Grumpy Security Guy

Here is a scary story about a company, Nebuad (no link juice for you!) that performs a MITM attack all in the name of better ads. Now sniffing to get better data on your customers has been around for a while. In fact I worked at a company that did this as part of our [...]

[Read more →]

I called this one the day after the first wave of mass SQL Injection attacks came out. I told Jeremiah that we would see botnets doing this attack shortly as it was much more efficient.  A few weeks later and boom, Botnets performing mass SQL Injection.
The interesting things about these attacks so far is [...]

[Read more →]

This seems pretty scary. Apparently the FBI posted a link on some online forum that claimed to display kiddy porn. The story is here.
Upon reading this the first thing that popped into my mind was CSRF(Cross Site Request Forgery) Now this is not classic CSRF since CSRF generally implies I am exercising some functionality on [...]

[Read more →]

I’ve not been this pumped about something in a long time. Jeremiah actually has been pulling me into liking this idea for a very long time. I hated it at first. I mean WAFs, bleh. Plus I mean didn’t we already try scanners + WAFs before? Oh yeah the total trainwreck that was AVDL. So one [...]

[Read more →]

1. We will see the first multi-website XSS worm.
I think we will finally get a true cross site XSS work in 2008. Combining XSRF and XSS to propagate a worm across multiple sites and multiple domains. The first one will be benign but the others will be much more malicious in nature. Leading victim candidate [...]

[Read more →]

Someone has found an XSS vulnerability on mastercard.com. The place it was found, the search function, is a notorious location for XSS vulnerabilities. The XSS payload that triggers the vulnerability leads me to believe that there was a fair amount of filtering going on but I guess not enough.
Who does Mastercard pay PCI penalties to?
If [...]

[Read more →]

The latest SANS Top 20 has been released and according to SANS the #1 issue impacting the security of your servers is the web application code that lives on top of it.
I agree with them (in a totally biased way of course) but the data they cite leaves me with an uneasy feeling. SANS likes [...]

[Read more →]

Jordan Weins post about the exact problem with offensive defense systems on his blog How Not to protect your webap. Great job Apple, the word “script” is so evil I can’t do a search for Applescript. So would argue this is a good thing, especially if they have seen any of the Applescript I have [...]

[Read more →]

Cory Doctrow has a good article on the differences between the speed of detected an attack and the automated response to it and the slowness in recovering from a mis-applied block.
As usual Cory outlines it is brilliantly simple, straight forward terms that anyone can understand. I used this tactic quite a bit when pen-testing in [...]

[Read more →]

Somewhat buried in this article about The Russian Business Network going silent is this choice statement:
Genes added that some U.S. government and Brazilian sites, which he declined to identify specifically, had been compromised through SQL (Structured Query Language) injection attacks to make them point to other RBN sites compromised with malicious software. “Maybe some government [...]

[Read more →]