| New User, Welcome! Login |
right now
Just for the records: I will not write that much, even because it is very,
very simple, and I do believe some one else will write a good stuff for
academic audiences.
If you still believe in Santa Claus, please, stop reading right now, because
this paper will show that bad things can get worse, and worse, and worse, if
we are not paying attention on the signs. And according to some people: it
is all old news, and the techniques were already presented by someone,
somewhere. Ok, then!
>
> 2. Urgency
>
> If a lot of IP sources attack you from China RIGHT NOW, and you
> need immediate mitigation, blocking China short-term may work,
> but obviously not as a permanent solution.
Of course. You can apply the sets without blocking. In fact, I recommend that FIRST in the article. That way you can report on and analyze traffic from sources to make your own decisions on an ongoing basis. When the time comes, you can change your policy as needed. I currently block traffic from Russia, but I might start allowing in SMTP since this Anastasia chick I get emails from on my other address seems pretty hot. :)
>
> 2. Urgency
>
> If a lot of IP sources attack you from China RIGHT NOW, and you
> need immediate mitigation, blocking China short-term may work,
> but obviously not as a permanent solution.
Of course. You can apply the sets without blocking. In fact, I recommend that FIRST in the article. That way you can report on and analyze traffic from sources to make your own decisions on an ongoing basis. When the time comes, you can change your policy as needed. I currently block traffic from Russia, but I might start allowing in SMTP since this Anastasia chick I get emails from on my other address seems pretty hot. :)
I don't mean to come off as a jerk here, but, most of the questions that have been asked were mentioned in the original message and in k`sOSe's code.
As I've said, Opera does not allow you to invoke the file:// handler from the Internet. I am not sure about Java applets, but JavaScript is the method used in the exploit code. We tried window.open() and window.location but neither allow it work. If you can get it to work, please let us know!
As far people that said "it worked" when a new tab opens with an error -- no, it did not work. It "works" when it the browser crashes, or ideally, calc.exe opens. I feel like Opera silently fixed this, but I don't have the time to figure it out right now.
Please, take the time to read the original message a little closer and review the PoC. I realize that it doesn't answer all questions, but it will answer a lot that have been asked here! :)
send9
Ok, so they concede it is possible to limit the DMA accesses to specific
(safe) ranges. I wonder which devices cannot be restricted...
> How much should the average user worry about this? Not very much.
Yeah, I agree it's probably not a big risk right now. That may change
over time though, as more and more small devices become very
programmable. You can already hack Linux onto your iPod, which makes a
great cover for casually compromizing machines in an office environment.
The number of small devices which would normally seem benign to end
users, but are capable of being quite evil, will only increas over time.
to be part of this open source project
or just want to collaborate with me:
Please reply to jsacco@exploitpack.com
Why don’t you download and give it a try right now? While downloading,
you may watch this quick video on YouTube!
Video: http://www.youtube.com/watch?v=cMa2OrB7b5A
Website: http://www.exploitpack.com
> But that is another conversation...
> I subscribed to the IPv6 Hackers mailing list, maybe we will have some
> discussion about that over there.
Yep... will post something right now, and see if that triggers discussion.
Thanks!
Best regards,
--
[x] Vendor Information
"If the written word is the wheel, then Writer’s Block is the sweet, sweet fossil fuel in the
engine that keeps it spinning. A free, flexible, elegant Content Management System that helps
you maintain any web site you want, at any size you want, with no hassle and no restrictions.
In fact, it’s running this entire site right now."
http://www.desiquintans.com
[x] Attack Information
> >> but don't bet on it. XP code is something like 15 years old now,
> and
> >> we're not going to change it. That's the way it is, sorry. Just be
> >> glad you're using XP and not 2008/vista or you'd be patching your
> arse
> >> off right now."
> >>
> >> If MSFT thinks they are mitigating public opinion issues by side-
> >> stepping questions and not fully exposing the problems, they are
> wrong.
> >> This just makes it worse. That's the long answer. The short answer
some situations). On the other hand, (virtually) reassembling IPv6
packets on a layer2 device is expensive.
I'll have a look on ipv6-hackers as soon as I am back from vacation.
> Yep... will post something right now, and see if that triggers discussion.
Thanks!
regards,
danrl
--
*** Tickets ****************************
Tickets will officially go on sale on 11.01.10 (yep, that's 3.1.2 for
those playing along at home).
