Stupid Solaris Tricks, and a Brief Retrospective

CEng's picture
By Chris Eng February 12, 2007 3

An annoyingly stupid vulnerability in the stock Solaris 10/11 telnet daemon, courtesy of Full Disclosure (more details in this PDF, but it's NSFW): Pass "-f[user]" as the "-l" option to telnet, and presto, you bypass the entire authentication process and are logged in as the user of your choice! Works for the root user too, as long as the server is configured to allow remote root logins. ceng@... READ MORE

Heading to RSA

CEng's picture
By Chris Eng February 4, 2007

Like many of the people who will eventually read this, I'm packing my bags and heading to San Francisco tonight for the RSA Conference. For those of you also attending, please stop by our booth (#2612) and say hello. We'll be giving demos of our service platform and discussing how our software-as-a-service delivery model will help solve application security problems that tool-based approaches... READ MORE

How to Pick Up Malware at the Airport

CEng's picture
By Chris Eng February 3, 2007  | 4

A few weeks ago I was waiting for a flight in the JetBlue terminal of JFK. JetBlue offers free Wi-Fi to its customers, which is a nice touch. I powered up my laptop and this is what I saw: If I'm your typical non-security-minded traveler, which of these networks am I most likely to connect to? I would guess that the majority of people will select one of the two with Jet Blue in the SSID, or... READ MORE

The Software Trustworthiness Framework (STF©)

cwysopal's picture
By Chris Wysopal January 30, 2007  | Research

[Today we have our first guest blog entry from Elfriede Dustin. Elfriede is a co-author of "The Art of Software Security Testing" and has written a few books on software testing, most notably, "Automated Software Testing" published by Addison-Wesley in 1999. We have heard plenty from security experts on how to fix the software development process to produce more secure... READ MORE

Guerrilla Guide to Interviewing: Application Security Edition

CEng's picture
By Chris Eng January 24, 2007

I've always been a fan of Joel Spolsky's Guerrilla Guide to Interviewing. Unfortunately, I've never been able to apply it in its purest form because in recent years, I've been hiring mostly application security consultants, not software engineers. However, the structure is still remarkably useful, with some modifications. So, without further ado, here's an example of how one might apply... READ MORE

Security as a Function of Agility and Complexity

crioux's picture
By January 23, 2007

It occurs to me that security, in general, has historically been measured as a function of a few inputs: Pro-activity (locking up early), accuracy (locking things correctly), and completeness (locking all the doors). What's missing from this equation is the fact that people often lock their valuables away and assume that they're safe indefinitely that way. All codes, passwords, and locks degrade... READ MORE

Vulnerability Disclosure in the new “Software in the Cloud” World - Part II

cwysopal's picture
By Chris Wysopal January 17, 2007  | Research

In part I of this article I wrote about the history of vulnerability research and how researchers having legal access to the software and hardware they need to conduct their research is a pre-requisite. This is why there was such little research on software before 1996. Not only is legal access important but being able to run the software in a lab environment is important. Pure black box testing... READ MORE

Vulnerability Disclosure in the new “Software in the Cloud” World - Part I

cwysopal's picture
By Chris Wysopal January 12, 2007

There is no doubt that Web 2.0 is upon us. The software we use everyday is migrating from our desktops, laptops and company servers to the great data centers in the sky. The first application to move to the cloud was e-mail, then picture and file sharing services, and now traditional desktop applications such as calendaring, task lists, spreadsheets and word processing are all available via the... READ MORE

The Dangers of Hosting PDFs

CEng's picture
By Chris Eng January 4, 2007

[Update, 1/6/07: Google has implemented a workaround for this vulnerability on their servers, so the proof-of-concept links in this posting will no longer demonstrate the exploit] Cross-site scripting (XSS) just got a lot scarier. At the 23rd CCC, Stefano Di Paola and Giorgio Fedon announced a new attack vector which basically puts any site hosting a PDF file at risk for XSS. The attacker doesn'... READ MORE

Welcome to "Zero in a Bit"

cwysopal's picture
By Chris Wysopal January 4, 2007

Zero in a Bit is a blog about software security. We believe the root cause of most of the security problems today is insecure software. The internet is a global neighborhood where every digital miscreant is your next door neighbor. Far too often, software is the broken window allowing criminals access to the data and transactions organization need to protect. Zero in a Bit is laser focused... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu