"The next version of Adobe Flash Player will offer a variety of new features and enhancements as well as some changes to the current behavior of Flash Player. Some of these changes may require existing content to be updated to comply with stricter security rules. Other changes introduce new abilities that were...
Cross-site hacks and the art of self defence
Generally, browsers stop cross-site communication by following the "same-origin policy". This rule is pretty simple: if your site has a different origin - protocol, domain, and port don't all match - you aren't allowed to access information from or send requests to the other site. Without this simple rule, there would be...
Redhat/Fedora Servers compromised, package signing key stolen, rogue packages possibly signed
Both the Redhat and Fedora servers have been hacked by an attacker who has not only gained access to these systems, but may have also deployed rogue packages and signed them with Redhat's private key. Redhat has provided a script for users to check to see if the compromised packages have been...
Whitepaper: Bypassing ASP .NET “ValidateRequest” for Script Injection Attacks
Richard Brain has published a whitepaper on bypassing .NET XSS protection. "The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest [1] setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent classic web input validation...
Attacking PHP weak PRNGs: mt_srand and not so random numbers
Stefan Esser has written a great article on attacking php PRNG's. "PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these algorithms...
Tools: Grendel Scanner a new Web Application Security Scanner
While attending defcon I got to check out a talk on a new web application security scanner called Grendel scanner. For those of you who don't know I used to work at spi dynamics on the webinspect product (now part of HP) and I got to say it is one of the...
Affiliate Programs Vulnerable to Cross-site Request Forgery Fraud
Intro The following describes a long-standing and common implementation flaw in online affiliate programs allowing for fraud. For those unfamiliar with affiliate programs, they provide a way for companies to allow 3rd parties/website owners to direct traffic to their site in exchange for a share of the profits of user purchases. Most...
Web application firewalls for security and regulatory compliance
If you're not familiar with web application attacks, we covered them in detail in a previous column, available here. Also, the Open Web Application Security Project (OWASP) has an abundance of Web application security educational information available on its Web site, including the top 10 most prevalent web application attacks. Combating web...
Rich data: the dark side to Web 2.0 applications
"All web applications allow some form of rich data, but that rich data has become a key part of Web 2.0. Data is "rich" if it allows markup, special characters, images, formatting, and other complex syntax. This richness allows users create new and innovative content and services. Unfortunately, richness affords attackers an...