www.machine.org.uk/meta:: Because shit does happen!

authors | contact | downloads | index | links | meta

[*] timb_machine: @sempf What about numeric injections?

[*] timb_machine: .@matthew_benham My dad's great grandfather helped found the Bees. We lost him to cancer in Sept. Please carry on making us proud. #bees

[*] timb_machine: @iamfrangipan It is. Am there. :)

[*] timb_machine: @sempf What would you encode "1 or 1=1 or 1=" to?

[*] timb_machine: @BrentfordFC Half and half scarves for the glory hunters?

[*] timb_machine: close($week); # Roll on #brentfordfc vs Fulham

[*] timb_machine: @nowisbaker LISD (Linux Is System D)

[*] timb_machine: @jonbrownm Good. I have a web site I want you to work on :).

[*] timb_machine: @tiraniddo The "Vulnerability Marketing Board " has a nice ring to it.

[*] timb_machine: @timb_machine No logo yet though. :(

[*] timb_machine: #1 http://www.bbc.co.uk/news/technology-30019976 #2 https://twitter.com/WarOnPrivacy/status/518028961755193344 #3 http://www.malwaretech.com/2014/11/how-ms14-066-winshock-is-worse-than.html

[*] timb_machine: $winshock = 3; # So far I count 3 bugs that are variously claiming to be "winshock". This is why we need CVE people.

[*] timb_machine: @inj3ct0r Funny thing about that bug, compiler usage error. "-L/lib" is the name of the directory it looks for, I suspect they meant "/lib"

[*] timb_machine: return ETOOMANYBUGS; # current count for last weeks testing is 357... best one, remote compromise of POS over USB bypassing code signing

[*] timb_machine: @Dave_Maynor I'm sure it happens. Not been in that situation, so can't comment. Of course, UK/EU and US law vary considerably.

[*] timb_machine: RT @portcullislabs By the looks of things, CVE-2014-3065 relates to a race condition on /tmp/javasharedresources and affects IBM JDK

[*] timb_machine: @kevinmitnick So how do you approach testing the same app for different clients? Report the 0day only to the first client?

[*] timb_machine: @4Dgifts ++

[*] timb_machine: @jduck ACK.

[*] timb_machine: @spacerog Agreed. Would be concerned if that were not the case. Clients often don't have the time/expertise to disclose anyway.

[*] timb_machine: @matthew_d_green Encryption isn't just about C. I is equally important. Quite whether it directly affects A is debatable.

[*] timb_machine: @securitea I know, I think I tweeted about that too? Just curious if CESG are unique in this matter?

[*] timb_machine: $hell->freeze(); # Debian credits CESG: https://www.debian.org/security/2014/dsa-2984, any NSA (etc) credits out there?

[*] timb_machine: @gentilkiwi Is there a reference for that, or have you just pulled apart the patch? Reminds me of the old VNC bug, if that's the problem.

[*] timb_machine: @Meatballs__ Hopefully it will it be in MSF in 24 hours? cc: @hdmoore

[*] timb_machine: @w1bble Remember when I asked you did when you weren't taking photos? :)

[*] timb_machine: RT @portcullislabs @passingthehash, @obscuresec, @gentilkiwi http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

[*] timb_machine: @passingthehash, @obscuresec, @gentilkiwi Kerberos Checksum Vulnerability - CVE-2014-6324

[*] timb_machine: RT @portcullislabs Running "untrusted" Java code server side? Consider a sandpit: https://labs.portcullis.co.uk/blog/building-a-sandpit

[*] timb_machine: $kerberos->escalate(@self, DOMAIN_ADMIN); # Liking the sound of MS14-068

[*] timb_machine: @OSVDB Ta.

[*] timb_machine: @osvdb Hmm, OSVDB doesn't appear to want to let me do a password reset :( I wanted to claim 114615 :(

[*] timb_machine: @Viss POS etc on the same circuit as guest rooms.

[*] timb_machine: @Viss If you run a hotel, probably want to check you can't dial in from hotel rooms.

[*] timb_machine: bookmarks://xxxx.google.com/"><script>alert(document.domain)</script>; # CVE-2014-8600 PoC

[*] timb_machine: @spun_off WebCore is based off KHTML, hence LGPL, no? cc: @SwissHttp

[*] timb_machine: @sambowne IIRC, Google doesn't cache all content. Stale references to original images etc?

[*] timb_machine: @digininja Probably better to use combination of real cards and officially recognised test numbers.

[*] timb_machine: @pentestmonkey Used your reverse shell after popping an appliance over USB. A+, would root again!

[*] timb_machine: @joernchen That had me and my team in stitches :)

[*] timb_machine: @attifyme Mmmm, my favourite :)

[*] timb_machine: // strip_tags($_GET["input"]); - We don't want to filter out tags as we're using them to render input :/ < Application actively supports XSS

[*] timb_machine: @rantyben SSLapdash

[*] timb_machine: @zyx2k We have physical tin :)

[*] timb_machine: $project ++; # And they're off! The @portcullislabs SCADA lab is live and in the hands of the juniors #firstonetocrashthednp3wins

[*] timb_machine: String SqlQuery = SqlHelper.Santise(Request.Params["query"]); // This doesn't do what we think it does < Said no developer, ever

[*] timb_machine: @dcuthbert ++

[*] timb_machine: @attrc Yeh, pretty much a given if you use WebKit/webview based apps.

