Send Dailydave mailing list submissions to
dailydave@lists.immunitysec.com
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.immunitysec.com/mailman/listinfo/dailydave
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Dailydave digest..."
Today's Topics:
1. Accessing Bitlocker volumes from linux ([EMAIL PROTECTED])
2. Collisions (Dave Aitel)
3. Possible Google Account loophole (Cryptreaper)
4. WebScarab .NET SSL Error (H. Daniel Regalado Arias)
5. The paradox of our security measures (Dave Aitel)
6. Immunity Debugger 1.6 is out! (Nicolas Waisman)
7. Re: The paradox of our security measures (Parity)
8. AccessMe Tool Now Available (Oliver Lavery)
----------------------------------------------------------------------
Message: 1
Date: Mon, 26 May 2008 17:32:10 +0530
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: [Dailydave] Accessing Bitlocker volumes from linux
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Might be useful for understanding the Internals of BitLocker
Encryption system Vista .
NVbit is a linux fuse driver to access Windows Vista's BitLocker
Volumes from linux, provided you have the right keys.
A white-paper and supporting presentation is also available.
The research was done around an year ago.Work was stopped prematurely,
Don't expect things in clean/finished shape.The code is in alpha state.
Both the paper and presentation are incomplete draft versions. However,
missing things can be referred from NVbit source code. NVbit allows
read-only access.(Though writing can be done just in reverse order but
still it doesn't exist for now).
Presentation,white-paper & tool( For Accessing Bitlocker volumes from
linux ) is available at:
http://www.nvlabs.in/node/9
Regards,
Nitin Kumar.
------------------------------
Message: 2
Date: Tue, 27 May 2008 19:38:18 -0400
From: "Dave Aitel" <[EMAIL PROTECTED]>
Subject: [Dailydave] Collisions
To: [EMAIL PROTECTED]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Kostya and I flew into Hong Kong last night for SyScan 08 HK. For some
people Asia is an addition - for me I admit it's at least a mild intoxicant.
I never really got into Europe traveling. Maybe Europe is like a fine wine
with subtle flavors that takes experience and skill to appreciate, but it
always feels too familiar to me. Last night Kostya and I had goose webs and
snow fungus for dinner - not our standard fare. On the way to the hotel here
our cab driver hit an old woman crossing the street. She ragdolled against
the car, bounced off onto the street, and then got up and walked away
looking more sad than angry.
In any case, hope to see you here!
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080527/adf9c77f/attachment-0001.htm
------------------------------
Message: 3
Date: Wed, 28 May 2008 16:16:38 +0500
From: Cryptreaper <[EMAIL PROTECTED]>
Subject: [Dailydave] Possible Google Account loophole
To: [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
Hi,
There is a slight possibility that an attacker can guess password of a
google account due to a possible loop hole in their captcha system.
It happens when a user tries to login to a Google account with a wrong
password for a number of times, the system challenges the user with a
captcha. If the attacker enters both wrong password and captcha they
are given a warning that they have entered wrong username/password as
well as captcha text not being correct. Also if only the user
name/password if wrong, the warning message says wrong password. But
if the user name password combination is correct but ONLY captcha test
fails, the user is given only the captcha warning. This means that
user name /password combination was correct and thus the attacker
(which could be an automated bot) need not provide correct captcha
text in order to figure out the password.
------------------------------
Message: 4
Date: Fri, 30 May 2008 02:41:23 -0700 (PDT)
From: "H. Daniel Regalado Arias" <[EMAIL PROTECTED]>
Subject: [Dailydave] WebScarab .NET SSL Error
To: dailydave@lists.immunitysec.com
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="utf-8"
Hi Friends,
I am testing a .NET-SSL enabled web application, and i discovered a
possible SQL Injection, then because of lack of space in the input
field of the form, i start trying to use a Proxy like WebScarab or
Acunetix, but after submit the request through this proxies the
application stops responding and i am not able to inject any code.
I think could be because of .NET certificate trust validation, if so?
Do you know how to bypass this issue?
Have you ever been able to test an https .NET application through a Proxy?
Thanks in Advanced.
Danux,
____________________________________________________________________________________
Yahoo! Deportes Beta
?No te pierdas lo ?ltimo sobre el torneo clausura 2008! Ent?rate aqu?
http://deportes.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080530/a99e56cc/attachment-0001.htm
------------------------------
Message: 5
Date: Fri, 30 May 2008 17:59:14 -0400
From: "Dave Aitel" <[EMAIL PROTECTED]>
Subject: [Dailydave] The paradox of our security measures
To: [EMAIL PROTECTED]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
I like the smaller security conferences better. Big conferences are like
weddings - just enough time to remind people you're still alive and pass
along a phone number or email address. There's usually less media glare and
so speakers can avoid the prostrations necessary to avoid painful PR battles
and just get straight to the technical facts. For example, one of the
speakers demonstrated 4 different vulnerabilities in various anti-virus
products. It was just part of the talk, not meant as publicity whoring.
One thing I liked as well was Thomas Lim's introductions which provided a
context to the talks. Recently the Hong Kong police have had confidential
information leakage via a P2P program called "Foxy", for example. Likewise
the Beijing Olympic tickets are going to have RFID chips with everyone's
name and address, passport number, picture, birthday, and anything else an
identity thief would want. It's a great way to build up a huge database, I
guess, but based on Adam Laurie's excellent talk, anyone 60 feet around you
can just pick that information right out of the air. Like Anti-Virus and
IDS, RFID is another cool example of how adding a security measure ends up
reducing your security.