There is a Secret Pre-Sale going on right now. If you would to like to
pick up a discounted ticket, crack this code: FAW2GlImKsT3BL8yKQF=
Visit: <http://tickets.thotcon.org> for more information.
*** T-Shirt ****************************
> particularly when they are good, obvious questions. Just be honest
> about it. "Yes, XP is vulnerable to a DOS. Your firewall might help,
> but don't bet on it. XP code is something like 15 years old now, and
> we're not going to change it. That's the way it is, sorry. Just be
> glad you're using XP and not 2008/vista or you'd be patching your arse
> off right now."
>
> If MSFT thinks they are mitigating public opinion issues by side-
> stepping questions and not fully exposing the problems, they are wrong.
> This just makes it worse. That's the long answer. The short answer is
> "XP is vulnerable to a DoS, and a patch is not being offered."
particularly when they are good, obvious questions. Just be honest
about it. "Yes, XP is vulnerable to a DOS. Your firewall might help,
but don't bet on it. XP code is something like 15 years old now, and
we're not going to change it. That's the way it is, sorry. Just be glad
you're using XP and not 2008/vista or you'd be patching your arse off
right now."
If MSFT thinks they are mitigating public opinion issues by
side-stepping questions and not fully exposing the problems, they are
wrong. This just makes it worse. That's the long answer. The short
answer is "XP is vulnerable to a DoS, and a patch is not being offered."
> about it. "Yes, XP is vulnerable to a DOS. Your firewall might help,
> but don't bet on it. XP code is something like 15 years old now, and
> we're not going to change it. That's the way it is, sorry. Just be
> glad
> you're using XP and not 2008/vista or you'd be patching your arse off
> right now."
>
> If MSFT thinks they are mitigating public opinion issues by
> side-stepping questions and not fully exposing the problems, they are
> wrong. This just makes it worse. That's the long answer. The short
> answer is "XP is vulnerable to a DoS, and a patch is not being
>>>> we're not going to change it. That's the way it is, sorry. Just be
>>>> glad you're using XP and not 2008/vista or you'd be patching your
>>>>
>> arse
>>
>>>> off right now."
>>>>
>>>> If MSFT thinks they are mitigating public opinion issues by side-
>>>> stepping questions and not fully exposing the problems, they are
>>>>
>> wrong.
The demo works only in IPv4 active mode.
Feel free to test this program online, and of course, to
install it on your computer ;)
Right now, SinFP is included in BackTrack Linux distro.
Here is the link:
http://www.gomor.org/cgi-bin/sinfp.pl
And the direct link for the demo:
of Vienna, Austria (20-23 November, with the first two days dedicated to
trainings and the last two days to the conference itself).
As we are filling up seats very fast, advance booking allows us to make
room for more of you. So, if you want to attend, please do us and
yourself a favor and register right now!
To give you a compelling reason to book in advance, we will extend
regular booking rates till November 9th. Beware that after that date
registering online will cost you 100EUR more, and on-site registration
(IF seats are still available) will cost 200EUR more, so save by booking
If so, the cost of security by blocking may be unjustifiable.
2. Urgency
If a lot of IP sources attack you from China RIGHT NOW, and you
need immediate mitigation, blocking China short-term may work,
but obviously not as a permanent solution.
As to "getting rid" or "refusing to connect with" networks with
extremely bad reputation, that may be quite acceptable on an individual
our desired command and that's all.
For session's hijack, simply, close the socket opened between the client
and our box and use the established connection channel between the real
database server and our machine. You may start sending SQL statements
right now.
Exploiting the vulnerability
----------------------------
The following sections show how can be launched a successful attack
Is this truly the risk that one has to take such actions and expect such
energy?
I don't see that it is. Give me more information that it is a risk and
I may change my mind, but right now, I'm just not seeing that it's worth it.
Aras "Russ" Memisyazici wrote:
> :)
for this outer loop is directly loaded from the 2-byte word located at
offset 0x6F49D of the 3DS file without any validations; by providing a
3DS file with a large value for the word located at the mentioned
offset, an attacker may cause the application to loop more times than
the expected. This behavior could lead to a heap-based buffer overflow
vulnerability under a slightly different scenario. Right now, a large
value for the word located at offset 0x6F49D of the 3DS file will likely
trigger the memory corruption vulnerability described above, because the
application will continue reading 2-byte words from the file beyond the
intended limit, to use them in the calculation of the index for the
array where data will be copied to; if any of these words has a large
>> for someone coding up an attack low... I have bigger risks from fake
>> A/V at me.
