http://www.bindshell.net/security en-gb http://www.bindshell.net/entry/39 A new version of John The Ripper MPI (mpi4) is now available in the tools section... This version includes: Support for MacOSX/Intel, this support requires SSE2, as does MacOS itself. Support for runtime status updates (send a SIGHUP to the running john processes). Several minor bugfixes security 2007-04-20 22:40:58 http://www.bindshell.net/entry/38 Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol. An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack. security 2007-04-19 14:04:01 http://www.bindshell.net/entry/35 This Konqueror crash is a spin-off finding from the FTP PASV paper. security 2007-03-04 19:48:11 http://www.bindshell.net/entry/34 A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security. This paper discusses how the flaw affects Firefox, Opera and Konqueror. security 2007-03-04 19:46:58 http://www.bindshell.net/entry/33 This paper explores the real potential of the web being infected with a cross-site scripting virus that autonomously searches for, and employs, new vulnerabilities for propagation. security 2007-01-30 11:34:00 http://www.bindshell.net/entry/27 Version 3.9b2 of SynScan is an early beta of the forthcoming SynScan 4.0. As far as I'm aware, this is the first half open syn-scanner with support for IPv6. security 2006-11-15 07:41:44 http://www.bindshell.net/entry/23 BeEF the browser exploitation framework has been released. The current version is beta and still a work in progress but it should be easy to install. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF. security 2006-08-24 19:13:52 http://www.bindshell.net/entry/22 Attacks from browsers are increasing in sophistication and researchers are focusing more resources in this area. Recently, a javascript port scanner was published that was based on a SPI Dynamics paper. The scanner is entirely encapsulated within the web browser. It doesn’t take an Einstein to start linking web application attack vectors. In the “Inter-browser Communication” (IBC) blog I illustrated one basic method to maintain indirect real-time control over a browser (including data transfer). Using IBC it possible to load tools (in real-time) such as a port scanner to the controlled browser and retrieve the results. Following this logic, an entire HTTP Suite can be developed to attack internal networks using the browser as an unsuspecting proxy. Not to mention the extra dimensions that XSS viruses add. security 2006-08-02 19:56:53 http://www.bindshell.net/entry/12 Cross-site scripting (XSS) models are commonly thought to be the server controlling the browser. That is, all commands have come from code residing on the server. This is not necessarily the case. Control can be one browser (in)directly controlling/communicating to another. One method of browser-to-browser communication is employing an intermediate web server. security 2006-05-28 22:59:03