www.machine.org.uk/meta:: Because shit does happen!

authors | contact | downloads | index | links | meta

[*] timb_machine: @dildog What about VetesGirl?

[*] timb_machine: @thegrugq Not been fired yet! #lotsmorefreebugs

[*] timb_machine: @haroonmeer Kinda my point, many more questions than answers "for now".

[*] timb_machine: @timb_machine http://pastebin.com/yLD6Pirx < Writing defensive code for glibc

[*] timb_machine: @Hexploitable You're arguing that the bugs are IP of the vendor and that they get to choose the venue? Not sure about either assertion.

[*] timb_machine: @Hexploitable With out knowledge of the circumstances it's not really possible to say "still not legal".

[*] timb_machine: @LiberalMyopia Here's what was in the original bug report: http://pastebin.com/iCUVGVnT, same bug class, different code path

[*] timb_machine: RT @dlitchfield @timb_machine The vector is different.. flaw is the same and IBM should've known better :( Reintroducing flaws is super-dumb

[*] timb_machine: @JaredDeMott Something else.

[*] timb_machine: @JaredDeMott There is a nasty bug where text/plain and text/html can become desynced.

[*] timb_machine: @JaredDeMott We gave up on the open source plugin.

[*] timb_machine: @juliocesarfort Pretty much what @dlitchfield said. This was in my original bug report: http://pastebin.com/iCUVGVnT

[*] timb_machine: @dlitchfield Mind you, I haven't checked the patch yet, half expecting them to pull a "CVE-2014-3977" :)

[*] timb_machine: @dlitchfield *nod*

[*] timb_machine: @dlitchfield Look /very/ carefully at the parameters I pass it, they're different from yours.

[*] timb_machine: @dlitchfield Same bug, different code path IMO. Mind you, I can only imagine that it was in different if/else blocks of same function :P

[*] timb_machine: @notsosecure If you have arbitrary write, there are so many ways to win :)

[*] timb_machine: @notsosecure Normally, I'd look for 3rd party setuid with own libraries and then create a malicious version of library earlier in load path.

[*] timb_machine: RT @portcullislabs AIX jailbreak #2: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/

[*] timb_machine: @zeroXten Hardware.

[*] timb_machine: @zeroXten Contact form gives an error ironically!

[*] timb_machine: <$twitter>; # Anyone have a security contact for AMD?

[*] timb_machine: @timb_machine Current status, ld-linux.so.2 is squalid.

[*] timb_machine: @kylemaxwell Not if it's not installed it doesn't. Mind you, same can be said for bash. Bourne || ksh93 for life.

[*] timb_machine: @natashenka LSD's paper on Argus Pitbull

[*] timb_machine: @grsecurity I didn't get the sponsors mail :(

[*] timb_machine: @WadeAlcorn Yeh, used it on a project recently. Very useful.

[*] timb_machine: @matalaz Did you try @_frego_'s Crash, it's on @portcullislabs tools page

[*] timb_machine: $exploit != $bomb; # http://fastcompression.blogspot.fr/2014/07/software-vulnerabilities-how-it-works.html < What a muppet!

[*] timb_machine: @SushiDude, @kurtseifried CWE needed for "developer is an idiot"?

[*] timb_machine: @travisgoodspeed Remember, either with us or against. Time to start planning regime change?

[*] timb_machine: @HenryHoggard, @mwrlabs Nice bug.

[*] timb_machine: @InternetOfAll http://www.contextis.com/blog/hacking-internet-connected-light-bulbs/ is pretty awesome, hopefully they'll present it somewhere public

[*] timb_machine: @m0nkeynut http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a

[*] timb_machine: @m0nkeynut Saw this and thought of you :)

[*] timb_machine: @CTXIS Congrats on getting the lighbulb research out the door. \o/

[*] timb_machine: @_larry0 That's when a research budget comes in handy ;} Between @portcullislabs and my collection, the only think we really need is Z/OS.

[*] timb_machine: @ihackstuff Not sure if I will agree with the reason for filtering but DansGuardian?

[*] timb_machine: @gsuberland What are saying about @sqshr being spherical?

[*] timb_machine: @attritionorg, @lojikil, @_larry0, @ra6bit, @gattaca Some boxen hold their value really well. For example, can buy >10 Sun for 1 IBM.

[*] timb_machine: @ra6bit, @attritionorg, @lojikil, @_larry0, @gattaca ++, I keep making idle threats to run something of that ilk to the @44CON organisers

[*] timb_machine: @PaulM Right. because I've never ever seen IPSec done wrong on a pentest. Seriously though, was vendortrolling, @tomaszmiklas guess who? :)

[*] timb_machine: @n0x00 nop alot

[*] timb_machine: @DaveAtErrata, @ErrataRob Like any "defensive" product, they can only really chase their target

[*] timb_machine: $dirtyhack ++; # In the spirit of rundll.exe, PoC for runso: http://pastebin.com/vBHJq3aT

[*] timb_machine: @tomaszmiklas Hah, I was actually going to suggest another vendor.

[*] timb_machine: @tomaszmiklas If you need one that's easy to pwn...

[*] timb_machine: @TenableSecurity Why is downloading the .deb like an exam for pentesters these days?

