Operation n

Holding a hot cup of chocolate in one hand and a laptop in the other, Michael hurried behind a plump looking man in a dark brown suit, preparing to enter the Department of Biology at Abbot Laboratories. He swiped his magnetic card through the card reader…

"Please hold the door!"

"Thanks a million!" gasped Michael, taking a sip of his hot chocolate.

After a few steps, Michael put his laptop and hot chocolate down on the floor and pretended to dig in his laptop bag for some papers.

"I’m in!" he whispered with a grin across his face, watching the brown suited man extinguish in the distance.

The first door to the left led to a quiet office; it was 8:30am, in Michael’s mind this could not have been more perfectly planned.

Michael crawled beneath the desk after walking to the nearest computer by the window. A horrible swarm of think dusty cables covered the floor as if from an Indiana Jones movie.

"Magnificare!" he muttered with a smile and in an Italian accent.

Reaching for his bag he took out a Wireless Access Point and plugged it into an open wall socket, fighting back cabling as he went; carefully removing the computer’s RJ45 cable and plugging it into his newly placed spy-point. He reached for another RJ45 cable from his bag, connecting both the computer and the Wireless device to create a spy-bridge.

As he finished closing his bag, he heard some voices coming from the door.

"I mean, how can he possibly treat us like that?"
"You saw how he acted yesterday…"

Michael grabbed his bag and ran forward placing himself behind the door.

“Lucy! wait up!”.

Items of interest:

• Netgear DG834PN RangeMax MIMO-G Wireless ADSL Modem Router with 4-port 10/100 switch

Metasploit 3 was released today, but its popularity has been its doom. The following error occured when I tried to access it:

Application error
*removed* application failed to start properly

I assume this is due to the influx of visitors trying to download the latest version. I saw this happen on my own web server when the site was slashdotted. Maybe we could call it a "social DoS". A review of the new exploits offered will have to wait…

Interprotocol communication involves creating a communication channel between two different protocols. Why do we care?

Wade Alcorn released a paper recently where he demonstrates exploiting a “contrived program… using JavaScript [encapsulating the] exploit within an HTTP request.”

I find this idea absolutely mind blowing, even though exploitation of multi-layered or more complex protocols may be alot more difficult. Can you imagine a network propogating worm using XSS and a shellcode payload encapsulated in an HTTP request.

We first saw port scanning and CSRF exploitation from the browser. Now the possibility of inter-protocol exploitation over HTTP. Nice work Wade.

RSnake announced the opening of his company “SecTheory” yesterday. It has been fascinating to see just how far his blog and a few others have pushed the XSS route. I am not surprised to see him making this move to open a company, although I would have thought a consulting, contracting move may have been better. His company site looks simple….but not bad.

I was surprised to see RSnake offering a wide range of services including Physical Security reviews… I would have thought he would have focused solely in the web application arena, hmm.

I do like his search engine optimisation (note the correct spelling) services, thats quite a unique service for a security vendor. I certainly think the way forward in this industry for startups is specialisation. The general security industry is mature, chunky and fat, not much room for newbies :)

Stefen Esser is has been credited in discovering a serious vulnerability in the popular open source web application firewall software, modsecurity.

When mod_security receives a request it parses it into web application parameters in a way it believes is correct. Because the way it parses the incoming data follows the rules defined in RFCs and not the reality of how the HTTP request parsers are implemented in Perl, Python, Java, PHP there are a number of bypass vulnerabilities when the RFC and reality mismatch.

Alot of legacy web applications are in it now. Thats what Ivan Ristic gets for following the RFCs, I mean who does that? :)

From what I can tell the latest version is affected and I do not know of any fix. In fact, I think it will be quite difficult to patch this as its a human weakness problem rather then a programmatical error.