DNS cat is likely out of the bag
First, a post went up on Matasano and promptly disappeared, and now Kaminsky has posted on Doxpara:
Patch. Today. Now. Yes, stay late. Yes, forward to OpenDNS if you have to. (They’re ready for your traffic.) Thank you to the many of you who already have.
From what I can tell, it’s out of the bag. I [...]
Black Ops: The Talks of Dan Kaminsky
Whenever a new sure-fire blockbuster movie sequel comes out, there’s always the attempt to wring some more cash out of the previous entries. There’ll be a DVD box set that runs about $10 a disc, with all the previous films in one nice looking collection. These sell well, both to people new to a series [...]
Homer Simpson’s AIM Account Hackers Own Up (sort of)
Regarding “Homer Simpson and the Kimya Botnet“, a new away message for Chunkylover53 (Homer Simpson’s AOL account, revealed in one of the episodes, and since hijacked) drops some names:
KRYOGENIKS EBK and DEFIANT RoXed HOMER sHouTz To VIRUS Warlock elul21 coll1er and Slacker.
I wouldn’t advise keeping him on your buddy list at this point, as the [...]
“Attempts” at Exploiting MS08-021
I was just going to del.icio.us this, write a snippet on it, and let it post on the daily links update, but I don’t think I could quite squeeze what I have to say about this into the size limitation there. Read this, then come back here:
Attempt at Exploiting Latest GDI Vulnerability Found in the Wild - brought [...]
Cross-Site Request Forgery Vulnerability in Twitter
Update: Check out the comments! Supposedly it’s patched but I tried it again and it worked. I probably caught them in the middle of a fix, so it’ll probably be fixed soon, maybe by the time you read this. OK, it’s patched, for-real now!
The post is still worth reading if you’re interested in CSRF vulnerabilities, though. A [...]
Got Owned!
This is why you should have an RSS reader pointed at this site! You may otherwise miss out on some very strange things. Thanks to a friend of mine giving me a call this morning and waking me up, I had this taken care of pretty quickly. If you missed it:
There goes all my cred [...]
Directory Traversal Exploit in Firefox 2.0.0.12
Since I bought my MacBook, I’ve been primarily using Safari, so I haven’t paid as close attention to the recent Firefox vulnerabilities as I should have. I did, however, read about one in the very fresh 2.0.0.12 release (and older). It’s a directory traversal exploit that allows sites to remotely include things that [...]
Blackhat USA 2007 Videos
Videos of this past year’s Blackhat conference in Vegas are now available on mirrors.easynews.com (a great place to pick up all sorts of hacker conference materials and media). Some of the talks seem very interesting (especially the “extended” edition of “Tactical Exploitation”), and I’m eager to dig into them:
http://mirrors.easynews.com/blackhat/blackhat-2007-usa-video/
Audio is also available if you [...]
Red Team Challenge is Packed Up and Ready to Go
Regarding the CTF I’m running at Lanwar 40 this weekend (mentioned in the previous blog posting to this one), I have finalized the VMs, checkpointed them, and they’re ready to roll out once we get up to Louisville. Here’s a screenshot of the Backtrack 3 Beta VM the attackers will have supplied to them [...]
McGrew Security Red Team Challenge: This weekend at Lanwar in Louisville, KY
That’s right, a wargame at a LAN party!
I have been invited to run a hacking wargame at Lanwar, one of the oldest and most successful recurring LAN parties for gamers. This wargame will be held on an isolated network at Lanwar 40, and will allow the gamers who attend to try their hand at [...]