information security and privacy advisory board
Search Results from beSpacific
Managing the Next Domestic Catastrophe: Ready or Not? by Christine E. Wormuth, June 6, 2008. Center for Strategic and International Studies "America is not ready for the next catastrophe. Years have passed since the 9/11 attacks and the response to ...
information security and privacy advisory board
Find Local Information Information. View Top Results.
www.AreaConnect.com
redOrbit.com -- Science, Health, Technology Videos
redOrbit.com is a science, health, and technology news and information portal. Learn something new today!
redorbit.com
Luxury Reviews and Trends
Discover incredible luxury travel, shopping, articles, videos and more...
justluxe.com
From: Sandro Gauci
Date: Tue, 24 Jun 2008 10:02:13 +0100
Updated the paper with a table of ports that are blocked for each browser: http://tinyurl.com/5d88ll The results show that Firefox and Safari block exactly the same ports, while Opera makes use of its list of ports. Internet Explorer blocks only 6 ports. The blog post describes how I did this in detail: http://enablesecurity.com/2008/06/23/which-ports-do-web-browsers-block/ or http://tinyurl.com/3oltlq Involves javascript and a packet capture. On Thu, Jun 19, 2008 at 3:09 AM, kuza55 <kuza55@gmail.com> wrote: > Hi, > > Just thought I'd let you know that Wade Alcorn wrote a similar paper > in 2006: http://www.bindshell.net/papers/ipc (Using IMAP3 too), but of > course things have changed since then (namely this attack not working > against Firefox 2 or 3). > > Also, there is a complete list of ports that Firefox blocks here: > http://www.mozilla.org/projects/netlib/PortBanning.html (which Wade's > paper references), and the default protocol handlers which can speak > to the blocked ports. Do you know if there's a list of ports published > by Microsoft/Opera/Apple about which ports are blocked in their > browsers? If not, would you be able to publish the ports you found > blocked in an appendix (I'm sure it wouldn't be too much code to whip > up to test it, but if you've already done so then there's no point in > duplicating work)? > > I also did some digging myself and found that the reason Firefox > doesn't render the response as HTML is because it searches for the > string "http" (case-insensitive, no quotes) in the first 8 bytes of > the response; if you can satisfy that condition somehow then you can > still get it to happen, but of course that seems pretty unlikely. > > IE also tries to search for a string, in this case "http/" > (case-insensitive, no quotes) in the first 1024 bytes, but only so > that it can identify http headers, so if you can inject data into the > first 1024 bytes of the response you can inject headers to do cache > poisoning, etc. (You can probably do header injection against Firefox > if you can trigger this, but the problem is of course triggering it on > FIrefox) > > - kuza55 > > 2008/6/19 Sandro Gauci <publists@enablesecurity.com>: >> Hi - >> >> Back in 2002 I had published details of a vulnerability affecting most >> web browsers. It detailed a security flaw that allows attackers to >> abuse non-HTTP protocols to launch Cross Site Scripting attacks even >> when a target web application was not vulnerable to XSS. >> >> Six years later I'm releasing an update to this research in this >> paper. This security vulnerability still affects popular web browsers >> nowadays and the following browsers were tested as vulnerable: >> >> * Internet Explorer 6 >> * Internet Explorer 7 >> * Internet Explorer 8 (beta 1) >> * Opera 9.27 >> * Opera 9.50 >> * Safari 1.32 >> * Safari 3.1.1 >> >> Others have described how to abuse behavior for purposes other than >> Cross Site Scripting. NGSSoftware previously published a paper called >> "Inter-Protocol Exploitation" which references the original EyeonSecurity paper. >> >> Paper at: >> http://resources.enablesecurity.com/resources/the%20extended%20html%20form%20attack%20revisited.pdf >> >> or http://tinyurl.com/5d88ll >> >> -- >> Sandro Gauci >> EnableSecurity >> Web: http://enablesecurity.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > -- Sandro Gauci Owner and Founder of EnableSecurity Phone: +356 99463069 Email: sandro@enablesecurity.com Web: http://enablesecurity.com/ PGP: 514D B10C 8C3C 15BB 2EFD 49EC 7CCD 73C5 0295 F23B _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/From: n3td3v
Date: Tue, 24 Jun 2008 13:44:43 +0100
On Mon, Jun 23, 2008 at 3:21 PM, <Valdis.Kletnieks@vt.edu> wrote: > On Sun, 22 Jun 2008 23:24:59 BST, n3td3v said: > >> Trust me, if someone of Middle East origin had a security pod cast and >> had said the same thing it would probably be on CNN, and the CIA, MI6 >> would have them arrested by now, or at least have operational officers >> keeping close tabs on him. > > I'm quite sure that if Gadi Evron had said it, it would *not* have made CNN, > and the intelligence agencies would *not* have him arrested, because they'd > understand it was a *joke*. To actually get yourself arrested, you need to > say something like "I have a bomb" while actually standing *in an airport*. > > There's 2 things you should do: > > 1) Go read Bruce Schneier's blog, especially the annual "Movie Plot Threat" > contest, and see what you're still allowed to joke and comment about without > getting hassled in the slightest. > I don't read Bruce Schneier, i'm far more intelligent than him. > 2) Go get some treatment for whatever mental condition is causing your > obsession with intelligence agencies. > Only if you go get treatment for thinking someone who talks about the intelligence services has a mental condition. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/From: Secunia Research
Date: Mon, 23 Jun 2008 11:52:32 +0100
======================================================================
Secunia Research 23/06/2008
- Motion "read_client()" HTTP Request Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Motion 3.2.10
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Moderately critical
Impact: System access
Where: Remote
======================================================================
3) Vendor's Description of Software
"Motion is a program that monitors the video signal from one or more
cameras and is able to detect if a significant part of the picture
has changed; in other words, it can detect motion".
Product Link:
http://www.lavrsen.dk/twiki/bin/view/Motion/WebHome
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Motion, which can
be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within
the "read_client()" function in webhttpd.c. This can be exploited to
cause a stack-based buffer overflow by sending a specially crafted
request to the HTTP control interface.
Successful exploitation allows execution of arbitrary code, but
requires that the Motion HTTP control interface is enabled.
======================================================================
5) Solution
Update to version 3.2.10.1.
======================================================================
6) Time Table
10/06/2008 - Vendor notified.
10/06/2008 - Vendor response.
23/06/2008 - Public disclosure.
======================================================================
7) Credits
Discovered by Stefan Cornelius, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has not
currently assigned a CVE identifier for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://corporate.secunia.com/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://corporate.secunia.com/secunia_research/33/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/secunia_vacancies/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-26/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
From: n3td3vDate: Tue, 24 Jun 2008 13:38:52 +0100
On Mon, Jun 23, 2008 at 2:51 PM, Ureleet <ureleet@gmail.com> wrote: > i am responding to this email as i will respond to every email from > n3td3v where i see fit. > > n3td3v is a well known troll on fd. by answering him back you are > merely feeding his ego. please ignore him, delete his emails. > > by responding you further egg on his ego by thinking you care what he > has to say. please do not respond to him > No one is listening to you. n3td3v is bigger than you'll ever be and it makes you jealous. ;) All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
The Information Security and Board (ISPAB) was originally 1987 (P.L. 100-235) as the Computer System Privacy Board. Information Security Privacy Advisory Board (ISPAB) Summary of Meeting Have permanent sign made up for and Advisory . .