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080530/230bbaf2/attachment-0001.htm
------------------------------
Message: 6
Date: Mon, 02 Jun 2008 10:48:26 -0300
From: Nicolas Waisman <[EMAIL PROTECTED]>
Subject: [Dailydave] Immunity Debugger 1.6 is out!
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Immunity, Inc. proudly presents: IMMUNITY DEBUGGER 1.6
This release we are introducing the most requested feature since the
release of ID 1.0 in the form of automatic symbol downloading.
In the script department we included two awesome new scripts: tredll and
findloop. Yes, you read that correctly, we have implemented dominator
trees for your coverage analysis pleasure and you are now able to detect
loops inside functions.
Immunity Debugger 1.6 delivers more stability and fixes a lot of known
issues. For example the old AddKnowledge/PostAnalysis bug is gone and
the land of hooking is all happiness. Check the Changelog below for more
details.
Download it now: http://debugger.immunityinc.com/
For the next release we are working on variables and structure, so stay
tuned!
The Immunity ID Team
- --------------
1.60 Build 0
New Features:
- - Debugger
o Added 'Use Symbol Server' option
[http://forum.immunityinc.com/index.php?topic=162]
o Improved Getallnames
o Added timestamp to log events
- - Immunity Debugger API
o Added getAllSymbolsFromModule method
o Added libcontrolflow.py
Container for classes DominatorTree and ControlFlowAnalysis
o Added Clear function to FastLogHook.
- - PyCommands
o Added findloop.py: Find natural loops given a function start.
o Added treedll.py: Creates imported dll tree.
- - Bug Fixes:
o Fixed POST_ANALYSIS_HOOK "FATAL ERROR"
o Fixed Arguments overflow (Thanks David Wetson for reporting this one!)
o Local Symbol Path issue
o Analysis second pass option now works
o Getallsymbols now correctly creates the PyDict
[Import/Export/Library issue]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIQ/oqnx8KWzmcRsERAjz4AJ9oI/I8+wWc+0UF2LHchvGyxssUpwCdEd+K
r+WmstQa4YBU94sRMv0LHr4=
=ZX25
-----END PGP SIGNATURE-----
------------------------------
Message: 7
Date: Mon, 2 Jun 2008 09:18:56 -0700
From: Parity <[EMAIL PROTECTED]>
Subject: Re: [Dailydave] The paradox of our security measures
To: "Dave Aitel" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Nah, no paradox here.
Even among security pros, there's a certain obliviousness to the fact that
the term "security" is overloaded. Sometimes we mean security-as-in-*
controls* (A/V, IDS, content filtering, etc) and sometimes we mean
security-as-in-*assurance* (the result of practices that yield things
like qmail instead of sendmail, or maybe SQL Server 2005 instead of SQL
Server 2000.)
Put another way, security assurance is what the business pays for, and
security controls are what it gets.
pty
On Fri, May 30, 2008 at 2:59 PM, Dave Aitel <[EMAIL PROTECTED]> wrote:
> I like the smaller security conferences better. Big conferences are like
> weddings - just enough time to remind people you're still alive and pass
> along a phone number or email address. There's usually less media glare and
> so speakers can avoid the prostrations necessary to avoid painful PR battles
> and just get straight to the technical facts. For example, one of the
> speakers demonstrated 4 different vulnerabilities in various anti-virus
> products. It was just part of the talk, not meant as publicity whoring.
>
> One thing I liked as well was Thomas Lim's introductions which provided a
> context to the talks. Recently the Hong Kong police have had confidential
> information leakage via a P2P program called "Foxy", for example. Likewise
> the Beijing Olympic tickets are going to have RFID chips with everyone's
> name and address, passport number, picture, birthday, and anything else an
> identity thief would want. It's a great way to build up a huge database, I
> guess, but based on Adam Laurie's excellent talk, anyone 60 feet around you
> can just pick that information right out of the air. Like Anti-Virus and
> IDS, RFID is another cool example of how adding a security measure ends up
> reducing your security.
>
> -dave
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave@lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080602/9e497127/attachment.htm
------------------------------
Message: 8
Date: Mon, 02 Jun 2008 19:41:35 -0400
From: Oliver Lavery <[EMAIL PROTECTED]>
Subject: [Dailydave] AccessMe Tool Now Available
To: <dailydave@lists.immunitysec.com>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Hello,
Security Compass is proud to announce the release of AccessMe, the latest
addition to our ExploitMe series of free penetration testing add-ons for
Mozilla Firefox.
This preliminary release of AccessMe expands the series with powerful
functionality for testing the access control and session management
mechanisms of web applications, including:
- Invalid HTTP method attacks
- Bypassing access control using HTTP HEAD
- Session dropping
We're releasing this tool as open-source under the GPLv3, and hope they will
assist penetration testers, QA staff, and developers detect and eliminate
common security vulnerabilities in today's web applications.
Please visit http://www.securitycompass.com/ to download AccessMe, and all
of our other free penetration testing tools.
Regards,
Oliver Lavery
Security Compass
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080602/d751a0ef/attachment.htm
------------------------------
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
End of Dailydave Digest, Vol 35, Issue 1
****************************************
