Brief analysis of “Analyzing Websites for User-Visible Security Design Flaws”
On July 23, 2008, an article was released touting the numbers of a recent study on website security design flaws. The article only quoted some statistics from the research and did not link to it or go into detail on how the statistics were derived. I posted a quick rebuttal to the Dataloss mail list calling the entire study…
10 Infamous Moments In Security Research
[This was originally published on the OSVDB blog.] 10 Infamous Moments In Security ResearchInformationWeek – Apr 17, 2006 1. SQL Slammer2. Windows Plug and Play3. Cisco IOS heap overflow4. Windows Metafile5. Oracle transparent data encryption6. Oracle PLSQL gateway7. Apple Mac iChat8. Internet Explorer createTextRange()9. Internet Explorer HTA files10. Sendmail SMTP server software While many of…
MusicPlasma for Vulnerabilities
[This was originally published on the OSVDB blog.] A couple years back, I ran across musicplasma. For those not familiar with the engine, it allows you to type in your favorite music artist/band, and see “related” artists. So I type in “portishead” (mmmm) and see related bands like Tricky, and Sneakerpimps. These are all considered…
Vulnerabilities becoming more mainstream?
[This was originally published on the OSVDB blog.] Before 2005, it was fairly rare to see a news article specifically covering a vulnerability. They would usually pop up if a vuln was used in a mass compromise, the basis of a worm propagating, or affected large vendors such as Microsoft and Oracle. This year however,…
HTTP Request Smuggling
[This was originally published on the OSVDB blog.] Last month, Watchfire released a new paper describing “HTTP Request Smuggling” attacks. Since the release of this paper, many products have been found prone to such attacks. Some of these include SunONE Web Server, Oracle Application Server Web Server, IBM WebSphere, BEA WebLogic, Tomcat, Microsoft Internet Information…
Reverse Engineering Microsoft Patches in 20 Minutes
[This was originally published on the OSVDB blog.] Halvar posted to the DailyDave mail list today showing a brief flash based demonstration of some of his reverse engineering tools. The presentation shows how one can reverse engineer a Microsoft patch using binary diff analysis, and figure out exactly what the vulnerability is, down to the…
Second-Order Symlink Vulnerabilities
[This was originally published on the OSVDB blog.] http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0060.html While symlink vulnerabilities are not new, Steven Christey from CVE points out a recent trend in “second-order symlink” vulnerabilities. Based on the recent examples published, there is a strong chance many applications have been vulnerable to such attacks in the past.
Ginger & Photon
[This was originally published on the OSVDB blog.] Recently at the CanSec West conference, Window Snyder from Microsoft gave a talk about Windows XP SP2 security internals. Looking past a bulk of the talk, one portion of it stuck out in the minds of many vulnerability researchers. Unfortunately, the press has only given it a…
Predicting Vulnerabilities, Quotes and More
[This was originally published on the OSVDB blog.] Interesting article for several reasons. Below are some of the interesting quotes that stood out to me and may prove to be interesting topics. http://news.bbc.co.uk/1/hi/technology/3485972.stm Hackers exploit Windows patchesBy Mark WardLast Updated: Thursday, 26 February, 2004, 10:54 GMT “We have never had vulnerabilities exploited before the patch…
Full Disclosure – Effective or Excuse?
[This was originally published on attrition.org.] A comprehensive look at the practice of Full Disclosure, problems associated with it for vendors and security companies, and examples of full disclosure put to the test. (3300 words) The world of computer security has developed a wicked game of politically correct ‘cat and mouse’. This game is played…