UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

ClubHack2008 presentations

Taking a page from L0pht Heavy Industries, Alexander Sotirov, Jacob Appelbaum, and a team of researchers whose identities have to remain secret for now are making the theoretical possible this Tuesday at the 25th Chaos Communication Congress in Berlin. The details of their presentation have been heavily censored leading up the event, with only a handful of security researchers, journalists, and collaborators given early access to the materials. Fortunately, I was one of them, and I wanted to take the opportunity to talk about their research, why it is important, and why the pre-conference secrecy is justified.

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.

I'm pleased to announce the first release of the project Zero Wine, a
behavioral based malware analysis.
 

Zero wine is a sandbox created with WINE and QEmu to (automatically)
analyze malware.
 

It's behavioral based: Just upload your malware to the zerowine's web
server and let it analyze the malware's behavior by running it (in a
isolated environment).
 

The very first release consist in a prebuilt QEmu virtual machine (the
recommended way) or the python source code (see the file INSTALL for
details).
 

Stuart McClure, CISSP, an independent computer security consultant, is one of today's leading authorities on information security. He was SVP of Global Threats and Research for McAfee where he led an elite global security team fighting the most vicious cyber attacks ever seen. Stuart is the coauthor of multiple security books, including all five editions of Hacking Exposed: Network Security Secrets & Solutions.

shell via Local File Include

I would like to get as much input as possible. I will post the results after the New Year.

Trace注：OllyDbg绿色版。
The subject tells everything. The author is performing some minor
changes before the initial release, and he posted a beta version in his
page.

With this flaw, users are to think that they are using a trustworthy service
supplied by Google while all their actions are actually performed on
websites prepared by hackers. This means hackers can easily steal users'
sensitive information. We have been warning of this hole to Google.

FreeBSD 7/6x protosw kernel exploit