YubiKey – One-time Password and Authentication Device

April 26, 2008 – 10:23 AM

YubiKey - One-time Password and Authentication Device

It works seamlessly with any hardware and operating system combination supporting USB keyboards such as Windows, MacOS, Linux and others. The Key generates and sends unique time-variant authentication codes by emulating keystrokes through the standard keyboard interface. The computer to which the Key is attached receives this authentication code character by character just as if it were being typed in from the keyboard – yet it’s all performed automatically. This process allows the Key to be used with any application or Web-based service without any need for special client computer interaction or drivers.

The YubiKey differs from traditional authentication tokens based on time-variant codes in that it needs no battery and therefore does not rely on an absolute time generated by an accurate time source. No battery means unlimited shelf life, no synchronization and customer support issues, and enables significant cost reduction.

Read the rest of this story…

Posted in Hardware, Privacy, Security | No Comments

Lateral SQL Injection

April 26, 2008 – 7:42 AM

How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can in the Oracle RDBMS.

Read the full story here… (PDF)

Posted in Coding, Internet, Privacy, Security, Software | No Comments

WordPress 2.5 Cookie Forging Explained

April 26, 2008 – 7:31 AM

WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded into a client-side token (as opposed to a pseudorandom session identifier), I like to dig a little deeper to see what’s going on.

How does the authentication mechanism work?

The advisory describes the structure of the WordPress authentication cookie as follows:

The new cookies are of the form:

"wordpress_".COOKIEHASH = USERNAME . "|" . EXPIRY_TIME . "|" . MAC 

Where:

COOKIEHASH:  MD5 hash of the site URL (to maintain cookie uniqueness)
USERNAME:    The username for the authenticated user
EXPIRY_TIME: When cookie should expire, in seconds since start of epoch
MAC:         HMAC-MD5(USERNAME . EXPIRY_TIME) under a key derived
             from a secret and USERNAME . EXPIRY_TIME.

So you login to WordPress with your username and password, and then the login page issues you a cookie such as the one below:

Read the rest of this story…

Posted in Coding, Internet, Privacy, Security, Software | 1 Comment

QuickTime 0day for Vista and XP

April 25, 2008 – 5:18 PM

A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.

Because we are an information security think tank and because we encounter some very interesting vulnerabilities in our work, we often share our findings with the masses in order to give something back to the community. It is good to take but it is even better when you give. Unfortunately, the situation in UK is changing and we, as whitehat hackers, have to adjust to these changes. Therefore, we have been experimenting with a number of disclosure methods in the past couple of months. We’ve tried everything, from full-disclosure to partial-disclosure, private-disclosure and no disclosure at all. Now is time to move to something totally different and if we find it working for us, we will share the secret with you for the better of the community. Please bare with us. This is just one of our social experiments.

A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). An attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution if a user visited a malicious Web site, opened a specially crafted attachment in e-mail or opened a maliciously crafted media file from the desktop.

If a user is logged on with administrative privalages, the attacker could take complete control of an affected system. An attacker could then install malicious programs, view, change, delete sensitive data, or create new accounts with full user rights. Users who are logged on with less privileged account could be less impacted than users who operate with administrative user rights.

The vulnerability was successfully tested in Windows XP SP2 and Windows Vista SP1 environments. Other versions are believed to be exploitable as well. The vulnerability is currently held private. The GNUCITIZEN team is following responsible disclosure practices. Therefore, the vulnerability details will be privately disclosed to the vendor in a short period of time. This advisory is meant to inform the public and raise the consumer’s awareness.

The video above demonstrates the issue on Windows Vista and Windows XP. The Windows Vista demo is rather slow because it runs from a 512MB VMWare station.

Source: GNUCITIZEN

Posted in Coding, Internet, Privacy, Security, Software | No Comments

Opera boosts its anti-phishing defenses

April 25, 2008 – 5:15 PM

Opera 9.5 Beta 2 has stepped up its security game. The browser has added fraud protection and support for EV SSL (Extended Validation Secure Sockets Layer) certificates to help prevent identity theft.

Opera’s move to join the EV SSL crowd leaves Safari as the only browser without anti-phishing protection. As you may recall, PayPal and Safari have been at odds over EV SSL but haven’t come to blows yet.

Here’s Opera’s description:

Not all Web pages are what they say they are. In Opera 9.5, Fraud Protection is enabled by default, detecting and warning you about fraudulent Web sites automatically. Support for Extended Validation certificates (EV) provides added assurance and trust for secure Web sites.

Here’s the full list of what Opera changed on the security front:

  • Improved back-end for Fraud Protection, now enabled by default.
  • Added support for Extended Validation (EV) certificates.
  • Added automatic updates of root certificates.
  • Introduced a new security notification scheme in the address field:
  • gold lock on green field for secure sites with Extended Validation
  • silver lock on yellow field for regular secure sites
  • question mark on gray field for HTTPS sites with problems
  • no notification for normal sites
  • fraud warning on red field for blacklisted sites
  • Opera now distinguishes between local servers on localhost, intranet servers, and remote servers on the Internet. Local servers can use remote resources, but not vice versa.

Source: ZDNet

Posted in Internet, Software | No Comments

Copyright 2008-2024 PC Sympathy - Entries (RSS) - Sitemap