Adobe 0-day vulnerability (CVE-2009-4324) – what this means?


SecuriTeam Blogs contains several FAQ documents about MS Office vulnerabilities used in targeted attacks since 2006. This time I’m not writing a FAQ. This document has answers to What this means type questions.

What an organization can make to protect?


#1 Disable JavaScript. Deploy a system to deliver this setting to all workstations. This is not the last Adobe 0-day which we will see.

What this means?

Go to Edit>Preferences menu, select item ‘JavaScript’, Uncheck “Enable Acrobat JavaScript” and to save the setting click ‘OK’.


#2 Enable DEP

Some Windows systems include Data Execution Prevention (DEP) functionality.

What this means?

If your organization is using Windows versions with DEP support the code execution can be avoided.

Adobe has confirmed these mitigation advices in security advisory APSA09-07, but as mentioned DEP method doesn’t fully prevent the exploitation.


#3 Do not open PDF documents from unknown sources AND received unexpectedly.

What this means?

If you don’t know the sender who is sending you file attachments there is always a risk that you are a victim of targeted attack. Remember that the sender can be easily spoofed as well.


#4 Switch to alternative PDF reader.

There are many free and commercial products. However, they are often affected by Adobe vulnerabilities too and a patching policy is needed when switching to another product.

What this means?

Changing the PDF reader in large organization is not an easy move. Today is a good day to start the planning project.

Let’s talk about technical details with some words. The vulnerability exists in Doc.media.newPlayer method. The Trojan in these attacks generated connections to http: // foruminspace dot com and http: // newsplaza dot net (these servers are located in Malaysia).

AV vendors use the following names when detecting the malicious PDF document:

Exploit.JS.Pdfka.atq (Kaspersky)

Exploit:W32/AdobeReader.UZ (F-Secure)

Exploit-PDF.ag (McAfee)

PDF/Pidief.NQ (CA)

Trojan.Pidief.H (Symantec)

TROJ_PIDIEF.PGS (Trend Micro)

Troj/PDFJs-FS (Sophos)

The size of the infected PDF document is 400,918 bytes. The file name varies, but it can be note200911.pdf, note_20091210.pdf or Outline of Interview.pdf.

Share

Stop blaming us

Occasionally, I see articles like this.

Hackers don’t, as a rule, need to go to such lengths to crack passwords. That’s because most of us fail to follow good security habits. A recent article on PhysOrg cites a study that found people are the weak link in computer security.

This is silly. People don’t need to “follow good security habits” unless they have “security” somewhere in their title. Security is a means to an end, and not the target. The target is to get the job done (or surf the web, or read your emails).

Saying this is not just silly – it’s also dangerous. When experts say “people are the weakest link in computer security”, they remove all responsibility from the security industry to make security better, and easier, for users. Why work on preventing brute-force attacks on passwords? Instead lets force our users to choose a 10 character password including at least 1 number and 1 letter of each case. Oh, and lets prevent those walking security hazards from saving the password in the browser on their malware infested machines. Yeah, that’ll teach them. The article over at discovery.com suggests I use e$4WruX7 as a password – a most helpful advice if I ever saw one. Here’s a better suggestion for you Jonathan: have the system lock out for 24 hours after 3 failed tries.That will make guessing a simple 6 digit-only PIN take more than 450 years.

Enough with this.  Users are not the weakest link any more than drivers are the weakest link in driving accidents. Sure, if we remove users (or drivers) from the equation, that solves all our problems. But since we can’t do that, lets focus on making seat belts, and airbags, and warning systems. Or easier (not harder!) password systems, better protected servers and better user interface.

Share

How to analyze timeline of 9/11 attacks – read pager traffic from N.Y. and Washington

Wikileaks has released hundreds of thousands pager messages from 11th September, 2001.

Link: 911.wikileaks.org/

Listings say that the messages are sent in networks of Arch Wireless, Metrocall, and SkyTel.

Share

Heathrow calling

Here’s a weird spam I got last night:

Hello

The route taken through Customs is mainly determined by your point of departure and whether you are bringing into the country more duty payable goods than your free allowance. For those passengers who have flown in from outside the European Community (EC), their baggage will have a white tag and they must pass through either the Red or Green channel according to the amount of duty free goods they have. Those passengers arriving from countries within the EC should use the Blue channel, and their baggage will have green-edged tag.

As part of our routine check and based on the above, we have a consignment in your name; you are advised to come to the office address below

Customs office
Terminal 3
Heathrow Airport

You are required to come with the following:
1. Your ID
2. Diplomatic Tag either white or green-edge tag.
3. Non Inspection document

Your appointment time is 10am GMT, failure to comply; we will have over the matter to Metropolitan and the FBI. I am the officer in charge of your matter.

Thomas Smith
UK Customs
Heathrow Airport

It’s weird, because it contains no advertisement, and no links. There’s nothing “encoded” in it -  it seems to be an old version of this notice.

So why would a spammer waste valuable botnet cycles on sending me the email? The only explanation I could come up with is “a boy who cried wolf” attack. You send this email a few times, and the Baysian filtering systems train themselves that this is a good email (i.e. “ham”). Most Baysian spam filtering systems have a loopback mechanism where spam email is used to train the system further, and ham email is used to teach the system what “good” email is. If this email is seen a few times and considered ham, spam filters will accept something similar to it that contains a link. That link, can be the spam or phishing attack.

Another guess is that it’s simply used to verify email addresses – you read that a scary Customs agent from Heathrow wants you in his office first thing tomorrow morning, and you quickly reply to ask what it’s about; the spammer (whose reply-to address is different than the “From”) gets a confirmation that your email address is valid, maybe with some more details like your phone number. This is a plausible explanation but it seems like too much hard work just to get some valid email addresses.
Any other guesses?

Share

Fuzzing anything that moves

<meta content="OpenOffice.org 3.0 (Linux)" name="GENERATOR" /><br /> <style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } --></style> <p style="margin-bottom: 0in">I’m in New Delhi, for the local <a href="(http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009">OWASP Conference</a>. There’s a <a href="http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference">really nice lineup</a> and if you’re in the New Delhi area I highly recommend attending.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">I’ll be speaking twice. On Tuesday about blackbox testing. The abstract can be paraphrased from the immortal words of the great fuzzing master Ice-T:</p> <blockquote> <p style="margin-bottom: 0in">If you’re from Mars, and you have inputs, we will fuzz you.</p> </blockquote> <p style="margin-bottom: 0in">(Look up the <a href="http://www.rhapsody.com/body-count/body-count/kkk-bitch/lyrics.html">original text</a>, I guarantee it’s worth it)</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">On Wednesday I’ll be talking a bit about breaking JSON applications, relying on the great research done by Amit Klein, Blueinfy, Jeremiah Grossman, Fortify, and many others.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you spot any errors in either of my presentations let me know and I will buy you a beer. This offer does not include anything stupid I say while on a discussion panel…</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1332"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_5"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1332" dc:identifier="http://blogs.securiteam.com/index.php/archives/1332" dc:title="Fuzzing anything that moves" trackback:ping="http://blogs.securiteam.com/index.php/archives/1332/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1321"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1321" rel="bookmark" title="The PCI in the Cloud Paradox">The PCI in the Cloud Paradox</a></h2> <p class="postinfo"> Posted on September 15th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1321#comments" title="Comment on The PCI in the Cloud Paradox"><span class="dsq-postid" rel="1321 http://blogs.securiteam.com/index.php/archives/1321">2 Comments »</span></a> </p> <div class="entry"> <p>What happens when <a href="http://en.wikipedia.org/wiki/Irresistible_force_paradox">an irresistible force meets an immovable object</a>? We might all have a chance to find out.</p> <p>In the last <a href="http://www.baysec.net/">baysec</a> I learned that handling credit card transactions in the cloud automatically makes you non-compliant with PCI. Assuming:</p> <p>1. PCI is here to stay (“an immovable object”)</p> <p>and</p> <p>2. ‘Everything’ will move to the cloud (“an irresistible force”)</p> <p>We reach a paradox.</p> <p>Did the gods of security create a stone they cannot lift?</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1321"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_6"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1321" dc:identifier="http://blogs.securiteam.com/index.php/archives/1321" dc:title="The PCI in the Cloud Paradox" trackback:ping="http://blogs.securiteam.com/index.php/archives/1321/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1320"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1320" rel="bookmark" title="Robert Who?">Robert Who?</a></h2> <p class="postinfo"> Posted on September 9th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/p1" title="Posts by p1" rel="author">p1</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/funny" title="View all posts in Funny" rel="category tag">Funny</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/ot" title="View all posts in OT" rel="category tag">OT</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/privacy" title="View all posts in Privacy" rel="category tag">Privacy</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1320#comments" title="Comment on Robert Who?"><span class="dsq-postid" rel="1320 http://blogs.securiteam.com/index.php/archives/1320">3 Comments »</span></a> </p> <div class="entry"> <p>As part of some research into the security risks of social networking, I did an <a title="egosurfing" href="http://en.wikipedia.org/wiki/Ego_search">ego search</a> on myself.  (Hey, it’s legitimate research, all right?)</p> <p>On Altavista, the first hit was the Wikipedia page someone created about me.  The second result was <a href="http://www.robertslade.com/">http://www.robertslade.com/</a> which I hadn’t known existed.  As well as correctly listing his published books, this page informed him that me that I was mentioned on the Wikipedia entry for the RISKS-Forum Digest (which is a definite ego boost).  It also provides a photograph of someone else.  As well as two pictures I didn’t take, and three videos I have nothing to do with.  Two different boxes provide links to buy books, some of which are mine, and most of which aren’t.</p> <p>I expected to find entries that weren’t me: I know there are a lot of <a href="http://victoria.tc.ca/techrev/robslade.htm">Robert Slades</a> on the net.  But it’s a bit weird to find out that there is a domain about me that I didn’t know about.<br /> I also found the <a href="http://www.rootsweb.ancestry.com/~scwhite/sherman/Slade04.jpg">church I’m buried in</a>, so currently I’m not feeling too great …</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1320"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_7"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1320" dc:identifier="http://blogs.securiteam.com/index.php/archives/1320" dc:title="Robert Who?" trackback:ping="http://blogs.securiteam.com/index.php/archives/1320/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1318"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1318" rel="bookmark" title="WordPress: we are protecting your blog">WordPress: we are protecting your blog</a></h2> <p class="postinfo"> Posted on September 6th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/funny" title="View all posts in Funny" rel="category tag">Funny</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/malware" title="View all posts in malware" rel="category tag">malware</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1318#comments" title="Comment on WordPress: we are protecting your blog"><span class="dsq-postid" rel="1318 http://blogs.securiteam.com/index.php/archives/1318">2 Comments »</span></a> </p> <div class="entry"> <p>As the WordPress team scramble around trying to resolve the latest set of security issues, and doing all the wrong things like giving their users a <a href="http://codex.wordpress.org/Upgrading_WordPress_Extended">14-step process for upgrade</a>, the following Jewel <a href="http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/">came up</a>:</p> <blockquote><p>4. WordPress is Not Secure: WordPress is incredibly secure and monitored constantly by experts in web security. This attack was well anticipated and so far, WordPress 2.8.4 is holding. If necessary, WordPress will immediately release a update with further security improvements. WordPress is used by governments, huge corporations, and me, around the world. Millions of bloggers are using WordPress.com. Have faith they are working overtime to monitor this situation and protect your blog.