More Advanced Clickjacking – UI Redress Attacks

This will be a quick post just to share some POCs and more information regarding the recent Clickjacking technique, i.e. UI Redress Attack, a name suggested by Michael Zalewski.

Clickjacking is an oldie but, a goodie. You can track the origin of the attack back at the beginning of this decade. Clickjacking is essentially the anti-CSRF killer. It is also the killer of Flash, AJAX (because AJAX apps are sometimes easier to clickjack, look at Google) and some other technologies. [...]

more | comments | comments rss | posted by

Security Certifications

Security Certifications – should you get some? Well, this is what I think.

IMHO if you go for a certificate then you pretty much put a box around yourself and your abilities. I am sorry, this is my personal opinion. People will perceive you as such and such because of your certifications. While having a cert might be a good idea for your career and in particular your CV, showing off with it could be a bit harmful. I am not saying that you shouldn’t get certified. [...]

more | comments | comments rss | posted by

Landing Secapps

A couple of months ago we started sorting out through all our work. In the processes we realized that we have to find a new home for several of our projects. It was a tough decision because we had a lot of projects on our hands and there were even more pending to be completed in some fashion. Nevertheless, we decided to go with the plan. So, the idea of Secapps was born.

So what is Secapps? Secapps is the new home of our GHDB tool. [...]

more | comments | comments rss | posted by

Social Media Security

I am happy to announce the relaunch of Blogsecurify. I have some more announcements to make.

Blogsecurify will become a division of GNUCITIZEN. Although initially the project was planned to tackle blog-only security issues, today Blogsecurify moves into the more main stream domain – the social media platforms. [...]

more | comments | comments rss | posted by

The QuickTime Vulnerability Overview

The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the impact. Obviously, the vulnerability is very simple. Simple yet effective. However, this is not the type of vulnerability someone can exploit on a massive scale. Here is why.

Attack Vectors

The key element of the attack vector presented in my previous post is the attackers’ ability to point the victim to a file hosted on a NETBIOS share. [...]

more | comments | comments rss | posted by

Details of the QuickTime Vulnerability

In this post I intend to give a brief overview of the QuickTime vulnerability which I partially-disclosed over here. I should have made these details public long time ago but better late than never. The vulnerability has been fixed for several months now and I believe it is safe to talk about it in the public.

Let’s start with an example. The following is the source code of a malicious QuickTime SMIL file:

First of all, we start with the SMIL header (SMILtext). [...]

more | comments | comments rss | posted by

Rethinking the Desktop Model

It is time to rethink the way the desktop works. Some of my ideas may seem radical but sometimes evolution is the only solution to all of our problems.

I have had this idea for quite some time now. Picture the following: a stripped-down Linux kernel with all security mechanisms to the max; levels 2 to 5 configured to run just the most basic set of services such the scheduler, the hardware abstraction and support mechanisms, printing etc., a web server, a browser and the x environment. [...]

more | comments | comments rss | posted by

Google Chrome

It is true what many of you have heard. Google is releasing their own browser. Google Chrome, as they call it, is based on WebKit rendering engine and introduces some novel approaches to interacting with web technologies. I must say, it is very exciting to see all of this happening.

What makes Google Chrome different is its architecture. The browser is no longer single-threaded process. Each tab is actually a separate process with own memspace. [...]

more | comments | comments rss | posted by

Clouds and The Distorted Notion of Direct Control

I would like to share a few thoughts on the notion of being in direct control of your environment. This article is a continuation from my previous one and it aims to justify why nowadays individuals and organizations prefer to give away control in order to gain more agility. Needless to say, less control is often equal to less security.

Some of you who have been following the blog may be familiar with some of my other articles on the same topic. [...]

more | comments | comments rss | posted by

More on GIFARS and Other Dangerous Attacks

This is a continuation from my previous post. The reasons why GIFARs, although in my case it was JPGAR (from JPG + JAR), work was explained to me by FX (Recurity Labs) after my talk during the last Black Hat in Amsterdam.

Basically, when you combine GIF/JPG and JAR/ZIP you have a hybrid file which have two heads. The head of GIF/JPG file is at the top. The head of the JAR/ZIP file is at the bottom. [...]

more | comments | comments rss | posted by