Scott Yang's Playground

Via Hacker News. Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass. While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP. I [...]

Via Hacker News. Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration! I have in fact written quite a few tutorials and published automated scripts that are vulnerable. Seems the easiest way to prevent this issue is by adding a try_files statement (or a if (-f $request_filename) if Nginx -V < 0.7.27) [...]

Bought an ATA from Cormain back in January. It’s ugly, but it works. Connected to our new Billion 7800N ADSL2+ router and makes calls via PennyTel. No problem what so ever until a week ago. Suddenly VoIP stopped working. I am also unable to connect to ATA’s web admin interface to figure out what might [...]

PasswordFox — Reveal the user names/passwords stored in Firefox. Very useful utility to actually show all your passwords stored on Firefox. It’s not a recovery tool as you still need to type in the master password. However even without master password it shows all the websites you have kept password for, which means I might [...]

Read this story on Slashdot. “Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘; Works for normal users and admins, provided the normal user wasn’t switched to via fast user [...]

Went to the Aussie Bloggers forums this morning and spotted this post on an urgent WordPress upgrade (yes, I usually troll in the forums early in the morning instead of reading RSS feeds). WordPress 2.3.3 has been released fixing a few minor bugs and a security issue. Yes, again — less than two months after [...]

eWeek: Opening a PDF file on your Windows PC can get you pwn3d, recently discovered by researcher Petko D. Petkov (his blog is no longer online at this point in time). It’s the same guy who discovered Apple’s Quicktime flaw and how you can infect someone’s PC via Firefox and Quicktime. Interestingly the open source [...]

Got an email from MyBlogLog about 2 days ago. Hi ScottYang, I would like to add you as a co-author of my MyBlogLog community below: Blog/Site: Blogmemes Belgium (http://www.blogmemes.be)MyBlogLog community: http://www.mybloglog.com/buzz/community/Blogmemes_Belgium/ Your MUST click on the link below to accept this request: <Link Deleted> Thanks,Blogmemes_Belgium Instead of clicking on the link, I went straight to [...]

Via OpenDNS Blog, PhishTank is a website that collects URLs of phishing websites that conduct fraudulent activity by tricking people believing they are on a legitimate website. I’m getting phishing emails almost everyday telling me either my PayPal is not working, asking me to confirm an eBay purchase, or my bank needs my password. Great [...]

I watched Harrison Ford’s Firewall on DVD on Tuesday. It is an interesting and engaging thriller. Jack Stanfield is an IT security expert in a Seattle bank, and his family has been kidnapped. The kidnappers wanted 100 million dollars transferred to his off-shore account, and need Jack to get “behind the firewall” to activate the [...]

Bruce Schneier Facts Database, along the line of Chuch Norris Facts. For example, “Bruce Schneier eats 0s and 1s for breakfast. And snacks on pi.” Being a Schneier fan myself, it is very funny indeed. Via ELER.

Prrof of concept of port scanning arbitary IP addresses from nothing but client side Javascript. From the code it looks like creating IFRAMEs and setting the SRC attribute to try to connect to ports, and has a list of web server signatures to check against. Pretty scary in what client side JS can do. I [...]

Via B. Schneier, Security Research at Cambridge has worked out a way to penetrate through China’s Great Firewall, by ignoring the reset TCP packet sent back by the Chinese routers to keep the connection going. Very interesting analysis, although the article also stated that censorship in China is more than just “Great Firewall”. Might be [...]

Via /., The Register reports 64% of all spams are spreaded by zombies and compromised PCs controlled by Taiwanese, and only 3 percent from mainland China. It is sampled by a honey pot network to intercept commanding messages to those zombie PCs. It probably means (1) more Taiwanese are hacking for profit (2) Taiwanese hackers [...]

Bruce Schneier blogged about 2.5% of all passwords start with 1234 from a big sample of database. I know how common bad passwords are — plenty of them in the web apps we have deployed (though they are all hashed when stored in DB). I also remembered running Johnny the Ripper over all CS1021 accounts [...]