</p></blockquote> <p>This is funny on so many levels.<br /> (HT: Jericho, AKA security curmudgeon)</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1318"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_8"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1318" dc:identifier="http://blogs.securiteam.com/index.php/archives/1318" dc:title="WordPress: we are protecting your blog" trackback:ping="http://blogs.securiteam.com/index.php/archives/1318/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1317"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1317" rel="bookmark" title="The achilles heel of the Internet">The achilles heel of the Internet</a></h2> <p class="postinfo"> Posted on September 5th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/insider-threat" title="View all posts in Insider Threat" rel="category tag">Insider Threat</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/phishing" title="View all posts in Phishing" rel="category tag">Phishing</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/privacy" title="View all posts in Privacy" rel="category tag">Privacy</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1317#comments" title="Comment on The achilles heel of the Internet"><span class="dsq-postid" rel="1317 http://blogs.securiteam.com/index.php/archives/1317">2 Comments »</span></a> </p> <div class="entry"> <p>It won’t surprise you if I say the achilles heel of the Internet is passwords. But the problem is not that our passwords are too weak: in fact, the bigger problem is that our passwords are too <strong>strong</strong>.</p> <p>Preventing brute force password attacks is a problem we know how to solve. The problem is that web service providers have bad habits that cause our passwords to be less secure. Remember the saying “the chain is only strong as the weakest link?” If you are strengthening an already strong link in the chain but weakening another, you are not improving security and usually decreasing the overall security of the system. Those “bad habits”, mostly of web services that require a login, are all wrapped in supposedly ‘security concerns’: meaning some security consultant fed the CSO a strict compliance document and by implementing these rigid security methods they are actually making their users <strong>less</strong> secure.</p> <p>Here are some examples.</p> <p><strong>Don’t you remember who I am?</strong><br /> What’s the easiest way to fight phishing? Have the web site properly identify itself. When the bank calls, most people don’t ask the person on the other side of the line to prove they are really from the bank (though they really should). The reason is you assume that if they knew how to reach you, they are indeed your bank.</p> <p>So why not do the same for phishing? The bank of America uses <a href="http://blogs.securiteam.com/index.php/archives/767">Sitekey</a>, which is a really neat trick. But you don’t have to go that far: just remember my username and I’ll have more confidence that you are the right web site. In fact, if I see a login page that does not remember my username I’ll have to stop and think (since I typically don’t remember all the usernames) and that gives me more time to spot suspicious things about the page.</p> <p>If you can tell me what my username is, there are higher chances you are the legitimate site. But some sites block my browser from remembering my username, on the excuse of increasing security. Well, they’re not.</p> <p><strong>Let me manage my passwords</strong></p> <p>This is where most financial sites really fight me – they work so hard to prevent the browser from remembering my passwords.</p> <p>Why? I can see the point when I’m on a public terminal. But what if I’m using my own laptop? By letting my browser remember the password I am decreasing the chance of phishing, and in fact if I know for certain a web site will let me remember the password (rather than force to type it in) I select a strong, complicated password – since I don’t have to remember it. In some cases I even stick with the random-assigned password; I don’t care as long as my browser remembers it.</p> <p>But some people are stuck with “security!=usability” equation. They are wrong; in many cases usability increases security. This is one of those cases.</p> <p>Not to mention they will almost always lose the fight. If paypal won’t let firefox remember the password, I’ll find <a href="http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=izP&q=+remember+password+firefox">ways around it</a>. Or maybe I’ll just write a post-it note and put it on my monitor. All of those ways are less secure than firefox’s built-in password manager.</p> <p>Oh, and forcing me to choose a strong password (‘strong’ being something absurd and twisted that makes no security sense)? <a href="http://blogs.securiteam.com/index.php/archives/553">Good luck with that</a>. I don’t really mind these silly efforts just because they are so easy to circumvent they are not even a bother anymore. But just remember that putting security measures in place that will be circumvented by 90% of your users means teaching them not to take your security seriously.</p> <p><strong>Stop blocking me </strong><br /> Next week I will have my annual conversation with the Lufthansa ‘frequent flyer’ club support people. It’s a conversation I have at least once a year (sometimes more) when my login gets blocked.</p> <p>Why does my login get blocked? Because I get the password wrong too many times. What’s “too many”? I wish I knew. Since I usually pretty much know what my password is, I get it right within 4-5 tries, so I guess Lufthansa blocks me after 3 or 4. I don’t know for sure, because I also need to guess my username (long story, lets just say Lufthansa has 2 sets of usernames and passwords and you need to match them up correctly). So the bottom line is that I get routinely blocked and need to call their office in Germany to release it.</p> <p>Why are they blocking me? I’m guessing to prevent brute-force password attacks, and that’s a good thing. But why not release it automatically after a day? A week? An hour? Why not authenticate me some other way (e-mail)? I bet I can guess why: Because everybody that complains is told that “it’s due to security concerns”. Nobody can argue with that, can they? After all, security is the opposite of usability. Our goal as security professionals is to make our services not work, and hence infinitely secure.</p> <p>So Lufthansa is losing my web site visit, which means less advertising money, and they are making me agitated which is not the right customer retention policy. Some credit card issuers like to do this a lot, which means I can’t login to see my credit card balance and watch if there is any suspicious activity. Now that’s cutting your nose off to spite your face.</p> <p><strong>Don’t encourage me to give out my password</strong><br /> How many web sites have my real twitter password? Must be over half a dozen, maybe more. If you are using any twitter client, you have given them your twitter username and password. If you are using twitterpic, or any of the other hundreds of web 2.0 that automatically tweet for you, they have your login credentials. Heck, even facebook has my twitter credentials – I bet Facebook can flood twitter in an instant if they decide to fight dirty.</p> <p>Twitter wants me to use all these clients because it raises my twitter activity, and that’s ok. But there are plenty of single-sign-on methods out there, that are not too complicated, and are all more secure than spreading my real username and password all over the place. Even Boxee has my twitter login, which makes me think. If I was building a web 2.0 service and asked everyone who opens an account to give me their twitter login details – how many would do that just out of habit?<br /> Giving my credentials is not necessarily a bad thing. Services like <a href="http://www.mint.com">mint</a> and <a href="http://www.pageonce.com/">pageonce</a> are good because they make it unnecessary for me to login to all my financial web sites; the less I login the better: assuming these sites have better security than my own computer, I’d rather have them login to my financial accounts than me. This leap of faith is not for everyone – some will ask what happens if these startups go out of business. Cybercrime experts like Richard Stiennon will argue that an <a href="http://blogs.zdnet.com/threatchaos/?p=341">insider breach</a> in one of those companies can be devastating. And of course <a href="http://blogs.securiteam.com/index.php/archives/author/noam/">Noam</a> will say that until they’ve been scanned by Beyond Security he won’t give them any sensitive information. I agree with them all, and yet I use both Mint.com and PageOnce. So I guess it boils down to a personal judgment call. I personally think there’s value in these type of services.</p> <p><strong>Stick with passwords</strong></p> <p>One thing I am almost allergic to, is the “next thing to replace passwords”. Don’t give me USB tokens or credit-card sized authentication cards. SMS me if you must, but even that’s marginal. Don’t talk to me about <a href="http://openid.net/">new ideas</a> to revolutionize logins. A non-trivial password along with a mechanism that blocks multiple replies (blocks for a certain period of time, not forever – got that Lufthansa?) is good enough. It’s not foolproof – a keylogger will defeat all of those methods, but those keylogging Trojans are also capable of modifying traffic so no matter what off-line method you use for authentication, the transaction itself will be modified and the account will be compromised. So Trojans is a war we have lost – lets admit that and move on. Any other threat can be stopped by simple and proper login policies that do not include making the user wish he never signed up for your service.<br /> There are other password ideas out there. Bruce Schneier <a href="http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html">suggests</a> to have passwords be displayed while typing them. I think that makes absolutely no sense for 99% of the people out there, but I do agree that we are fighting the wrong wars when it comes to passwords, and I think fresh thinking about passwords is a good thing. The current situation is that on one hand we are preventing our users from using passwords properly, and on the other hand we leaving our services open to attack. That doesn’t help anyone.</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1317"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_9"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1317" dc:identifier="http://blogs.securiteam.com/index.php/archives/1317" dc:title="The achilles heel of the Internet" trackback:ping="http://blogs.securiteam.com/index.php/archives/1317/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1316"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1316" rel="bookmark" title="Why isn’t there more spam on twitter?">Why isn’t there more spam on twitter?</a></h2> <p class="postinfo"> Posted on August 30th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/spam" title="View all posts in Spam" rel="category tag">Spam</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1316#comments" title="Comment on Why isn’t there more spam on twitter?"><span class="dsq-postid" rel="1316 http://blogs.securiteam.com/index.php/archives/1316">8 Comments »</span></a> </p> <div class="entry"> <p>Here’s something that’s been bugging me for a while. Twitter is a very open platform – there are probably hundreds of “entry points” through various APIs and clients. It is also very simple – which is what makes it powerful; basically you put your text into their database, and others view it according to a search they do (either explicitly, or implicitly – by following you or monitoring for @ replies).</p> <p>So given this wealth of entry points, and simplicity, why aren’t we seeing twitter flooded with spam? I’m not talking about the occasional spammer following you in hopes that you follow them back and get exposed to their spam – I’m talking about a massive spam attack including your twitter name (so it shows when you look for @ replies), including hash tags for all trending topics, and generally – flooding twitter at the rate we are seeing with email messages?</p> <p>After all, the multitude of entry points makes it more difficult to block it from entering than email, and the simplicity of the protocol makes it difficult to filter or block.</p> <p>I know the twitter team is putting efforts into blocking and filtering spam, but I find it hard to believe they are successfully blocking virtually all spam attacks. Spammers tend to be sophisticated, and I’m pretty sure they watch Opera, too – they must know what twitter is.</p> <p>Am I missing something?</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1316"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_10"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1316" dc:identifier="http://blogs.securiteam.com/index.php/archives/1316" dc:title="Why isn’t there more spam on twitter?" trackback:ping="http://blogs.securiteam.com/index.php/archives/1316/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1311"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1311" rel="bookmark" title="Vanishingly small utility …">Vanishingly small utility …</a></h2> <p class="postinfo"> Posted on July 27th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/p1" title="Posts by p1" rel="author">p1</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/encryption" title="View all posts in Encryption" rel="category tag">Encryption</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/gadgets" title="View all posts in Gadgets" rel="category tag">Gadgets</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/insider-threat" title="View all posts in Insider Threat" rel="category tag">Insider Threat</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/privacy" title="View all posts in Privacy" rel="category tag">Privacy</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/sec-tools" title="View all posts in Sec Tools" rel="category tag">Sec Tools</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1311#comments" title="Comment on Vanishingly small utility …"><span class="dsq-postid" rel="1311 http://blogs.securiteam.com/index.php/archives/1311">1 Comment »</span></a> </p> <div class="entry"> <p>This system has had some discussion in the forensics world over the past few days.  Here’s an extract from <a href="http://www.sciencedaily.com/releases/2009/07/090721113309.htm">Science Daily</a>:</p> <p>“Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer. The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them.</p> <p>“The team of <a href="http://vanish.cs.washington.edu/">UW computer scientists developed a prototype system called Vanish</a> that can place a time limit on text uploaded to any Web service through a Web browser.</p> <p>[Perhaps a bit narrower focus than the original promise, but it is a prototype - rms]</p> <p>“After a set time text written using Vanish will, in essence, self-destruct.  The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.”</p> <p>However, given the promise to clean up social networking sites, and as I started to read <a href="http://vanish.cs.washington.edu/pubs/usenixsec09-geambasu.pdf">the paper</a>, an immediate problem occurred to me.  And, lo and hehold, the authors admit it:</p> <p>“We therefore focus our threat model and subsequent analyses on attackers who wish to compromise data privacy. Two key properties of our threat model are:<br /> 1. Trusted data owners. Users with legitimate access to the same VDOs trust each other.<br /> 2. Retroactive attacks on privacy. Attackers do not know which VDOs they wish to access until after the VDOs expire.<br /> The former aspect of the threat model is straightforward, and in fact is a shared assumption with traditional encryption schemes: it would be impossible for our system to protect against a user who chooses to leak or permanently preserve the cleartext contents of a VDO-encapsulated file through out-of-band means. For example, if Ann sends Carla a VDO-encapsulated email, Ann must trust Carla not to print and store a hard-copy of the email in cleartext.”</p> <p>So, this system works perfectly.  If you only communicate with people you trust (both in terms of intent, and competence), and who only use the system properly, and never use any of the information in any program that is not part of the system, it’s completely secure.</p> <p>How often have we heard that said?</p> <p>The default to privacy aspect is interesting, and the automatic transparency for the user as well, but this simply moves the problem one step back, as it were.  In terms of utility to social networking, the social networks would have to be completely rewritten to adher to the system, and even then it would be pretty much impossible to ensure that nobody would have the ability to scrape data and keep or publish it elsewhere.</p> <p>(Plus, the data is still there, and so is Moore’s Law …)</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1311"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_11"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1311" dc:identifier="http://blogs.securiteam.com/index.php/archives/1311" dc:title="Vanishingly small utility …" trackback:ping="http://blogs.securiteam.com/index.php/archives/1311/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1310"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1310" rel="bookmark" title="Elance user information compromised">Elance user information compromised</a></h2> <p class="postinfo"> Posted on July 19th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/corporate-security" title="View all posts in Corporate Security" rel="category tag">Corporate Security</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/full-disclosure" title="View all posts in Full Disclosure" rel="category tag">Full Disclosure</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/phishing" title="View all posts in Phishing" rel="category tag">Phishing</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/privacy" title="View all posts in Privacy" rel="category tag">Privacy</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1310#comments" title="Comment on Elance user information compromised"><span class="dsq-postid" rel="1310 http://blogs.securiteam.com/index.php/archives/1310">1 Comment »</span></a> </p> <div class="entry"> <p>God bless the law that forces companies to disclose when they are hacked and customer information is compromised. Not only do we get a chance to protect ourselves but it also reminds us that this apparently happens more often then we would think.</p> <p>This time it’s elance.com:</p> <blockquote><p>Dear (my account name),<br /> We recently learned that certain Elance user information was accessed without authorization, including potentially yours. The data accessed was contact information — specifically name, email address, telephone number, city location and Elance login information (passwords were protected with encryption). This incident did NOT involve any credit card, bank account, social security or tax ID numbers.<br /> We have remedied the cause of the breach and are working with appropriate authorities. We have also implemented additional security measures and have strengthened password requirements to protect all of our users.<br /> We sincerely regret any inconvenience or disruption this may cause.<br /> If you have any unanswered questions and for ongoing information about this matter, please visit this page in our Trust & Safety center: http://www.elance.com/p/trust/account_security.html<br /> For information on re-setting your password, visit: http://help.elance.com/forums/30969/entries/47262<br /> Thank you for your understanding,<br /> Michael Culver<br /> Vice President<br /> Elance</p> </blockquote> <p>What I would like to see, is what “additional security measures” are they really taking. Also (and I’ll admit I have a one-track-mind) did they do a proper security scan to ensure the servers don’t have any holes? What were the results?