...
Phrack is back!
Phrack is finally back! * Hijacking RDS TMC traffic information signal * Attacking the Core: Kernel Exploitation Notes * The revolution will be on YouTube * Automated vulnerability auditing in machine code * The use of set_head to defeat the wilderness * Cryptanalysis of DPA-128 * Mac OS X Wars - A...
Google Web Service Vulnerability leaks Database Username and Password
A vulnerability in google has been released on http://www.0x000000.com/index.php. "A large hole has been found inside Google's service: "the removal of websites tool" Earlofgrey reported about it today. There was not much info available, so I decided to check it out myself before it is plugged. Apparently it is a simple directory...
Firefox 0day local file reading
Thor Larholm writes "We can expect a Firefox 2.0.0.4 release anyday now, as there is a publicly known 0day local file reading vulnerability in Firefox - see http://larholm.com/2007/05/25/firefox-0day-local-file-reading/
Your Next Security Frontier? Software!
"Software testing generally falls under the purview of the quality assurance (QA) test team. The problem is that QA testers test the products for compliance with its functional requirements and specifications. Put another way, they test how the software works, not how someone can break or misuse software for illicit purposes. To...
University of Colorado computer hacked, 45k student names, S.S. numbers exposed
"A hacker broke into a computer server at the University of Colorado College of Arts and Sciences� Academic Advising Center, exposing the names and Social Security numbers of nearly 45,000 students, officials said Tuesday. University officials were sending letters notifying students enrolled at CU-Boulder from 2002 until the present that their information...
Widescale Unicode Encoding Implementation Flaw Discovered
Amit Klein was kind enough to point out that the ASP.NET filter evasion issue is actually a known issue. It was first pointed out in 2004! According to that post "We have decided that a KB article and update to tools and/or best practice guidelines should be done for this, and will...
Bug hunters face online-apps dilemma
"Web applications pose a dilemma for bug hunters: how to test the security without going to jail? If hackers probe traditional software such as Windows or Word, they can do so on their own PCs. That isn't true for Web applications, which run on servers operated by others. Testing the security there...
Building Secure Applications: Consistent Logging
"This article examines the dismal state of application-layer logging as observed from the authors� years of experience in performing source code security analysis on millions of lines of code. It argues that effective logging is often ignored in the push for application security and demonstrates how applications can benefit from a real-time...
Virgin security flaw exposes customers' details
"It appears that, instead of using random SMS codes, Virgin Mobile's codes were sequential so simply changing the last character allowed access to a new set of personal details. For example, someone who received the code "00XM7Z" could view another customer's details by entering "00XM7Y" or "00XM7X", etc." Article Link http://www.smh.com.au/news/security/virgin-exposes-customers-details...
Top 15 free SQL Injection Scanners
"SQL Injection is perhaps the most common web-application hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. The vulnerability is presented when user input is incorrectly sanitized and thereby executed. Checking for SQL Injection vulnerabilities involves auditing your web applications and the best...
Stats on Month of X bugs published
Kevin Beets from avertlabs has published some interesting stats on month of bugs projects including the amount of vulns published verses fixed. For more information visit the article link below. Article Link: http://www.avertlabs.com/research/blog/?p=286
Russia Pwn'ing Estonia
"A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with Nato urgently examining the offensive and its implications. While Russia and Estonia are embroiled in their worst dispute since the...
Critical Flaws Found in Java Development Kit
"Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system." "One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers."...
Strategic Security: Web Applications Scanners
I found this linked off of jeremiah's blog "As applications evolve, new vulnerabilities emerge. For this Rolling Review series we'll examine how Web application scanners help address the security weaknesses found in RIAs in general, and Ajax in particular." "Web application scanners can help, but implementation is tricky. For this Rolling Review,...
Hackers on a Plane
"2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in: The...
Highland Hospital Security Breach
"Highland Hospital is warning patients of a security breach. A hospital spokesperson said a computer containing patient information was stolen from a business office last month. Over 13,000 people are affected. Two laptops were stolen but only one of them had patient information on it. " Article Link: http://www.13wham.com/news/local/story.aspx...
