Responsible-ish Disclosure

CEng's picture
By Chris Eng May 8, 2008 3

Yesterday, Dave Lewis over at LiquidMatrix Security Digest cried foul at Core Security for releasing too much detail about a recent DoS vulnerability they had discovered. His specific gripe was that they provided an IDA Pro excerpt that showed where the vulnerability was triggered. The excerpt is short, so I'll even copy/paste it here: .text:00405C1B mov esi, [ebp+dwLen] ; Our value from packet... READ MORE

Dilbert Does Canonicalization

CEng's picture
By Chris Eng May 5, 2008

I was checking out the "new and improved" Dilbert website a few minutes ago, checking out some of the new features and lamenting the overzealous use of Flash. One new feature is called "Mashups." Naturally, you'd assume that this was some fancy Web 2.0 API that one might use to create a "killer app" combining Google Maps, Twitter, traffic delays, police reports, and Dilbert comics, all neatly... READ MORE

WordPress 2.5 Cookie Forging Explained

CEng's picture
By Chris Eng April 25, 2008  | 6

WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded into a client-side token (as opposed to a pseudorandom session identifier), I like... READ MORE

Obama XSS Silliness

CEng's picture
By Chris Eng April 22, 2008

Apparently the security blunder of the weekend goes to the Barack Obama campaign for having XSS vulnerabilities throughout their website. There's no need for me to rehash the story, you can read other articles that describe what happened. My thoughts on the matter are as follows: I wish the media wouldn't refer to this as "hacking Obama's website" because it's not... READ MORE

Not a CISSP

CEng's picture
By Chris Eng April 18, 2008  | 44

One of my favorite pieces of swag from RSA was this "Not a CISSP" button that was pinned onto me by none other than Sinan Eren as I was chatting with Justine Aitel at the Immunity booth. Actually, there should have been a prize awarded just for finding the Immunity booth -- they were subletting another vendor's space for a few hours at a time, so one minute they'd be there and the next they were... READ MORE

WAF Better Than Code Review? Not Really.

CEng's picture
By Chris Eng April 15, 2008

I was just reading an article discussing the timeframe for upcoming revisions to the PCI-DSS. Nothing quite so exciting as reading about a compliance roadmap, right? This article reminded us about PCI Section 6.6 becoming mandatory in June 2008, with additional guidance and clarification coming in May (hey, a whole month to prepare!). As a refresher, 6.6 says that web applications must be... READ MORE

New Attack Class: XSNADOR

CEng's picture
By Chris Eng April 1, 2008

Recently making the rounds is this hack against the Facebook Moods application, currently installed by over 84,000 users. By manipulating the fb_sig_user parameter, it’s possible to alter the mood of any user who has the application enabled. Though this is just another manifestation of an authorization bypass issue, the security community should coin a new buzzword to describe these types of... READ MORE

Are Your Digital Devices Certified Pre-0wned?

cwysopal's picture
By Chris Wysopal March 17, 2008  | 7

I took part in the L0pht Reunion Panel at the Source Boston conference in Cambridge, MA last Friday. It was a lot of fun to get back together with the "band" and pontificate with no holds barred about the latest security threats, just like we did in the old days. One of the questions asked of the panel by moderator Michael Fitzgerald (who did a kick-ass job) was, "What scares you the most these... READ MORE

Backdoor in G-Archiver

cwysopal's picture
By Chris Wysopal March 11, 2008

Here is another data point that simple backdoors are being placed into free applications. A programmer, Dustin Brooks, was inspecting a free Gmail backup utility, called G-Archiver, with Reflector and noticed that not only did it have the authors Gmail credentials baked in, but is was sending the Gmail credentials of every user of the program to the author. This is an example of an unintended... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu