ush.it - a beautiful place

Slides @System 2008 - Dipartimento di Informatica dell'Universita' di Pisa

December 16, 2008 at 3:58 pm - Filed under Team, Insecurity, Language IT - 397 words, reading time ~1 minutes - Permalink - Comments

@System ha organizzato il giorno 11 Dicembre 2008, presso il Dipartimento di Informatica dell'Universita' di Pisa, un workshop al quale abbiamo contribuito come relatori proponendo due diversi seminari. Di seguito potete trovare entrambe le presentazioni in formato PDF.

Local File Inclusion (LFI) of session files to root escalation

July 9, 2008 at 3:11 pm - Filed under Insecurity, Language EN - 811 words, reading time ~2 minutes - Permalink - Comments

While writing with Kuza55 an article about local file inclusion advanced exploitation a very interesting code emerged on milw0rm that shows another technique that has advantages and disadvantages but is surely smart and not that well known (while documented on some papers and actually exploited in the past).

Skype 1.4.118 for Linux = Panacea

October 7, 2007 at 4:01 pm - Filed under Insecurity, Language EN - 318 words, reading time ~1 minutes - Permalink - Comments

Few moments ago i was reading the Skype 1.4.118 for Linux changelog and noticed a new feature named "Auto-accept file transfers". Damn i thought, if it's by default an issue found accidentally some time ago is now fully weaponized: Skype 1.4.0.74 (probably also others) happily overwrites files without asking!

Why the Skype 0day exploit is a fake

August 18, 2007 at 12:10 pm - Filed under Insecurity, Language EN - 1523 words, reading time ~5 minutes - Permalink - Comments

A lot of people contacted me about my post on FD. No, I have no clue of what's really going and I can happily live believing the official reports (http://heartbeat.skype.com/) on the issue. This is the complete message I posted to FD in reply to Valery Marchuk (http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065343.html):

Flash Player/Plugin Video file parsing Remote Code Execution

July 13, 2007 at 5:28 pm - Filed under Insecurity, Language EN - 216 words, reading time ~0 minutes - Permalink - Comments

Stefano Di Paola with contribution from Giorgio Fedon (both from a brand new security research company, MindedSecurity) and Elia Florio have just released the details about a Remote Code Execution flaw in Flash Plugin 9 independent from the OS. Parsing a flv with adobe flash player it's possible to trigger an exploitable integer overflow.

Install Firefox XPI without whitelist

June 4, 2007 at 4:50 pm - Filed under Insecurity, Language EN - 824 words, reading time ~2 minutes - Permalink - Comments

Today I was reading Firefox XPI Install Prevention Bypass (http://www.0x000000.com/?i=329) and while it's not what it promised to be (there is no Install Prevention Bypass) it contained useful informations that helped me elaborate two distinct thoughts.

IE 7 and Firefox Digest Authentication Request Splitting

April 25, 2007 at 4:50 pm - Filed under Insecurity, Language EN - 204 words, reading time ~0 minutes - Permalink - Comments

Stefano `wisec` Di Paola has just released a new advisory IE 7 and Firefox Browsers Digest Authentication Request Splitting, basically using the user field an attacker is able to split the request injecting arbitrary chars.

Adobe Acrobat Reader Plugin: Multiple Vulnerabilities

January 4, 2007 at 3:09 am - Filed under Insecurity, Language EN - 262 words, reading time ~0 minutes - Permalink - Comments

From 23 to 31 December i was in Berlin for the CCC congress with other Italian security researchers and friends. We had good time enjoying Berlin, drinking beer and exchanging informations. Also Stefano Di Paola and Giorgio Fedon disclosed some Adobe Acrobat Reader bugs in a larger talk titled Subverting AJAX.

Adobe Acrobat Reader Plugin: Multiple Vulnerabilities

January 4, 2007 at 1:56 am - Filed under Insecurity, Language EN - 993 words, reading time ~3 minutes - Permalink - Comments

At CCC my friends Stefano Di Paola and Giorgio Fedon releades some of their latest findings, note that this is a translation in italiano of the original advisory aviable on wisec.it (http://www.wisec.it/vulns.php?page=9) that of course is in english. The advisory is focused on some specific bugs, one of these is called UXSS (Universal Cross Site Scripting) in PDF files.

HttpOnly Cookies Reference

December 22, 2006 at 5:20 am - Filed under Reports, Insecurity, Language EN - 1274 words, reading time ~4 minutes - Permalink - Comments

This is a collection of resources on the topic. Some of these methods are not bullet proof but will help you develop some proactive security when writing new web applications and when hardening the existing ones.

IE7 ping back home, MS and your browsing history

December 20, 2006 at 9:15 pm - Filed under Insecurity, Language EN - 299 words, reading time ~0 minutes - Permalink - Comments

Is seems that Microsoft Internet Explorer 7 with the phishing filter active ping back home for every URL requested. This could be the default in many environments.

Arin.net XSS

March 3, 2006 at 8:55 pm - Filed under Insecurity, Language EN - 128 words, reading time ~0 minutes - Permalink - Comments

J u a n wrote:
> On 3/3/06, Alexander Hristov <joffer@gmail.com> wrote:
>> Just tested : http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22
>> javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>> it still works for me
> works for me on internet explorer, didn't work with firefox 1.5

Port scanning with online services

January 29, 2006 at 3:12 am - Filed under Hacks, Insecurity, Language EN - 45 words, reading time ~0 minutes - Permalink - Comments

Some service misuse examples.

Google XSS Example

January 15, 2006 at 12:37 am - Filed under Insecurity, Language IT - 266 words, reading time ~0 minutes - Permalink - Comments

L'articolo e' una traduzione in italiano di Google XSS Example.

Port scanner with dnsstuff

January 14, 2006 at 6:47 pm - Filed under Hacks, Insecurity, Language EN - 805 words, reading time ~2 minutes - Permalink - Comments

Dnsstuff is a great service often integrated in browser, widget and extension. They offer a number of tests (DNS Report, DNS Timing, WHOIS Lookup, Abuse Lookup, Domain Info, Spam database lookup, Reverse DNS lookup, IPWHOIS Lookup, City From IP, IP Routing Lookup, DNS lookup, Traceroute, Ping, ISP cached DNS lookup) and other conversion/math tools (URL deobfuscator, Free E-mail Lookup, CIDR/Netmask, E-mail Test, CSE HTML Validator, Decimal IPs). When applicable the tool is both ipv4 and ipv6 capable.

Gmail cracked

November 20, 2005 at 1:52 am - Filed under Insecurity, Language IT - 144 words, reading time ~0 minutes - Permalink - Comments

Gmail e' vulnerabile ad un session traversal bug che permette di impersonificarsi come altri utenti ed accedere alla loro interfaccia web.

Password discovery su 30gigs.com

November 16, 2005 at 2:40 pm - Filed under Insecurity, Language EN - 246 words, reading time ~0 minutes - Permalink - Comments

E' stata trovata da cumhur onat una sql injection che permette di trovare la password di un utente arbitrario tramite la pagina di login del servizio mail 30gigs.com.

THP USH Wisec DigitalBullets