-
Firefox 3.5 0Day published
"The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of the problem is…
-
Static Analysis Tools and the SDL (Part Two)
"Hi, Bryan here. Michael wrote last week on static analysis for native C/C++ code, and this week I’ll be following up by covering the tools we use for managed static analysis. The SDL requires teams writing managed code to use two static analysis tools: FxCop and CAT.NET. Both of these tools are freely available to…
-
Static Analysis Tools and the SDL (Part One)
"This is part one of a two part series of posts by myself and Bryan Sullivan; I will cover the static analysis tools we use at Microsoft (and make available publicly) for analyzing unmanaged (ie; Native) C and C++ code, and Bryan will cover managed code static analysis in a later post. I’m a huge…
-
Antisec hackers replace all imageshack images!
The hacking group/movement antisec has replaced every image on imageshack with a hacked image and has posted the following to the full disclosure mailing list. " __ .__ _____ _____/ |_|__| ______ ____ ____ \__ \ / \ __\ | ______ / ___// __ \_/ ___\ / __ \| | \ …
-
Months later, more products identified using exploitable transparent proxy architecture
It's been more than 3 months since I published my paper on abusing transparent proxies with flash, and 4 months since CERT's Advisory (VU#435052). Since that time additional products have been identified as being exploitable. Still Vulnerable Squid http://www.squid-cache.org/ Astaro http://www.astaro.org/astaro-gateway-products/web-security-http-https-ftp-im-p2p-web-filtering-antivirus/24916-socket-capable-browser-plugins-result-transparent-proxy-abuse.html QBik Wingate http://www.securityspace.com/smysecure/catid.html?ctype=cve&id=CVE-2009-0802 Tiny Proxy? https://packetprotector.org/forum/viewtopic.php?id=4018 Smoothwall, SchoolGuardian, and NetworkGuardian http://www.kb.cert.org/vuls/id/MAPG-7M6SM7 Products with fixes…
-
C0mrade’s Suicide Linked to TJX Probe
“I have no faith in the ‘justice’ system,” he wrote. ” Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.” The note was provided to Wired.com this week by James’ father,…
-
New OpenSSH Flaw Likely a Hoax?
"A claim of a software vulnerability in a program used to connect securely to servers across the Internet is likely a hoax, according to an analyst with the SANS Internet Storm Center. The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple…
-
Hacker Extradited For Stock Market Manipulation Via Stolen Accounts
"The three were charged two years ago for a 2006 scheme in which they allegedly hacked into online brokerages or created new accounts using stolen identities, then bought and sold stocks in order to manipulate prices to their benefit. They hacked into more than 60 accounts in nine brokerage firms, including ETrade and TD Ameritrade,…
-
WASC Threat Classification 2.0 Sneak Peek
Here is a sneak peek at the WASC Threat Classification v2.0. We’ve been working on this for more than a year and it’s been a very challenging, educational experience to say the least. Sections that are gray are currently in peer review and are not completed. Mission statement “The Threat Classification v2.0 outlines the attacks…
-
Social Security Numbers Can Be Extrapolated From Public Data
"For years, government officials have urged consumers to protect their social security numbers by giving out the nine-digit codes only when absolutely necessary. Now it turns out that all the caution in the world may not be enough: New research shows that social security numbers can be predicted from publicly available birth information with a…
-
New Attack on AES
A new attack has been discovered against AES. "Abstract. In this paper we present two related-key attacks on the fullAES. For AES-256 we show the rst key recovery attack that worksfor all the keys and has complexity 2119, while the recent attack byBiryukov-Khovratovich-Nikolic works for a weak key class and has highercomplexity. The second attack…
-
Security Guard Busted For Hacking Hospital’s HVAC, Patient Information Computers
"A former security guard for a Dallas hospital has been arrested by federal authorities for allegedly breaking into the facility's HVAC and confidential patient information computer systems. In a bizarre twist, he posted videos of his hacks on YouTube, and was trying to recruit other hackers to help him wage a massive DDoS attack on…
-
Three Web Application Firewall Advisories, Whitepaper Published
Michael Kirchner and Wolfgang Neudorfer have published 3 advisories in various Web Application Firewall products. Artofdefence Hyperguard Web Application Firewal (Remote Denial of Service)http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt phion airlock Web Application Firewall (Remote Denial of Service via Management Interface (unauthenticated) and Command Execution) http://www.h4ck1nb3rg.at/wafs/advisory_phion_airlock_200907.txt radware AppWall Web Application Firewall (Source code disclosure on management interface)http://www.h4ck1nb3rg.at/wafs/advisory_radware_appwall_200907.txt They have also…
-
Researcher barred for demoing ATM security vuln
"A talk demonstrating security weaknesses in a widely used automatic teller machine has been pulled from next month's Black Hat conference after the machine vendor placed pressure on the speaker's employer. Juniper Networks, a provider of network devices and security services, said it delayed the talk by its employee Barnaby Jack at the request of…
-
Masked passwords must go?
