I'm heading out later today for my yearly Blackhat/Defcon trip and looking to attend the following blackhat talks as of now. Day 1 Veiled - A Browser Based Darknet Practical Windows XP/2003 Heap Exploitation Fighting Russian Cybercrime Mobsters More Tricks for Defeating SSL Enterprise Java Rootkits The Language of Trust State of...
One In Two Security Pros Unhappy In Their Jobs?
Darkreading posted the following article on a infosec job survey that I found highly intriguing. "Kushner and Murray say they were surprised by security's high number of unhappy campers -- 52 percent of the around 900 security pros who participated in the survey are less than satisfied with their current jobs. Only...
Hacking Short CSRF Tokens using CSS History Hack
Securethoughts has posted an entry on combining CSS history theft hacking to brute force short CSRF tokens and has created a POC demonstrating it. While not fast this is certainly achievable (assuming the token is still valid/hasn't expired once identified) on short CSRF token values, and has the advantage in that it...
Nmap 5.00 Released
"Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this. Considering all the changes, we...
Threat Classification v2 and the need for change
As I recently posted the WASC Threat Classification v2 is currently in a public working state and there's been a buzz on the mailing lists about it compared to other related projects. Vishal Garg posed a question I was expecting for awhile which is why does the TCv2 look so much different...
Microsoft Security Bulletin Summary for July 2009
It is Microsoft patch Tuesday and the following issues have been addressed. MS09-029 Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An...
Firefox 3.5 0Day published
"The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of...
Static Analysis Tools and the SDL (Part Two)
"Hi, Bryan here. Michael wrote last week on static analysis for native C/C++ code, and this week I’ll be following up by covering the tools we use for managed static analysis. The SDL requires teams writing managed code to use two static analysis tools: FxCop and CAT.NET. Both of these tools are...
Static Analysis Tools and the SDL (Part One)
"This is part one of a two part series of posts by myself and Bryan Sullivan; I will cover the static analysis tools we use at Microsoft (and make available publicly) for analyzing unmanaged (ie; Native) C and C++ code, and Bryan will cover managed code static analysis in a later post....
Antisec hackers replace all imageshack images!
The hacking group/movement antisec has replaced every image on imageshack with a hacked image and has posted the following to the full disclosure mailing list. " __ .__ _____ _____/ |_|__| ______ ____ ____ \__ \ / \ __\ | ______ / ___// __ \_/ ___\ / __ \| | \ |...
Months later, more products identified using exploitable transparent proxy architecture
It's been more than 3 months since I published my paper on abusing transparent proxies with flash, and 4 months since CERT's Advisory (VU#435052). Since that time additional products have been identified as being exploitable. Still Vulnerable Squid http://www.squid-cache.org/ Astaro http://www.astaro.org/astaro-gateway-products/web-security-http-https-ftp-im-p2p-web-filtering-antivirus/24916-socket-capable-browser-plugins-result-transparent-proxy-abuse.html QBik Wingate http://www.securityspace.com/smysecure/catid.html?ctype=cve&id=CVE-2009-0802 Tiny Proxy? https://packetprotector.org/forum/viewtopic.php?id=4018 Smoothwall, SchoolGuardian, and NetworkGuardian http://www.kb.cert.org/vuls/id/MAPG-7M6SM7...
C0mrade's Suicide Linked to TJX Probe
“I have no faith in the ‘justice’ system,” he wrote. ” Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.” The note was provided to Wired.com this week...
New OpenSSH Flaw Likely a Hoax?
"A claim of a software vulnerability in a program used to connect securely to servers across the Internet is likely a hoax, according to an analyst with the SANS Internet Storm Center. The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red...
Hacker Extradited For Stock Market Manipulation Via Stolen Accounts
"The three were charged two years ago for a 2006 scheme in which they allegedly hacked into online brokerages or created new accounts using stolen identities, then bought and sold stocks in order to manipulate prices to their benefit. They hacked into more than 60 accounts in nine brokerage firms, including ETrade...
WASC Threat Classification 2.0 Sneak Peek
Here is a sneak peek at the WASC Threat Classification v2.0. We've been working on this for more than a year and it's been a very challenging, educational experience to say the least. Sections that are gray are currently in peer review and are not completed. Mission statement "The Threat Classification v2.0...
Fuzzware 1.5 released
"Fuzzware is tool for pen-testers and software security testers that is designed to simplify the fuzzing process, while maximising the fuzzing quality and effectiveness. Fuzzware is adaptable to various testing scenarios (e.g. file fuzzing, Web Services fuzzing, etc), gives you fine grain control over the fuzzing techniques used and ensures any interesting...
Social Security Numbers Can Be Extrapolated From Public Data
"For years, government officials have urged consumers to protect their social security numbers by giving out the nine-digit codes only when absolutely necessary. Now it turns out that all the caution in the world may not be enough: New research shows that social security numbers can be predicted from publicly available birth...
New Attack on AES
A new attack has been discovered against AES. "Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the rst key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class...
Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers
"A former security guard for a Dallas hospital has been arrested by federal authorities for allegedly breaking into the facility's HVAC and confidential patient information computer systems. In a bizarre twist, he posted videos of his hacks on YouTube, and was trying to recruit other hackers to help him wage a massive...
Three Web Application Firewall Advisories, Whitepaper Published
Michael Kirchner and Wolfgang Neudorfer have published 3 advisories in various Web Application Firewall products. Artofdefence Hyperguard Web Application Firewal (Remote Denial of Service) http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt phion airlock Web Application Firewall (Remote Denial of Service via Management Interface (unauthenticated) and Command Execution) http://www.h4ck1nb3rg.at/wafs/advisory_phion_airlock_200907.txt radware AppWall Web Application Firewall (Source code disclosure on management...