| New User, Welcome! Login |
big deal
I don't understand why this is being brushed off as not a big deal by so
many.
No, it's not a worm, it's not a virus, it's not self-replicating. It's
actually a pretty simple little trojan.
But this is a bit groundbreaking -- this is the first time we've seen
the professional, profit-motivated malware folks move into the Mac.
And like this is not a problem on Vista right now? (which has similar
Hey, I'm releasing this new paper, not big deal but
interesting.
http://www.argeniss.com/research/Data0.pdf
Abstract:
This paper it's about Data0, a fictitious (or not)
simple PoC of new malware that after it's
deployed on a computer in an internal network it will
automatically hack database servers and
steal their data. Several techniques used by Data0
> >
> >
> > On Thu, Apr 24, 2008 at 9:36 AM, Kristian Erik Hermansen
> > <kristian.hermansen@gmail.com> wrote:
> > > Just been noticing all the talk about Obama and Clinton sites and how
> > > the media keeps making a big deal out of all these XSS vulns, heh.
> > > However, I have a rather technical question about what, if anything,
> > > you can do when you have such a small buffer to exploit XSS? Check
> > > out this one I found and is not listed by xssed.com for
> > > hillaryclinton.com. You only get 5 chars to inject. So, are there
> > > any tricks that could possibly be used to expand the limitation via
things! Not only will you again have the chance to participate in
workshops and the mainly security and network-focused talks, but also
get your hands on some hardware hacking, and join in to various activities.
NinjaCon 11 goes B-Sides Vienna? I don't get it. What's the big deal?
_____________________________________________________________________
As part of the organizing team is leaving Vienna for good this summer,
NinjaCon will no longer be taking place in Austria, but instead
Germany's capital after this year. However, to ensure the Viennese
Let me preface my response with the admission that my primary virtualization
platform is IBM pSeries, I'm not a big fan of Vmware. Even so, this
represents, just like the API attack, a unidirectional attack vector, from
the host OS to the guest. I simply don't understand why people are making
a big deal about these things. If you don't have a secure host platform
then you can't have *any* reasonable expectations of security in the guest
to begin with.
Now, if someone can prove an attack from one guest to another, or verify if
two UIDs running vms can tamper with the other's vm, then there would be a
So, there you have it. XHR is practically like some sort of God-damned voodoo,
and now that it's out of the box with unblocked ports I hope ya'll have fun
with it before patch time. I know this particular advisory was a little tl;dr
but we're tired of people saying that this is all according to the HTTP RFC
and isn't a big deal or a vulnerability (here's lookin at you, Secunia). If
this is how web browsers are supposed to behave, all you security people have
got a heap o trouble to look forward to.
If ya'll want to hear more about this technique and get more example codes,
you can check out the first issue of http://plzadvise.com/ PLZ advise, out
1) Navigate to porn site
2) Download Trojan
3) Either open file or have set 'Open Safe Files...'
4) Must allow install by typing admin password
Oh yeah, this will clearly hit Mac users hard, not. I don't see this as a big deal, more as Darwin in action (if you will not mind the pun). How this is a big deal is hard to see. Just a few more machines in the bot net.
Now a self-replicating virus, that might be an issue, but this is a dead end. Not even a very effective drive by.
----------
---Matthew
>
>
> On Thu, Apr 24, 2008 at 9:36 AM, Kristian Erik Hermansen
> <kristian.hermansen@gmail.com> wrote:
> > Just been noticing all the talk about Obama and Clinton sites and how
> > the media keeps making a big deal out of all these XSS vulns, heh.
> > However, I have a rather technical question about what, if anything,
> > you can do when you have such a small buffer to exploit XSS? Check
> > out this one I found and is not listed by xssed.com for
> > hillaryclinton.com. You only get 5 chars to inject. So, are there
> > any tricks that could possibly be used to expand the limitation via
> 2) Download Trojan
> 3) Either open file or have set 'Open Safe Files...'
> 4) Must allow install by typing admin password
>
> Oh yeah, this will clearly hit Mac users hard, not. I don't see this
> as a big deal, more as Darwin in action (if you will not mind the
> pun). How this is a big deal is hard to see. Just a few more
> machines in the bot net.
Depends on how you define "hard".
1) Navigate to porn site
2) Download Trojan
3) Either open file or have set 'Open Safe Files...'
4) Must allow install by typing admin password
Oh yeah, this will clearly hit Mac users hard, not. I don't see this as a big deal, more as Darwin in action (if you will not mind the pun). How this is a big deal is hard to see. Just a few more machines in the bot net.
Now a self-replicating virus, that might be an issue, but this is a dead end. Not even a very effective drive by.
----------
---Matthew
On Thu, Apr 24, 2008 at 9:36 AM, Kristian Erik Hermansen
<kristian.hermansen@gmail.com> wrote:
> Just been noticing all the talk about Obama and Clinton sites and how
> the media keeps making a big deal out of all these XSS vulns, heh.
> However, I have a rather technical question about what, if anything,
> you can do when you have such a small buffer to exploit XSS? Check
> out this one I found and is not listed by xssed.com for
> hillaryclinton.com. You only get 5 chars to inject. So, are there
> any tricks that could possibly be used to expand the limitation via
capability of accessing the virtual disk files of the machine and compromise
the guest that way as well.
While that is true, it is also possible to use full disk encryption and
other countermeasures that prevent access to a host resulting in compromise
of the guests. Furthermore, being able to automate something is a big deal
when it comes to spreading malware. Give me access to any system on a
foreign network with user-level credentials and before too long I can
acquire full admin access, but for a worm to be able to automate that in
seconds is something completely different.
Just been noticing all the talk about Obama and Clinton sites and how
the media keeps making a big deal out of all these XSS vulns, heh.
However, I have a rather technical question about what, if anything,
you can do when you have such a small buffer to exploit XSS? Check
out this one I found and is not listed by xssed.com for
hillaryclinton.com. You only get 5 chars to inject. So, are there
any tricks that could possibly be used to expand the limitation via
perhaps some unicode kung-fu here? Dunno, but thought it might be
insteresting bring up because this is a common scenario in zip code
search fields. The fix for Clinton is as simple as whitelisting the
|
|
|
