Next Page >>
malicious user
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
BugTraq readers, here is a big Black Hat update to keep inquiring minds up
to date with all the goings on in our not-so-secret lair:
Black Hat Amsterdam is a go!
Training: 25-26 March 2008 Briefings: 27-28 March 2008 There will be four
different tracks over two days comprised of over 20+ internationally
BugTraq, the Japan 2008 briefings audio is now on-line, plus a webinar from
Dave Litchfield is about to happen:
NEW FREE WEBCAST - Oracle Database Forensics
Black Hat's webcast series continues with another powerful presentation from
a popular Black Hat speaker. This month's presenter is David Litchfield of
NGS software, speaking on Oracle database forensics, and he will be
releasing a new tool called orablock which he describes this way:
"Orablock allows a forensic investigator to dump data from a "cold" Oracle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Bug Traq Readers, here are some updates on upcoming Black Hat
briefings as well as ways to get involved.
BLACK HAT FREE WEBINAR Nov 20th
https://www.blackhat.com/html/webinars/clickjacking.html
Black Hat Webcast #5 is scheduled for Thursday, November 20 at 1pm PST.
Hash: SHA256
[I tried to send this on the 11th, but never saw it come through so I am
trying again]
Hey BugTraq readers, Happy Holidays from Black Hat! Before the silly season
enters full swing I'd like to make a couple announcements:
BRIEFINGS AND TRAININGS
http://www.blackhat.com/
Black Hat is proud to be holding Trainings and Briefings in Washington D.C.,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Vuln-Dev, Happy Holidays from Black Hat! Before the silly season enters full
swing I'd like to make a couple announcements:
BRIEFINGS AND TRAININGS
http://www.blackhat.com/
Black Hat is proud to be holding Trainings and Briefings in Washington D.C.,
Amsterdam, Las Vegas, Japan, and a mystery location in 2008. Please mark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hey BugTraq readers, Happy Holidays from Black Hat! Before the silly season
enters full swing I'd like to make a couple announcements:
BRIEFINGS AND TRAININGS
http://www.blackhat.com/
Black Hat is proud to be holding Trainings and Briefings in Washington D.C.,
Amsterdam, Las Vegas, Japan, and a mystery location in 2008. Please mark
We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a game changing, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a game changing, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
We've finalized the speaker lineup for Black Hat Japan 2007, and we're looking forward to a great show. Attendees will be treated to a roster with more variety and depth than ever.
The schedule and speaker bios are available on-line at:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a gamechanging, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
The bugs in this advisory as well as a number of specific methods to
combine them with insecure Internet Explorer features are discussed in
the paper "Abusing Insecure Features of Internet Explorer"[5].
Exploitation of these vulnerabilities as well as others disclosed
previously was explained in a presentation at the BlackHat DC 2010
technical security conference [6]
8.1. *URLMON sniffing vulnerability*
In CoreLabs Security Advisory CORE-2008-0826 [2] a vulnerability that
Vulnerabilities via 'setup-config.php' page.
CVE: CVE-2011-4899
The WordPress 'setup-config.php' installation page allows users to install
WordPress in local or remote MySQL databases. This typically requires a user
to have valid MySQL credentials to complete. However, a malicious user can
host their own MySQL database server and can successfully complete the
WordPress installation without having valid credentials on the target system.
After the successful installation of WordPress, a malicious user can inject
malicious PHP code via the WordPress Themes editor. In addition, with control
http://insecure.org/stf/secnet_ids/secnet_ids.html
[2] "DefCon 9: ADMmutate Polymorphic Shellcode API" by K2
http://www.youtube.com/watch?v=Oc-MyOXbYH0
[3] "A look at whisker's anti-IDS tactics" by Rain Forest Puppy
http://www.ussrback.com/docs/papers/IDS/whiskerids.html
[4] "Black Hat USA: IPS Shortcomings" by Renaud Bidou
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Bidou.pdf
[5] "HTML obfuscation tool" by isnoop.net
http://isnoop.net/tools/obfuscate.php
[6] "Online JavaScript Obfuscator" by Daft Logic
http://www.daftlogic.com/projects-online-javascript-obfuscator.htm
Hey all,
I've just posted a new paper on Oracle Forensics and my Black Hat
presentation to
http://www.databasesecurity.com/oracle-forensics.htm
The new paper is entitled "Oracle Forensics Part 5: Finding Evidence of Data
Theft in the Absence of Auditing" and explores some of the ideas I discussed
at Blackhat.
Cheers,
David Litchfield
inodes which have been marked bad.
CVE-2006-5823
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted cramfs filesystem.
CVE-2006-6053
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext3 filesystem.
inodes which have been marked bad.
CVE-2006-5823
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted cramfs filesystem.
CVE-2006-6053
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext3 filesystem.
Gents,
BlackHat Washington DC has just finished, and we wanted to let you know
that RIM officially released a patch for the vulnerability found by
TEHTRI-Security in BlackBerry devices, and covered during our talk:
"Inglourious Hackerds: Targeting Web Clients".
