I often talk about cross-site scripting (XSS), and that’s partly because I think it’s a pretty interesting type of vulnerability that many developers tend to overlook. It can be quite dangerous, but can also be quite misunderstood. For one thing, the name can be misleading: exploiting XSS does not always involve scripting, and the proliferation of web technologies has taken XSS issues beyond the browser. One example of script-less cross-site scripting affected some high-profile MySpace users in 2007. Attackers were able to inject HTML into celebrity MySpace pages, but the service filtered out typical <script> payloads. Seemingly innocent <a> links were allowed, though, and adding a bit of CSS allowed one to create an invisible link that covered the entire[…]

The big news of the week, emanating from Toorcon 12, is the release of Firesheep. This tool makes SideJacking – that is, “hijacking an engaged Web session with a remote service by intercepting and using the credentials that identified the user/victim to that specific server” – painfully simple for anybody to use. How easy? Well, let’s see… you download and install Firefox… and then you download and install the Firesheep extension to Firefox… and then you restart Firefox and run the tool to start hijacking sessions… that’s it! Simple enough for ya? SideJacking is not a new concept, nor is the existence of tools. Robert Graham of Errata Security made a bit of a splash with his tool Hamster back[…]

Damn Vulnerable Web App (DVWA) has released an updated version (v1.04) of their PHP/mySQL web application that is intended to be attacked. It’s intended to be run on a local (closed) network as a learning tool for exploits and vulnerabilities. As it sits now, it pretty much contains a lot of the basics – brute force, command execution, file inclusion, SQL injection, and XSS.

With Windows holding 89.6% of the global market share, it is a very large target. This is one of the reasons Windows is targeted so much by malicious attacks. Not very hard when you’re such a big target. So, what if you could change that and make your Windows machine/server appear as something else, even to the most notable of sniffing tools (Nmap, P0f, Ettercap, etc.)? Well, you can.

I’m sure if you’ve been paying attention to any of the tech/geek news blogs you’ve seen the attention given to the “COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS” article. So you already know the buzz, and are probably all running out to build Faraday cages around your offices or workstations. But there really isn’t anything terribly new or ground breaking here. It’s simply a further spin on an old trick. Anyone who can remember back might recall a little something about “TEMPEST“. It’s the codename given to compromising emanations (CE). This research dates all the way back to 1985 when the security risks of emanations from computer monitors was analyzed. By no means do I want to take away from the[…]