Barracuda Networks is latest on the list of security vendors/service providers to be compromised. The Malaysian group, “HMSec,” used blind SQL injection to retrieve database contents including emails, CMS logins, and MD5-hashed passwords. A poston barracudalabs.com titled “Learning the Importance of WAF Technology – the Hard Way” explains that, “The Barracuda Web Application Firewall in front of the Barracuda...Read More
RSA has announced that they have been compromised by an “extremely sophisticated cyber attack” of which details are not clear. All that is known is that RSA’s two-factor authentication seems to be affected. The degree to which this breach impacts their two-factor authentication solutions is not known and RSA has filed an 8-K with the SEC so don’t expect...Read More
CEO Aaron Barr decided to unmask who he thought was behind the leadership of attacks against MasterCard, Visa, and other perceived enemies of WikiLeaks. Before unmasking this individual, Barr spilled the beans and communicated his intended actions to this person. A custom written CMS application (http://www.hbgaryfederal.com) suffered from SQL injection, SQL injection in a URL...Read More
Although this doesn’t prove anything that hasn’t already been proven, seeing often cements belief much more effectively than reading. In this video, I compromise access to three separate wireless networks using three separate authentication and encryption schemes. Test Networks – The Victims: ClientCorporate: 802.1x/PEAP ClientVendor: WPA2-PSK/AES ClientGuest: WEP-128 PSK Full Disclosure – This video is...Read More
Fierce is one of the best DNS enumeration tools I’ve ever used. It’s great for DNS servers that do not allow anonymous zone transfer as it includes dictionary-based hostname enumeration. A Perl script that enumerates an HTTPS instances supported SSL versions and ciphers. The best FireFox extension, hands down, for manual web application security assessments....Read More
Collin Mulliner and Nico Golde gave a very interesting SMS DOS presentation at the 27th Choas Communication Congress. The just of it is that “feature phones,” cheaper, less-feature-rich phones sold by providers, as opposed to “smart phones” can accept and execute certain binary code from incoming SMS text messages. Networks often use this functionality to roll...Read More
Can you possibly defend the statement that 802.1x with PEAP or EAP-TTLS can be worse than open wireless with no authentication or encryption? Remember the old Cisco LEAP implementation that was vulnerable to offline brute-force attacks due to sending users’ MS CHAP v2 challenge/response outside of a secure connection? Joshua Wright has documented this in detail and even...Read More
As if HTTP cookies, Local Shared Objects (Flash cookies), and web developer’s understanding of them wasn’t a big enough security issue, Samy Kamkar has written a JavaScript API for “virtually irrevocable persistent cookies.”Want to keep track of users even after they remove their cookies, switch browsers, clear cache, or whatever? No problem, just throw a reference to...Read More
So someone started a re-tweet XSS worm on Twitter. They were able to embed a span class and provide an “Onmouseover” event that causes the post to be re-tweeted when hovered over. Twitter has “patched” but I still see lots of folks trying to prove them wrong. There’s some better analysis about the whole thing...Read More
Gareth Heyes of The Spanner came up with an XSS payload that works in multiple contexts and browsers. As always mileage will vary by vector and browser but I thought it was universal/cool enough to mention. javascript:/*–></marquee></script></title></textarea></noscript></style></xmp>”>[img=1]<img -/style=-=expression(/*’/-/*’,/**/eval(name)//);width:100%;height:100%;position:absolute;behavior:url(#default#VML);-o-link:javascript:eval(title);-o-link-source:current name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) background=javascript:eval(name)//>”Read More
