-
MS08-067 Worm on the Loose
Dshield has published a report of a new MS08-067 worm spreading. "It does various things to install and hide itself on the infected computer. It removes any System Restore points that the user has set and disables the Windows Update Service. It looks for ADMIN$ shares on the local network and tries to brute force…
-
Thunderbird 2.0.0.19 Released With Security Fixes
MFSA 2008-60 – Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) MFSA 2008-61 Information stealing via loadBindingDocument MFSA 2008-64 XMLHttpRequest 302 response disclosure MFSA 2008-65 Cross-domain data theft via script redirect error message| MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-67 Escaped null characters ignored…
-
MD5 considered harmful today: Creating a rogue CA certificate
UPDATE: I’ve added a link to the presentation slides and some other sites providing coverage of this. The following paper was published today at the CCC conference by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. “We have identified a vulnerability in the Internet Public Key…
-
Scammers Use Microsoft and IRS Open Redirects To Deploy Malware
"There is a new technique for luring unsuspecting users into installing viruses on their systems. Criminals will use a combination of Search Engine Optimization (SEO) techniques and common redirects that can be found on Microsoft.com and the IRS.gov websites. Here is how it works. When users are on the IRS website and click on an…
-
Zero-Day SQL Server Flaw Could Allow Remote Code Execution
"Microsoft is warning users of a zero-day vulnerability discovered in SQL Server, and that exploits of the flaw have already been published. The software giant yesterday issued a security advisory outlining a flaw that could allow remote code execution on many versions of SQL Server. The company has not had time to develop a patch,…
-
MS08-078 and the SDL
Michael Howard from Microsoft has posted information on the recent IE bug and why Microsoft's SDL failed to discover it. "Every bug is an opportunity to learn, and the security update that fixed the data binding bug that affected Internet Explorer users is no exception. The Common Vulnerabilities and Exposures (CVE) entry for this bug…
-
Thousands of legitimate sites SQL injected to serve IE exploit
"Once again confirming the trend of having more legitimate sites serving exploits and malware than purely malicious ones, Chinese hackers have been keeping themselves busy during the last couple of days, launching massive SQL injection attacks affecting over 100,000 web sites. The SQL injection attacks serving the just patched Internet Explorer XML parsing exploit, are…
-
Microsoft issues emergency patch for IE
"Microsoft will push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild. Redmond issued advanced notice for tomorrow's fix, describing the out-of-cycle patch as protection from "remote code execution." Unscheduled updates are pretty rare for Microsoft, stressing the potentially serious nature of the…
-
FireFox 3.0.5 fixes three critical security flaws
"Mozilla has rushed out updates to plug a few critical holes in versions 2 and 3 of its popular open source Firefox browser. Firefox 3.0.5 fixes three critical security flaws in the browser, while 2.0.0.19 stitches four critical vulns. Mozilla said that XSS vulnerabilities in SessionStore, XSS and so-called JavaScript “privilege escalation” and crashes that…
-
SUN Fixes GIFARs
"Last week, Sun released a patch for a vulnerability I reported to them. The patch I’m talking about fixes the “GIFAR” issue. I was unable to speak on the issue at Black Hat (for various reasons), but Nate McFeters did a great job of presenting the concept of GIFARs at Black Hat USA along with…
-
Unicode attacks and test cases: IDN and IRI display, normalization and anti-spoofing
"Internationalized Resource Identifiers (IRI’s) are a new take on the old URI (Uniform Resource Identifier), which through RFC 3986 restricted domain names to a subset of ASCII characters – mainly lower and upper case letters, numbers, and some punctuation. IRI’s were forecasted many years ago by Martin Dürst and Michel Suignard, and formalized in RFC…
-
Opera releases update for ‘extremely severe’ vulns
"Opera pushed out an update to its popular web browser on Tuesday that fixes vulnerabilities it described as "extremely severe". The update fixes seven security bugs, some of which were previously known. Version 9.63 of the browser addresses separate code injection risks stemming from flaws in HTML parsing and text inputing, respectively. A critical bug…
-
Google Chrome Receives Lowest Password Security Score
"Google's new web browser may be fast and slim, but the password management features it offers are full of bugs. Chapin Information Services (CIS) reported critical vulnerabilities in this software during its beta period, all of which were unfixed at release time. Among the problems are three in particular that, when combined, allow password thieves…
