Scary Beasts Security
JANUARY 9, 2010
[Or "Logout CSRF" for search indexes; I seem to be addicted to the less common acronym ;-)] Significant? No, of course not. It is a technical integrity violation inflicted upon good.com by evil.com. That's not ideal, and could be an annoyance. But there are some other interesting technicalities that can make it futile to defend against. They include: Cookie forcing.
Elie
AUGUST 11, 2010
Internet Explorer privacy is flawed. This blog post shows how to abuse SMB query to force Internet explorer to disclose windows username, domain and version even while in private mode or using an HTTP proxy. Proof of concept included.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
CompTIA on Cybersecurity
FEBRUARY 9, 2010
It is hard to believe that a full decade has gone by from a time when fear, angst, and anxiety across many aspects of the channel was focused on the “what ifs” of Y2K. You would be hard pressed to pick up any publication and not see something about the Y2K situation. Here it is ten years later and, yes we survived Y2K, but there is a similar media storm these days about security as more vendors, channel partners, and end-users turn to the “cloud” for everything from storage/back up to financial.
Privacy and Cybersecurity Law
JULY 31, 2010
Laura Gavioli has published an article in the June-July issue of the Journal of Tax Practice & Procedure. The piece addresses […].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Scary Beasts Security
AUGUST 4, 2010
Now that this paper is officially public, the full story of CSS-based cross-origin theft can come out. (As an aside I'd like to note that I contributed little other than review to the paper so credit must go to the other named individuals). For background reading, see my Dec 2009 original post and an update that notes Firefox fixing the issue. In the original post, I state two mitigating factors that prevent the attack being very serious: the fact that quotes and particularly newlines stop the a
Scary Beasts Security
OCTOBER 21, 2010
I find this bug interesting, because at first it looks like a relatively minor cross-origin leak. But with a bit of investigation, it has major consequence. The bug is specific to Internet Explorer, and still seems unfixed (in stable versions) at the time of writing. I told Microsoft about it back in 2008. Therefore this disclosure is not an 0-day , but more like a 600-day.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Scary Beasts Security
JUNE 25, 2010
Open redirectors are a contentious issue. Old-school hackers think anyone who thinks they are serious is on drugs. New-school hackers are more evenly divided. I haven't yet seen a public, balanced list of reasons why you should be worrying about other problems. Here it is. For now, I'll concentrate on the central idea that open redirectors permit domain obfuscation and therefore facilitate phishing etc.
Scary Beasts Security
MARCH 18, 2010
Ok, so I was bored and I added very very basic HTTP support to vsftpd. vsftpd is now perhaps the only FTP server to have an option ftp_enable=NO. Basically none of the HTTP protocol is implemented, but it might suffice for someone who is super-paranoid and needs to serve some static files over the HTTP protocol. The selling point is the re-use of vsftpd's tried-and-tested listener, string handling and built-in sandboxing.
Scary Beasts Security
JANUARY 28, 2010
I don't usually post non-original content here, but in this case I'll make an exception :) Here's one of the things I've been working on over in Chromium land: [link] Will you be the first $1337 ?
Scary Beasts Security
JULY 20, 2010
We've seen who is $1337 but who is $3133.7 ? I just launched this: [link] I've really enjoyed launching and now refreshing this program.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CompTIA on Cybersecurity
JANUARY 23, 2010
Articulating the Value of Security.It’s an uphill battle to convince the decision-makers in any business that they need to invest in security. Why? Because deep down, all professional businesspeople think security is an annoying layer of cost and inconvenience.If you walk in and tell them, “We need more security,” they hear, “We need a more annoying layer of cost and inconvenience.”Getting the buy-in for security products and services today means understanding what drives your company’s securi.
Scary Beasts Security
SEPTEMBER 29, 2010
A few weeks back, I published a demo that uses a serious Internet Explorer cross-origin violation to permit a malicious web page to force the visitor to make unwarranted tweets: [link] The post was light on technical details of how the attack works, so they will be filled in below. In addition, I'll quickly take care of the FAQ: Q) Does this attack affect earlier versions of Internet Explorer, such as IE6?
Scary Beasts Security
JANUARY 10, 2010
I was recently stealing anti-XSRF tokens using the CSS design error I found. In the (unnamed for now) app I was exploiting, all the fun happens in XSRF-protected POST requests with an XML RPC protocol. If you are good.com , then sending XML to yourself is easy - you can send arbitrary POST payloads using XHR. This of course is not an option from evil.com.
Scary Beasts Security
JULY 22, 2010
Firefox just released version 3.6.7 of their excellent browser, and it fixes this: [link] This leaves 4 of the 5 major browsers with fixes (more on this in an upcoming post), which is my threshold for documenting a little tweak to exploitability. It is partially inspired by Gareth Heyes' attack on E4X using character set overrides. For interesting background reading, see: [link] Turns out, the same character set override applies to loading cross-origin CSS via the tag.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
57 
Let's personalize your content