Blog
Another blow for privacy? A small price for your 15 minutes of fame..
Spock have just opened up beyond their private beta and promise to be the most comprehensive people search tool on the interwebs.. Their model is interesting because they aim to combine wikipedia style editing with a single focus.. people..
Roelof and i had long discussions in the past, around someway to get people to update information on people while growing the db and still having people contribute.. Interestingly, spocks simple sounding approach might be perfect.. in a day when everybody vanity googles themselves, and when the facebook/myspace/twitter generation have 0 qualms about informing the world what they are doing 24/7, the simplest way to populate a db with information about people, might just be to let them fill the info in themselves..
BlackHat Roundup – Ajax and h.323 and iax
The bulk of security research pertaining to VoIP call control, setup and signaling protocols has focused on the Session Initiation Protocol (SIP), due to the ubiquity and widespread adoption of this protocol. However, a number of other protocols and protocol suites are in use in many organizations and have been adopted by many of the VoIP vendors. Some examples of these protocols are Cisco’s Skinny Client Control Protocol (SCCP or Skinny), the H.323 suite of protocols, and Asterisk’s Inter-Asterisk eXchange (IAX).
Squeeza: The SQL Injection Future?
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is..
For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file transfers (download from the remote SQL Server), database enumeration, etc via a number of channels (Currently via DNS, via HTTP Error messages and Via Timing).
Late BlackHat Update..
ok.. so im in my room finally catching up on sleep (or will be in a few minutes) while most people are finishing Microsofts booze at the PURE microsoft party.. BlackHat is over, which means tomorrow we are off to the riviera for defcon..
Marco and i got a lot of positive feedback from our talk, including from guys like rob auger of wasc fame and andrew bortz who we quote in our paper, so it was pretty cool.. all our demos went of smoothly (where one of them was using javascript (and timing) to create a distributed brute-forcing tool, which had every opportunity to go south) so we were happy..
BlackHat Progress Report
(always wanted to say that!)
2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people / bump into some old friends..
The next “biggie” on the horizon is Wednesdays talk.. We have had a fair bit of interest so far and even though the slot has some stiff competition its seems like all will be well :). The talk should be interesting to developers, pen-testers and even just people with a vague interest in see’ing cool stuff.. Marco has been adding functionality to “squeeza” like a demon and as it stands its probably the only SQL Injection tool i know that will allow (file downloads, arb sql queries, database mining) all purely in T-Sql over a variety of transport channels (dns, error messages, timing). We will post the link to it for download just before we talk..
BlackHat, DefCon, Las Vegas
Ok.. so the 2nd plane with SensePost’ers has touched down in LasVegas and the first cheeze-pizza from the caesars food court has been consumed.. So little changes in caesars that it always adds to the surreal feeling that lasts for the entire stay..
We will be in the training rooms over the weekend, and during the week, and will then give our bh-talk, before moving to defcon for the talk there..
in between, as usual its a chance to meet old friends, make new ones and get sun-burnt! Grab us if you see us, and we can grab coffee/beer/chocolate-milk..
QoW 1 answered; Qow 2 released
A little while back we published our first public QoW for your abuse and enjoyment, and the time to close it is ………. now. The new QoW is available here.
Thanks for the efforts; we received a fair number of answers and are still figuring out how to go about recording your submissions. For now, we’ll publish the first correct answer, and discuss the answer in brief. Over to Haroon:
Jeremiah Grossman was the first correct answer, with valiant attempts from many others.. Acceptable solutions involved either the use of JavaScript / HTML comments to allow our injection to span multiple lines (or really really small urls :>)
-sigh- little things, little minds…
Deels stumbled on www.simpsonizeme.com to give me mh, the springfield edition..
Combine with your intranet mug-shots, and it could give you hours of lost productivity..
Google Cookies.. Finally a saner expiry date…
Google have finally revised their cookie expiration policy, which will have user cookies expiring after 2 years. (For those of you who think this is too long, it needs to be kept in mind that this used to be set to expire in 2038!).
Of course, the tin-foil hat wearers amongst us are going to find it difficult to convince the “keep-your-stinkin-privacy-i-want-my-15-minutes” facebook generation that privacy actually matters, but we can probably chalk this, and their earlier anouncement to sanitize search server logs after 18 months as a tiny victory..
Adam Shostack on Biometrics..
hmmm… i have heard this somewhere before….
” However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. ”
/mh