-
Microsoft publishes uber patch to address 28 vulnerabilities
"Microsoft Corp. today patched 28 vulnerabilities, nearly all of them marked "critical," in the biggest batch of fixes it has issued since it switched to a regular monthly update schedule more than five years ago. Of the 28 bugs quashed today, Microsoft ranked 23 of them critical, the top rating in its four-step scoring system.…
-
Spring Framework vulnerabilities
Michelle let us know about the following story on techtarget "A recent security assessment of an application by Ounce Labs has resulted in the discovery of two vulnerabilities that can affect Java Web applications that use the Spring Framework. Spring has been downloaded more than 5 million times to date, which means the security vulnerabilities…
-
DNS Vulnerability Leaked By Matasano Security After Being Asked Not To By Vulnerability Discoverer
"Two weeks ago, when security researcher Dan Kaminsky announced a devastating flaw in the internet's address lookup system, he took the unusual step of admonishing his peers not to publicly speculate on the specifics. The concern, he said, was that online discussions about how the vulnerability worked could teach black hat hackers how to exploit…
-
Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
"This paper draws attention to how the use of common programming APIs and practices could lead to flaws in the processing of numeric data, which could in-turn allow attackers to manipulate the outcome of transactions or otherwise interfere with the accuracy of calculations. It discusses the technical vulnerabilities typically observed in both the validation and…
-
Fallout From the Fall of CAPTCHAs
"CAPTCHA went from relatively obscure security measure perfected in 2000 by researchers at Carnegie Mellon University to deployment by most of the major Web e-mail sites and many other Web sites by 2007. Sites such as Yahoo Mail, Google's Gmail and Microsoft's Hotmail all used — and, for that matter, continue to use — CAPTCHA…
-
Widescale DNS flaw discovered
A pretty nasty DNS vulnerability has been discovered in 81 products by Dan Kaminsky. This vulnerability type seems to be the same described by Amit Klein and involves abusing the PRNG involved in transactions on DNS queries. Long story short if you run a vulnerable caching DNS server you can have your cache poisoned. From…
-
Firefox 2.0.0.15 Addresses Multiple Security Issues
Firefox 2.0.0.15 was released addressing the following security issues. MFSA 2008-33 Crash and remote code execution in block reflow MFSA 2008-32 Remote site run as local file via Windows URL shortcut MFSA 2008-31 Peer-trusted certs can use alt names to spoof MFSA 2008-30 File location URL in directory listings not escaped properly MFSA 2008-29 Faulty…
-
Ruby creators warn of serious flaws
"The Ruby programming language, which has become popular as the basis for web 2.0 sites such as Twitter, contains serious security flaws that could allow attackers to take over an organization's web server, according to the Ruby development team. The "disturbing" flaws, which were disclosed on Friday, could affect nearly any typical Ruby-based web application,…
-
Microsoft Patch Tuesday: Microsoft releases four critical patches
"Microsoft has issued seven patches addressing 10 vulnerabilities, including four rated 'critical' as part of this months patching cycle. The critical patches apply to its Windows operating system (OS), Internet Explorer (IE) and, unusually, a Bluetooth component. The Bluetooth patch, MS09-030, targets a third-party ActiveX control that comes bundled with Logitech hardware, including its mice…
-
Whitepaper: DoS Attacks Using SQl Wildcards
Ferruh Mavituna has just published a whitepaper titled "DoS Attacks Using SQL Wildcards" where he discusses CPU utilization based dos against SQL Server where user data is thrown into sql statements. That is all. Whitepaper Link: http://www.portcullis-security.com/uplds/wildcard_attacks.pdf
-
Apache Debates the Apache UTF-7 XSS
There is a great debate on the bugtraq mailing list regarding the apache utf7 xss issue. In this debate William Rowe (Apache) discusses why the Apache utf7 vulnerability is in fact not a vulnerability in Apache but in Internet Explorer for not following specifications properly. William first posted to bugtraq http://seclists.org/bugtraq/2008/May/0166.html with the following "Internet…
-
IIS Vulnerability Documented by Microsoft – Includes Workarounds
SANS reports "Microsoft has just put out an advisory for a privilege escalation vulnerability in Windows that affects IIS and potential SQL server (951306). Basically, authenticated users can use this vulnerability to become LocalSystem. This is probably more of a problem for shared hosting environments were clients could upload malicious code to the webserver and…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack