Next Page >>
cover page
<?php
/*
Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc
by Andrea Micalizzi aka rgod
tested on: Microsoft Windows Server 2003 Standard Edition r2 sp2 all patched
vulnerability:
Microsoft Cover Page Editor (fxscover.exe, version 5.2 r2
(Build 3790.srv03_sp2_gdr.100216-1301: Service Pack 2)
iSEC Partners Security Advisory - 2007-005-itunes
https://www.isecpartners.com
--------------------------------------------
iTunes 7.3.x - Heap overflow in album cover parsing
Vendor: Apple, Inc.
Vendor URL: http://www.apple.com
Versions affected: Confirmed in iTunes 7.3.2
Systems Affected: Confirmed on OS X 10.4.10 PPC, Windows XP x86
you want it, just go in hell!" => You're not welcome at FRHACK.
[ - Information for speakers - ]
Please note that it's our first edition, and so we are looking for
sponsors to cover conference's expenses.
Speakers' privileges are:
- FRHACK staff can guarantee and we will provide accommodation for 3 nights:
>=20
> only be retrieved from the certificate.=20
>=20
> The signed file's meta data can not be trusted as the=20
>=20
> meta data is not covered by the signature.
>=20
> =20
>=20
>=20
> V. Solution
specifically relationships between collaborative systems and security.
It intends to present new challenges and solutions related to latest
security requirements, specific methods of access control enabling
large scale cooperation, usage of mobile technologies and smartcards,
new security infrastructures supporting better prevention, detection,
recovery and healing in the context of cooperative systems.
We invite original contributions from researchers in academia, research
institutions and industry on these emerging and important areas of
information technology.
The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!
In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):
System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design!
Non-persistent Cross-site Scripting (XSS) on 404 error pages
Persistent cross-site Scripting (XSS) on the network settings page
Persistent cross-site Scripting (XSS) on the video viewing page
Persistent cross-site Scripting (XSS) on the logs viewing facility
not submit.
[ - Information for speakers - ]
Please note that it's our first edition, and so we are looking for
sponsors to cover conference's expenses.
Speakers' privileges are:
- FRHACK staff can guarantee and we will provide accommodation for 3 nights:
CRASH COURSE IN PENETRATION TESTING
Instructors: Joseph McCray & Chris Gates
Includes: 250GB 2.5" USB Harddrive preloaded with lab VMWare images
This course will cover some of the newer aspects of pen-testing covering; Open Source Intelligence Gathering with Maltego and other Open Source tools, Scanning, Enumeration, Exploitation (Both remote and client-side) and Post-Exploitation relying heavily on the features included in the Metasploit Framework. We'll discuss our activities from both the Whitebox and Blackbox approach keeping stealth in mind for our Blackbox activities.
Web Application penetration testing will be covered as well with focus on practical exploitation of cross-site scripting (XSS), cross-site request forgery (CSRF), local/remote file includes, and SQL Injection.
The course will come with a complementary USB Harddrive loaded with the lab Virtual Machine images for you to play with so you can continue to hone your skills and learn new techniques even after the course is finished. Attendees will walk away with a current knowledge of how to pen-test both a network and a web application, all of the basic tools needed, and a set of practice exercises that they can use to improve their skills.
performance systems in three directions. First, it considers how to
add security properties (authentication, confidentiality, integrity,
non-repudiation, access control) to high performance computing systems.
In this case, safety properties can also be addressed, such as
availability and fault tolerance for high performance computing systems.
Second, it covers how to use high performance computing systems to solve
security problems. For instance, a grid computation can break an
encryption code, or a cluster can support high performance intrusion
detection. More generally, this topic addresses every efficient use of a
high performance computing system to improve security. Third, it
investigates the tradeoffs between maintaining high performance and
[ - Information for speakers - ]
Speakers' privileges are:
- H2HC staff can guarantee and we will provide accommodation for 3 nights
- For each non-resident speaker we might be able to cover travel expenses up to USD 1.000
- For each resident speaker we might be able to cover travel expenses
- Free pass to the conference
[ - Other information - ]
[ - Information for speakers - ]
Speakers' privileges are:
* H2HC staff can guarantee and we will provide accommodation for 3
nights
* For each non-resident speaker we might be able to cover travel
expenses up to USD \ 1.000
* For each resident speaker we might be able to cover travel expenses
* Free pass to the conference
* Parties! Plenty of parties... Hope you enjoy it, otherwise you can
stay in the hotel and sleep...
Speakers' privileges are:
* H2HC staff can guarantee and we will provide accommodation for 3
nights
* For each non-resident speaker we might be able to cover travel
expenses up to USD 1.000
* For each resident speaker we might be able to cover travel expenses
* Free pass to the conference
* Parties! Plenty of parties... Hope you enjoy it, otherwise you can
stay in the hotel and sleep...
in October 2007, the OpenVAS developers continued the auditing of the code
inherited from Nessus and have added a variety of useful features for OpenVAS
users, for server adminstrators and for developers of Network Vulnerability
Tests (NVTs).
