Events Related:
- SIGINT10 recordings available – events.ccc.de
These videos are also available for online viewing in your web browser in our media archive.
Resources:
- Book Review: Revised Edition of Dissecting the Hack – The F0rb1dd3n Network – mcgrewsecurity.com
On July 15th, a revised edition was released, and I requested a review copy so that I could see what had changed, and provide this new review. - Guide to Adopting and Using the SCAP Version 1.0 released by NIST – @ToolsWatch
- New Twitter Video Available – paloaltonetworks.com
For instance, we will cover that the “teenage” perception of Twitter is largely unfounded and why Twitter is a new favorite technology for businesses. - Getting things done – building and improving an application security program – redspin.com
The natural question that results is what should be done. What is the best approach to building or improving an application security program?
Tools:
- XCAMPO – code.google.com/p/xcampo/
This website will help you to generate different payloads to your XSS demos. Use them responsible in your own website or in these where you are allowed to do. - Plugin Highlight – Web Application Tests : Load Estimation (ID 33817) – tenablesecurity.com
While troubleshooting this apparent disparity, I came across a useful plugin that helped me see a little of what was going on in the background. - SSL Testing Tool ssltest.pl – grey-corner.blogspot.com
The reverse proxy I was attempting to test was not correctly responding to or closing SSLv2 and TLSv1 sessions, causing a number of the tools that I commonly use to freeze up. - Yep, they fixed it. – golubev.com
Both cores of ATI 5970 works correctly with Catalyst 10.7. Again. It took just 4 months for ATI to fix it, simply awesome. - GRAUDIT Version 1.7 Released – justanotherhacker.com
The make file currently supports the old style home directory install (make user install), but that is deprecated and will be dropped as ./configure –prefix /home/user/bin –dbdir /home/user/.graudit;make install does the same thing. - Wireshark 1.2.10, 1.0.15, and 1.4.0rc2 Released – wireshark.org
Several user interface bugs have been fixed. Bugs in the GTP, IAX2, OMAPI, PRES, SCSI, SMB, and UNISTIM dissectors have been fixed. - NoScript 2.0 released – sans.edu
The main new feature is protection against the Craig Heffner’s DNS rebinding attack that’s getting some press. - dharmaencoder_v05 – code.google.com/p/dharmaencoder/
DharmaEncoder is a tool that is helpful when you need to perform encoding and decoding functions on various types of data for security testing. - DOMTracer – Firefox Plugin (Trace DOM and JavaScript Calls) just released – @ToolsWatch
- DOMScan – Scanning and Analyzing DOM Just released – @ToolsWatch
- PyLoris – sourceforge.net/projects/pyloris/
PyLoris is a scriptable tool for testing a web server’s vulnerability to Denial of Service (DoS) attacks which supports SOCKS, SSL, and all HTTP request methods. - Websecurify 0.7RC1 – code.google.com/p/websecurify/
Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. - New Release Plan – neopwn.com
There has been an incredible investment of time put into this project on the NeoPwn side of the fence, and there is not an apparent benefit to gain given the lack of development and support shown otherwise.
