21 December 2006

Microsoft Windows XP/2003/Vista memory corruption0day

3APA3A just posted the following e-mail to the FD list, so if anyone is looking for details on the Vista 0-day mentioned earlier. Here's the mail that was sent: Dear full-disclosure@lists.grok.org.uk, Since it's already wide spread on the public forums and exploit is published on multiple sites and there is no way to stop it, I think it's time to alert lists about this. On the one of Russian forums: http://www.kuban.ru/forum_new/forum2/files/19124.html message was published by NULL about vulnerability in Windows on processing MessageBox() with MB_SERVICE_NOTIFICATION flag and message/caption beggining with \??\. Vulnerability seems to be memory corruption in kernel and causes system crash or hang after few attempts. It seems to happen because message is logged to event log and may point to some problem with event logs processing. Vulnerability details and code may be found here: http://www.security.nnov.ru/Gnews944.html There is potential remote exploitation vector if some service uses user-supplied input for MessageBox() function. Messenger service is not vulnerable in this way, because it prepends user-supplied input with additional string. I contacted Microsoft on this issue on December, 16.

Too much effort to carry around a laptop and an RSA token?

This is classic!! Security By Oblivity

Month Of Apple Bugs, Beginning January 1st 2007

As you all know I am a huge fan of Apple's OS X operating system, but I am also heavily involved in information security as well. I personally think that something like this is one of the best things that can happen to Apple's operating system, I also think that the timing is perfect as well, as this will put some strain on Apple to get these fixed in a timely manner. On the 9th of January Steve Jobs will be giving his keynote at Macworld, so I am guessing this means that most of Apple's techies will be working to find any bugs in any of the new kit that will obviously be getting announced. Having the Month Of Apple Bugs at this time, will hopefully show us all just how seriously Apple takes the security of it's operating system. The really great thing with this is though that any bugs found by LMH and KF will hopefully help to make OS X even more secure once they have been patched, and if Apple plays this hand right, it could also show MS how things are supposed to be done in the security world. I don't know whether this second part will happen, but it's a nice thought at least. I guess we'll just have to wait and see what happens. Either way, I think that January is going to be a damn good month!

Does Microsoft really take security seriously?

I've been wondering about the above question for a while now, and I really can't wait to sit face to face with an MS security person next month and ask them that exact question. It seems of late all of their effort has been going into releasing Vista, and well, even that isn't exactly secure is it? There are already a couple of 0-day's floating around the net for Vista, now I'm sure that no company in their right mind would have rolled Vista out into the production networks yet (well, aside from MS anyway), but this is still a major threat. The folks over at SANS have updated the list of MS vulnerabilities that have still not been patched, and these are known to be getting exploited. The oldest one of these goes back to the 19th July this year, that's over 6 months old! This really makes me wonder what they hell they are playing at. MS has a lot more money that any security researchers/hackers do, and well if the vulnerabilities can be found, they can be patched. So I would really like to know why these are taking so damn long. In total SANS have 9 vulnerabilities listed, I seem to think that there may be a couple more on top of that as well! The list of vulnerabilities can be found here. So what are everyone else's views on this situation?

20 December 2006

Thornography Tour

So last night we went to go and see Cradle Of Filth at the Astoria in London, and well aside from messing my knee up before we even got to the gig, it was an amazing night! Up until last night I would have always rated Iron Maided as the best band that I have ever seen live, well even though I was in pain through the Cradle concert last night, Cradle seriously blew Maiden away. The one thing that sucks the most though is that last night was the last leg of their European tour, and next year they will be touring the U.S, so I guess that I'm going to have to wait a while before seeing them again. Seeing live Cradle music videos on the TV really doesn't do them any justice, as the live shows that I've seen on Tv have always had really poor sound. Last night however the sound was perfect, loud, clear and they sounded as good, if not better live than they do on their albumns. I think that they managed to play everything off of the new albulm Thornography last night, as well as some real classics such as "Her Ghost in The Fog", and my all time favourite "Nymphetamine". The only thing that was really wierd about the whole night, was that there was a hell of a lot of tiny little kiddie's there, probably between the ages of 13-16, which just seemed really wrong, but hey. If you like metal at all, do yourself a favour and go and see this band live!

14 December 2006

Passed Sun Certified Systerm Administrator Exam! (Well, the first one anyway)

So I spent a couple of days preparing for the exam (CX-310-200), and then yesterday I went and sat the exam. Considering I went into the exam with an open mind, and no idea at all if I was going to pass or fail. I was really happy when I finally walked out of the tiny little testing room, and eventually got to look at my results and saw the word PASS! I must say though, I've been working with Solaris for a good few years now, and I would hate to try the exam if I hadn't, okay granted I could have spent a lot more time preparing for the exam, but hey, I always managed to find something better to do than study. Today I booked the 2nd exam (CX-310-202) for the 19th January, for this next one though, I'm going to have to get some serious studying in, as I think that this next one is going to be a bit of a nightmare. All going well though, after the 19th January, I should be SCSA certified. I then need to start preparing for the other exams that I got vouchers for, before the vouchers are no longer valid. The two that I still have to do, before I take on anything new are the Sun Certified Java Programmer (SCJP), and the Cisco Certified Network Associate (CCNA). I'm hoping to get both of them behind me by the end of March next year, but we'll see what happens between now and then I guess.

11 December 2006

Backdooring MP3 Files

GNUCITIZEN has got a damn good write up on backdooring mp3 files, and I'd definetly recommend it to anyone who's interested in the security implications of this. This is a cross platform problem, due to a "feature" in the latest version of Apple's Quicktime. I use the term "feature" loosly here, as it is a security issue, but so far Apple are failing to admit this. Anyway, here's the link: Backdooring MP3 Files

08 December 2006


So after spending what felt like a year working on on my paper for the GSEC Gold certification, I finally got it finished thanks to the great advisor that was working on it with me. I got an e-mail come through letting me know that my paper has been accepted, and that I passed!

So I went to go and check the SANS site to see if my paper had been added and well, I couldn't wipe the grin off my face for the whole day. My paper ended up in the honors section of the GIAC site!

If anyone's interested the paper's titled "Securing Apache on Mac OS X", it covers securing OS X, Apache, PHP, mod_security, and setting up SSL.

You can find it online here: Securing Apache on OS X

Other news is, that I found out that I can send photo's from my cell phone, right onto this blog, so that's pretty cool, and hence the reason that I am updating this blog again, and why there are pictures of our 2 cats as well.

I'm hoping to put a load more articles up here in the near future as well, but I've also got a load of studying to do as well, as this coming Wednesday I'm sitting the Solaris 10 certification exam, well part one anyway. So wish me luck.

Well, let's see how long this round of blogging lasts shall we?

Now Playing:
The Promise of Fever from the album "Damnation and a Day" by Cradle Of Filth



Scary RFID uses

Just saw this and as interesting as this is, it's just damn scarey to be honest. Oh yeah, and maybe I'll start using this damn blog thing again, now that xmas is coming up. Anyway here's the link: http://www.rfidlowdown.com/2006/12/cool_surprising.html