Archive for March, 2007
Operation Blacksheep
Holding a hot cup of chocolate in one hand and a laptop in the other, Michael hurried behind a plump looking man in a dark brown suit, preparing to enter the Department of Biology at Abbot Laboratories. He swiped his magnetic card through the card reader…
"Please hold the door!"
"Thanks a million!" gasped Michael, [...]
Metasploit 3 Hit
Metasploit 3 was released today, but its popularity has been its doom. The following error occured when I tried to access it:
Application error
*removed* application failed to start properly
I assume this is due to the influx of visitors trying to download the latest version. I saw this happen on my own web server when the site [...]
Inter-Protocol Communication
Interprotocol communication involves creating a communication channel between two different protocols. Why do we care?
Wade Alcorn released a paper recently where he demonstrates exploiting a “contrived program… using JavaScript [encapsulating the] exploit within an HTTP request.”
I find this idea absolutely mind blowing, even though exploitation of multi-layered or more complex protocols may be alot more [...]
RSnake opens company
RSnake announced the opening of his company “SecTheory” yesterday. It has been fascinating to see just how far his blog and a few others have pushed the XSS route. I am not surprised to see him making this move to open a company, although I would have thought a consulting, contracting move may have been [...]
modsecurity hack
Stefen Esser is has been credited in discovering a serious vulnerability in the popular open source web application firewall software, modsecurity.
When mod_security receives a request it parses it into web application parameters in a way it believes is correct. Because the way it parses the incoming data follows the rules defined in RFCs and not [...]
