Simple Anti Session Hijacking
Protecting your web application from session hijacking, even for experienced developers, can be quite a learning process in application security. If your session mechanism only consists of session_start(), chances are favorable that you are vulnerable, although the exploit isn't as simple as session fixation.
Instead of focusing on how to keep the session identifier from being captured, perhaps try focusing on how to make such a capture less problematic. Our goal would be to complicate impersonation, since in theory, every complication would increase security.
Taking a tiny step further, we can use the code below to force ...
Microsoft IIS Remote Attack
A researcher has identified a vulnerability in the most recent version of Microsoft's Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.
The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension ".asp." By appending ";.jpg" or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the mal...
CoreHTTP Remote Vulnerability
A remote exploitable vulnerability in CoreHTTP server has been uncovered in version 5.3.1 in conjunction with CGI support enabled. The proof of concept code has been written for the Metasploit framework and allow for the execution of arbitrary code on the target host. When coupled with the Metasploit framework, shellcode that would permit a reverse shell is possible. The vulnerability does not yet have a CVE. Be advised, the proof of concept code is for educational purposes only.
Please see the specifics regarding this vulnerability below.
Issue: CoreHTTP server fails to properly sanitize input before calling popen()
Taking Over the Torpig Botnet
A few months back a team of researchers at UC Santa Barbara have hijacked the infamous Torpig botnet for 10 days. They released a report (PDF) that describes how that was done and the data they collected. They observed more than 180K infected machines (this is the number of actual bots, not just IP addresses), collected 70GB of data stolen by the Torpig trojan, extracted almost 10K bank accounts and credit card numbers worth hundreds of thousands of dollars in the underground market, and examined the privacy threats that this trojan poses to its victims.
Unfortunately the intended audience of the documents are rather technical; a plain-e...
Press Release: RedTeam Becomes MSPAlliance Member
MINNEAPOLIS, MN, 12/22/2009 - The MSPAlliance (MSPA) the International Association of Managed Service Providers (www.mspalliance.com), today announced that RedTeam Security has become a member of the MSPAlliance.
The MSPAlliance is the oldest Managed Services group and the only Accrediting and Standards based body for the Managed Services Industry. With over 9,000 members world-wide, the MSPAlliance is a very powerful and influential global organization, working to promote the managed services industry to the business consumer. MSPAlliance member companies’ are able to achieve Green IT Certifications, Disaster Recovery Certifications, ...
Categories
Contact Us
Phone number:
1-612-234-7848
E-mail: