March 20th, 2008
What is an Intermediate Certificate Authority (CA) and why do I need one? An Intermediate CA is an authority that you use to create your own SSL certificates in a PKI environment. An Intermediate CA depends on a Root CA that is the origin of the chain of trust. The idea is that if your Intermediate CA gets compromised or you decide to revocate all the certificates issued by it, you can still use your Root CA without further inconvenience for your users (the users only need to have installed the certificate of the Root CA in their browsers).
As for the second question, the sort answer is that chances are that you really do not need one 
but for the shake of the experiment lets get our hands dirty!
Read the rest of this entry »
Posted in Networking, Security | 7 Comments »
March 10th, 2008
Elastic Path is a popular Java e-commerce platform for building online stores and shopping carts. Elastic Path consists of both a shopping front end where customers can browse and choose the products and a managing backend for administration purposes.
Users of the administrative interface can be granted different levels of access. Research revealed that users with upload/download privileges could abuse them to gain access to arbitrary files in the remote system (read the security advisory - mirror #1, mirror #2).
update: a link to the patch is available in Elastic Path Developer’s site (thanks to d-dub).
update: this vulnerability has been assigned the following CVE number: CVE-2008-1606.
Read the rest of this entry »
Posted in Security | 3 Comments »
March 7th, 2008
A new version of dradis, the information sharing tool for security teams, was released on the 29th of February. Some major changes were introduced from the first release back on December:-
- New client GUI that runs in Linux, Windows and Mac OS (screenshots).
- New web interface.
- Improved step-by-step installation instructions.
- New contributed modules:
- Export your Knowledge Base to an XML file.
- run nmap from dradis and store the results in the knowledge base.
If you want to give it a try, go to the download page. And please let me know any thoughts or feedback (remember that you can use the dradis development mailing list: dradis-devel).
Read the rest of this entry »
Posted in Ruby, Security | No Comments »
February 22nd, 2008
From The Web Application Hackers Handbook
a quick quiz:
An input validation mechanism designed to block cross-site scripting attacks performs the following sequence of steps on an item of input:
1.- strip any <script> expressions that appear
2.- truncate the input to 50 characters
3.- remove any quotation marks within the input
4.- url-decode the input
5.- if any items were deleted, return to step 1
how would you bypass it?
Posted in Security | 2 Comments »
January 27th, 2008
In the previous article of this series (sql injection: inference attack) we saw an in introduction to the concept of SQL inference attacks. On security advisory: Plogger Photo Gallery SQL Injection we saw that the Plogger Photo Gallery SQL injection vulnerability was an ideal scenario to study SQL inference attacks.
Now it’s time to see a hands on example on how to exploit a SQL injection vulnerability using this technique. Please note that the intended audience of this article are security researchers that want to gain a deeper knowledge on the nature and internals of SQL inference attacks.
Read the rest of this entry »
Posted in Ruby, Security | No Comments »
January 24th, 2008
I have created a small Ruby on Rails application to keep track of my personal “ToDo” list of tasks. The idea is to split your different tasks into categories (i.e. important & urgent, no important & urgent, etc.) and have a web front end in which you can get a nice view of your pending tasks.
Read the rest of this entry »
Posted in Ruby | No Comments »
December 19th, 2007
Plogger is an open source PHP photo gallery with over two years of development and more than 50,000 downloads. The Plogger web site (http://www.plogger.org), describes the application as a fully featured photo sharing package with an attractive and easy to use administrative interface.
It was found that insufficient validation was applied to the input parameters of the script that generates Plogger’s RSS feeds. As a result, SQL code could be injected into Plogger database queries (read the security advisory - mirror #1, mirror #2).
update: this vulnerability has been assigned the following CVE number: CVE-2007-6587.
Read the rest of this entry »
Posted in Security | No Comments »
December 17th, 2007
As a side result of my work with dradis during the last months, I’ve been working on some technical sessions that will be grouped in what could be called a “ruby workshop”. The first of this sessions is on ruby + Qt programming and is available now.
- Slides can be found here.
- Source and examples: here.
Posted in Ruby, X Windows | No Comments »
December 16th, 2007
This post is a result of ideas and tools developed during the review of client-side applications that use the XMPP protocol to communicate with a server (opening a raw socket, not using HTTP as a transport).
The only way we could think of getting our hands on the communication was to write a small set of scripts to trick the client and encapsulate the communication inside HTTP requests that we could then manipulate using standard proxy tools such as burp.
Although the information and scripts described in this post are focussed on intercepting a XML communication, the same principles apply to man in the middle any ASCII protocol such as smtp, ftp or pop.
update: slides available here
Read the rest of this entry »
Posted in Networking, Ruby, Security, Shell Script | 2 Comments »
December 14th, 2007
This has not been the first time I have tried, but it has been the first time it has worked. And the best of it, no Partition Magic or (qt)parted is needed, just pure old tune2fs, resize2fs and fdisk (read the man pages and backup everything as usual 
).
Read the rest of this entry »
Posted in Hardware | No Comments »