Thursday, July 30, 2009

Vulnerabilities in Visual Studio Active Template Library

Microsoft released an out-of-band security bulletin to address security bugs in the Active Template Library. Microsoft strongly recommends that developers who have built controls or components with Active Template Library take immediate action to evaluate their controls for exposure to a vulnerable condition and follow the guidance provided to create controls and components that are not vulnerable. Many versions of Visual Studio application are affected.

What is Active Template Library?
The Active Template Library is a set of template-based C++ classes with which you can easily create small, fast Component Object Model (COM) objects such as ActiveX controls.

More details are here:

Saturday, July 25, 2009

Another large data breach involving credit cards

A breach at Network Solutions exposed a large number of credit card information. According to various reports, hackers inserted code on Network Solutions’ servers that sniffed customer credit card number and personal information. The breach affected accountholders of Network Solutions domain registration and Web services, as well as numerous online retailers that utilize the company’s hosting and online payment services.


After Heartland Payment Systems breach early this year, this is another payment gateway, which shows that hackers are increasingly targeting such organizations and credit card information in general.


More information is available here

Friday, July 24, 2009

SQL Injection videos

Along with XSS, SQL injection is one of the most dangerous and the most exploited web application vulnerability, I wrote about it here.

Many organizations and individuals struggle with differentiating network wide and data centric attacks and proving that Firewall and traditional perimeter security does not prevent many such attacks. Demonstrating data centric attacks is a great way to make them understand these types of threats and how to defend against them.

Just as a refresher, relational databases such as Oracle, MS SQL, Sybase, MySQL store data in the form of related tables of records. Such records can be accessed, queried, or modified by specially formatted statements. The standard format for these types of queries are made using a standard called Structured Query Language or SQL. With the need to access these records from a web front end, SQL injection attacks became popular. So, SQL injection is nothing but a set of SQL commands.

Wednesday, July 22, 2009

CISSP sample tests

Many CISSP aspirants ask me this question, what is the best source of free sample tests? Here is a great source, they have many sample tests covering CISSP domains, check it out.

http://www.freepracticetests.org/quiz/quiz.php

Friday, July 17, 2009

Nmap 5

A new version of Nmap is out, some of the new features include: Addition of Ncat tool for data transfer, redirection, and debugging. This helps in interacting with web servers, mail servers or malware infected machines.

Addition of Ndiff tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences between them.

Improved scripting engine (it was introduced in 4.5 version). This allows users to create simple scripts to automate a wide variety of networking tasks. Nmap added 32 more scripts, they are available here

Improved Zenmap Gui (also introduced in 4.5 version), which is a GUI version of Nmap. It comes with the capability to map a network then save as an .svg file (scalable vector graphic) for visual labeling, or documentation. These files can be used with the open source vector graphic tools like like Inkscape.


I grabbed the latest GUI version and ran a scan against my Linksys Router, here is the output:





If you want to learn more about Nmap, Fydor's book is the best hands down. Part of that book is available for free here

Friday, July 10, 2009

End of Milworm

A very sad day for information security professionals. One of the web sites that helped many incident responders, security researchers, PenTesters, and script kiddies alike is shutting down.


Here are some of the alternatives


Milworm Tarball


Update: The creator of Milworm, with the help of many others will keep the site up and continue to do the great work.

Friday, July 3, 2009

Twitter security problems

Are you a twitter user? If yes, you need to consider the many worms and other issues that affect twitter, here are some of the recent ones.


http://www.twitpwn.com/2009/07/motb-01-multiple-vulnerabilities-in.html


http://blogs.zdnet.com/security/?p=3451



Apart from the many worms and exploits listed above, as early as last month it's SSL page was using MD5 hashing with RSA encryption, it has been corrected now. If you remember, back in December 2008, a group of researchers identified a problem with MD5 collision, which affects SSL sites signed with MD5 hash. The exact problem is described in the Microsoft security blog,

"An MD5 hash collision allows a malicious user to potentially generate a rogue certificate derived from a valid one. This user can then impersonate a valid site or person since both certificates look legitimate because the certificate hashes are the same. An attacker will have to lure a user to initiate an SSL/TLS connection, then the certificate will be validated by the client and it will seem valid. Thus, the user will think that it is establishing a safe connection with site or person when in fact it is connecting with the attacker."


Another method to verify this is using the "SSL Blacklist" Firefox add-on