August 9th, 2008

Black Hat Las Vegas Day 2

Posted by Nathan McFeters @ 10:31 am

Categories: Arbitrary Code Execution, Black Hat, Black Hat Las Vegas, Browsers, Complex Attacks, Exploit code, Hackers, Java, Locally Running Web Servers, Microsoft Blue Hat v7, Research, Responsible disclosure, Social Networking Applications, Sun Microsystems, Vulnerability research, Web 2.0, Web Applications, Windows Vista, Zero-day attacks

Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters

Again, sorry for the late updates.  Vegas is the kind of place that demands a lot of a person.  Too many parties make it difficult to find time to blog on the conference.  Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but I will post them shortly.

Day 2 began a bit rough for me, but I forced myself down to catch Shawn Moyer and Nathan Hamiel’s talk, “Satan Is On My Friends List”.  The talk was really solid, and focused on attacking social networking sites, such as MySpace, Adult Friend Finder, and LinkedIn.  The pair pointed out numerous flaws with these sites, such as impersonation, theft of sensitive data (pics etc.), arbitrary code execution (through various plug-in applications).

Read the rest of this entry »

July 15th, 2008

Finding the name behind the GMail address

Posted by Nathan McFeters @ 12:21 pm

Categories: Black Hat, Black Hat Europe, Black Hat Federal, Black Hat Las Vegas, Google, Hackers, Microsoft Blue Hat v7, Research, ToorCon Seattle 2008, Vulnerability research, Web Applications, Zero-day attacks, ~Special Series~

Tags: Google Inc., Google Gmail, SecuriTeam Blog, Phishing, E-mail Providers, Cyberthreats, Cloud Computing, Spam, Viruses And Worms, Security

Ah, this is a fun little trick.  I’m not sure if it represents a vulnerability, but certainly I expect Google will try to get rid of this feature.  The SecuriTeam blog has reported that it is possible to expose the full name of the user who registered a GMail account.   This is, of course, contingent on the fact that the person who registered the GMail account didn’t use a fake first and last name, but still, an interesting trick.

The reason this vulnerability exists is due to the strong tie-ins between GMail and all of Google’s other services, such as Google Calendar, Blogger, and Google Code AND the strong desire for Google Apps to be able to share data with people.  This isn’t the first time, the second time, or the last time the strong tie-ins have produced interesting results, see my post on Billy Rios’s Google Code exploit, Billy’s taking ownership (pwnership) of content attacks against Google Spreadsheets, Billy and I stealing documents from Google Docs, and see my talk at Black Hat for more.

The steps to accomplish this are as follows:

1. Sign up for Google Calendar
2. Go to the ’share this calendar’ tab
3. Enter the email address in the ‘person’ box
4. Click ‘add person’ and ’save’
5. When you return to this screen you will see the first and last name along with the gmail address

Read the rest of this entry »

July 7th, 2008

AVG changes its stance on LinkScanner

Posted by Nathan McFeters @ 11:08 pm

Categories: Anti Virus, Black Hat Europe, Microsoft Blue Hat v7, ~Special Series~

Tags: Web, Web Site, Whirlpool Corp., Search Result, Slashdot, AVG, LinkScanner, Web Site Development, Search, Channel Management

A few days ago I wrote a story about AVG’s LinkScanner causing a massive amount of additional traffic on the net in the name of protecting customers… yeah.  Well, here’s a quote from the original article to give some background:

Apparently AVG is spamming the Internet with traffic that looks to be coming from Internet Explorer.  AVG software pre-crawls search results to try to protect users, but uses a user agent that makes the software appear to be Internet Explorer.  This pre-crawling is flooding websites with meaningless traffic (Slashdot claims it is up to 6% of their traffic, which given Slashdot’s load is CONSIDERABLE).  More importantly, they’re apparently aware of this bad behavior and are changing their user agent to avoid filters.

From that story, I posted a poll that asked, “Do you think that AVG’s LinkScanner should be added to the badware list?”  A respectable 1,065 people voted on this, and a resounding 77% of people believed that AVG’s LinkScanner should be added to the badware list.

Read the rest of this entry »

May 6th, 2008

Can I interest you in a glass of Berry Blue Kool-Aid?: A recap of Microsoft Blue Hat v7

Posted by Nathan McFeters @ 9:25 pm

Categories: Microsoft, Microsoft Blue Hat v7, ~Special Series~

Tags: Microsoft Corp., Blogging, Team Management, Internet, Management, Nathan McFeters

Hey all,

I was fortunate enough to be invited to attend Microsoft Blue Hat v 7 as I had some research that Microsoft was interested in bringing me in to talk about.  Microsoft got to have co-worker and fellow researcher Rob Carter and I in to talk to product security teams about some of the things we’d found, and we got a free pass to an invite only conference that had some great talks.

Microsoft also asked me to write a guest blog on their Blue Hat site, which I was happy to do.  Good friends and fellow bloggers Ryan Naraine and Rob McMillan gave me some good natured ribbing about why I got to go, and I returned the favor by saying Microsoft gave me an “exclusive” look at Blue Hat.  It wasn’t really the way it went down, but it was more fun to poke some fun at the guys, so I thank Microsoft for letting me keep that in.  In fact, Microsoft didn’t edit my posting at all, except to make a couple grammatical changes, so that was much appreciated.  It was a very interesting trip, and I got to see several great talks and interview a few interesting people.

One thing you’ll see coming up soon is an interview I did with the guys who created DEP and ASLR, so keep your eyes open for that.

I’ve also included a gallery of pictures that includes shots of the conference, and some funny ones from the IOActive Limo Party… thanks to Josh Pennell and all the IOActive crew for putting that on, tons of fun.

-Nate