| New User, Welcome! Login |
Next Page >>
Wed
root@nr-pentest:~/Downloads/samba-3.4.5/source3# /usr/local/samba/bin/smbclient -s /etc/samba/smb.conf -Usmb //<host>/testmount/
Enter smb's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0]
smb: \> ls
. D 0 Wed Feb 3 14:27:03 2010
.. D 0 Wed Feb 3 14:19:13 2010
test D 0 Wed Feb 3 14:19:13 2010
xxx A 1955 Wed Feb 3 14:22:42 2010
45503 blocks of size 2097152. 24437 blocks available
Great writeup of the state of the union for Web-based authentication methods.
As you mention, your paper is primarily an argument for fixing HTTP
auth. That might make a better title for it, in fact, since that does
seem to be the primary thrust of the arguments presented. Or at least,
"If We Wean the Web Off of Session Cookies, This Is Some of What We'd
Have to do". I wasn't convinced at all that Weaning the Web Off of
Session Cookies was the logical conclusion of the data you presented.
To solve problems with forms-based auth + session tokens, we only have
to fix some things in Web app frameworks, many of which have already
> Great writeup of the state of the union for Web-based authentication methods.
>
> As you mention, your paper is primarily an argument for fixing HTTP
> auth. That might make a better title for it, in fact, since that does
> seem to be the primary thrust of the arguments presented. Or at least,
> "If We Wean the Web Off of Session Cookies, This Is Some of What We'd
> Have to do". I wasn't convinced at all that Weaning the Web Off of
> Session Cookies was the logical conclusion of the data you presented.
>
> To solve problems with forms-based auth + session tokens, we only have
> to fix some things in Web app frameworks, many of which have already
The Pwnie Awards ceremony will return for the third consecutive year to the
BlackHat USA conference in Las Vegas. The award ceremony will take place
during the BlackHat reception on Wed, July 29.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of security researchers and the wider security community in the past
year. We're currently accepting nominations in nine award categories:
* Best Server-Side Bug
* Best Client-Side Bug
cookies.
> As you mention, your paper is primarily an argument for fixing HTTP
> auth. That might make a better title for it, in fact, since that does
> seem to be the primary thrust of the arguments presented. Or at least,
> "If We Wean the Web Off of Session Cookies, This Is Some of What We'd
> Have to do". I wasn't convinced at all that Weaning the Web Off of
> Session Cookies was the logical conclusion of the data you presented.
I had a hard time conveying what I wanted to with the title. As far
as being convincing, well, I guess it's a matter of perspective.
On Wed 2009-11-04 09:06:25, Gabor Gombas wrote:
> On Wed, Nov 04, 2009 at 10:17:13AM +1100, psz@maths.usyd.edu.au wrote:
>
> > But, mount requires root (and root can do anything, including shooting
> > himself in the foot).
>
> Irrelevant. The statement was that if /proc is not mounted, then the
> link count tells if there are other ways to access the inode besides the
> path you have used to access it. I showed you that this statement is
> false.
On Wed 2009-11-04 09:06:25, Gabor Gombas wrote:
> On Wed, Nov 04, 2009 at 10:17:13AM +1100, psz@maths.usyd.edu.au wrote:
>
> > But, mount requires root (and root can do anything, including shooting
> > himself in the foot).
>
> Irrelevant. The statement was that if /proc is not mounted, then the
> link count tells if there are other ways to access the inode besides the
> path you have used to access it. I showed you that this statement is
> false.
Security.
These presentations are expected to be of 40 minutes each. The
schedule time for each presenter would be 50 minutes out of which 40
minutes are for the presentation & 10 for the question-answer
sessions. We'd request you to submit the papers keeping the time
constraint in mind.
For indicative list of topics and more information, please visit
http://clubhack.com/2009/CFP
On Wed, May 14, 2008 at 05:20:52PM -0000, Tom.Donovan@acm.org wrote:
> It appears there is little that web servers can do to thwart this,
> short of changing all '+' characters to %2B. That seems excessive.
To be fair, this is what Microsoft has recommended, explicitly for the
purpose of preventing XSS, for *at least* the last 6 years. The library
I use does indeed encode "+" as "+".
On Wed, 11 Feb 2009 security.432@amxl.com wrote:
> DISCLAIMER: THIS SECURITY ADVISORY IS PROVIDED AS-IS, AND WITHOUT ANY
> GUARANTEE OF ANY KIND THAT THE INFORMATION IS ACCURATE, OR THAT THE
> WORKAROUND, SOLUTIONS, OR PATCHES PROVIDED WILL PROTECT SYSTEMS, OR THAT
> THEY WILL NOT CREATE NEW PROBLEMS. THE AUTHOR ACCEPTS NO LIABILITY OF
> ANY FORM FOR THE INFORMATION CONTAINED WITHIN OR THE CONSEQUENCES OF ITS
> USE OR MISUSE.
