Weak authentication and other publications

Last month we published a video demo called "Attacking Web Applications with Broken Authentication". This shows a simple web application that relies on a cookie called "userid" for authentication. You might think that very few sites are vulnerable to this issue, but the truth is I came across this issue last year in a rather large European security conference. Some of the local ISPs also have this sort of security flaw.

What the video demonstrates is not just the flaw, but how to automate exploitation of such a flaw with a particular web application security tool. Check out the video below.

Also, (IN)SECURE Magazine was released yesterday so go grab it. Includes my personal views on security incidents and events of last year. Look out for "The year that Internet security failed". Lots of articles look good but the following caught my eye:

  • Improving network discovery mechanisms

  • Scott Henderson on the Chinese Underground

  • Playing with Authenticode and MD5 collisions

Oh .. and here's the video:


February brings updates to VOIPPACK

We added 3 new modules to VOIPPACK, two of which target Asterisk and one which handles network discovery:

  • iax2scan: Scans the network for IAX2 (Asterisk) devices

  • asterisknow_exec: Installs MOSDEF on an AsteriskNOW is configuration credentials are known; allows remote control and pivoting on the Asterisk server

  • voipdnssrv: Enumerates SRV records that are relevant to VOIP (SIP, IAX2, H.323) and resolves to IP address

Demo of the iax2scan and asterisknow_exec module:


VOIPPACK now available!

EnableSecurity VOIPPACK is finally out! We would like to thank everyone who made this possible. VOIPPACK can be purchased from our reseller Immunity in the US or directly for the rest of the world.

More information about pricing and video demonstrations can be found in the product page.

Cross Site Scripting on your non-sensitive website?

This article first appeared in EnableSecurity newsletter 0x0001. Subscribe to the newsletter by sending an email to [email protected].

It is often easy to calculate risk incorrectly. This may be due to lack of information or because one is not looking at the big picture. One particular topic that came up a month or so was prioritizing XSS on a main website which has no sensitive information, only informational content. The sensitive information is available on a different site to which the main website links. In many cases, such sites are not considered worth fixing within a reasonable time and tend to stay vulnerable because other tasks of higher priority come up. That is, until one of the following scenarios happens:

  • Blackhat SEOs target your site to help increase their google ranking

  • No better or worse phishing attack than having your website include a form asking for a username and password which are sent to a Taiwanese webserver. This especially applies if your service is a target of phishers.

  • Displaying of fake articles and press releases on your website, or redirection to malicious executables making it appear that your legit site is sending malware.

  • The media catches on and publishes details of the vulnerability - this is what just happened to American Express in the past days.


Demonstration of sipautohack 

Note: we are no longer accepting beta testing requests for VOIPPACK. Thanks for everyone who contributed to the beta testing!

VOIPPACK is nearing release stage - stay tuned.
For the high definition (HD) version of this video visit this page.

Page 1 ... 2 3 4 5 6 ... 7 Next 5 Entries ยป