By popular request, you can now unkillbit ActiveX controls!
New version here: http://portal.erratasec.com/axb/AxBan.exe
Thursday, May 29, 2008
Wednesday, May 28, 2008
New AxBan: 1.0.0.4
Tuesday, May 27, 2008
0day Flash vuln
http://www.securityfocus.com/bid/29386
Due to a 0day flaw in Flash I have added the Flash Player CLSID to AxBan. The new version is available here.
Due to a 0day flaw in Flash I have added the Flash Player CLSID to AxBan. The new version is available here.
Summercon ths weekend
This weekend I'll be presenting at Summercon on reverse engineering mobile devices like HTC based phones and iPhones. If you are in Atlanta this weekend come out!
LookingGlass Vendor of the week: Trillian
It has been a few weeks since I did a Vendor of the week post and I think its a great way to start off the week. Trillian has some bugs that you can read about here. Remember without protection like ASLR and NX vulns are easier to exploit.
The LookingGlass run of it:
Thursday, May 22, 2008
AxBan 1.0.0.2
Sunday, May 18, 2008
Big week
There is a lot going on in information security this week. A rootkit for IOS is set for demonstration at EUSecWest. The Carlyle group is in the process of purchasing a part of Booze-Allen, which means they now have more offensive security ability than the NSA. All this pales in comparison to one big question: which order will you watch the Indian Jones movies in this week?
You could be a dork and do it in the production order of Raiders of the Lost Ark, Temple of Doom, Last Crusade. Don’t get me wrong, there is nothing wrong with that strategy, its time honored and it is also Steven Spielberg’s favorite order [no reference needed]. I am just pointing out that you could dare to be different. Personally, I am going to do Temple, Crusade, and end with Raiders. At first glance, it does not appear to be that bold a selection as I pretty much just moved Raiders from firs to last but there is a method to the madness. You remember in Crusade when Indy and side kick are in the tunnels under Venice and a reference to the Ark of the Covenant is mentioned? Indy replies with something like “yup, already found that.” If you wait to watch Raiders last you can feign ignorance:
“Did Indy find the Ark? I don’t remember, I sure hope there aren’t snakes, I hate snakes. Lets watch Raiders of the Lost Ark. Holy crap Indy is looking for the Ark of the Coveneat just like mentioned in the last movie.”
See, it’s a great strategy.
You could be a dork and do it in the production order of Raiders of the Lost Ark, Temple of Doom, Last Crusade. Don’t get me wrong, there is nothing wrong with that strategy, its time honored and it is also Steven Spielberg’s favorite order [no reference needed]. I am just pointing out that you could dare to be different. Personally, I am going to do Temple, Crusade, and end with Raiders. At first glance, it does not appear to be that bold a selection as I pretty much just moved Raiders from firs to last but there is a method to the madness. You remember in Crusade when Indy and side kick are in the tunnels under Venice and a reference to the Ark of the Covenant is mentioned? Indy replies with something like “yup, already found that.” If you wait to watch Raiders last you can feign ignorance:
“Did Indy find the Ark? I don’t remember, I sure hope there aren’t snakes, I hate snakes. Lets watch Raiders of the Lost Ark. Holy crap Indy is looking for the Ark of the Coveneat just like mentioned in the last movie.”
See, it’s a great strategy.
Tuesday, May 13, 2008
Call for Beta Testers
Errata is looking for Beta testers for the next release of the Ferret iPhone package. You will need an unlocked iPhone and the capability to install a binary on it.
Please contact me at marisa@erratasec.com if you are interested.
Please contact me at marisa@erratasec.com if you are interested.
Monday, May 12, 2008
New Team Member at Errata Security
Hi Everyone,
I'm Marisa and I am the new product manager for Errata's ProtoDev line of products. If you have feature requests for Ferret/Hamster, LookingGlass, or AxBan you can contact me at marisa@erratasec.com.
I'll also be contributing to the blog from time to time about the latest ProtoDev news and updates. It's really great to be a part of the Errata team, and I look forward to hearing from you all!
-marisa
I'm Marisa and I am the new product manager for Errata's ProtoDev line of products. If you have feature requests for Ferret/Hamster, LookingGlass, or AxBan you can contact me at marisa@erratasec.com.
I'll also be contributing to the blog from time to time about the latest ProtoDev news and updates. It's really great to be a part of the Errata team, and I look forward to hearing from you all!
-marisa
Wednesday, May 07, 2008
ActiveX is dangerous...
UPDATE: AxBan can be downloaded from here.
Any questions or comments can be directed to talksec@portal.erratasec.com.
We all know ActiveX is dangerous. After watching Milw0rm and other sites continue to add easy to exploit ActiveX cpntrol PoCs like the HP Update problem, we at Errata decided to add a free ActiveX killbit program. We will be updating it as needed with new CLSIDs on an as needed basis. Here is a screenshot, expect the full version to be posted later today.
Any questions or comments can be directed to talksec@portal.erratasec.com.We all know ActiveX is dangerous. After watching Milw0rm and other sites continue to add easy to exploit ActiveX cpntrol PoCs like the HP Update problem, we at Errata decided to add a free ActiveX killbit program. We will be updating it as needed with new CLSIDs on an as needed basis. Here is a screenshot, expect the full version to be posted later today.
Monday, May 05, 2008
Start date for IPS
I'm reading this article by Greg Shipley. He points to 2001 as the start date for "intrusion-prevention systems (IPS)". This is incorrect, the first IPS was "BlackICE Guard", which we shipped in 1999. It is now sold as the IBM Proventia G.
That year isn't a start date for IPS so much as the start date for Windows-based worms like CodeReda and Nimbda. IPS is good for a lot of things, but it's by far the best technology for dealing with worms. I know of at least three critical financial networks that could not filter CodeRed by port, but which kept up and running because BlackICE Guard could filter the worm but let normal HTTP through.
We had a hard time convincing customers of the value of IPS prior to 2001, after which it was easy.
That year isn't a start date for IPS so much as the start date for Windows-based worms like CodeReda and Nimbda. IPS is good for a lot of things, but it's by far the best technology for dealing with worms. I know of at least three critical financial networks that could not filter CodeRed by port, but which kept up and running because BlackICE Guard could filter the worm but let normal HTTP through.
We had a hard time convincing customers of the value of IPS prior to 2001, after which it was easy.
Thursday, May 01, 2008
Subscribe to:
Comments (Atom)