>
> Synopsis:
Cloud option maybe as we go forward but right now today, this is
business making the decisions here.
Desktop, if it were that easy we'd have ripped out desktops years ago.
Businesses have to be realistic. Sometimes there is not "plenty of
comparable alternatives out there".
Sometimes the boss/business needs/line of business apps dictates you run
windows.
On Wed, 7 May 2008 pablo.ximenes@upr.edu wrote:
>
> Vulnerability Report:
>
> As part of our recent work on the trust hierarchy that exists among email providers throughout the Internet, we have uncovered a serious security flaw in Ggoogle's free email service, Gmail. This vulnerability exposes Google's email servers in a way that allows an attacker to use them as open spam and phishing relays. This issue is related to the risk of a malicious user abusing Gmail's email forwarding functionality. This is possible because Gmail's email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google's very own SMTP servers. Since the messages are delivered by Google's own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable b
> y crafting a proof of concept attack that allowed us to send any number of forged email messages without restriction through Google's server infrastructure. We have also verified that this flaw allows attackers to bypass spam filters by using our method to send messages that are usually flagged as spam. While sending these messages directly from our network in the traditional way had the messages classified as spam, by sending the very same messages using our exploit, the messages were delivered directly to the victim's inbox, thus bypassing filters.
>
> Impact:
>
> All email providers that offer Google's SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
== Topics ==
The focus of DeepSec will be on subtle dangers, stealthy exploits and
things you don't see. If you got something to talk about that doesn't
look like a security problem at the first glance, tell us about it. We'd
like to hear about underestimated security issues that may be turned
into major headaches for computer systems, networks and users alike.
Send us stories about single bits that can change our destiny. Failing that
we welcome less sneaky approaches, too.
I am used to stupid answers. However what happened here bears no description.
Short Guerilla Version of the Timeline (complete timeline below):
-------------------------------------------------------------------
- Hey Thierry sorry, we did not get your report, we'll keep you updated!
We have IBM written on the proventia boxes but don't send reports to IBM!!
- Post official statement to IBM website that IBM is NOT affected and
forgetting to inform Thierry
On Wed, Jul 15, 2009 at 2:17 PM, Thierry Zoller<Thierry@zoller.lu> wrote:
> ________________________________________________________________________
>
> One bug to rule them all
> IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror,
> Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens.... and more.
> Don't wet your pants - it's DoS only
> ________________________________________________________________________
> IV. Proof of concept
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
X-Powered-By: Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA
date=200707131605)/Tomcat-5.5
content-disposition: inline;filename=Customer_Lifetime_Orders.html
Content-Type: text/html;charset=UTF-8
Content-Length: 1615
Date: Wed, 24 Dec 2008 09:55:32 GMT
Connection: close
<html><head><title>Pentaho BI Platform - Error in Action</title><link
rel="stylesheet"
type="text/css" href="/pentaho-style/active/default.css"></head><body
OK. Let's do the same with debug symbols:
[root@pi3-test apache_1.3.41]# gdb -q ./src/httpd
(gdb) r -X
Starting program: /root/mod_proxy/apache_1.3.41/src/httpd -X
[Wed Dec 30 17:00:37 2009] [alert] httpd: Could not determine the server's fully
qualified domain name, using 127.0.0.1 for ServerName
Program received signal SIGSEGV, Segmentation fault.
0x0000003fec682958 in memcpy () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-6.fc11.1.x86_64
Juha-Matti
"John C. A. Bambenek, GCIH, CISSP" [bambenek.infosec@gmail.com] kirjoitti:
> What's the infection vector? URL Link? Rouge Facebook app?
>
> On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> > Hi all.
> >
> > There's a facebook (possibly worm) something malicious sending fake
> > messages from real users (friends).
On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@mochimedia.com> wrote:
> If a Flash 9 SWF loads two SWF files with different SWF version
> numbers from two distinct HTTP requests to the exact same URL
> (including query string arguments), then Adobe's Flash Player plug-in
> will try to dereference a null pointer. This issue affects at least
> versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
> X, and Linux.
As an update, this issue also affects 10.0.22.87 at least on Windows
and OS X. I've seen some Linux distributions (e.g., [1]) claim that
Hello!
On Wed, Sep 16, 2009 at 04:15:14PM -0700, Matthew Dempsky wrote:
> nginx maintains an internal DNS cache for resolved domain names.
