"The United States' Computer Emergency Readiness Team (US-CERT) warned users of the ubiquitous Adobe Reader to disable the program's use of Javascript after Adobe warned on Monday that a possible flaw had been found. In a post to its product security blog, the company said it was investigating reports of a serious...
Google Chrome Universal XSS Vulnerability
"During unrelated research, I came across a number of security issues that reside in various parts of Google's web browser - Google Chrome. These issues pose a major threat to any user that browses a maliciously crafted page using Internet Explorer and has Google Chrome installed alongside. Using a vulnerability in the...
Web 2.0 Application Proxy, Profiling and Fuzzing tool
"This tool helps in assessing next generation application running on Web/enterprise 2.0 platform. It profiles HTTP requests and responses at runtime by configuring it as proxy. It identifies structures like JSON, XML, XML-RPC etc. along with key HTTP parameters like cookie, login forms, hidden values etc. Based on profile one can take...
Metasploit Decloaking Engine Gets User's Real IP
"This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed." Essentially this uses...
OAuth Session Fixation Security Flaw Discovered
From the advisory "The attack starts with the attacker logging into an account he owns at the (honest) Consumer site. The attacker initiates the OAuth authorization process but rather than follow the redirect from the Consumer to obtain authorization, the attacker instead saves the authorization request URI (which includes the Request Token)....
Opera JavaScript for hackers
Gareth Heyes wrote a nice blog entry on JavaScript hacks: "I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the...
Firefox 3.0.9 Released to Fix Multiple Security Flaws
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString MFSA 2009-18 XSS hazard using third-party stylesheets...
Amazon CSRF "hack" in detail?
UPDATE: According to an updated Wired news story this is a sham and no hacker was involved. RSnake recently posted an entry linking to the write up on how a Cross-Site Request Forgery flaw in amazon was used to get Gay and Lesbian books banned from amazon's site via their reputation system....
FBI CIPAV Spyware Snaring Extortionists and Hackers for Years
"A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. First reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed...
Open Source SSL Acceleration
"SSL acceleration is a technique that off-loads the processor intensive public key encryption algorithms used in SSL transactions to a hardware accelerator. These solutions often involve a considerable up front investment as the specialized equipment is rather costly. This article though looks at using off the shelf server hardware and open source...
Microsoft April patch tuesday addresses 8 security issues
"MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or...
Twitter response to xss worm attack
Twitter has posted an entry on it's xss worm issues this weekend. "On a weekend normally reserved for bunnies, a worm took center stage. A computer worm is a self-replicating computer program sometimes introduced by folks with malicious intent to do some harm to a network. Please note that no passwords, phone...
Two XSS Worms Slam Twitter
UPDATE: F-Secure has posted more detailed information. "Some 24 hours after a worm spread advertising on Twitter, the popular social networking website, a second worm emerged on Sunday. Both worms appear to be created by Mikeyy Mooney, a 17-year-old from Brooklyn, New York. The first worm emerged on Saturday when Twitter profiles...
Nessus Version 4 Released
"Tenable is pleased to announce the release of Nessus version 4! This blog post highlights some of the enhancements and new features available in Nessus 4.0. One of the most notable features is the ability to create custom XSLT reports based on your scan results. Nessus now also supports a fully multi-threaded...
Tool: GreenSQL-FW 1.0.0 released
"GreenSQL team is ready to present new version of GreenSQL - SQL Database Firewall. GreenSQL intercept SQL commands being sent to MySQL, checks them, and then either halts the query or passes it on to MySQL proper. Then it returns the query results to the calling application. Currently only MySQL database is...
Improving Security with URL Rewriting
"Most web application security experts frown on the practice of passing session or authentication tokens in a URL through the use of URL rewriting. Usually these tokens are passed between the server and the browser through HTTP cookies, but in cases where users configure their browsers to not accept cookies, this is...
Electricity Grid in U.S. Penetrated By Spies
"Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical...
XSS (Cross Site Scripting) Prevention Cheat Sheet
"This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. These rules apply to all the different varieties of XSS. Both reflected and stored XSS can...
Blackhat 2006 RSS Security Talk Video Available
In 2006 I gave a talk on hacking RSS feeds, and feed readers. I stumbled upon the video for blackhat 2006 by accident the other day and thought it was worth posting. Video: http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V36-Auger_and_Sima-0day_subscriptions.mp4 Slides: http://www.cgisecurity.com/papers/RSS-Security.ppt Paper: http://www.cgisecurity.com/papers/HackingFeeds.pdf
Netcraft confirms lynx growing in popularity due to browser security flaws
Netcraft firms that Lynx is gaining popularity due to the increase in browser security bugs. "Netcraft has observed a surge in popularity of the Lynx browser, particularly since the recent Pwn2Own competition, which was held at the CanSecWest conference in Vancouver last month. During the course of the competition, security researchers once...
Metasploit shut down by FBI and DHS
After viewing the metasploit site this morning it appears the FBI and DHS has shut it down. According to sources HD Moore is on the run somewhere in Mexico.
Announcing month of new security buzzwords
In the tradition of Month of Bugs we're pleased to announce the month of security buzzwords, complete with abbreviations. #1 Remote Command Injection (RCI) #2 Remote Filestream Inclusion (RFSI) #3 Cam Jacking (CJ) #4 Cross-Port Request Forgery (XPRF) #5 Cross-Site Fixation (XSF) #6 HTTP Gerbiling (HTTP-Gerbil) #7 Host Request Splitting (HRS) #8...
New cert program for Application Security Specialists
A new certification program has just been launched, and is brought to you by the same people who brought us ScanLessPCI "The Institute is the industry's leading authority for Certified ASS's. Our curriculum complies with the highest industry standards while still reflecting the operational realities of securing applications in the modern enterprise....