Worth A Glance

Announcements of exploitable OS and application vulnerabilities are so commonplace that we’re perhaps even more inured to them than we are to a perpetually ‘Elevated’ Homeland Security threat level. While the severity of the first threat is far outweighed by that of the second, the former is far more likely to be attempted or exercised, [...]

Techno-eschatologists rejoice! The first sign that the end of days is nigh has come to pass. Lo, we have suffered what the professional fomentor convocation has declared the first significant hypervisor-level virtual machine security exploit: A VMWare Shared Folders Directory Traversal Vulnerability. And with that they reveal that contrived validation is no less sweet than [...]

As a follow-up to this post, it’s worth noting that Google’s security team is now working on a blackbox fuzzing tool they call Lemon:
Our vulnerability testing tool enumerates a web application’s URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the [...]

Well, this is one way to make IT vendors more accountable for bugs in their products. This is more or less vigilantism, but at least it provides an less injurious alternative to vulnerability-discoverers selling their discoveries on the black-market. I don’t know if this will fly (the word extortion comes to mind) but if does [...]

Secunia just announced an algorithmic complexity attack exploiting the behavior of Snort’s (pre-2.6.1) predicate-based rule matching. Susceptibility to the backtracking attack with custom crafted packets is rule dependent (based largely on the presence of relative-position content matching), and is estimated by the reporters to affect about 300 Snort signatures with varying intensity. A successful attack [...]