-
Seven Must-Have Firefox Security Add-Ons
"Ensuring that the browser is up to date can help minimize security risks, but perhaps the most interesting feature of Firefox from a security perspective is the possibility of enhancing the browser's security with the addition of browser extensions or add-ons. Of course any add-ons risks adding new vulnerabilities, but if they protect against known…
-
Google Blackhat SEO Hack
"Today’s aggressive and spooky abuse of trusted giants reveals just how sophisticated and manipulative these guys have become. By following Google Trends, and with some sharp SEO skills to take advantage of Google’s famed real-time indexing, Scammers are directly targeting Google’s search results, trusted by as many as 70 percent of Internet searchers. McAfee researcher…
-
Gary McKinnon set to face extradition after Crown Prosecution Service ruling
"Hacker Gary McKinnon is set to face extradition to the US following a Crown Prosecution Service ruling. The service has refused to bring charges against him after a decision found that there was sufficient evidence to prosecute him, the evidence is not reflected in the criminality that is alleged by the American authorities. McKinnon was…
-
Fuzzing for Fun and Profit
"Many different resources define fuzzing many different ways. I believe this definition is more suiting than most: "Fuzzing is targeting input and delivering data that is handled by a target with the intent of identifying bugs." Fuzzing can occur theoretically where ever input is possible. There are two kinds of fuzzing: "dumb" and "smart". Dumb…
-
Apple goes public with security in Safari 4
"Apple announced on Tuesday the public availability of its next browser, Safari 4, seemingly adding a host of new security features to the program along with speedier Javascript processing and additional eye candy, such as cover flow. The security features are not new, however. The company quietly added anti-malware and phishing protection, as well as…
-
Protect Your Site With URL Rewriting
Bryan Sullivan over at Microsoft has published a lengthy article on the advantages of URL writing to prevent certain types of attacks. "Tim Berners-Lee once famously wrote that "cool URIs don't change." His opinion was that broken hyperlinks erode user confidence in an application and that URIs should be designed in such a way that…
-
CERT Advisory VU#435052: An Architectural Flaw Involving Transparent Proxies
For the past year in my spare time I've been researching a flaw involving transparent proxies and today CERT has published an advisory for this issue. If you have a vulnerable proxy on your intranet NOW is the time to patch (details of affected vendors in the cert advisory). QBIK New Zealand SmoothWall Squid Ziproxy…
-
The Multi-Principal OS Construction of the Gazelle Web Browser
I was reading slashdot and saw that Microsoft has released a paper outlining a new secure browser architecture. From the abstract "Web browsers originated as applications that people used to view static web sites sequentially. Asweb sites evolved into dynamic web applications composing content from various web sites, browsershave become multi-principal operating environments with resources…
-
Practical Example of csSQLi Using (Google) Gears Via XSS
"Yesterday, at the Blackhat DC security conference, I spoke about the dangers of persistent web browser storage. Part of the talk focused on how emerging web browser storage solutions such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification, could be attacked on sites with existing cross-site…
-
Bot Busts Newest Hotmail CAPTCHA
"The botnet, or collection of compromised PCs, can decipher Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) registration safeguard in about 20 seconds, said Websense Inc. security researcher Sumeet Prasad. CAPTCHA is the term for the distorted characters that many Web sites, such as e-mail services and blogs, use…
-
Wikileaks Accidentially Leaks Its Donor List
"What's Wikileaks, the net's foremost document leaking site, supposed to do when a whistle-blower submits a list of email addresses belonging to the site's confidential donors as a leaked document? That's exactly the conundrum Wikileaks faced this week after someone from the controversial whistle-blowing site sent an emergency fund-raising appeal on Saturday to previous donors.…
-
MS09-002 exploit in the wild
Sans is reporting the MS09-002 exploit is in the wild. "Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this – the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP machine. Initially there…
-
Top-10 Vulnerability Discoverers of All Time (as well as 2008)
"Who discovers the most security vulnerabilities? That’s one of the more frequent questions I’ve encountered over the past few years. Funnily enough there’s usually a high correlation between the timing of my being asked and the latest marketing blitzkrieg customers may have encountered (not from IBM of course). It seems that every major (and not-so-major)…
-
Defacement archive Zone-h gets defaced
"Defacement archive Zone-h.org has itself been defaced. The hack – claimed in the names of Cyber-Terrorist, HeLL cYbEr, and Jurm – involved posting a link to a YouTube video and dancing babies on the site's altered home page. The Arab language video, featuring an ad promoting nappies, replaced the site's usual content of information security…
-
Security assessment of the Transmission Control Protocol (TCP)
The following email was sent to Full Disclosure today. I haven't had a chance to read this monster 140 document yet but it sure sounds interesting. "The TCP/IP protocol suite was conceived in an environment that was quitedifferent from the hostile environment they currently operate in.However, the effectiveness of the protocols led to their early…
-
F-Secure Hacked Via XSS, SQL injection
"A Romanian hacker site said on Wednesday it was able to breach the website of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week. F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately,…
-
SQL Injection in ProFTPd
Just a friendly reminder that SQL Injection is not limited to web applications. Link http://isc.sans.org/diary.html?storyid=5845
-
Popular Security Website Hit By Big DDoS Attack
"Several renowned white-hat hacker security sites have been hit during the past few days with a distributed denial-of-service attack (DDoS). Immunity, Milw0rm, and Packet Storm were in the clear as of this posting, but attackers were still hammering away at Metasploit. The attackers behind the DDoS — which began on Feb. 6 and continued through…
-
Putting Vulnerabilities in Perspective
"AppSec Notes complains that Netflix has not fixed all of their CSRF vulnerabilities. You can no longer access account information, billing information, change shipping address, or anything of value, but you can still add movies to someone’s queue. This apparently still bothers the author who has a note of annoyance that Netflix hasn’t completely fixed…
-
Microsoft Security Bulletin MS09-002
"Microsoft published four patches on Tuesday to close serious vulnerabilities in its Internet Explorer browser, Exchange e-mail server and Microsoft SQL server. The fixes, which were released on Microsoft's regular monthly schedule, close two Critical vulnerabilities in Internet Explorer 7 running on Windows XP that could allow a malicious Web site the ability to run…
-
Application Security Vendors Need Help With Reporting
I've been reading web application vulnerability reports from tools and services for 6-7 years and found that 99% of these reports are geared towards security engineers or system administrators. Many of the reports I see focus on The type of flaw and what it its impact is The URL affected Links to references and additional…
-
Security Vendor Kasperky Hacked Via SQL Injection
A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims. In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a database containing "users,…
-
PHP filesystem attack vectors
ascii writes "On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some time before that was a new attack vector for filesystem functions (fopen, (include|require)[_once]?, file_(put|get)_contents, etc) for the PHP language. It was a path normalization issue and I asked them to keep it “secret” [4], this was a…
-
Revising netflix’s CSRF
Dave Ferguson writes "Back in 2006, I put out some findings about CSRF on Netflix's web site. I thought people might be interested to know that I revisited the issue recently and was shocked to find Netflixstill hasn't fixed all their CSRF issues, at least when it comes to movie queues. You can read more…
-
Firefox 3.0.6 Released To Address Multiple Security Issues
Fixed in Firefox 3.0.6 MFSA 2009-06 Directives to not cache pages ignored MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04 Chrome privilege escalation via local .desktop files MFSA 2009-03 Local file stealing with SessionStore MFSA 2009-02 XSS using a chrome XBL method and window.eval MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6) Additional…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack