Smoke – Modern Hash Digest Encapsulation 2018-01-15 Smoke – A unified means of generating, transmitting, encapsulating, and validating multiple hash digests simultaneously to replace existing stand-alone hash digest software. The software generates digests in parallel and is notably faster than using individual algorithms serially on large files. Smoke operates much the same way as existing hash digest tools, like md5sum, and Smoke… Read More
Painless Password Hash Upgrades 2018-01-02 Background & Summary Existing websites and applications implementing an older password hashing algorithm like MD5 or SHA1 must be upgraded to a more secure algorithm. Both of these older algorithms are obsolete & breakable and if an attacker obtains those hashes from a lost backup tape or website vulnerability, the attacker could make quick work… Read More
Accidental Offensive Security: Analysis of Buffer Overrun in a Security Tool 2017-10-17 Note: I originally posted this blog entry on the Aspect Security blog around 2017-03-16. I am mirroring it here with only formatting changes. Introduction During a project working with Hydra, a Network Login Auditor, we discovered and corrected a buffer overrun issue with possible security implications that might include the auditor being attacked by the… Read More
Image Location & Privacy Scanner v0.4 2017-10-04 New Version: Image Location & Privacy Scanner v0.4 I have completed another update of the Image Location & Privacy Scanner, a plugin for Burp or OWASP ZAP security proxy tools. More camera types have their serial numbers detected. With some Panasonic camera, it will also give the name and age of the person in the… Read More
PolarSSL Security Snowstorm – Tools Could Not Save Us 2017-10-03 Note: I originally posted this blog entry on the Aspect Security blog around 2015-02-13. I am mirroring it here with only formatting changes. Introduction The spat of SSL and TLS issues over the last year have caused concern about the quality of the encrypted tunnel in Internet communications. The various creatively named BEAST, CRIME, &… Read More
Remove Insecure HTTP Headers 2017-09-18 New technologies: HAProxy! This page is a collection of instructions to remove unnecessary server headers which may be reported as part of a Penetration Test performed by a security engineer or reported via automated tools. I have catalogued these remediation instructions for many technologies in this single site to save the vast amounts of searching… Read More
Time to Euthanize “Pragma: no-cache” 2017-08-02 Modern Cache Directives As part of each website security vulnerability assessment performed, the security researcher will check that proper caching directives are implemented. In situations where the most extreme “never cache this data” is required, the gold standard HTTP headers recommended by infosec professionals everywhere is: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT 123 Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Thu, 01 Jan 1970 00:00:00 GMT This advice is problematic and here in this… Read More
Insecure HTTP Header Removal (old version) 2017-06-06 A massively updated version of this post is over at https://veggiespam.com/headers/. This page is a collection of instructions to remove unnecessary server headers which may be reported as part of a Penetration Test performed by a security engineer or reported via automated tools. I have catalogued these remediation instructions for many technologies in one place… Read More
Challenge/Response Fail 2017-05-06 Here in an example of a recent challenge/response form found on a system not to be named. Answer to What was your first pets name? is too short. Answers must be between 5 and 255, Sigh. Chip, Ted, Lola, Opus, Kiki, C (the letter, not the language).… Read More
Accidental Offensive Security: Analysis of Buffer Overrun in a Security Tool 2017-03-20 During a project working with Hydra, a Network Login Auditor, we discovered and corrected a buffer overrun issue with possible security implications that might include the auditor being attacked by the auditee. TL;DR Attacker using Hydra or Medusa can get pwn’d by the victim website responding with remote code execution via buffer overrun exploit.… Read More