The State of WiFi security

One of the fundamental rules, which you wont read about in any security book and you can learn only through experience is that everything is in symbiosis. This means that the security models of the individual components in a system are co-dependent. For example, the security of a server is dependent on the security of the individual clients connected to it and the the security of the clients depend on the security of the servers they are interacting with. [...]

more | comments | comments rss | posted by

Extreme Search Engine Hacking

If you are a beginner Google Hacker then I would recommend to have a look at the Google Hacking for Penetration Testers Second Edition book or check the cDc‘s GoolagScanner. If you want to learn some new tricks follow me:

We know what Google Hacking is but have we explored the edges of the craft? I don’t thing so. This post is all about going to the possible limit. [...]

more | comments | comments rss | posted by

Cross-site File Upload Attacks

As you probably already know, CSRF attack are only possible when the attacked web application does not have an additional mechanism to ensure that requests towards it are genuine. In order to do that, the web developer must include a unique token for each request, which is validated on the server upon receiving a request. [...]

more | comments | comments rss | posted by

WiFi Infestations – Viral Wardriving

WiFi networks are the necessary evil. In this post I would like to briefly highlight some ideas on the potential damages that can be introduced when attackers combine automated viral-like attacks with human power. This post is largely related to the wifi worms topic that was quite present among all media outlets at the beginning of 2008. [...]

more | comments | comments rss | posted by

Social Networks Evil Twin Attacks

What will happen if someone impersonates you on a social network? Will that person be able to fool your friends and as such gain access to resources, which only you are entitled to?… or are social network protected enough to guarantee the credibility of the social participants.

Introduction to Social Networks Evil Twin Attacks

Lets have a look at a social network like LinkedIn. [...]

more | comments | comments rss | posted by

Holes in Embedded Devices: Authentication bypass (pt 3)

We move on with the 3rd kind of authentication bypass bug. You may want to familiarize yourself with the previous two entries here and here, before you continue.

Unchecked HTTP methods

A device that is vulnerable to this issue, only performs an authentication check (i.e.: is the password being submitted with a request via basic authentication?) when the request is performed using a certain HTTP method. [...]

more | comments | comments rss | posted by

Holes in Embedded Devices: Authentication bypass (pt 1)

Finding authentication bypass bugs is an obvious choice for attackers, since such bugs allow administrative changes to be made without knowledge of the admin password. In other words, compromising the target device without requiring a password is of course something attackers are interested in! You bet! [...]

more | comments | comments rss | posted by

The Pownce Worm (Yet Another Potential AJAX Worm)

First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. [...]

more | comments | comments rss | posted by

Hacking Video Surveillance Networks

The usual suspects: George Clooney, Brad Pitt and Matt Damon. The plot: rob a casino. The method: hijack the vault’s security camera video stream and replace it with a static image. Fiction? I don’t think so.

This post is not going to be about how to hack into the video surveillance networks of your local government but rather about my personal opinion about the current state of security implemented by the latest video technologies. [...]

more | comments | comments rss | posted by

DHCP/mDNS Injection Issues

In the previous post I’ve talked about how someone can poison local name servers (nasty things like registering a wpad name) through DHCP. In this post, I would like to draw your attention on various other injection issues that come into mind when we are dealing with that very same protocol. The reason for all these issues is because people tend to trust certain known protocols far too much than they should. [...]

more | comments | comments rss | posted by