</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1310"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_12"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1310" dc:identifier="http://blogs.securiteam.com/index.php/archives/1310" dc:title="Elance user information compromised" trackback:ping="http://blogs.securiteam.com/index.php/archives/1310/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1308"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1308" rel="bookmark" title="Comerica bank discovers full disclosure">Comerica bank discovers full disclosure</a></h2> <p class="postinfo"> Posted on July 17th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/full-disclosure" title="View all posts in Full Disclosure" rel="category tag">Full Disclosure</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1308#respond" title="Comment on Comerica bank discovers full disclosure"><span class="dsq-postid" rel="1308 http://blogs.securiteam.com/index.php/archives/1308">No Comments »</span></a> </p> <div class="entry"> <p>Comerica bank seems to think disclosing cross site scripting vulnerabilities in the bank’s web site is illegal:</p> <blockquote><p>“Comerica hereby demands that the above-referenced Subject Site be shut down immediately and that the identity of the account holder be provided to the undersigned.</p> <p>Comerica’s demand is based upon the fact that the Subject Site is designed to enable that subscriber and anyone else viewing the site to take actions to attempt to impersonate Comerica to its customers”</p></blockquote> <p>(full document <a href="http://files.getdropbox.com/u/634884/Letter%20to%20Tumblr%20from%20P.%20Bertrand%207-17-09.PDF">here</a>)</p> <p>No Comerica, it’s not the “how to use Comerica com to phish their customers” that enables that, it’s comerica.com that enables that. But at least I finally know why I’m receiving a flood of Comerica phishing emails in the last few weeks (I haven’t even heard of the bank before then).</p> <p>Needless to say, they haven’t fixed the problem. Of course, for <strong>them</strong> the problem is not that phishers can attack Comerica bank customers but that somebody is saying it out loud.</p> <p><a href="http://blogs.securiteam.com/wp-content/comerica-xss.png"><img width="435" height="273" alt="Comerica XSS" title="Comerica XSS" src="http://blogs.securiteam.com/wp-content/comerica-xss.png" /></a></p> <p>(more pictures <a href="http://twitpic.com/anq0o">here</a>)</p> <p>(via <a href="http://twitter.com/lancejssc">@lancejssc</a>)</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1308"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_13"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1308" dc:identifier="http://blogs.securiteam.com/index.php/archives/1308" dc:title="Comerica bank discovers full disclosure" trackback:ping="http://blogs.securiteam.com/index.php/archives/1308/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1305"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1305" rel="bookmark" title="Privacy and transparency: cost benefit analysis">Privacy and transparency: cost benefit analysis</a></h2> <p class="postinfo"> Posted on July 16th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/p1" title="Posts by p1" rel="author">p1</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/ot" title="View all posts in OT" rel="category tag">OT</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/privacy" title="View all posts in Privacy" rel="category tag">Privacy</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1305#respond" title="Comment on Privacy and transparency: cost benefit analysis"><span class="dsq-postid" rel="1305 http://blogs.securiteam.com/index.php/archives/1305">No Comments »</span></a> </p> <div class="entry"> <p>Gloria pointed out an <a href="http://www.vancouversun.com/Employment+resume+there/1795776/story.html">article in the Vancouver Sun</a> and, just in case it disappears in a few days, I found <a href="http://www.twistimage.com/blog/archives/employment-20/">the author’s blog.</a></p> <p>The main thrust of the article is on the risk/benefit of a lack of privacy, as practiced in social networking.  This (absent the social networking) reminded me of <a href="http://victoria.tc.ca/techrev/bktrasoc.rvw">David Brin’s “The Transparent Society,”</a> and if you haven’t read it, I recommend it.</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1305"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_14"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1305" dc:identifier="http://blogs.securiteam.com/index.php/archives/1305" dc:title="Privacy and transparency: cost benefit analysis" trackback:ping="http://blogs.securiteam.com/index.php/archives/1305/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1303"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1303" rel="bookmark" title="Firefox 3.5 heap spray vuln">Firefox 3.5 heap spray vuln</a></h2> <p class="postinfo"> Posted on July 14th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/full-disclosure" title="View all posts in Full Disclosure" rel="category tag">Full Disclosure</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1303#comments" title="Comment on Firefox 3.5 heap spray vuln"><span class="dsq-postid" rel="1303 http://blogs.securiteam.com/index.php/archives/1303">2 Comments »</span></a> </p> <div class="entry"> <p>It’s nice to have milw0rm around: <a title="Firefox 3.5 Heap Spray Vulnerabilty" href="http://www.milw0rm.com/exploits/9137">http://www.milw0rm.com/exploits/9137</a>.</p> <p>Be careful out there, firefox 3.5 users.</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1303"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_15"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1303" dc:identifier="http://blogs.securiteam.com/index.php/archives/1303" dc:title="Firefox 3.5 heap spray vuln" trackback:ping="http://blogs.securiteam.com/index.php/archives/1303/trackback" /> </rdf:RDF> --> </div> </div> <div class="post" id="post-1300"> <h2><a href="http://blogs.securiteam.com/index.php/archives/1300" rel="bookmark" title="milw0rm will stay open, but needs your help">milw0rm will stay open, but needs your help</a></h2> <p class="postinfo"> Posted on July 11th, 2009 by <a href="http://blogs.securiteam.com/index.php/archives/author/aviram" title="Posts by Aviram" rel="author">Aviram</a><br /> Filed under: <a href="http://blogs.securiteam.com/index.php/archives/category/commentary" title="View all posts in Commentary" rel="category tag">Commentary</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/culture" title="View all posts in Culture" rel="category tag">Culture</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/fuzzing" title="View all posts in Fuzzing" rel="category tag">Fuzzing</a>, <a href="http://blogs.securiteam.com/index.php/archives/category/web" title="View all posts in Web" rel="category tag">Web</a> | <a href="http://blogs.securiteam.com/index.php/archives/1300#comments" title="Comment on milw0rm will stay open, but needs your help"><span class="dsq-postid" rel="1300 http://blogs.securiteam.com/index.php/archives/1300">1 Comment »</span></a> </p> <div class="entry"> <p>Seems like milw0rm will stay up for the near future. In an email from Str0ke, he wrote:</p> <blockquote><p>Way to[o] many people unhappy with me over the<br /> idea of closing shop.  I just needed help which I have alot of people to choose from now</p></blockquote> <p>So the good news, is that we’ll still see milw0rm posting information. But for all of you who were disappointed by milw0rm almost closing: if you want to see it stay open, here’s your chance to help. Just write to str0ke and offer him help – managing a vulnerability database is one of the best ways to gain expertise and learn the field. Plus, you’ll be helping a valuable resource, and making friends along the way.</p> <p>From a personal experience, I can very much recommend it. We started our own <a href="http://www.securiteam.com/">vulnerabilities database</a> much like milw0rm a while back, and it gave us the expertise to build a <a href="http://www.beyondsecurity.com/vulnerability-assessment.html">vulnerability scanner</a>, a <a href="http://www.beyondsecurity.com/beSTORM">fuzzer</a>, and build a profitable business while having fun doing it. So much so, that the original SecuriTeam team is still actively working on editing and posting information.</p> <p>So whether you are looking to sharpen your skills for fun or want to give a boost to your professional career, I highly recommend joining milw0rm (do it now, while str0ke is still accepting applications!)</p> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1300"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_16"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1300" dc:identifier="http://blogs.securiteam.com/index.php/archives/1300" dc:title="milw0rm will stay open, but needs your help" trackback:ping="http://blogs.securiteam.com/index.php/archives/1300/trackback" /> </rdf:RDF> --> </div> </div> <script type="text/javascript"> // <![CDATA[ var disqus_shortname = 'securiteamblogs'; (function () { var nodes = document.getElementsByTagName('span'); for (var i = 0, url; i < nodes.length; i++) { if (nodes[i].className.indexOf('dsq-postid') != -1) { nodes[i].parentNode.setAttribute('data-disqus-identifier', nodes[i].getAttribute('rel')); url = nodes[i].parentNode.href.split('#', 1); if (url.length == 1) { url = url[0]; } else { url = url[1]; } nodes[i].parentNode.href = url + '#disqus_thread'; } } var s = document.createElement('script'); s.async = true; s.type = 'text/javascript'; s.src = '//' + 'disqus.com/forums/' + disqus_shortname + '/count.js'; (document.getElementsByTagName('HEAD')[0] || document.getElementsByTagName('BODY')[0]).appendChild(s); }()); //]]> </script> <div class="browse"><a href="http://blogs.securiteam.com/index.php/archives/category/web/page/4" >« Previous Page</a> — <a href="http://blogs.securiteam.com/index.php/archives/category/web/page/6" >Next Page »</a></div> <div class="clear"></div> </div> <div class="sidebar sidebar2"> <ul> <li id="a2a_share_save_widget-3" class="widget widget_a2a_share_save_widget"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_17"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></li> <li id="text-6" class="widget widget_text"> <div class="textwidget"><BR/><BR/><BR/><BR/><BR/><BR/><BR/></div> </li> <li id="categories-3" class="widget widget_categories"><h2 class="widgettitle">Categories</h2> <select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="11">Apple  (57)</option> <option class="level-0" value="18">Ask the Expert  (46)</option> <option class="level-0" value="41">Book Reviews  (45)</option> <option class="level-0" value="27">Botnets  (72)</option> <option class="level-0" value="12">Cisco  (25)</option> <option class="level-0" value="5">Commentary  (1345)</option> <option class="level-0" value="21">Corporate Security  (397)</option> <option class="level-0" value="10">Culture  (404)</option> <option class="level-0" value="26">DDoS  (40)</option> <option class="level-0" value="17">Digest  (41)</option> <option class="level-0" value="33">Earl  (11)</option> <option class="level-0" value="23">Encryption  (44)</option> <option class="level-0" value="7">Full Disclosure  (216)</option> <option class="level-0" value="25">Funnies  (71)</option> <option class="level-0" value="20">Funny  (96)</option> <option class="level-0" value="30">Fuzzing  (35)</option> <option class="level-0" value="2">Gadgets  (88)</option> <option class="level-0" value="19">Google  (53)</option> <option class="level-0" value="34">Hacked  (13)</option> <option class="level-0" value="31">InSecurity  (17)</option> <option class="level-0" value="22">Insider Threat  (53)</option> <option class="level-0" value="24">Interviews  (10)</option> <option class="level-0" value="9">Law  (86)</option> <option class="level-0" value="4">Linux  (41)</option> <option class="level-0" value="40">malware  (69)</option> <option class="level-0" value="32">Memory Leak  (24)</option> <option class="level-0" value="3">Microsoft  (234)</option> <option class="level-0" value="28">Networking  (119)</option> <option class="level-0" value="38">OPSEC  (121)</option> <option class="level-0" value="14">OT  (213)</option> <option class="level-0" value="16">Phishing  (109)</option> <option class="level-0" value="15">Physical Security  (89)</option> <option class="level-0" value="6">Privacy  (145)</option> <option class="level-0" value="29">Rootkits  (32)</option> <option class="level-0" value="39">Sec Tools  (90)</option> <option class="level-0" value="42">Social Engineering  (69)</option> <option class="level-0" value="8">Spam  (163)</option> <option class="level-0" value="35">The NULL Terminated  (5)</option> <option class="level-0" value="44">Tips & Tricks  (49)</option> <option class="level-0" value="13">Virus  (249)</option> <option class="level-0" value="1" selected="selected">Web  (453)</option> <option class="level-0" value="36">Zoned Out  (4)</option> </select> <script type='text/javascript'> /* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "http://blogs.securiteam.com/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; /* ]]> */ </script> </li> <li id="text-7" class="widget widget_text"> <div class="textwidget"><BR/> <!-- Place this tag where you want the +1 button to render --> <g:plusone></g:plusone> <!-- Place this render call where appropriate --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script></div> </li> </ul> </div> <div class="sidebar"> <a style="font-size: 150%;" href="/index.php/feed/"><img src="http://blogs.securiteam.com/wp-content/themes/securiteam.new/images/rss-icon-48x48.gif" width="24" ALT="Security RSS"> Subscribe</a> <br><br> <ul> <li id="text-4" class="widget widget_text"> <div class="textwidget"><div class="fb-like" data-href="http://blogs.securiteam.com" data-send="true" data-width="400" data-show-faces="true"></div></div> </li> <li id="text-3" class="widget widget_text"> <div class="textwidget"><div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script></div> </li> <li id="rss-3" class="widget widget_rss"><h2 class="widgettitle"><a class='rsswidget' href='http://www.securiteam.com/securiteam.rss' title='Syndicate this content'><img style='border:0' width='14' height='14' src='http://blogs.securiteam.com/wp-includes/images/rss.png' alt='RSS' /></a> <a class='rsswidget' href='http://www.securiteam.com/' title='Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.'>More Securiteam</a></h2> <ul><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6L03E2AC1A.html' title='Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity. […]'>Thomson TWG87OUIR Router '/goform/RgSecurity' Cross Site Request Forgery Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6W0352AC2A.html' title='WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. […]'>WebKit APPLE Safari Memory Corruption And Application Crash Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6J03C2AC1A.html' title='Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables. […]'>Snort And Suricata 1.0.6 Packages Multiple Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6I03B2AC1A.html' title='RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related t […]'>RESTEasy Incomplete Fix XML Entity References Information Disclosure Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Y0382AC1A.html' title='vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. […]'>Oracle Virtualization VirtualBox 4.2.26 Local Security Code Execution Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6A0392AC2A.html' title='SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. […]'>ZPanel Multiple Remote SQL-Injection Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6H03A2AC1A.html' title='Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, […]'>Piwigo 'picture_modify.php' Cross Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Z0382AC2A.html' title='Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. […]'>Yealink VoIP Phone SIP-T38G Multiple Local File Include Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6K03D2AC1A.html' title='Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. […]'>Sphider 'admin.php' Cross-Site Scripting Vulnerabilities</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/6Y0372AC2A.html' title='Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to sta […]'>WordPress WP GuestMap Plugin Multiple Cross Site Scripting Vulnerabilities</a></li></ul></li> <li id="recent-posts-3" class="widget widget_recent_entries"> <h2 class="widgettitle">New</h2> <ul> <li> <a href="http://blogs.securiteam.com/index.php/archives/2418" title="Windows 2012 R2 Certification Authority installation guide">Windows 2012 R2 Certification Authority installation guide</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2415" title="Best Email Retention Policy Practices">Best Email Retention Policy Practices</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2407" title="AV is dead … again …">AV is dead … again …</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2400" title="Settle for nothing now … Settle for nothing later!">Settle for nothing now … Settle for nothing later!</a> </li> <li> <a href="http://blogs.securiteam.com/index.php/archives/2393" title="Big Government vs Big Corp – which is worse?">Big Government vs Big Corp – which is worse?</a> </li> </ul> </li> <li id="recent-comments-3" class="widget widget_recent_comments"><h2 class="widgettitle">Comments</h2> <ul id="recentcomments"><li class="recentcomments">Anikasmith on <a href="http://blogs.securiteam.com/index.php/archives/1542#comment-905667">New computers – Windows 7 – security and permissions (2)</a></li><li class="recentcomments">Best php profestional training on <a href="http://blogs.securiteam.com/index.php/archives/989#comment-904766">OSCP (Offensive Security Certified Professional) Training and Challenge</a></li><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894970">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">Hellen Pedro on <a href="http://blogs.securiteam.com/index.php/archives/1468#comment-894965">Non-Functional Email (or Blog) System Disclaimer</a></li><li class="recentcomments">hsbc customer on <a href="http://blogs.securiteam.com/index.php/archives/1701#comment-894444">Howto: Phish HSBC credit card numbers</a></li></ul></li> <li id="text-5" class="widget widget_text"><h2 class="widgettitle">Admin</h2> <div class="textwidget"><a href="http://blogs.securiteam.com/wp-admin/">Login</a></div> </li> </ul> </div> <div class="clear"></div> <div id="footer"> <p><a href="http://blogs.securiteam.com" title="SecuriTeam Blogs home page">SecuriTeam Blogs</a> is powered by Word Press.</p> </div> </div><!-- end page --> </div> <script type="text/javascript"><!-- wpa2a.targets=[ {title:'Adobe 0-day vulnerability (CVE-2009-4324) – what this means?',url:'http://blogs.securiteam.com/index.php/archives/1339'}, {title:'Stop blaming us',url:'http://blogs.securiteam.com/index.php/archives/1334'}, {title:'How to analyze timeline of 9/11 attacks – read pager traffic from N.Y. and Washington',url:'http://blogs.securiteam.com/index.php/archives/1286'}, {title:'Heathrow calling',url:'http://blogs.securiteam.com/index.php/archives/1333'}, {title:'Fuzzing anything that moves',url:'http://blogs.securiteam.com/index.php/archives/1332'}, {title:'The PCI in the Cloud Paradox',url:'http://blogs.securiteam.com/index.php/archives/1321'}, {title:'Robert Who?',url:'http://blogs.securiteam.com/index.php/archives/1320'}, {title:'WordPress: we are protecting your blog',url:'http://blogs.securiteam.com/index.php/archives/1318'}, {title:'The achilles heel of the Internet',url:'http://blogs.securiteam.com/index.php/archives/1317'}, {title:'Why isn’t there more spam on twitter?',url:'http://blogs.securiteam.com/index.php/archives/1316'}, {title:'Vanishingly small utility …',url:'http://blogs.securiteam.com/index.php/archives/1311'}, {title:'Elance user information compromised',url:'http://blogs.securiteam.com/index.php/archives/1310'}, {title:'Comerica bank discovers full disclosure',url:'http://blogs.securiteam.com/index.php/archives/1308'}, {title:'Privacy and transparency: cost benefit analysis',url:'http://blogs.securiteam.com/index.php/archives/1305'}, {title:'Firefox 3.5 heap spray vuln',url:'http://blogs.securiteam.com/index.php/archives/1303'}, {title:'milw0rm will stay open, but needs your help',url:'http://blogs.securiteam.com/index.php/archives/1300'}, {title:document.title,url:location.href}]; wpa2a.html_done=true;if(wpa2a.script_ready&&!wpa2a.done)wpa2a.init();wpa2a.script_load(); //--></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-29522810-1']); _gaq.push(['_setDomainName', 'securiteam.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>