> However, when searching the cache, nginx only checks that the crc32 of
> the names match and that the shorter name is a prefix of the longer
> name. It does not check that the names are equal in length.
Looks like a bug, thanks.
in the hope of having the IETF further work on the TCP security paper UK
CPNI had published.
My personal take (possibly biased, since I am the document author)
is that this document has been the result of a lot of work (including
the work of the many peple that reviewed the CPNI version of the
document), and that the IETF should take this chance to work and publish
something on the subject.
The chairs of the TCPM Working Group of the IETF are currently polling
the WG for input about this document. It would be great if you could
> Juha-Matti
>
> "John C. A. Bambenek, GCIH, CISSP" [bambenek.infosec@gmail.com] kirjoitti:
>> What's the infection vector? URL Link? Rouge Facebook app?
>>
>> On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron <ge@linuxbox.org> wrote:
>>
>> > Hi all.
>> >
>> > There's a facebook (possibly worm) something malicious sending fake
>> > messages from real users (friends).
> Martijn Vernooij (tinus win tue nl) wrote
> On Wed, 11 Feb 2009 security.432 (at) amxl (dot) com [email concealed] wrote:
> > => The attacker must be able to run code as the same user that the
> > webserver runs as. This is unlikely to be a problem for many local
> > attackers, because there are a multitude of possible attack vectors,
> > such as SSI, non-suexec CGI scripts, non-suexec PHP (if mod_php is also
> > installed), and likely numerous other options.
>
> Once the attacker can run code as the same user > the webserver runs as, he
> can make the webserver do whatever he wants. He > can just 'debug' the
the BT Home Hub.
More information can be found on:
http://www.gnucitizen.org/blog/dumping-the-admin-password-of-the-bt-home-hub-pt-2/
On Wed, May 21, 2008 at 10:43 PM, Adrian Pastor <ap@gnucitizen.org> wrote:
> http://www.gnucitizen.org/blog/dumping-the-admin-password-of-the-bt-home-hub/
>
> We're back with more security attacks against the BT Home Hub (most
> popular wireless DSL router in the UK)!
>
On Wed, 02 Apr 2008 13:39:36 PDT, "Thor (Hammer of God)" said:
> So, if you have someone who is going to run as administrator anyway,
> download the untrusted .exe, execute it, and then confirm the execution
> of the program without concern for what happens, we can't really fault
> the OS for that at this point in the game.
I wasn't faulting the OS - I was pointing out it's still a viable attack
vector, despite the OS's best efforts to stop it.
Here is some example:
We run licq:
gat3way@gat3way:~$ licq
from another console, we find out the port licq is listening to (we'd
need to portscan if the target is on a remote system):
gat3way@gat3way:/tmp$ lsof |grep licq|grep LISTEN
licq 10783 gat3way 9u IPv4 35993218 TCP
*:52259 (LISTEN)
7 days of seeding to impact.
Gadi.
On Wed, 6 Aug 2008, Gadi Evron wrote:
> Hi all.
>
> There's a facebook (possibly worm) something malicious sending fake
> messages from real users (friends).
| > > Funnily enough I was just working on this -- and found that we'd
| > > end up adding a couple megabytes to every browser. #DEFINE
| > > NONSTARTER. I am curious about the feasibility of a large bloom
| > > filter that fails back to online checking though. This has side
| > > effects but perhaps they can be made statistically very unlikely,
| > > without blowing out the size of a browser.
| > Why do you say a couple of megabytes? 99% of the value would be
| > 1024-bit RSA keys. There are ~32,000 such keys. If you devote an
| > 80-bit hash to each one (which is easily large enough to give you a
| > vanishingly small false positive probability; you could probably get
At Fri, 8 Aug 2008 15:52:07 -0400 (EDT),
Leichter, Jerry wrote:
>
> | > > Funnily enough I was just working on this -- and found that we'd
> | > > end up adding a couple megabytes to every browser. #DEFINE
> | > > NONSTARTER. I am curious about the feasibility of a large bloom
> | > > filter that fails back to online checking though. This has side
> | > > effects but perhaps they can be made statistically very unlikely,
> | > > without blowing out the size of a browser.
> | > Why do you say a couple of megabytes? 99% of the value would be
== Topics ==
The focus of DeepSec will be on subtle dangers, stealthy exploits and things
you don't see (and possibly don't hear or smell, too). If you got something
to talk about that doesn't look like a security problem at the first glance,
tell us about it. We'd like to hear about underestimated security issues that
may be turned into major headaches for computer systems, networks and users
alike. Especially anything that subverts harmless technology and turns it
into an attack tool is welcome.
Send us stories about single bits that can change our destiny.
Next Page>>
|
|
|