>>
>> Is this truly the risk that one has to take such actions and expect
>> such energy? I don't see that it is. Give me more information that
>> it is a risk and I may change my mind, but right now, I'm just not
>> seeing that it's worth it.
>>
>>
>>
>> Aras "Russ" Memisyazici wrote:
>>>> we're not going to change it. That's the way it is, sorry. Just be
>>>> glad you're using XP and not 2008/vista or you'd be patching your
>>>>
>> arse
>>
>>>> off right now."
>>>>
>>>> If MSFT thinks they are mitigating public opinion issues by side-
>>>> stepping questions and not fully exposing the problems, they are
>>>>
>> wrong.
>> particularly when they are good, obvious questions. Just be honest
>> about it. "Yes, XP is vulnerable to a DOS. Your firewall might help,
>> but don't bet on it. XP code is something like 15 years old now, and
>> we're not going to change it. That's the way it is, sorry. Just be
>> glad you're using XP and not 2008/vista or you'd be patching your arse
>> off right now."
>>
>> If MSFT thinks they are mitigating public opinion issues by side-
>> stepping questions and not fully exposing the problems, they are wrong.
>> This just makes it worse. That's the long answer. The short answer is
>> "XP is vulnerable to a DoS, and a patch is not being offered."
>>>>> we're not going to change it. That's the way it is, sorry. Just be
>>>>> glad you're using XP and not 2008/vista or you'd be patching your
>>>>>
>>> arse
>>>
>>>>> off right now."
>>>>>
>>>>> If MSFT thinks they are mitigating public opinion issues by side-
>>>>> stepping questions and not fully exposing the problems, they are
>>>>>
>>> wrong.
"Servers are a more likely target for this attack, and your firewall should provide additional protections against external exploits," replied Stone and Bryant.
</snip>
If an employee managing a product that my company owned gave answers like that to a public interview with Computerworld, they would be in deep doo. First off, my default install of XP Pro SP2 has remote assistance inbound, and once you join to a domain, you obviously accept necessary domain traffic. This "no inbound traffic by default so you are not vulnerable" line is crap. It was a direct question - "If RDP is allowed through the firewall, are we vulnerable?" A:"Great question. Yes, servers are the target. A firewall should provide added protection, maybe. Rumor is that's what they are for. Not sure really. What was the question again?"
You don't get "trustworthy" by not answering people's questions, particularly when they are good, obvious questions. Just be honest about it. "Yes, XP is vulnerable to a DOS. Your firewall might help, but don't bet on it. XP code is something like 15 years old now, and we're not going to change it. That's the way it is, sorry. Just be glad you're using XP and not 2008/vista or you'd be patching your arse off right now."
If MSFT thinks they are mitigating public opinion issues by side-stepping questions and not fully exposing the problems, they are wrong. This just makes it worse. That's the long answer. The short answer is "XP is vulnerable to a DoS, and a patch is not being offered."
t
>
> If so, the cost of security by blocking may be unjustifiable.
>
> 2. Urgency
>
> If a lot of IP sources attack you from China RIGHT NOW, and you
> need immediate mitigation, blocking China short-term may work,
> but obviously not as a permanent solution.
>
> As to "getting rid" or "refusing to connect with" networks with extremely bad reputation, that may be quite acceptable on an individual bases, but not on the Internet-scale, as things stand right now.
>
Proxy server by AT&T.
So Probability of this being the reason: Very High
3. Can’t think of any other reason… Though there could be a ton of other
explanations. Just can’t think of any of them right now.
Just my 2c.
- Suramya
################
What is Wowd?
################
Wowd is a real-time search engine for discovering
what's popular on the web right now.
In essence, the company has made a peer-to-peer
search engine powered by what other Wowd users
are looking at online rather than studying and
ranking sites based on an arcane link structure.
>>>> we're not going to change it. That's the way it is, sorry. Just be
>>>> glad you're using XP and not 2008/vista or you'd be patching your
>>>>
>> arse
>>
>>>> off right now."
>>>>
>>>> If MSFT thinks they are mitigating public opinion issues by side-
>>>> stepping questions and not fully exposing the problems, they are
>>>>
>> wrong.
|
|
|