Should vendors close all security holes?
"Vendors should close all known security holes, whether publicly discussed or not. The idea behind this is that any existing security vulnerability should be closed to strengthen the product and protect consumers. Sounds great, right?" "The reader wrote to say that his company often sits on security bugs until they are publicly...
Engineer guilty in plot to give data to China
"A Chinese-born engineer was convicted in federal court in California yesterday of being an unregistered Chinese agent who conspired to supply defense technology to Beijing. Chi Mak, 66, was found guilty of helping provide China unclassified but export-controlled information, including data on a submarine electronic system and a quiet electronic propulsion system...
Halvar Flake vs. Michael Howard on memcpy
"Halvar�s reaction to Microsoft�s Michael Howard hinting that memcpy may soon be verboten in Redmond code: This is an excellent idea - and along with memcpy, malloc() should be banned. While we are at it, the addition and multiplication operators have caused so much grief over the last years, I think it...
One in 10 web pages laced with malware - Google
"At least one in 10 web pages are booby-trapped with malware, according to Google. A five-strong Google research team found that 450,000 pages, out of a sample of 4.5 million pages, contained scripts to install malicious code, such as Trojans and spyware on vulnerable PCs, the BBC reports. This is a conservative...
Pirate Bay hacked, database stolen
"According to an alert posted on The Pirate Bay's blog, the stolen user credentials were encrypted but the site is still urging users to immediately change usernames and passwords to avoid the risk of identity theft. They have got a copy of the user database. That is, your username and passwords. But,...
5 Ways People Screw Up AJAX
I had noticed that not many articles existed on the negative aspects/implementation of ajax so came up with this top 5 list of things people screw up when using ajax. 1. No back button!: One of the most annoying things to a user is the inability to go backwards. They may visit...
WASC Announcement: Distributed Open Proxy Honeypot Project Data Released
The Web Application Security Consortium (WASC) is pleased to announce the inital release of data collected by the Distributed Open Proxy Honeypot Project. This first release of information is for data gathered from January - April, 2007. During this timeframe, we had 7 internationally placed honeypot sensors deployed and sending their data...
TJX pwned via wifi
"A wireless network that employed less protection than many people use on their home systems appears to be the weak link that led TJX Companies, the US-based retailing empire, to preside over the world's biggest known theft of credit-card numbers. Despite a market capitalization of almost $13bn, it appears the company couldn't...
WASC Meetup at JavaOne (San Francisco 2007)
WASC is organizing a Meet-Up during the JavaOne Conference (May 8-11 @ San Francisco Moscone Center). As usual this will be an informal gathering. No agenda, slide-ware, or sponsors. We're expecting maybe 10-20 like minded webappsec people to share some food, drinks, and stimulating conversation. Everyone is welcome and it should be...
Debugging Application Security Vulnerabilities in Web.config Files
Bryan Sullivan has written an excellent article describing the various secure configuration options in .NET's Web.config file. If you write ASP.NET applications be sure to check this out. "Some enlightened software architects and developers are becoming educated on these threats to application security and are designing their Web-based applications with security in...
AJAX: Selecting the Framework that Fits
DDJ has released an article covering the following AJAX frameworks. * Dojo 0.3.1 (dojotoolkit.org). * Prototype and Scriptaculous 1.4 (www.prototypejs.org and script.aculo.us). * Direct Web Reporting 1.0 (getahead.org/dwr). * Yahoo! User Interface Library 0.11.1 (developer.yahoo.com/yui). * Google Web Toolkit 1.0 (code.google.com/webtoolkit). If you're using AJAX or are considering it, check it out....
A black market for search terms and user interests?
<thinking-out-loud> Google has recently added search history and this got me thinking about how this information could be useful. Currently gmail is linked to all of google and if you search for something while logged into google and have search history turned on, it gets recorded. Now you have data on what...
Interview with Rain Forest Puppy
An interview with Rain.Forest.Puppy has just been released. RPF is one of the original people speaking about appsec vulnerabilities. If you're into appsec well worth the read. Interview Link: http://www.ush.it/2007/05/01/interview-with-rain-forest-puppy/