The 0day created by TEHTRI-Security affects the BlackBerry browser
application of the following software versions:
The Black Hat Briefings DC Call for Papers is now open!
It will be held February 2-3, 2010 at the Hyatt Regency Crystal City in D.C.
https://www.blackhat.com/html/bh-dc-10/bh-dc-10-cfp.html
the CFP closes December 1, 2009.
This year features no anime con or people in superhero outfits.
If you are planning to submit, think of topics of that would be of interest
to a predominantly federal audience.
> The following assumptions are made in this PoC:
>
> 1. Virtual hosts www.targetsite.net and
> www.badsite.com resolve to the same IP address;
>
> 2. Malicious user controls www.badsite.com web site;
>
> 3. Malicious user targets www.targetsite.net users.
>
> The following list summarises the sequence of actions
> shown in the demo:
1) Anybody possessing a valid uid can forward any message of the system
to an email address of his choice. One possible way of obtaining an uid
is to register to a publicly available mailing list. The user's uid
appears in every user's registration confirmation email.
Just by iterating on mid, a malicious user can see and forward to
himself any message that has been previously sent by phpList -- even
messages belonging to hidden (private) mailing lists, or to mailing
lists to which he's not subscribed. E.g.:
http://PATH_TO_PHPLIST/lists/?p=forward&uid=VALID_UID&mid=ID
following problems:
CVE-2006-5823
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted cramfs filesystem.
CVE-2006-6054
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext2 filesystem.
It turns out that independent of Mr. Graham's work, I have also been
investigating these types of attacks as they pertained to users'
safety while they use the Tor network.
As I presented in my Black Hat and DefCon talks on Securing the Tor
Network, it turns out that using https for accessing mail.google.com
is not sufficient to protect you from many "Sidejacking" attacks. The
'GX' authentication cookie for mail.google.com is set to be
transmitted for any type of connection (http or https). This is the
only cookie one needs to authenticate to gmail.
Hey guys, just a reminder that the CFP for Black Hat USA is closing next Tuesday.
I'll post the first batch of acceptances next week.. some really solid stuff this year from hacking ATM machines and lock picking forensics to Injecting agents into VM guest OS and myths of Extended Validation SSL certificates.
Jeff
Updated March 2, 2012
Summary:
RSA SecurID® Software Token Converter contains a buffer overflow vulnerability that could allow a malicious user to compromise a potentially vulnerable system.
CVE Identifier: CVE-2012-0397
CORE GRASP for PHP is a web-application protection software aimed at
detecting and blocking injection vulnerabilities and privacy violations.
As mentioned during its presentation at Black Hat USA 2007, GRASP is
being released as open source under the Apache 2.0 license and can be
obtained from http://gasp.coresecurity.com/.
The present implementation protects PHP 5.2.3 against SQL-injection
attacks for the MySQL engine, it can be installed with almost the same
effort as the PHP engine, both in Unix and Windows systems, and
protection is immediate with any PHP web application running in the
The following assumptions are made in this PoC:
1. Virtual hosts www.targetsite.net and
www.badsite.com resolve to the same IP address;
2. Malicious user controls www.badsite.com web site;
3. Malicious user targets www.targetsite.net users.
The following list summarises the sequence of actions
shown in the demo:
The Pwnie Awards ceremony will return for the third consecutive year to the
BlackHat USA conference in Las Vegas. The award ceremony will take place
during the BlackHat reception on Wed, July 29.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of security researchers and the wider security community in the past
year. We're currently accepting nominations in nine award categories:
* Best Server-Side Bug
* Best Client-Side Bug
The Pwnie Awards ceremony will return for the fourth consecutive year to the
BlackHat USA conference in Las Vegas. The award ceremony will take place
during the BlackHat reception on Thr, July 29, 2010.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of security researchers and the wider security community in the past
year. We're currently accepting nominations in nine award categories:
* Best Server-Side Bug
* Best Client-Side Bug
The call for Pwnie Award nominations is now closed. We had a tremendous number
of submissions and it was really hard to decide which ones are the best. The
list of nominees is finally up at http://pwnie-awards.org/awards.html
The Pwnie Awards ceremony will take place on Wednesday, August 1st. The
location is Palace Ballroom 3 at Caesar's Palace, right next to the BlackHat
reception area. We'd like to thank BlackHat for their generous offer to host
the awards.
We will start at 6pm. See you there!
no-network profile may have access to network resources through the
use of Apple events to invoke the execution of other applications not
directly restricted by the sandbox.
It is worth mentioning that a similar issue was reported by Charlie
Miller in his talk at Black Hat Japan 2008 [2]. He mentioned a few
processes sandboxed by default as well as a method to circumvent the
protection. Sometime after the talk, Apple modified the mentioned
profiles by restricting the use of Apple events but did not modify the
generic profiles.
http://www.appsecusa.org/ctf.html
Good luck!
Hope to see you at Black Hat and DEF CON next week.
--
Adam Baso
Next Page>>
|
