2010

article thumbnail

"Logout XSRF" - significant web app bug?

Scary Beasts Security

[Or "Logout CSRF" for search indexes; I seem to be addicted to the less common acronym ;-)] Significant? No, of course not. It is a technical integrity violation inflicted upon good.com by evil.com. That's not ideal, and could be an annoyance. But there are some other interesting technicalities that can make it futile to defend against. They include: Cookie forcing.

57
article thumbnail

Identifying internet explorer user with a smb query

Elie

Internet Explorer privacy is flawed. This blog post shows how to abuse SMB query to force Internet explorer to disclose windows username, domain and version even while in private mode or using an HTTP proxy. Proof of concept included.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Recent Developments and Decisions Under Circular 230

Privacy and Cybersecurity Law

Laura Gavioli has published an article in the June-July issue of the Journal of Tax Practice & Procedure. The piece addresses […].

40
article thumbnail

IT Security, Still a Long Way to Go

CompTIA on Cybersecurity

It is hard to believe that a full decade has gone by from a time when fear, angst, and anxiety across many aspects of the channel was focused on the “what ifs” of Y2K. You would be hard pressed to pick up any publication and not see something about the Y2K situation. Here it is ten years later and, yes we survived Y2K, but there is a similar media storm these days about security as more vendors, channel partners, and end-users turn to the “cloud” for everything from storage/back up to financial.

Media 40
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

IE8 CSS-based forced tweeting

Scary Beasts Security

A few weeks back, I published a demo that uses a serious Internet Explorer cross-origin violation to permit a malicious web page to force the visitor to make unwarranted tweets: [link] The post was light on technical details of how the attack works, so they will be filled in below. In addition, I'll quickly take care of the FAQ: Q) Does this attack affect earlier versions of Internet Explorer, such as IE6?

article thumbnail

Internet Explorer considered harmful

Scary Beasts Security

Now that this paper is officially public, the full story of CSS-based cross-origin theft can come out. (As an aside I'd like to note that I contributed little other than review to the paper so credit must go to the other named individuals). For background reading, see my Dec 2009 original post and an update that notes Firefox fixing the issue. In the original post, I state two mitigating factors that prevent the attack being very serious: the fact that quotes and particularly newlines stop the a

More Trending

article thumbnail

Minor leak, major headache

Scary Beasts Security

I find this bug interesting, because at first it looks like a relatively minor cross-origin leak. But with a bit of investigation, it has major consequence. The bug is specific to Internet Explorer, and still seems unfixed (in stable versions) at the time of writing. I told Microsoft about it back in 2008. Therefore this disclosure is not an 0-day , but more like a 600-day.

article thumbnail

Firefox fixes CSS-based cross-origin theft issue

Scary Beasts Security

Firefox just released version 3.6.7 of their excellent browser, and it fixes this: [link] This leaves 4 of the 5 major browsers with fixes (more on this in an upcoming post), which is my threshold for documenting a little tweak to exploitability. It is partially inspired by Gareth Heyes' attack on E4X using character set overrides. For interesting background reading, see: [link] Turns out, the same character set override applies to loading cross-origin CSS via the tag.

50
article thumbnail

More money for critical Chromium security bugs!

Scary Beasts Security

We've seen who is $1337 but who is $3133.7 ? I just launched this: [link] I've really enjoyed launching and now refreshing this program.

50
article thumbnail

Fixing responsible disclosure

Scary Beasts Security

Today I had the pleasure to post: [link] It is co-signed by some of my awesome fellow engineers who personally believe in what is written. Recent discussions and debates have shown that "responsible disclosure" is broken. It is badly named and ill-defined. Possibly the worst problem with responsible disclosure is that is permits known critical vulnerabilities to go unfixed for months or even years.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Open redirectors: some sanity

Scary Beasts Security

Open redirectors are a contentious issue. Old-school hackers think anyone who thinks they are serious is on drugs. New-school hackers are more evenly divided. I haven't yet seen a public, balanced list of reasons why you should be worrying about other problems. Here it is. For now, I'll concentrate on the central idea that open redirectors permit domain obfuscation and therefore facilitate phishing etc.

article thumbnail

vsftpd HTTP lunacy!

Scary Beasts Security

Ok, so I was bored and I added very very basic HTTP support to vsftpd. vsftpd is now perhaps the only FTP server to have an option ftp_enable=NO. Basically none of the HTTP protocol is implemented, but it might suffice for someone who is super-paranoid and needs to serve some static files over the HTTP protocol. The selling point is the re-use of vsftpd's tried-and-tested listener, string handling and built-in sandboxing.

50
article thumbnail

Encouraging More Chromium Security Research

Scary Beasts Security

I don't usually post non-original content here, but in this case I'll make an exception :) Here's one of the things I've been working on over in Chromium land: [link] Will you be the first $1337 ?

50
article thumbnail

Security is Not the Point

CompTIA on Cybersecurity

Articulating the Value of Security.It’s an uphill battle to convince the decision-makers in any business that they need to invest in security. Why? Because deep down, all professional businesspeople think security is an annoying layer of cost and inconvenience.If you walk in and tell them, “We need more security,” they hear, “We need a more annoying layer of cost and inconvenience.”Getting the buy-in for security products and services today means understanding what drives your company’s securi.

40
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!