A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.

"privileges of target service" == root

Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.

Mike's fuzzing DNS again which is oh so Dan Kaminski-esque.

update: My name is Billy, and I am retarded. This is UPnP. Too much Book, not enough sleep.

Remote root in Mac OS-X

There are maybe 15 people in the Engineering today. We are thinking about playing kickball...

Stefano Di Paola is a smart dude.

flash_App_testing_Owasp07.pdf (application/pdf Object)

Canonicalization, much like life, is a bitch. Yet another way higher character encodings get downgraded into lower character encodings, bypassing IDS/IPS signatures.

Oh course, this is just another example of the fundamental problem: IDS aren't looking at the same bytes the destination service is looking at. Arian Evans does a good job scoping this:

Somewhere along the path from HTTP protocol --> to app untrusted entry point --> to parser, there are several possible layers of decoding. These could include:

-Web Sever itself
-Web Server plugin
-Canonicalization in framework (e.g.-some .NET modules)
-Canonicalization steps in web app code.
-Decoding and interpretation by shellscripts and the like.
-Decoding certain encoding types for normalization (see this a lot in PHP, or cookies base64 file-system encoded, etc.)
-etc.

This means that:

It is possible for an app to have one or more layers of canonicalization/conversion, allowing for even crazy things like double and triple-encoding, which IDS/IPS do not handle at all over HTTP

My homies in X-Force are going to have a shitty day tomorrow...

... but not as shitty as Bob Auger is going to have. I remember him starting to do this about 6 months ago, but he wasn't the one who broke the news. Bummer.

Web hackers 9999, IDS 0

Decius wrote:

Stencil that has gone up all over Alanta...

... wait... wasn't Rattle in town this weekend? Man, I know I should have skipped Korean karaoke on Saturday. To quote Repo Man: Fuck this, let's go do some crime!

RE: Flickr Photo Download: pwn your city

Microsoft's blog on JScript development

JScript Blog

Traditionally, a Web page would not contain much scripting, or at least, not much that would affect the performance of that Web page. However, as Web pages become more like applications, the performance of scripts is having a bigger effect. With more and more applications being developed using Web technologies, improving the performance of scripts is becoming increasingly important.

JavaScript optimization is cool. Automated optimization would be 1337.

Efficient JavaScript - Opera Developer Community

Yahoo! Video: Advanced JavaScript Part I, Part II, Part III. A lecture by Douglas Crockford.

IEBlog: Jscript Inefficiencies Part I, Part II, Part III.

Rick Strahl: "FireBug 1.0 Beta Rocks". FireBug is a JavaScript debugger with some remarkable features.

Rick again: "HREF links and javascript : Navigation".

Jason Diamond: "Not Delegates".

Jim Ley: "JavaScript Closures".

Sergio Pereira: Quick Guide To Somewhat Advanced JavaScript.

Pathfinder: JsUnit – Agile AJAX Development

Mike West: Scope In JavaScript

Some things to check for JavaScript analysis.

Some JavaScript Links To Chew On

Bask in the awesomeness that is the infosec sell out blog.

Information Security Sell Out

And now children, its time for the Word of the Day! The Word of the Day is Polymorphic. Can you say Polymorphic?

Pol-y-mor-phic