September 17, 2008 | 8
Assuming the mailbox hack is not an elaborate ruse, how did they do it? Almost as bad as the Sprint PCS password reset fiasco that made the news in April, here is the Yahoo Mail password reset screen: As you can see, you need to know the user's birthday, country of residence, and postal code. Not difficult information to dig up in Palin's case. After you enter this information correctly, you are... READ MORE›
September 15, 2008 | 5
Why bother setting up dedicated websites to host malicious content when you can just infect trusted sites like BusinessWeek? This is becoming something of a trend, as evidenced by the mass SQL Injection attacks from a few months ago. The idea is simple -- find SQL Injection vulnerabilities in high-traffic, trusted websites where the site's content is dynamically fetched from a database (i.e. just... READ MORE›
August 20, 2008
Earlier today, the US District Court dealt a victory to the MBTA hackers and the EFF, lifting the injunction issued on August 9th to prevent the three MIT students from presenting their findings at DEFCON 16. In summary: The lawsuit claimed that the students' planned presentation would violate the Computer Fraud and Abuse Act (CFAA) by enabling others to defraud the MBTA of transit fares. A... READ MORE›
August 12, 2008
Another BlackHat has come and gone. As usual, it was a very busy week juggling customer meetings, recruiting, conference planning, vendor parties, and, oh yes, the actual BlackHat presentation My favorite talk, as expected, was the Sotirov/Dowd talk on How To Impress Girls With Browser Memory Protection Bypasses. The attack is a conceptually simple, yet completely reliable technique for... READ MORE›
August 4, 2008
Here's the rest of my list: 10:00-11:00 FX, Developments in Cisco IOS Forensics. 11:15-12:30 Oliver Friedrichs, Threats to the 2008 Presidential Election (and more). 13:45-15:00 Option 1: Scott Stender, Concurrency Attacks in Web Applications. Option 2: Travis Goodspeed, Side-channel Timing Attacks on MSP430 Microcontroller Firmware. 15:15-16:30 Option 1: Alexander Sotirov and Mark Dowd, How To... READ MORE›
July 28, 2008
Well, it's almost BlackHat time. Here are my picks so far for Day 1. As you can see, I still haven't narrowed it down completely. 11:15-12:30 Option 1: Dan Kaminsky, "DNS Goodness". On one hand, the DNS vulnerability is already public; on the other hand, the talk will probably still be interesting even if the 0day hype is missing. Option 2: Nate Lawson, "Highway to Hell: Hacking Toll Systems". My... READ MORE›
July 21, 2008
By now, you probably know that details of the DNS vulnerability have leaked. Halvar Flake speculated on DailyDave and the momentum built from there, despite the fact that his guess was short on a few key details. I don't need to rehash the full technical details here; by now, they are easy enough to find with a couple Google searches. When Slashdot picks up the story, it's hardly a secret any... READ MORE›
July 21, 2008 | 4
A co-worker passed along this snapshot taken at the Karsten Nohl, Jake Appelbaum, and Dino Dai Zovi talk at HOPE this past weekend. The context, of course, is that the overzealous Debian developer who accidentally crippled OpenSSL back in 2006 said he did so because valgrind reported uninitialized memory use. Click through for the full-size version. So automated software review is dangerous now... READ MORE›
July 10, 2008 | 6
Despite what various commenters around the blogosphere think (I've read a few but can't find the links now), Dan Kaminsky's online "Check My Dns" utility doesn't: Poison anybody's DNS cache Expose how the actual exploit works What it does is check whether your ISP's DNS server is patched. Plain and simple. It looks for one thing -- source port randomization. This does not give away the... READ MORE›
July 9, 2008
The security community is cynical. So much so, that most of the chatter that's taken place over the past 24-36 hours has suggested that Kaminsky's DNS vulnerability was little more than a publicity stunt and that his BlackHat presentation would be an over-hyped rehash of prior art. Granted, one has to suspend disbelief to even consider that something monumental would be discovered in DNS -- that'... READ MORE›