-
Practical Example of csSQLi Using (Google) Gears Via XSS
"Yesterday, at the Blackhat DC security conference, I spoke about the dangers of persistent web browser storage. Part of the talk focused on how emerging web browser storage solutions such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification, could be attacked on sites with existing cross-site…
-
Bot Busts Newest Hotmail CAPTCHA
"The botnet, or collection of compromised PCs, can decipher Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) registration safeguard in about 20 seconds, said Websense Inc. security researcher Sumeet Prasad. CAPTCHA is the term for the distorted characters that many Web sites, such as e-mail services and blogs, use…
-
MS09-002 exploit in the wild
Sans is reporting the MS09-002 exploit is in the wild. "Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this – the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP machine. Initially there…
-
Top-10 Vulnerability Discoverers of All Time (as well as 2008)
"Who discovers the most security vulnerabilities? That’s one of the more frequent questions I’ve encountered over the past few years. Funnily enough there’s usually a high correlation between the timing of my being asked and the latest marketing blitzkrieg customers may have encountered (not from IBM of course). It seems that every major (and not-so-major)…
-
Defacement archive Zone-h gets defaced
"Defacement archive Zone-h.org has itself been defaced. The hack – claimed in the names of Cyber-Terrorist, HeLL cYbEr, and Jurm – involved posting a link to a YouTube video and dancing babies on the site's altered home page. The Arab language video, featuring an ad promoting nappies, replaced the site's usual content of information security…
-
Security assessment of the Transmission Control Protocol (TCP)
The following email was sent to Full Disclosure today. I haven't had a chance to read this monster 140 document yet but it sure sounds interesting. "The TCP/IP protocol suite was conceived in an environment that was quitedifferent from the hostile environment they currently operate in.However, the effectiveness of the protocols led to their early…
-
F-Secure Hacked Via XSS, SQL injection
"A Romanian hacker site said on Wednesday it was able to breach the website of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week. F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately,…
-
Popular Security Website Hit By Big DDoS Attack
"Several renowned white-hat hacker security sites have been hit during the past few days with a distributed denial-of-service attack (DDoS). Immunity, Milw0rm, and Packet Storm were in the clear as of this posting, but attackers were still hammering away at Metasploit. The attackers behind the DDoS — which began on Feb. 6 and continued through…
-
Microsoft Security Bulletin MS09-002
"Microsoft published four patches on Tuesday to close serious vulnerabilities in its Internet Explorer browser, Exchange e-mail server and Microsoft SQL server. The fixes, which were released on Microsoft's regular monthly schedule, close two Critical vulnerabilities in Internet Explorer 7 running on Windows XP that could allow a malicious Web site the ability to run…
-
Application Security Vendors Need Help With Reporting
I've been reading web application vulnerability reports from tools and services for 6-7 years and found that 99% of these reports are geared towards security engineers or system administrators. Many of the reports I see focus on The type of flaw and what it its impact is The URL affected Links to references and additional…
-
Firefox 3.0.6 Released To Address Multiple Security Issues
Fixed in Firefox 3.0.6 MFSA 2009-06 Directives to not cache pages ignored MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04 Chrome privilege escalation via local .desktop files MFSA 2009-03 Local file stealing with SessionStore MFSA 2009-02 XSS using a chrome XBL method and window.eval MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6) Additional…
-
Attacker flaunts details of phpBB hack
"In a post on Blogger on Saturday, a person who claims to have breached the Web site of open-source online community software phpBB gave a detailed account of how he did it. Using a vulnerability in PHPlist publicly disclosed on January 14, the attacker gained access to the password and configuration files for the server,…
-
PHPBB Server Compromised, Team Apologies
"We took area51.phpBB.com down along with phpBB.com to ensure integrity and prevent further damage. While we actively work to bring phpBB.com back online, we would also like to inform you of the damage that has been done. The attacker gained entry through the PHPList application and was able to dump a complete backup of the…
-
Black hats poison Google video search
"Instead of video clips, researchers at Trend Micro discovered that around 400,000 queries returning malicious results that lead to a single redirection point, which leads onto an array of maliciously constructed websites designed to load malware onto vulnerable Windows PCs. The strain of malware spread using the attack – named as AQPlay-A by Trend Micro…
-
Calling all Researchers! Send in the Top Web Hacking for 2008
Jeremiah Grossman is looking to compile a list of top web hacking for 2008. "It's time once again to create the Top Ten Web Hacking Techniques of the past year. Every year Web security produces a plethora of new and extremely clever hacking techniques (loosely defined, not specific incidents), many of which are published in…
-
‘Human error’ shuts down Google
"THE world’s biggest internet search engine temporarily shut down today, leaving hundreds of millions of surfers stranded in cyberspace. Google broke down for forty minutes this afternoon, paralysing everything from internet-dating to people checking out the latest news. Anyone searching for a site using Google was blocked with the warning: “This site may harm your…
-
Microsoft Open Sources Web Sandbox
Sacha Writes "Microsoft has announced plans to release the code of its Web Sandbox project under the open source Apache Software License. The Web Sandbox project aims to mitigate some of the security risks that are associated with building Web mashups that mix in untrusted content from third-party sources. The task of isolating untrusted code…
-
DEC ‘hacker’ questions McKinnon political bandwagon
" Boris Johnson's outspoken defence of Gary McKinnon in his extradition fight has been criticised by a former security consultant, who complains he was denied such support when he himself was charged with hacking offences. Daniel Cuthbert was convicted in October 2005 of breaking the Computer Misuse Act by "hacking" into a tsunami appeal website…
-
IT admin plotted to erase Fannie Mae Data
"A fired computer engineer for Fannie Mae has been arrested and charged with planting a malicious software script designed to permanently destroy millions of dollars worth of data from all 4,000 servers operated by the mortgage giant. Rajendrasinh Babubahai Makwana, 35, of Virginia, concealed the Unix script on Fannie Mae's main administrative server on October…
-
Heartland Sniffer Hid In Unallocated Portion Of Disk
"The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators brought in to…
-
Microsoft Fixes Clickjacking in IE8?
"Microsoft has introduced a release client version of its latest browser, Internet Explorer 8 (IE8), and the new iteration of the application includes several security improvements, including a noteworthy attempt to address the emerging problem of clickjacking attacks. For those who don't recall, clickjacking is a relatively new technique — first detailed in mid-2008 by…
-
Isreali Government Utilized SEO To Control Criticism
"In what may prove to be one of the ways global conflicts are fought in the 21st century, Israel used search engine optimization (SEO) to halt the online backlash it was receiving during the recent conflict in Gaza. As well as some search engine optimization work (SEO) done by a Texas company for the Israeli…
-
BOFH-loving botmaster wants life as security consultant
"An American security consultant who stole hundreds of thousands of online bank passwords by employing a massive botnet that he often administered from work deserves at least five years in prison, prosecutors have told a federal judge. The request for a minimum 60-month sentence, followed by five years of supervised release, came in the case…
-
OWASP interviews Gary McGraw
Gary posted the following to the SC-L list today. "hi sc-l, OWASP just posted an interview with me as part of their budding podcast series. It's nice to have the tables turned after doing all the Silver Bullet (and Reality Check) interviews! It's also nice to be able to answer some of the questions that…
-
Monster.com: yet another breach
Monster.com has recently experienced yet another breach. "As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack