Archive for the Security Category
04 05 2011Giorgio in Politics, Mozilla, Security, NoScript
I don’t know if this puts me in any middle-eastern dictator’s blacklist, but it seems “internet security guides” with various political spins are flourishing, and they obviously share most of their endorsements, no matter the ideology.
USA’s National Security Agency (NSA) is doing its part as well, as I found out yesterday: look at page 7 (“Enhanced Protection Recommendations”) of this Best Practices for Keeping Your Home Network Secure PDF…
12 04 2011Giorgio in Advisories, Flash, Mozilla, Security, NoScript
It’s getting boring.
Current Flash Player version (10.2.153.1 for the general public, 10.2.154.25 for Chrome users) is affected by a remote code execution vulnerability which is reported as being exploited in the wild.
Since Adobe Reader X (the newest version with “protected” mode) is vulnerable but not exploitable, Adobe doesn’t plan an out-of-band patch: looks like browser users are second-class citizens.
Nir Goldhsanger asked me to share with my audience a nice privilege escalation through parameter pollution he found, allowing the attacker to become administrator of any Blogger blog, which he dutifully reported to Google and deserved him the famous $1337 bug bounty.
I’m quite impressed by the first step of the attack, where the application gets fouled by a double “blogID” parameter: the first gets validated (it actually refers to a blog owned by the attacker) but then the second is actually used to perform the “add authors” action. Looking at the URL, it would seem they use Struts or some other Java-based framework. Since I’m quite rusty with them (these days I mainly use PHP and Ruby on the server side), would anyone attempt a reverse engineering and explain which kind of code could get messed by this? Did they maybe parse their parameters twice, with two different parsers?!
BTW, looks like Sophos likes ClearClick and dirty female teachers very much :)
Bad Behavior has blocked 6608 access attempts in the last 7 days.