Ruan Müller » Programming

SANS Report: 60% Of All Attacks Hit Web Applications, Most in the U.S.

Ruan — Tue, 15 Sep 2009 17:41:35 +0000

Most organizations are focusing their patching efforts and vulnerability scanning on the operating system — but 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools, according to actual attack data gathered for the report. Meanwhile, enterprises are taking twice as long to patch their applications than to patch their operating systems, the report says.

More at darkREADING

PHP Interpreter Modified To Find XSS and Injection Holes, Automatically Generates Attacks

Ruan — Fri, 19 Jun 2009 22:46:23 +0000

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.

The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.

There is also a table of results from analysis done against several PHP web applications

Via: darkREADING

OpenBSD 4.5 Released

Ruan — Fri, 01 May 2009 18:56:20 +0000

OpenBSD 4.5 has been released today. This release includes OpenSSH 5.2 as well as various tweaks, bugfixes, and enhancements. New and extended platforms include sparc64, and added device drivers. See the announcement page for a full list

New rogue DHCP server malware

Ruan — Tue, 17 Mar 2009 06:00:05 +0000

A bold new type of malware has been identified. Its attack vector is based on hijacking the DNS settings for devices on a local area network. Any device regardless of operating system that depends on an internal or external name server can be affected.

The trojan configures and runs a rogue DHCP daemon on the infected host. Other devices on the same LAN are misled into using name servers settings provided by the trojan DHCP daemon for DNS lookups instead of using the origional configured name servers.

Devices on the network are then sent to fraudulent websites that can be more difficult to identify as imposters since the DNS lookups appear correct.

This is a more advanced attack of a well known vector of attacking a systems hosts file, but by being system agnostic and using the familiar DNS protocol, it is much more effective.

More details can be found at SANS

Official Support For PHP 4 Ends

Ruan — Tue, 12 Aug 2008 00:35:31 +0000

Via Slashdot From ComputerWorld:

“For a technology that has been in stable release since May 22, 2000, PHP 4 has finally reached the end of its official life. With the release of PHP 4.4.9, official support has ended and the final security patch for the platform issued. …With eight years of legacy code out there, it is likely that there are going to be a fairly large number of systems that will not migrate to PHP 5 in the near future, and a reasonable proportion of those that will not make the migration at all. For those who are not able to migrate their systems to the new version of PHP, noted PHP security expert Stefan Esser will continue to provide third party security patching for the PHP 4 line through his Suhosin product.”

Setting up an AMP stack on FreeBSD

Ruan — Sun, 03 Aug 2008 03:24:06 +0000

Linux.com has a detailed step by step installation procedure for installing Apache, MySQL and PHP on FreeBSD using the ports collection. Some extra steps are taken to secure the installation and you end up with a nice multifunctional FreeBSD+AMP setup with very little effort.

Open Source driver for Atheros 802.11n Devices

Ruan — Sun, 27 Jul 2008 07:15:06 +0000

A new driver by Atheros has been released for use in Linux. It is licensed under the ISC license, so BSD users should be able to make use of the drivers as well.

The new driver doesn’t use a proprietary hardware abstraction layer and no firmware is required.

The ath9k driver includes supports for the following chipsets:

* AR5418+AR5133
* AR5416+AR5133
* AR5416+AR2133
* AR9160
* AR9280
* AR9281