Blog
reDuh.ASPX
An additional issue has been discovered in the ASPX version of reDuh. Although the script did work as expected, it did not set the ScriptTimeout value. This resulted in reDuh terminating active connections once the page timeout had expired.
This has been fixed in the ASPX version. A copy can be grabbed from here. More information regarding reDuh can be found here.
ASPX and reDuh
We’ve received a number of queries regarding folkses unable to get the ASPX version of reDuh to work.
In truth, the client had a faulty HTTP implementation meaning that HTTP requests were malformed. Apache and Tomcat cope admirably with the malformed requests, IIS does not.
So, we’ve built a new client version for reDuh which will play nicely with IIS. Apart from the bugfix, the new version also supports SSL. A direct link to the updated client is here. More information regarding reDuh is here.
Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)
aka.. Someone put the hurtski on Kaspersky..
The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on a SQL Injection vulnerability that was exploited on AV vendor Kaspersky’s site. Detail of the attack can be found here.
It’s interesting that SQL Injection (though as old as the proverbial hills) is still such a major issue.
In fact, I have it on good authority that the bulk of PCI-related compromises are still as a result of SQL Injection…
On Hiring Staff – The T-Shirt Method..
Anyone who has honestly reflected on what they know about hiring, will tell you that no matter how locked-down you think you have it, you dont. There is still way too much left to chance and way too much that you just dont know. To avoid this, companies that care about preserving their culture will sometimes adopt a “default deny” approach. It’s ok to miss a potentially good hire rather than to take on a bad one. This isn’t silly geek risk aversion.. It’s because one bad hire can do amazing damage to a culture (an area bad hires can be amazingly productive in).
Turn of the century deja vu?
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way.
It has been a good few years since the world saw a worm outbreak of this magnitude. Indeed, since the Code Red, Slammer and Blaster days, things have been fairly quiet on the Interwebs front.
As a community, it seems we very quickly forgot the pains caused by these collective strains of evil. Many people proclaimed the end of issues of that particular bent, whether it be as a result of prolific post-worm hastily induced reaction buying of preventative technologies and their relatives, or whether more faith was placed in software vendors preventing easily “wormable” holes in their software.
EDoS is the new DDoS ?
Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud computing models such as Amazon AWS (EC2/S3) and the pricing models that go along with them can actually pose a very nasty risk to those who use the cloud to provide service”
Of course, this has kicked off the flurry of responses from “How is this different to soaking up the bandwidth of people who pay per gig” to “OMG! thats the new thing.. Cloud Computing is bad”.
RFP Spotting..
Not the boring pile of papers kind.. the shiny pants and sunglasses kind:
Turns out you can find him blogging these days at [http://research.zscaler.com/]
PS. if you dont know who RFP is, you are too young, and probably think w00w00 is leetspeak for a siren..
QoW: Software Reversing and Exploitation
I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been coded in c and compiled by VC++ 2008. This is a three step challenge:
Step 1- Find the correct “passphrase” format to logon to the server and get the “Access Granted” message. (You may use a debugger like Ollydbg to do Live RE for this step).
Step 2- Do vulnerability research on the server software. There is at least one exploitable bug but there could be more bugs or error conditions. Try to spot a memory corruption bug and write a denial of service exploit for it.
When missing a good hire works out well..
A few years ago, Mohamed Nanabhay was considering joining SensePost and i was trying hard to convince him it was the way and the light. He had been a KPMG auditor in a past life (but i promised not to hold that against him).
We were not sure what he would do at SP, since he was kinda moving away from hardcore tech, but we always said that we would take quality people, even if we didnt have a niche for them, cause quality people will make a new niche.
So so senseless…
haroon :(