Sep 142014
 

Recently, on one of the security mailing lists a query was posted as to what metrics should be produced from a Data Leakage Prevention Solution, an Intrusion Prevention System, and from the Firewalls being managed by the security team. Here’s the response I sent in which is being shared for a larger audience: Basically, what management wants to know is how effective the security solutions are working in your environment. So something along the lines of the following Read More…

Jul 032014
 

Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, let’s understand some basic points. What does Authorization mean? In general, authorization relates to the set of activities which a user can perform once logged on to a particular system. This is typically divided into the following two categories: Horizontal Privilege – Basically all user having same the same rights – for example, all Facebook Read More…

Jul 012014
 

Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues. Cross Site Scripting: What is Cross Site Scripting? XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the Read More…

Jun 242014
 

Objectives of IT legislation in India The Government of India enacted its Information Technology Act 2000 with the objectives stating officially as: “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further Read More…

Apr 302014
 

During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled on it. During enumeration of the web server we figured it was configured to run PHP as well. The PUT method allows an attacker to place a file on the server. Uploading a web shell was our obvious choice. However due to some security settings enabled on the server we were unable to upload any Read More…

 Posted by at 4:05 pm
Apr 172014
 

Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being performed by the same. The program wasn’t detected by their anti-virus solution during ‘file access operations’. However, some unusual outbound network traffic triggered alerts from the network monitoring team. Filename Size (in bytes) File Type Hash pprtc.exe 71,168 PE (Win32) (MD5)dda3b490cd01690e12b280e5bb935bce (SHA1)ca4175a0c526d1be74fd1b00668e0799e41f0e76 Table 1: Suspect File Details Opening the file Read More…

Apr 102014
 

Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address it: UPDATE June 5, 2014: 7 New bugs fixed in OpenSSL Q. What is the Heartbleed vulnerability and what is its impact? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This includes pretty much all Apache web servers as Read More…