Deep Inspection of Online Personas

I found myself a new online toy. It is called Pipl and it is all about finding people online. Obviously, the concept behind the tool is not new. There are other tools that does the same, but this one is incredible accurate and verbose. It is a must toy in the arsenal of any serious penetration tester/attacker.

Of course, I went ahead and looked up several people I know and various security researchers, etc. [...]

more | comments | comments rss | posted by

Messing with Web Filtering Gateways

Most of us are familiar with several techniques that allow us to bypass web filtering gateways like CS MIMESweeper.

The following are some of them:

access the desired site via IP address rather than domain name
access cached content rather than live data. i.e.: using Google’s cache: command
using proxies. i.e.: anonymouse, Google translator, etc
using alternative connections. [...]

more | comments | comments rss | posted by

Happy New 2009

2008 is gone! Let’s welcome the brand new 2009. Happy New Year!

The GNUCITIZEN team wishes everybody a happy new year full of happiness and laughter. To all the security community we wish a successful and productive new 2009.

more | comments | comments rss | posted by

Thoughts on the Certificate Authority Attack presented at CCC

It turns out that the group of international researchers have created their own legitimate CA (Certificate Authority) which can be used to sign any other cert they want and as such increase the likelihood of success when performing SSL man-in-the-middle types of attacks.

It is pointless to explain how the attack works. Go over the presentation slides or get the video/audio. What I would like to do is to present some of my thoughts regarding the attack and its impact. [...]

more | comments | comments rss | posted by

Hijacking Innocent Frames

Magic tricks are all about suggestion, psychology, misdirection and showmanship (see Tricks of the Mind), or as Cutter perhaps will say, every magic trick has tree parts: the pledge (where the magician shows you something ordinary), the turn (where the ordinary becomes something extraordinary), and the prestige (where the extraordinary turns into something you have never seen before). [...]

more | comments | comments rss | posted by

Firefox Malware

You may have already heard of this, but there is a malware which goes around disguised as a Firefox extension. I have no details regarding the malicious code but to be honest, I am not surprised at all. In fact, I wonder why it took so long for the bad guys to figure that Firefox is an excellent malware delivery platform. Usually they are quicker.

A couple of months back, just before my BlackHat talk, I was planning to launch yet another of my experiments. [...]

more | comments | comments rss | posted by

The Agile Hacking Project

This is a quick announcement regarding the Agile Hacking project. For those of you who are not familiar with this project, there is a post that you can go through over here.

So, the Agile Hacking project has found a new home in the newly established House of Hackers V2 initiative, which is essentially the House of Hackers‘ wiki. We plan to use V2 as our main project repository. [...]

more | comments | comments rss | posted by

Even More Advanced Clickjacking

Clickjacking is one of these types of attacks which are incredibly simplistic to perform, yet very powerful in today’s web-driven world. In this post I would like to draw you attention to one more technique that can be used to perform successful clickjacking.

Basically the browser slowly becomes a quite powerful graphical environment. This is due to two relatively new features such as the canvas and support for SVG (Simply Vector Graphic). Interestingly enough, SVG is not so simple. [...]

more | comments | comments rss | posted by

Gmail Security Flaw

I woke up today to realize that GNUCITIZEN’s web server is bombarded with requests. Good that we are running from a scalable infrastructure. The reason for the storm was a recent disclosure of apparently new Gmail bug similar to the one which I partially and than fully disclosed here, of course after working with the vendor to resolve the problem, which is always the right thing to do. [...]

more | comments | comments rss | posted by

Bring Back the Attack to the API

A couple of years ago I started a project called AttackAPI. It kind of became a hit at the time because there was no other project that was doing the same thing. Btw, the situation remains the same.

Today the project is kind of dead because I am not actively developing it anymore. Most of my development time go to projects of greater importance such as Netsecurify, Websecurify, Blogsecurify and several others. [...]

more | comments | comments rss | posted by