http://xs-sniper.com/blog Thoughts on Security in an Uncivilized World… Mon, 21 Apr 2008 08:02:47 +0000 http://backend.userland.com/rss092 en Before going talking about an interesting set of CSRF vulnerabilities that were released this weekend, I did want to take a few moments to do some "housekeeping" on the recent spreadsheets.google.com XSS.  (1) I gave the Google Security Team the details for this particular issue well before talking about it ... http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/ ToorCon this weekend totally ROCKED.  Any venue that has flaming tetherball, major websites getting pwnd, hawt hacker chics pwning backbone protocols, java 0-days, and free beer has to ROCK.  All the talks I caught were awesome and the con has inspired me to look into some new avenues of research ... http://xs-sniper.com/blog/2008/04/21/toorcon-rocked/ If you haven't heard yet, Mark Dowd chopped up a Flash vulnerability ninja style and released a 25 page whitepaper describing his attack.  It's truly a work of art and can be found here. <pdf>      I'm not even going to attempt to describe any portion of this attack (just thinking about ... http://xs-sniper.com/blog/2008/04/15/mark-dowd-scares-me/ Now, normally when I find an XSS vulnerability on a popular domain I just report it to the appropriate security team and move on, but this one is interesting… By taking advantage of the content-type returned by spreadsheets.google.com (and a caching flaw on the part of Google), I was able to ... http://xs-sniper.com/blog/2008/04/14/google-xss/     RSA is officially over!  It was a great experience and I'll talk about a few of the talks that really captured me in later posts.  I do want to thank Jeremiah Grossman for throwing the WASC get together, the BAYSEC crew, McAfee (their party was awesome),  iSEC (their party was AWESOME), ... http://xs-sniper.com/blog/2008/04/13/rsa-over-on-to-toorcon-seattle/ Taking ownership of someone else’s content is always a tricky deal.  Nate McFeters and I spoke about some of the issues related to taking “ownership” of someone else’s content last year at Defcon, but we continue to see more and more places willingly accepting third party content and happily serving ... http://xs-sniper.com/blog/2008/04/04/insecure-content-ownership/ I've survived yet another Blackhat Europe... actually, part of me probably perished in the streets of Amsterdam, but that's a story for the bars.  I'll be in San Francisco next week speaking at the RSA Conference.  I plan on attending the WASC RSA meetup and the iSEC Forum and Social (I ... http://xs-sniper.com/blog/2008/04/03/amsterdam-rsa-security-vids-and-the-harvard-business-review/ I'll be headed out to Blackhat Europe, speaking on phishing, scams, and ATM skimmers. If you're in the area, look me up and well grab a few at the bar. Also, I wanted to take a moment to thank my colleagues out in Hyderabad, India. I recently traveled to ... http://xs-sniper.com/blog/2008/03/27/have-some-bad-sushi-at-blackhat-europe/ A colleague and I were tossing around the idea of preventing XSS Exploitation with CSRF tokens. Now, before people start going "high and right" on me...hear me out... I DID NOT say "prevent XSS" with CSRF tokens, I said prevent "XSS Exploitation" with CSRF tokens. This discussion ... http://xs-sniper.com/blog/2008/03/19/preventing-xss-exploitation-with-csrf-tokens/ For those who have never read the classic "Reflections on Trusting Trust", you can find it here.  Reflections is a easy read on the perils of running un-trusted code on your machine.  It's a concept that's foreign to many users as we typically run "un-trusted" HTML and clientside scripts from ... http://xs-sniper.com/blog/2008/03/17/reflections-on-trusting-trust/