"Websites should stop masking passwords as users type because it does not improve security and makes websites harder to use, according to two of the technology world's leading thinkers. Usability expert Jakob Nielsen and security expert Bruce Schneier both think websites should stop blanking out passwords as users type them in. They say the practice…
-
Blind Hacker Sentenced to 11 Years in Prison
"A legally blind Massachusetts phone hacker was sentenced Friday to over 11 years in federal prison, following his guilty plea on computer intrusion and witness intimidation charges earlier this year. Matthew Weigman, 19, was sentenced in Dallas by U.S. District Judge Barbara M.G. Lynn, according to the U.S. Attorney’s Office there. There is no parole…
-
Max Vision Pleads Guilty To Wire Fraud/Carding
"A San Francisco man pleaded guilty today in Pittsburgh this afternoon to federal charges of hacking into computer systems of financial institutions and other hackers to steal nearly 2 million credit card numbers, which were used to rack up more than $86 million in fraudulent charges. Max Ray Vision, formerly Max Ray Butler, pleaded guilty…
-
FTP login credentials at major corporations breached
"A trojan has reportedly been uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee. According to a report in the Friday edition of The Register, Jacques Erasmus, CTO at Prevx, an internet security vendor headquartered in the U.K., discovered a site where…
-
Article: The Problem of “Too Many Problems”
Rafal has a good post on the challenges security folks/sdl folks have when presenting their findings to business folks. "The presentation the next day kicked off as expected… we presented our executive summary, the methodology of our product validation and moved on to the specific findings. In this case, since there was so much wrong…
-
Google Chrome Fixes Buffer Overflow Vulnerability
"Google Chrome 2.0.172.33 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs. CVE-2009-2121: Buffer overflow processing HTTP responsesGoogle Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly…
-
Iran accuses CNN of training hackers to launch DDOS attacks
"Iran's foreign ministry spokesman accused the cable network CNN of "officially" training people to "hack government and foreign ministry" websites on Monday, citing a CNN.com article that explained how hackers were launching distributed denial-of-service (DDOS) attacks on Iranian government sites. "They officially trained the people to come and hack Iran's government websites," spokesman Hassan Qashqavi…
-
Browser Security: Lessons from Google Chrome
An article on security in Google's Chrome browser has been published. "The Web has become one of the primary ways people interact with their computers, connecting people with a diverse landscape of content, services, and applications. Users can find new and interesting content on the Web easily, but this presents a security challenge: malicious Web-site…
-
Stephen Watt/JimJones/Unix Terrorist to be Sentenced Monday
Original Photo (c) from sensepost, butchered by cgisecurity Watt (also known as Unix Terrorist and JimJones) pictured far right during a Defcon talk (video available). “Watt, a 7-foot-tall software engineer who was working for Morgan Stanley at the time the hacks occurred, pleaded guilty in December to creating a sniffing program dubbed “blabla” that Gonzalez…
-
Hacker cracks TinyURL rival, redirects millions of Twitter users
"A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today. After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than 2.2 million Web addresses…
-
Article: ‘Setting the appropriate security defect handling expectations in development and QA
I have just published the following article on handling application security defects (vulnerabilities) in development and QA. "If you've worked in information security you've likely had to report a security defect to development in an effort to remediate the issue. Depending on your organization and its culture this can be a rather difficult task. As…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack