Archive for the ‘Coding’ Category
Wednesday, May 14th, 2008
A little-known botnet has put a different spin on the recent wave of SQL injection attacks on thousands of Websites: It’s outfitting its bots with its own tool to launch SQL injection attacks on vulnerable sites.
The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, May 13th, 2008
Rootkits are still a security scanner’s worst nightmare: New rootkit detection tests recently conducted by AV-Test.org found that security suites and online Web scanners detected overall only a little more than half of rootkits.
AV-Test.org, an indie security test organization based in Germany, ran two rootkit tests last month, one on ...
Posted in Coding, Hardware, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Sunday, May 11th, 2008
Inspired by a comment on Ajaxian, I killed another afternoon or two making a small library capable of reading EXIF data from JPEG images, figuring I would at least learn a bit about EXIF and the JPEG (and TIFF) image formats.
Before we start, a small disclaimer. I'm somewhat of a ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, May 7th, 2008
A loyal ISC reader, Rob, wrote in to point us at what looks to be a SQL Injection worm that is on the loose. From a quick google search it shows that there are about 4,000 websites infected and that this worm started at least mid-April if not earlier. Right ...
Posted in Coding, Internet, Privacy, Security | No Comments
Wednesday, May 7th, 2008
In PHP there exist two functions to escape shell commands or arguments to shell commands that are used in PHP applications to protect against shell command injection vulnerabilities.
- escapeshellcmd()
- escapeshellarg()
Unfortunately it was discovered that both functions fail to protect against shell command injection when the shell uses a locale with ...
Posted in Coding, PHP, Security | No Comments
Wednesday, May 7th, 2008
Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro.
Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...
Posted in Coding, PHP, Security | No Comments
Tuesday, May 6th, 2008
The PC version of Mass Effect is going to include some fairly serious security measures that may prove to be more of a threat to the game's popularity than they are to piracy.
According to Derek French, Mass Effect's technical producer at BioWare, the game's security begins with the same SecuROM ...
Posted in Coding, Gaming, Security | No Comments
Tuesday, May 6th, 2008
Tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.
The tool is somewhat related to delta, which is a more featured general purpose optimizer but is meant specifically for dealing with unknown or complex data formats (without the need ...
Posted in Coding, Privacy, Security | No Comments
Monday, May 5th, 2008
Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, May 5th, 2008
Today I decided to give a very brief example on pharming and why it's so easy to pharm surfers with little or no skills. Usually, browser exploit writers give simple examples on how to read the boot files, or launch a calculator. There is so much you can do with ...
Posted in Coding, Internet, Privacy, Security | No Comments
