Re: [Full-disclosure] Opera/Konqueror: data: URL scheme address bar spoofing
This did /not/ work in Opera 9.20/WinXPSP2 (I'm a little slow on the updates...) Seems as though this issue just got added in 9.21. - Andrew Robert Swiecki wrote: > With a specially crafted web page, an attacker can redirect > a www browser to the page, which URL (in the url bar) resembles > an arbitrary domain choosen by the attacker. > > It's possible due to the fact, that some web browsers incorrectly > display contents of the url bar while rendering pages based on the > 'data:' URL scheme (RFC 2397). Only the ending of the URL is > displayed. Padding the URL with whitespaces allows an attacker to > insert an arbitrary content into the browser url bar. > > http://alt.swiecki.net/oper1.html > > Tested with: > * Opera 9.21 on Win 2003SE and Win XPSP2 > * Opera 9.21 on Linux > * Konqueror 3.5.7 on Linux > > Pictures taken on my systems (using 1024x768 dekstop resolution) > http://alt.swiecki.net/operalin.png > http://alt.swiecki.net/operawin.png > http://alt.swiecki.net/konq.png > > Successfull attack depends on the proper construction of the > 'data:' URL. An algorithm could utilize JS > document.body.clientWidth/Height properties to calculate the > best url padding for the given browser. > > PS. Sometimes Opera web browser displays the beggining of > the 'data:' URL (correct behaviour), e.g. during > browser startup with immediate redirect to the last visited page. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Safari for Windows, 0day URL protocol handler command injection
I wouldn't put it past Apple to steal associations in a nearly silent manner so that Safari becomes the default browser for untold numbers of Itunes users. How many of those with serious clue deficiencies would be willing or able to change all of those associations back? Apple could make Safari reclaim its default browser status every time Itunes opens. Its all rather shady, but Apple could gain a large market share chunk very rapidly just by irritating their users a bit. I rather hope that Apple decides now is a decent time to develop some morals. Also I hope they don't get any ideas from this message. - Andrew Redman Larry Seltzer wrote: >>> Apple released version 3 of their popular Safari web browser today, >>> > with the added twist of offering both an OS X and a Windows version. > Given that Apple has had a lousy track record with security on OS X, in > addition to a hostile attitude towards security researchers, a lot of > people are expecting to see quite a number of vulnerabilities targeted > towards this new Windows browser. > > Joe Wilcox here at eWEEK is speculating, as are others, that Apple could > start bundling Safari with the Windows iTunes software > (http://www.microsoft-watch.com/content/web_services_browser/do_we_reall > y_need_another_windows_browser.html). They have already done this with > QuickTime. Safari could develop installed base quickly that way. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.eweek.com/cheap_hack/ > Contributing Editor, PC Magazine > [EMAIL PROTECTED] > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mac OS X "ps(3)" and "top(3)" truncate output
Try piping the output of ps to less or another pager that can scroll horizontally. - Andrew matador matador wrote: > I saw a strange behaviour on "ps" and on "top" output in Mac OS X > 10.4.9 Version. > > Let's see how it is: > > rfc-1918:~ xxx$ ps aux > ps_output > rfc-1918:~ xxx$ cat ps_output > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > xxx 587 8.0 5.4 185848 28488 ?? S 2:55PM 7:20.43 /Applications/iTune > xxx 196 0.7 2.0 186176 10324 ?? S 11:04AM 2:36.06 /Applications/Utili > . > . > > we can see that "ps" doesn't print completely the path. > > So if we pipe the "ps" with "grep" something if the path it's long we > can find the specific process. > > rfc-1918:~ xxx$ cat ps_output | grep iTunes > rfc-1918:~ xxx$ cat ps_output | grep iTune > xxx 587 8.0 5.4 185848 28488 ?? S 2:55PM 7:20.43 /Applications/iTune > xxx 185 0.0 0.2 124980 880 ?? S 10:26AM 0:00.22 /Applications/iTune > > If we let the terminal window wider we are still limited by monitor > width. > > Linux user would like to use "top" command...but... > > 60 coreservic 0.0% 0:03.27 3 114 163 924K 11.7M 2.95M 40.3M > 57 WindowServ 5.1% 9:54.91 2 343 646 5.82M- 32.7M- 33.6M- 242M- > 50 DirectoryS 0.0% 0:01.10 4 65 40 372K 1.01M 1.09M 30.1M > > we can see that "top" have the same problem, it truncates the process > name. > > These issues open an user-space rootkit scenario. > > Regards > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
