|
osdir.com mailing list archive |
|
Subject: Cribs (and BABYBOTTLE) - msg#00096List: security.dailydaveHash: SHA1 So here's what someone pointed out in the blacksecurity.org posting on Full-Disclosure for one of the MS bugs: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0471.html a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 str5=str1 set S = df.createobject(str5,"") S.type = 1 Here's a corresponding snippet from CANVAS/exploits/BABYBOTTLE/BABYBOTTLE.py: a1="Ado" a2="db." a3="Str" a4="eam" document.write("DEBUG: INSIDE 3h <br>") str1=a1&a2&a3&a4 str5=str1 document.write("DEBUG: INSIDE 3i <br>") set S = df.createobject(str5,"") document.write("DEBUG: INSIDE 3j <br>") S.type = 1 Why, may you ask, is Adbodb.Stream split up exactly like that? It's because a certain virus scanner triggers on it otherwise. This isn't something you'd do by chance, even assuming your mental variable-name generating PRNG was set to the exact same thing as mine. Draw your own conclusions. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEySJsB8JNm+PA+iURApKOAJ9zfAr8cJI5JHiTzRqh8IwKf0FvVgCcDtzA 9mRW+d602FAkDQsp/GQZgC4= =Xq80 -----END PGP SIGNATURE----- Thread at a glance:
Previous Message by Date: click to view message previewRe: High priority updates!* Dave Aitel: > So Microsoft, in addition to > http://news.com.com/Microsoft+tags+IE+7+high+priority+update/2100-7350_3-6098500.html?tag=nefd.lede > > I don't understand how MS gets away with this. "Security Updates" are > for security updates, not random software Microsoft would prefer that > you ran. In the long run, this policy has a detrimental effect on > security by making users not trust the auto-update feature to leave > their system the way they last saw it. And it's not entirely unlikely that Microsoft will be forced to offer the same distribution channel to its competitors. Hey, Microsft Update spam could be the next big thing. 8-) Next Message by Date: click to view message previewRe: VeriChip hack? (Sorry if this posts twice)Jared DeMott writes: -+------------------ | | Is anyone else just a little wary of "implantable microchips"? | I'm into technology and all, but that smells funny... | For your information, the "implantable microchips" will be in huge production soon. By next summer, US Govt is requiring all livestock of any sort to have them and much more stuff that I find relevant and offensive. I farm on a small scale on the side and this is murder on small farm economics but the privacy, etc., implications are, in my not so humble opinion, worse. official version http://animalid.aphis.usda.gov/nais/index.shtml more like my view http://www.libertyark.net --dan Previous Message by Thread: click to view message previewHigh priority updates!-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So Microsoft, in addition to http://news.com.com/Microsoft+tags+IE+7+high+priority+update/2100-7350_3-6098500.html?tag=nefd.lede I don't understand how MS gets away with this. "Security Updates" are for security updates, not random software Microsoft would prefer that you ran. In the long run, this policy has a detrimental effect on security by making users not trust the auto-update feature to leave their system the way they last saw it. Those of you on MS-love-fests "Oh, they're so much better now - wow they're spending lots of money on security consultants just like us" should keep this sort of gibberish in mind during your next fawning weblog/mailing list post. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEx/wItehAhL0gheoRAu33AJwOBctzToVh6b5OggHydvsNmiUutgCfeEc0 EvO/KrZhTimM6m/j/iHEGxo= =wCBa -----END PGP SIGNATURE----- Next Message by Thread: click to view message previewDefcon 14 Pre-releaseJust to let everyone know, one of my co-workers, Jared Demott, is speaking about fuzzing this year at Defcon. http://defcon.org/html/defcon-14/dc-14-speakers.html#DeMott He has released his tools, paper, and slideshow on our website at http://www.appliedsec.com/developers.html if anyone is interested in checking them out ahead of time. Enjoy!! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Loading Comments...
|
|