Techniques:
- al_9x Was Right, My Router is Safe – hackademix.net
Since I couldn’t attend the L.A. conference, I’ve been anxiously in search of something like that to confirm al_9x’s speculative forecast, i.e. that the exploited vulnerability was about routers exposing their administrative interface to the LAN on their WAN IP. - Patching auto-complete vulnerabilities not enough, Cookie Eviction to the rescue – jeremiahgrossman.blogspot.com
What the bad guy would have to do is mass distribute their auto-complete code, like on an advertising network or a series of malware infected pages, obtain their victims personal information (name, email, address, etc.) and cookie them with a ID (i.e. domain = http://whoisthisperson/). - Stealing AutoComplete form data in Internet Explorer 6 & 7 – jeremiahgrossman.blogspot.com
All a malicious website must do is create a text field with a commonly used attribute name, again such as “email,” then dispatch a series of down arrow and enter keystroke events with javascript. - In Firefox we can’t read auto-complete, but we can write to it (a lot)! – jeremiahgrossman.blogspot.com
During my research I tried dozens of different methods attempting to get Firefox to allow an arbitrary website to read the data, but to no avail. - Passwords in the wild, a series
This is a series on password implementations at real websites, based on my paper at WEIS 2010 with Joseph Bonneau.- Passwords in the wild, part I: the gap between theory and implementation – lightbluetouchpaper.org
- Passwords in the wild, part II: failures in the market – lightbluetouchpaper.org
- Passwords in the wild, part III: password standards for the Web – lightbluetouchpaper.org
- Passwords in the wild, part IV: the future – lightbluetouchpaper.org
- Thomas Werth Java Applet Open-Sourced – secmaniac.com
The attack targets Java based installations for Windows, Linux, and Mac based systems and works on fully patched and updated (and old) based Java implementations. - Shiny Old VxWorks Vulnerabilities – metasploit.com
I kept finding references to VxWorks-based devices running firmware images with the debug service (WDB Agent) enabled, but I could not find a description of the protocol or any estimates as to how prevalent this service was. - GootKit – Automated Website Infection – m86security.com
Obviously, attackers do not infect hundreds of web pages by hand, they use a script or a botnet to do the work for them. - The Evolution of W32.Ackantta.B@mm – symantec.com
We have recently observed one of the latest samples, from the variant W32.Ackantta.B@mm, which demonstrates very interesting tricks and strategies that greatly improve the worm’s stealthiness and its spreading capabilities.
Vendor/Software Patches:
- Microsoft to Issue Emergency Patch for Critical Windows Bug – krebsonsecurity.com
Microsoft said Thursday that it will issue an out-of-band security update on Monday to fix a critical, remotely-exploitable security hole present in all versions of Windows, which the software giant says is fueling an increasing number of online attacks.
Other News:
- U.S. Declares iPhone Jailbreaking Legal, Over Apple’s Objections – wired.com
Jailbreaking is hacking the phone’s OS to allow consumers to run any app on the phone they choose, including applications not authorized by Apple. - Shortcut exploit: protect against it with this free tool – sophos.com
Sophos engineers have been busy developing and testing a free tool that protects users from malware exploiting the critical zero-day vulnerability known as the “Shortcut exploit”. - New Verizon Report Release
Some key takeaways from this report are you should de-value your data, protect the data you do have, control your networks, get back to basics, trust and verify your people’s actions and train your employees to do the same.- 2010 Data Breach Investigations Report Released – securityblog.verizonbusiness.com
- 2010 Verizon Business Data Breach Report Released – brandenwilliams.com
- The 2010 Verizon Data Breach Report is Out – sans.edu
- ABE Patrols the Routes to Your Routers – hackademix.net
The most obvious attacks against a router which malicious web sites can pull are CSRF, XSS and DNS Rebinding. - W3AF News
- W3AF: An Open Source Success Story – metasploit.com
When I agreed to the acquisition of the Metasploit project by Rapid7 in October last year it was with a lot of excitement but also with a small leap of faith. - w3af On the Rise – sourceforge.net
I am therefore very excited that today I am announcing that Rapid7 is sponsoring the w3af project and that I will be joining Rapid7 as Director of Web security to spearhead Rapid7’s worldwide Center of Excellence (COE) for Web security.
- W3AF: An Open Source Success Story – metasploit.com
- Working Together: Adobe Vulnerability Info Sharing via Microsoft Active Protections Program (MAPP) – adobe.com
Launched in October 2008 by the Microsoft Security Response Center, MAPP represents a global collaborative effort to facilitate advanced information sharing of Microsoft (and now Adobe) product vulnerabilities. - Is your iPhone backup file secure? – f-secure.com
Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users’ iPhones. - Web Application Security Trends Report – cenzic.com
This latest Trends Report also includes the latest hacking stories on the most interesting Web attacks.
Tags: SIGINT10