Nothing exciting to report on OS X 10.4 / fully patched / PPC. Kind of broke the properties dialog for the link, and used some cpu, but definitely caused no crashing. On WinXP Norton real time protection detected the file in cache as a 'hack tool.' I disabled that, but Firefox refused to return to the page afterward. - Andrew carl hardwick wrote: > Product: Firefox 2.0.0.3 > Description: Out-of-bounds memory access via specialy crafted html file > Type: Remote > > Vulnerability can be exploited by using a large value in a href tag to > create an out-of-bounds memory access. > > Proof Of Concept exploit: > http://www.critical.lt/research/opera_die_happy.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Cyber war on Iran
This is a good example of what can happen to you after viewing Hackers and Swordfish back to back. You've been warned. I doubt Iran even has a Gibson to hack. - Andrew United Hackers wrote: > _ _ ___ _ __ ___ ___ _ __ > | | /| / / _ | / _ \ / __ \/ |/ / / _/ _ \/ _ | / |/ / > | |/ |/ / __ |/ , _/ / /_/ // _/ // , _/ __ |// > |__/|__/_/ |_/_/|_| \/_/|_/ /___/_/|_/_/ |_/_/|_/ >Hackers United against the Threat of Islam > > --- > FOR IMMEDIATE RELEASEANTI-MUSLIM > LEAGUE > > --- > > April 04, 2007, 2100Z > > We, the Hackers United against the Threat of Islam to the Freedom of Thought > and Peace are hereby declaring open war against the evils of Islam. The axis > of evil must be stopped and destroyed. The United States of America is > planning > a demonstration of military force against the evil nation of Iran. As of the > moment of this announcement, a Cyber War has been declared against Iran. We > do this to assit the United States of America in their war against the evils > of Islam. > > The first operation in this war was the secretive Operation Screaming Eagle. > This has been an ongoing preparation for battle, mapping out critical > Internet infrastructure to the Nation of Iran, as well as determining > passwords, access codes and vulnerable attack vectors for gaining access to > Iranian systems, including routers and servers. Many Iranian machines have > backdoors installed, and many routers have been broken into had have had their > login security mechanisms comprimised. > > At dawn of April 06, 2007, the Hackers United against the Threat of Islam > shall > initiate the largest, multinational, coordinated attack against a nation's > infrastructure ever witnessed. Hackers from the United States of America, > Great Britain, Norway, France, Italy, Brazil, Germany and Russia will launch > attacks against Iran's infrastructure, disabling all IP-based communication > and facilitating attacks against their terrorist targets. > > Islam must be stopped. And the Hackers United against the Threat of Islam are > there to do the job. > > Shout outs to everyone united against Islam. We stand together to face this > threat to humanity. > > > = > Search for products and services at: > http://search.mail.com > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Xbox live accounts are being stolen
Funny, I've always kinda figured that MS was it's own weakness. - ATR Jason Miller wrote: I'm sorry but I find this funny actually. :-P Seems Microsoft has a weakness. On 3/17/07, Kevin Finisterre (lists) <[EMAIL PROTECTED]> wrote: There have been rumor going around that Bungie.net was hacked and that a portion of Xbox live has been taken over because of it. Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag. I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that "Hackers have control of Xbox live and there is nothing we can do about it" If anyone else has experienced their Xbox live account info being stolen let me know. I am trying to archive as much info on this as possible. During the conversations I have had with Xbox live support I would certainly say that Microsoft staff is more than negligent in dealing with this issue especially with regard to the potential theft of personal information. -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
