Pages

Saturday, April 30, 2011

Malvertising Paper - Elsevier CFS Journal

Malvertising - Exploiting Web Advertising | Elsevier Computer Fraud and Security Journal
View more documents from Aditya K Sood
Posted by Aditya K Sood at 4/30/2011 05:13:00 PM 0 comments

Tuesday, March 22, 2011

Google Chrome - Security Issues Reported So Far

I have enumerated the list of Google Chrome bugs given to Chrome security team.

Issue 2632:Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos

Issue 2877:Google Chrome Window Object Suppressing Denial of Service

Issue 4739: Google Chrome MetaCharacter URI Obfuscation Vulnerability

Issue 5978: Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability

Issue 7099: Google Chrome 1.0.154.43 ClickJacking Vulnerability

Issue 11158: Google Chrome document.write/throw exception DOM causes NULL ptr DoS

Issue 30972: Google Chrome XSS through MS Word Script Execution Object

Issue 53096: Google Chrome: HTTP AUTH Dialog Spoofing through Realm

Issue 75937: Google Chrome 10.0.648.133 XSS Filter Bypass
Posted by Aditya K Sood at 3/22/2011 07:12:00 PM 0 comments

Monday, November 15, 2010

Responsible Disclosure - Oracle.com Redirection Vulnerability Video

The issue was reported to Oracle and was patched. This video simply shows the vulnerability.
Posted by Aditya K Sood at 11/15/2010 02:47:00 AM 0 comments

Wednesday, November 10, 2010

ISSA Journal - JavaScript Infection Model


Check out my paper on JavaScript Infection Model published in November issue of ISSA journal.

https://www.issa.org/Members/Journal/
Posted by Aditya K Sood at 11/10/2010 06:55:00 PM 0 comments

HackInThe Box EZine - DataCenter Hacking Paper / My Interview


Check out my interview and our paper on data-center hacking through helpdesk support systems.

http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
Posted by Aditya K Sood at 11/10/2010 06:50:00 PM 0 comments

ECCouncil Botnet Briefing Slides

EC Council - Botnet Briefings
Posted by Aditya K Sood at 11/10/2010 06:48:00 PM 0 comments

HackerHalted Miami 2010 - Slides

Hacker Halted Miami , USA 2010
Posted by Aditya K Sood at 11/10/2010 06:46:00 PM 0 comments

OWASP AppSec USA - Slides and Presentation

OWASP App Sec US - 2010


Aditya K. Sood, Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities from AppSec USA 2010 on Vimeo.

Posted by Aditya K Sood at 11/10/2010 06:43:00 PM 0 comments

Monday, August 23, 2010

User Interface Security - Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation


Google Chrome ( 5.0.375.127 and previous versions) suffers from HTTP Auth Dialog spoofing vulnerability due to possible realm manipulation in the HTTP header. Previously, Google chrome has got a similar bug which can be seen HERE

This bug was actually patched. The issue mentioned in this bug was dialog spoofing due to long sub domain names. The patch worked only for that specific case which was outlined in that bug. There are number of tests have been conducted on Google Chrome
which verifies the inefficiency of Google Chrome to scrutinize the type of realm value set in the header. It can be tampered with double quotes and single quotes used in a definite manner.

Another related scenario: HERE

Note: Different variants have shown that these issues are still open and not patched yet.

As mentioned in RFC 2617: "The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge.The realm value (case-sensitive), in combination with the canonical root URL (the absolute URI for the server whose abs_path is empty;of the server being accessed, defines the protection space. These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database.//The realm value is a string,generally assigned by the origin server, which may have additional semantics specific to the authentication scheme. Note that there may be multiple challenges with the same auth-scheme but different realm/s"

So, realm value plays critical role in determining the framework of HTTP Access authentication for a particular resource. It has been analyzed that it is possible to spoof the HTTP Auth dialog by playing around realm values. This attack scenario
can be used to launch phishing attacks and stealing sensitive information from the legitimate websites.

As it has been released before, Google Chrome fails to sanitize the obfuscated URL and redirect it to the different domain. This potential flaw can be combined with the HTTP Auth dialog spoofing to launch attacks against legitimate websites. Looking at this particular point of time, certain solutions can be presented as

1. A new model of HTTP authentication dialog which shows the clarity between realm value and domain.

2. Setting a limit on size of strings to be passed as Realm value. This should not be applied on the string size of domain name.

3. Application of appropriate parameters in scrutinizing the strings passed in double quotes and single quotes.

Further: Tim from Vsecurity notifies about similar work related to HTTP Authentication. A very good paper has been presented HERE which covers lot of issues of HTTP authentication

The video is embedded below


Posted by Aditya K Sood at 8/23/2010 02:40:00 PM 0 comments

Monday, August 09, 2010

Debugged MZ/PE - Holistic Approach to Analysis of Defective Threads



Abstract: Threads are considered as second level structures used in the process execution. As per semantics, threads run as dynamic entities under processes. Whenever a new process is created in a system a number of threads are initialized. To understand the real cause of infection in processes, one has to traverse along the working proce­dure of a thread.

Online : http://debuggingexpert.dumpanalysis.org/Debugged_March_2010.htm

The hard cover will be release at Amazon : HERE
Posted by Aditya K Sood at 8/09/2010 06:25:00 PM 0 comments