http://xs-sniper.com/blog Thoughts on Security in an Uncivilized World… Tue, 09 Jun 2009 07:38:52 +0000 http://backend.userland.com/rss092 en A few weeks ago, Apple released a patch for their Safari browser.  The patch included a fix for a RSS feed handling vulnerability I had reported to them a while back.  The advisory can be found here.  This particular vulnerability is actually a variation of a previous RSS feed handling ... http://xs-sniper.com/blog/2009/06/09/safari-322-feed-protocol-handler-issues/ Whew!  It’s been a busy couple of months for me.  I’m always curious as to how I get so much on my plate.  A quick recap of some of the stuff I’ve been working on / or have coming in the near future:   1)      HITB Dubai is almost here!  I’ve been ... http://xs-sniper.com/blog/2009/03/30/catching-up/ Apple recently patched a vulnerability in Safari’s RSS feed handling mechanisms I reported to them.  The advisory for Safari on OS X can be found here and the Safari for Windows advisory can be found here.  As always, Apple was excellent in their handling of the issue.  Two other researchers ... http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/ Last week, Sun released a patch for a vulnerability I reported to them.  The patch I’m talking about fixes the “GIFAR” issue.  I was unable to speak on the issue at Black Hat (for various reasons), but Nate McFeters did a great job of presenting the concept of GIFARs at ... http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/ Apple recently patched a vulnerability Nitesh "Leisure Suit" Dhanjani and I reported to them last week (CVE-2008-4216).  We had reported a similar vulnerability to Apple about two months ago (CVE-2008-3638).  In fact, the exploitation technique was so similar we held off releasing details until this 2nd patch was released. The basic ... http://xs-sniper.com/blog/2008/11/19/stealing-files-with-safari/ WOW, it’s been a busy couple of weeks!  I was in Tokyo last week for PacSec.  PacSec was a great time, there were some GREAT talks, and Dragos knows how to party!  I co-presented a talk entitled “Cross-Domain Leakiness: Divulging Sensitive Information and Attacking SSL Sessions” with Chris Evans from ... http://xs-sniper.com/blog/2008/11/19/pwnichiwa-from-pacsec/ It’s been a crazy couple weeks! Some quick housekeeping: ChicagoCon – I’ll be in Chi-Town next week giving one of the Keynotes at ChicagoCon. If you’re going to be in the area, hit me up and we’ll grab a few drinks. Bluehat - I’m glad to see all the young blood in ... http://xs-sniper.com/blog/2008/10/22/house-keeping/ I was thinking back to Sandro’s paper on Surf Jacking and I realized that there was one small caveat where the “Secure” flag wouldn’t protect your cookies from Surf Jacking… The Side Jacking and Surf Jacking techniques basically stipulate that the attacker has to be on the same network segment as ... http://xs-sniper.com/blog/2008/09/24/surf-jacking-secure-cookies/ Dark Reading recently had an interesting article related to the security of Hotel networks; you can find the article I'm talking about here. As I read the article... I couldn't help but smile... the article made it seem like Hotels have horribly insecure networks!  The truth is, THEY DO…along with airports, ... http://xs-sniper.com/blog/2008/09/15/hostile-hotel-networks/ I recently read a paper written by Sandro Gauci from Enable Security entitled "Surf Jacking - HTTPS will not save you". You can find the paper here. It's an interesting read and extremely relevant to today’s web applications.  The heart of the paper describes some simple tricks to force a ... http://xs-sniper.com/blog/2008/09/09/secure-cookies/