ColdFusion directory traversal FAQ (CVE-2010-2861)

A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

more | comments | comments rss | posted by

More Advanced Clickjacking – UI Redress Attacks

This will be a quick post just to share some POCs and more information regarding the recent Clickjacking technique, i.e. UI Redress Attack, a name suggested by Michael Zalewski.

Clickjacking is an oldie but, a goodie. You can track the origin of the attack back at the beginning of this decade. Clickjacking is essentially the anti-CSRF killer. It is also the killer of Flash, AJAX (because AJAX apps are sometimes easier to clickjack, look at Google) and some other technologies. [...]

more | comments | comments rss | posted by

GIFARs and Other Issues

A lot of people have asked me (especially reporters) about the GIFAR attack since it resembles what I have already spoken about here and presented at the last Black Hat in Amsterdam. So, I decided to shed some light without being too revealing as the talk, which will demonstrate and explains the attack in more details, will give away the awesome stuff.

So yes, the whole notion of combining JAR files with other types of files is not new. [...]

more | comments | comments rss | posted by

Black Hat Las Vegas Baby

So, Black Hat is next week. Great! I will be happy to see you all there. You may even join me on the 6th at 13:45 – the Client-side Security talk. The details of my talk are here, which btw is the improved version of what I have over here.

I am still working on my slides, trying to add that edge-ness I am always striving to achieve combined with a severe doze of simplicity. Don’t you know? Simple is the new black.

This time around I am visiting the conference as a tourist. [...]

more | comments | comments rss | posted by

Tomorrow’s Malware

My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.

Part of my job at GNUCITIZEN is to spot trends. [...]

more | comments | comments rss | posted by

CONFidence 2008

CONFidence was great! We would like to thank to Andrzej, Anna and everybody else in the CONFidence team for making this event one of the greatest experiences of a lifetime. Thanks again. We are looking forward for the next one. :)

There were many interesting presentations. We’ve tried to attend all of them although it was really hard to do so when the weather in Krakow was so nice (very different from the weather in cloudy/rainy London). [...]

more | comments | comments rss | posted by

The Public Perception of the Image of Hackers

It’s been a long day. I am happy to inform you that the House of Hackers community has reached remarkable 80 members since its opening 10 hours ago. It even have got some exposure on Dark Reading (
Hackers in the House), thanks to Kelly Higgins.

The reason I am bringing all this to your attention is because of HD Moore’s comment regarding the House of Hackers initiative:

I think that this comes down again to the public perception of the image of hackers. [...]

more | comments | comments rss | posted by

Hidden

Here is the story. The other day I was messing with some crypto. After going through some pretty interesting stuff, I’ve suddenly realized something which is very, very obvious when you think about it. Indeed, obvious and simple things are harder to grasp. It is a paradox, I know.

It is again another case of using security technologies for criminal purposes. Let’s take HTTPs as an example. [...]

more | comments | comments rss | posted by

Kiosk Hacking: When there is nothing else left

I often end up breaking through the least interesting systems. If you ask AP, a password-cracking ninja and master of hacking through simplicity, the leass interesting the system is, the higher the chances to be insecure. A successful exploitation of these systems often leads to successful exploitation of the network and other adjacent systems. This post will concentrate on some theory and practicalities around what to do when penetration testing Kiosks when nothing else is left.

Why Kiosk? [...]

more | comments | comments rss | posted by

OpenID provides a better security model

I couple of posts back I’ve started a conversation on what OpenID is and why it could turn a bit insecure. You can read more about this over here, here and here. Today, I would like to draw your attention on why I believe that OpenID based authentication is a lot more more secure then the dispersed, decentralized, authentication model we use today.

This post is inspired by a recent discussion on Full-Disclosure which I vividly took part in, supporting OpenID. [...]

more | comments | comments rss | posted by