[*] timb_machine: @self->.,o("someone should port Debian to afl-gcc"); # Fuzz all the things

[*] timb_machine: @0wasp Check the CRT requirements.

[*] timb_machine: @0wasp http://www.crest-approved.org/wp-content/uploads/CRT_CCT-Syllabus-v1-5.pdf

[*] timb_machine: RT @portcullislabs A stopped clock is right twice a day? Not this one: https://labs.portcullis.co.uk/presentations/how-many-bugs-can-a-time-server-have/

[*] timb_machine: @MarioVilas Mwah. what's he done now?

[*] timb_machine: @thedcdj @thetomcake says you're responsible for the only code that does anything aka the bugs ;)

[*] timb_machine: @thetomcake 90% of your change is auto-formatting, 5% is a mistakenly committed Word document and 5% is bugs. #performancereview

[*] timb_machine: RT @portcullislabs You can't even trust your own reflection these days: https://labs.portcullis.co.uk/blog/you-cant-even-trust-your-own-reflection-these-days/

[*] timb_machine: @nickdepetrillo, @Dave_Maynor "Good" exploits are good. "Bad" exploits are bad.

[*] timb_machine: @exploitdb http://www.exploit-db.com/exploits/35112/ looks pretty similar to https://www.nth-dimension.org.uk/downloads.php?id=83 :P

[*] timb_machine: @Beesotted I'm going to be saying this a lot this season, but 5 generations into Brentford, *still* proud. Second half, they were excellent.

[*] timb_machine: @domchell, @carnal0wnage In fairness I don't actually know, it came out of our US research team.

[*] timb_machine: @carnal0wnage Just put a WAF in front of it, problem solved. \o/

[*] timb_machine: @macavity23 #sadface

[*] timb_machine: @i0n1c Utterly unreasonable that people want to run Intel code on AMD chipsets. #boycottcounterfeits #nukethemicrocode

[*] timb_machine: @rootkovska Is it not a reference to the zone from which the file originated, which is embedded in an ADS: http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx

[*] timb_machine: @0x47DF :(

[*] timb_machine: @kennwhite Your definition of non-essential appeared to be anything that wasn't part of the "user" facing service.

[*] timb_machine: @kennwhite Best of luck updating it...

[*] timb_machine: @bSr43 Ta. Great support.

[*] timb_machine: @bSr43 Anyway to retrieve my Hopper license file, I forgot to pack it on this PC :(

[*] timb_machine: @ioerror My interaction with Mike is second to none. Bigger, better funded browser teams do less with more IMO.

[*] timb_machine: @2342 Great tip. To be clear, I like and respect the ethics policy of my current employer but always interesting to see other options.

[*] timb_machine: @ioerror Long have I dreamed of having a security company with a clearly defined ethics brief to work on things like that.

[*] timb_machine: @thedarktangent, @_defcon_ TAOSSA for security research + Stevens on TCP/IP

[*] timb_machine: @vogon $pc > %rip :)

[*] timb_machine: @chmod666, @chromeaix, @power_gaz, @mr_nmon Do IBM have a conference where I could talk on how and why admins get security wrong?

[*] timb_machine: @SushiDude With more ambition, we could make 20K next year.

[*] timb_machine: @SushiDude We're doing our bit to help reach this noble goal. #isupportCVE10K

[*] timb_machine: @hubert3 Not sure, went through US advisory team. I will enquire.

[*] timb_machine: $bugs ++; # Looks like the @portcullislabs US team just dropped a couple of XXE bugs in F5 BIG IP :)

[*] timb_machine: <@twitter>; # Anyone think of a good way to leverage SysRq? Also have what looks like execute from USB MSC, but I don't know the filename :(

[*] tmb-vs-ibm-aix-libodm.c

[*] tmb-vs-ibm-aix-ptrace-PT_LDINFO.c

[*] s_client-vs-cve-2014-0160.diff.txt

[*] NDSA20140311.txt.asc

[*] SAP Transaction Codes

[*] Patch to x3270 to make it ignore protected fields, and allow them to be modified. This provided some significant pwnage on an assessment where the mainframe (IMS) application appeared to pass the username from one field to another. I'm still researching

[*] security - Exploitable PHP functions - Stack Overflow

[*] Retargetable Decompiler

[*] Rechenzentrum Kreuznach - die AS/400-Profis

[*] Configuration of hidden Sendmail SSL/TLS connection options « TriathlonMike

[*] Native Extensions for Perl without Smoke and Mirrors

[*] Deconstructing the Azure Point-to-Site VPN for Command Line usage - Diary Of A Ninja

[*] Volatile Minds

[*] Cryptographic flaws in Oracle Database authentication protocol | Marcel's Blog

[*] OpenPGP Best Practices - Privacy and Authenticity Ou... - Riseup Labs - Groups - we.riseup.net

[*] A brief look at the Acer ChromeBook #2

[*] A brief look at the Acer ChromeBook #1

[*] Dead bugs society

[*] A brief look at the RIM PlayBook

[*] Breaking cpau, a dummies guide

[*] Bypassing the Android pattern lock

[*] Introducing VulnApp

[*] Exploiting the Linux linker

[*] Dumping Samba hashes

[*] Defcon 18 CTF qualifiers: who is the h4x13st h4x0r of them all

© www.machine.org.uk Web Master, 2006
[del.icio.us - Post this page to del.icio.us] [twitter - Post this page to twitter]