Log in

Site menu:



Site search

September 2021



Archive for 'Vulnerability'

Chapcrack and CloudCracker

Some of the biggest news that came out of DEFCON 20 was coverage of Moxie Marlinspike’s latest evisceration of MS-CHAPv2. There are papers dating back to 1999 describing weaknesses in MS-CHAPv2, Microsoft’s “updated” version of their original challenge/response system for authentication. The scheme’s weakness described briefly: a Server sends a Client a 16 byte challenge, […]

Negative Day Threat Detection

Announcements of exploitable OS and application vulnerabilities are so commonplace that we’re perhaps even more inured to them than we are to a perpetually ‘Elevated’ Homeland Security threat level. While the severity of the first threat is far outweighed by that of the second, the former is far more likely to be attempted or exercised, […]

Tough Love

Techno-eschatologists rejoice! The first sign that the end of days is nigh has come to pass. Lo, we have suffered what the professional fomentor convocation has declared the first significant hypervisor-level virtual machine security exploit: A VMWare Shared Folders Directory Traversal Vulnerability. And with that they reveal that contrived validation is no less sweet than […]

Google Vulnerability Assessment Service?

As a follow-up to this post, it’s worth noting that Google’s security team is now working on a blackbox fuzzing tool they call Lemon: Our vulnerability testing tool enumerates a web application’s URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes […]

Intellectual Weapons

Well, this is one way to make IT vendors more accountable for bugs in their products. This is more or less vigilantism, but at least it provides an less injurious alternative to vulnerability-discoverers selling their discoveries on the black-market. I don’t know if this will fly (the word extortion comes to mind) but if does […]

Snort Vulnerability: Intruding on the Intrusion Protector

Secunia just announced an algorithmic complexity attack exploiting the behavior of Snort’s (pre-2.6.1) predicate-based rule matching. Susceptibility to the backtracking attack with custom crafted packets is rule dependent (based largely on the presence of relative-position content matching), and is estimated by the reporters to affect about 300 Snort signatures with varying intensity. A successful attack […]