For those not familiar with SQL injection, it's in it's simplest form a method of injection a SQL statement into a database server by way of hiding it in a web parameter.  There's a more detailed explanation here.

Anyway, I wanted to throw together a quick blog entry on this because SQL injection is a very common issue that affects a large number of public websites.  Most of the webmasters are not even aware that their web site exposes them to SQL injection.  Recently, there's been a flurry of activity and news...

Read More »

There's a lot of buzz in the security industry right now after a paper was published by some researchers from Princeton University that demonstrates how whole disk encryption systems can be completely thwarted by obtaining the encryption keys from a laptop's RAM.  How is this possible?  Well, when an Operating System is in sleep mode the decryption keys are stored in memory to allow the operating system to boot back up and continue accessing the encrypted disk.  In addition, different RAM chips decay their memory contents at different rates when power has been removed from the RAM chips.  Cooling the RAM chips can slow that decay rate upwards of 10 minutes by using a simply air duster can turned upside down.  Once the RAM chips are cooled, their contents can be dumped by booting to a USB disk with memory extraction tools, or if you're unable to change the boot order, the chips can be removed and transferred to another system where the contents of the RAM chips can be extracted.  Once the contents of RAM is extracted,...

Read More »

HD Moore's Metasploit is an invaluable free tool that's used by many to perform penetration testing of their systems.  Recently, HD blogged about buying an iPhone and beginning the process of porting pieces of the Metasploit platform to the iPhone.  What does this mean?  It means a portable handheld pentesting platform!  Perhaps HD should get a copyright on iSploit now

Read the entire blog entry here.  Good times ahead!

DefCon 15 Day 1 review

Read More »

While I've still not caught up (READ: recovered) from the 3 day conference in Las Vegas, I can definitely say that I'm glad I went.  I don't have all of my thoughts organized yet on the sessions that I attended, but over the coming days I'll be blogging on a DefCon 15 wrap up where I'll cover my perspective on the sessions that I attended...and those that I walked out of   Stay tuned.

I came across this blog post on Jungsonn Studio's blog the other day where they demonstrate how Google Adsense is vulnerable to a type of cross-site scripting attack that when the suspect javascript code is executed and you visit your Adsense account in another browser tab, they are able to switch your Adsense account over to them.  Pretty interesting find, and it really makes you think about all the times that you authenticate into a variety of different sites within different browser tabs all the while having done lots of surfing of other pages (of which you don't know that you can trust).  It's definitely something that all of the bloggers out there that use Google Adsense should be thinking about when they pop into their account from a browser tab

Shawn

MS07-017 is a re-release of an earlier patch against a vulnerability in Animated Cursors.  Apparently when the code was created for the first fix, the rest of the code wasn't audited and another vulnerability was recently found.  The patch can be found on Microsoft's website over here

This vulnerability affects all versions of Windows from 2000 through Vista, so you'll definitely want to patch this one.  Also, there's at least 4-5 public exploits available for this one.  You can be certain that it's being exploited in the wild.

Shawn

The Metasploit Project has just officially released version 3.0 of the framework on their website.  3.0 is a complete rewrite of the framwork and is written in Ruby.  It currently contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules.  It is a fantastic tool for penetration testing, and best of all -- it's completely free.

Read their blog entry on the new of the 3.0 release here

And get yourself a copy of Metasploit 3.0 over here

Enjoy!

Shawn