[*] timb_machine: $solaris > $aix; # So today I suggested to IBM they learn from Solaris, if the Linux runtime linker authors are watching, they should too

[*] timb_machine: @letoams rm -rf

[*] timb_machine: @Treesiepops Hard day at work? It's not fun having to stand all day!

[*] timb_machine: open(..., O_CREAT | O_RDWR, 0666); fchmod(.., 0666); # Because you need to be sure you're vulnerable

[*] timb_machine: $request .= "?action=man"; # Easter egg that spits out management phrases in certain software

[*] timb_machine: @SushiDude, @attritionorg, @kurtseifried Never did get around to fixing all the F/OSS System V shared memory issues but we have some more :)

[*] timb_machine: @SushiDude, @attritionorg, @wireghoul Certain vendors are quite happy to reuse older CVEs though :)

[*] timb_machine: @hubert3, @pdp, @ethicalhack3r I wonder if they're more trusting of SSL or perhaps they simply can't analyse it.

[*] timb_machine: @PortSwigger I had multiple servlets but LWP was only having problems with one (I'd wrongly assumed that they all sent Content-Length)

[*] timb_machine: @PortSwigger Ah thanks, spent a good 10 minutes *headscratching* until I looked at it in WireShark.

[*] timb_machine: @_larry0 if you're going to make it, $beer ++

[*] timb_machine: @brennantom No such thing as best practice...

[*] timb_machine: @ralpost Not blocked on Vodafone mobile

[*] timb_machine: @PortSwigger How to get Burp to show HTTP responses as on wire? Servlet was sending chunked no cont length, Burp shows unchunked with length

[*] timb_machine: @mjg59 cvs FTW :)

[*] timb_machine: @sqshr Got root?

[*] timb_machine: @matthew_d_green Does it need a logo? \o/

[*] timb_machine: @jadamcrain. @SCADASides I know of at least one vendor who gave up on using C++11 for SCADA software because of varying compiler support.

[*] timb_machine: $ENV{"MALLOCOPTIONS"} = ""; setuid(0); # Or suffer the consequences: http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc

[*] timb_machine: @IBMAIXeSupp Looks like AIX jailbreak #2 has landed ;)

[*] timb_machine: LD_PRELOAD=./crack; # Used needle in this server room #sysadminoncrack #hopefullyjustinsulin

[*] timb_machine: @sqshr :) Remind me to show you uid=0 :)

[*] timb_machine: @j4m3_ There are whole conferences on passwords...

[*] timb_machine: @MikeyJck Speak to Matt Moore at GOOG

[*] timb_machine: $w00t ++; # X11 xterm + blank password = hacked Mac #justforthelulz #uid0

[*] timb_machine: @AbertayHackers Well done on producing some thoroughly interesting talks and associated conversations cc: @Doctor_Hacker

[*] timb_machine: @BSidesMCR Good job, well done.

[*] timb_machine: $abertay = UINT_MAX; # It says a lot about @AbertayHackers v other unis that none from elsewhere are on the stump this weekend at @BSidesMCR

[*] timb_machine: @WeldPond Severity: Low, Impact: Low, Likelihood: High by our internal scoring system

[*] timb_machine: $devices ++; # Yay, my Snapdragon dev board from Inforce has turned up. Turns out by default it runs 'droid!

[*] timb_machine: @jack_mannino Ah, didn't spot them. Important to get Grails devs to understand those bug classses. PS: HTTP parameter pollution?

[*] timb_machine: @jack_mannino No mass assignment bugs in your Grails app? Also, why no useToken?

[*] tmb-vs-ibm-aix-libodm.c

[*] tmb-vs-ibm-aix-ptrace-PT_LDINFO.c

[*] s_client-vs-cve-2014-0160.diff.txt

[*] NDSA20140311.txt.asc

[*] SAP Transaction Codes

[*] Patch to x3270 to make it ignore protected fields, and allow them to be modified. This provided some significant pwnage on an assessment where the mainframe (IMS) application appeared to pass the username from one field to another. I'm still researching

[*] security - Exploitable PHP functions - Stack Overflow

[*] Retargetable Decompiler

[*] Rechenzentrum Kreuznach - die AS/400-Profis

[*] Configuration of hidden Sendmail SSL/TLS connection options « TriathlonMike

[*] Native Extensions for Perl without Smoke and Mirrors

[*] Deconstructing the Azure Point-to-Site VPN for Command Line usage - Diary Of A Ninja

[*] Volatile Minds

[*] Cryptographic flaws in Oracle Database authentication protocol | Marcel's Blog

[*] OpenPGP Best Practices - Privacy and Authenticity Ou... - Riseup Labs - Groups - we.riseup.net

[*] A brief look at the Acer ChromeBook #2

[*] A brief look at the Acer ChromeBook #1

[*] Dead bugs society

[*] A brief look at the RIM PlayBook

[*] Breaking cpau, a dummies guide

[*] Bypassing the Android pattern lock

[*] Introducing VulnApp

[*] Exploiting the Linux linker

[*] Dumping Samba hashes

[*] Defcon 18 CTF qualifiers: who is the h4x13st h4x0r of them all

© www.machine.org.uk Web Master, 2006
[del.icio.us - Post this page to del.icio.us] [twitter - Post this page to twitter]