2008
pwnies video posted online..
The video of the much publicized pwnie awards has been posted to the interwebs [gvideo link]
Locals (SensePosters) can grab a copy [here] I believe it featured HalVar rapping so it should be worth at least a listen to :>
/mh
PS. i heard the first 3 minutes which included Alex Sotirov mention how >30 equates to over the hill, and humbly sumbit Malcolm Gladwells recent speech in silent 3rd hand rebuttal. [Age before beauty – the difference between young geniuses and old masters]
BlackHat / DefCon 2008….
Hey guys..
Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!)
We will post some post-Vegas thoughts as soon as the dust settles, but i also promised:
The slides from our talk The tools we released… A link to the slides is here: [Pushing a Camel through the eye of a Needle]
Crowbar 0.941
Quick update on your favourite brute forcer… The file input “MS EOF char” issue has been resolved, and provision has been made for blank passwords too. The above mentioned error meant that Crowbar incorrectly used EOF characters on *nix based files.
Regarding the blank passwords, simply include the word “[blank]” (without the “”) in your brute force file and crowbar will test for blank usernames/passwords as well.
For those of you that don’t know, Crowbar is a generic brute force tool used for web applications. It’s free, it’s light-weight, it’s fast, it’s kewl :>
these tubes are quick
Kaminsky’s thunder has all but evaporated into a fine mist, and Ptacek has gone all silent. In the meantime, the MetaSploit crowd put their heads down and produced:
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
DNS poisoning for the masses.
(If anything ever deservered the tag ‘infosec-soapies’, this would be it!!!)
SQL Server 2005 – Where the $%#@ is that stored proc ?
While doing some prodding on SQL Server, i came across this newness (of course this is probably old hat to many SQL2005 dba’s)
Essentially i was tryign to track down something in sp_addserver.
The source of this stored proc [System Databases\Master\System Stored Procedures\sys.sp_addserver] showed that another stored proc called: sys.sp_MSaddserver_internal was being called.
For the life of me though, i could not track down sys.sp_MSaddserver_internal.
Turns out the answer is reasonably well documented [SQL Books Online], with 2005 – MSFT moved stored procs / and friends into a readonly hidden db. This can be made visible by copying the physical .mdf files and attaching them. [Process reasonably documented on the interwebs if you know what to search for]
Forget Dan’s DNS, the Armageddon Comes from Intel’s CPUs
Kaspersky will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler.
The demonstrated attack will be made against fully patched computers running a range of operating systems, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux and BSD. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October
What? no comment on the DNS thing ??
Mostly we have stayed silent, because too many people have commented too much already.. It was interesting however how Ptacek was quite deftly forced to eat his words by a Dan Kaminsky phonecall..
The “ill tell everyone all during my Vegas talk” angle is an obvious way to pack the room.. but hey, cheaper tricks have been pulled to pack rooms in the past.. [and if anyone didnt need help packing a room, its dan.. he has a cult following]
funky javascript
found this online last night. try in FF or IE7:
javascript:document.body.contentEditable='true'; document.designMode='on'; void 0
then edit the page in-place, screenshot, and make your scam millions…
at least, it beats editing HTML?
Forget the python vs ruby discussions..
Cause this puts Perl right back in the game!
-snip-
> sudo perl -MCPAN -e shell
cpan> install Acme::LOLCAT
install — OK
> cat demo.pl #!/usr/bin/perl
use Acme::LOLCAT;
print translate($ARGV[0]);
> ./demo.pl “Im going to run all emails through this before sending”
IM GOINS 2 RUN ALL EMAILZ THROUGH THIZ BEFORE SENDIN
-snip-
ahhh.. MUH WORK AR DONE HERE
A blog that hasnt mentioned the OSX priv escalation bug OR Firefox3 ???
well.. 50% right..
But im not going to talk about FireFoxs record breaking download, or the bug that was released in record time.. but want to point you at Andy Inhatko’s review of Firefox3. Andy is old school mac diehard, and is a regular on the MacBreak podcast but says:
“But with 3.0 . . . well, we have a victor. Firefox 3.0 should be your default browser, starting right now.”