The main changes compared to the 1.0 series cover:
* OVAL Support:
OpenVAS 2.0.0 introduces preliminary support for OVAL, the Open Vulnerability
and Assessment Language[2]. OVAL is an international, information security,
community standard to promote open, standardized and publicly available
>>
>> 1) steal it
>> 2) boot off cd and reset/enable admin acct
>> 3) boot off cd and grab all hashes
>> 4) pour a perfectly good frappucino on the keyboard
>> 5) cover it with smiley face stickers
>>
>>
>> You get the idea. This is non issue.
>>
>>
Inspection of the source code reveals, that the parser of the courier-mta
allows only 300 mime parts and a nesting depth of 30 levels. Since courier
seems not to get too many complaints, this is probably a reasonable limit.
== History of this bug ==
I (re)discovered the bug independently in mid 2007. The bug was however
known before. There are some advisories like secunia.com/advisories/11360/
(for Eudora, bug still unfixed) by people who discovered the problem
before, but did not publicly announce or did not see the scope of it. More
recently, there has been a likewise advisory for sendmail, CVE-2006-1173.
There have been other advisories for different antivirus solutions. This
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware, software
# Virtualization and operating systems security
# Web applications security and cryptographic
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
CONFidence conference is a non-profit event and speakers are not being
paid. However, we always try to provide financial help and cover
BUENOS AIRES, Argentina -- The first annual BA-Con applied
technical security conference - where the eminent figures in the
international and South American security industry will get together
and share best practices and technology - will be held in Buenos
Aires on September 30 and October 1st. 2008. The most
significant new discoveries about computer network hack attacks
and defenses, commercial security solutions, and pragmatic real
world security experience will be presented in a series of
informative tutorials.
The BA-Con meeting provides local and international researchers
The conference is held over two days in a relaxed atmosphere,
allowing attendees to enjoy themselves whilst expanding their
knowledge of security.
Live presentations and activities will cover a full range of
defensive and offensive security topics, varying from unpublished
research to required reading for the public security community.
For more information, please visit http://www.ruxcon.org.au
is completely out to lunch. For one, Calea requires a court order,
enough evidence has to presented to a judge to convince him to write the
order, a NSL does not.
For another, "telecommunications carrier" refers to carriers, not
content providers. So only your access point is covered (I'm not sure if
internet Calea is even in place yet). But it certainly doesn't cover any
content providers, web and email for example. So HushMail wouldn't fall
under Calea.
And finally, HushMail can't even fall under a NSL because it isn't a US
monitoring and management system. The Common Vulnerabilities and
Exposures project identifies the following problems:
Several cross-site scripting issues via several parameters were
discovered in the CGI scripts, allowing attackers to inject arbitrary
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.
For the oldstable distribution (etch), these problems have been fixed in
>
> only be retrieved from the certificate.
>
> The signed file's meta data can not be trusted as the
>
> meta data is not covered by the signature.
>
>
>
>
> V. Solution
only be retrieved from the certificate.
The signed file's meta data can not be trusted as the
meta data is not covered by the signature.
V. Solution
We are especially interested in presentation concerning:
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware, software
# Virtualization and operating systems security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
# Web applications security and cryptographic
Caution!
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware, software
# Virtualization and operating systems security
# Web applications security and cryptographic
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Data recovery, Forensic and Incident Response
# Physical security
# Botnets
# Security research
Caution!
The Call for Papers for HITB Security Conference 2010 Malaysia is now open!
Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Submissions are due no later than 9th August 2010.
HITB CFP: http://cfp.hackinthebox.org/
===
>
> 1) steal it
> 2) boot off cd and reset/enable admin acct
> 3) boot off cd and grab all hashes
> 4) pour a perfectly good frappucino on the keyboard
> 5) cover it with smiley face stickers
>
>
> You get the idea. This is non issue.
>
>
PlumberCon has full permission to record any material that is
presented at the conference and make it available to the public under
a Creative Commons license.
Unfortunately, PlumberCon will not be able to cover travel expenses.
However, if you're coming in from out of state and are looking for a
place to stay during the conference weekend, feel free to get in touch.
The conference is held over two days in a relaxed atmosphere,
allowing attendees to enjoy themselves whilst expanding their
knowledge of security.
Live presentations and activities will cover a full range of
defensive and offensive security topics, varying from unpublished
research to required reading for the public security community.
For more information, please visit http://www.ruxcon.org.au
monitoring and management system. The Common Vulnerabilities and
Exposures project identifies the following problems:
Several cross-site scripting issues via several parameters were
discovered in the CGI scripts, allowing attackers to inject arbitrary
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.
Extending this to an internal corporate platform changes nothing. In a sane
deployment the large groups of admins would only have access to vms, not the
host platform. Only a select group of admins would have access to the host
OS, and then common security practices of logging & auditing applies. The
number of potential abusers are minimal, and with remote logging to servers
under the security team's control the ability to cover their tracks is
extremely difficult.
Am I missing something, or is this still much ado about nothing? I agree
that that functionality should be very clearly labeled, and probably beyond
what vmware currently does. But overall, this is a very easily managed
Next Page>>
|
