Wednesday, June 4th, 2008 Recently Arshan Dabirsiaghi, Director of Research of Aspect Security, published a white paper entitled “Bypassing URL Authentication and Authorization with HTTP Verb Tampering”. Initially there was a lot of confusion about what exactly was being explained or claimed. Including, is it real? Is it novel? Is it dangerous? What is ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, June 3rd, 2008 Access-Me allows users to test their web applications for authentication vulnerabilities. With this first release the user will be able to:Resubmit the current page without session tokens
Resubmit the current page using different HTTP verbs (HEAD/SECCOM)
View reports on how the application handled the requests.Access-Me 0.1 is available ...
Posted in Privacy, Security | No Comments
Sunday, June 1st, 2008 XSS (Cross-Site Scripting) Very Much Alive and KickingWe were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Sunday, June 1st, 2008 The videos from ShmooCon 2008 have hit the shelves. Go download them at:http://www.shmoocon.org/2008/videos/EDIT: As of the time of this post, some of the videos are incorrectly named. Here is the 1-> 1:
Correctly Named:21st Century Shellcode for Solaris
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to SPIKE land
Backtrack ...
Posted in General BS, Security | No Comments
Tuesday, May 20th, 2008 This may seem painfully obvious to some people, but I looked around and couldn’t find a reference to it, so I apologize ahead of time for anyone who already knew this. When we normally think of how attackers use proxies they are almost always just trying to hide their IP ...
Posted in Coding, Hardware, Internet, Networking, Privacy, Security | No Comments
