June 29, 2012

eBay. What Did Your Neighbor Buy?

I was browsing eBay and came across quite a striking lapse on the part of the ideologists.  They offer you this feature - feedback - which influence the buyer and  seller ratings. Once you close your deal and get your buy, you are strongly asked to rate the seller ("leave feedback").

You enter the page, rate the seller according to a number of criteria... and that's pretty much it. But! By doing so, you leave an entry on the seller's page, which contains your username, the name of the item you bought, its price, and the purchase date. Visit a page of any seller, and you'll see all information about their customers: names, purchases, prices, and dates of the purchases.

June 27, 2012

Web vulnerabilities. Unbelievable becomes obvious

In the course of penetration testing, security audit and other services rendered by Positive Technologies in 2010 and 2011, the company’s experts collected security statistics of more than a hundred corporate web applications. It was applications under consideration, not business card sites. E-Government websites, I-Bank systems, mobile operators' self-service portals, and other items became the objects of the research.

Having analyzed the results, we could finally answer the perennial questions of information security:

How many websites are infected with malware?
Which CMS is securer: commercial, open-source or a self-developed one?
Which is the securest among Java, PHP and ASP.NET?
Is it a myth or reality to comply with the PCI DSS requirements?

Some of the answers to these questions surprised us, we must say. See details under the cut.

June 26, 2012

Customizing Blue Screen of Death

It's Turned Blue! Is It OK?

BSOD is a response of the kernel to a non-recoverable exceptional situation. If you see it, something really unpleasant has happened.

Kernel environment sets numerous restrictions to a programmer's freedom of actions: consider IRQL, synchronize access to shared variables, don’t spend much time in an ISR, and verify any data from the "userland"... If any of the rules is broken, you'll get a real reproof filled with template phrases in a standard VGA mode with lousy coloring.

June 21, 2012

Peculiarities of a New Windows TCP/IP Stack

Starting with Windows Vista, Microsoft has switched its operating systems to a new network stack — Next Generation TCP/IP Stack. The stack is stuffed with various perks: Windows Filtering Platform, a scalable TCP window and other delicacies. But it’s not them we will be talking about, but a specific behavioral pattern of the new network stack.

Any self-respecting network scanner should be able to detect an operating system used on the host being scanned. The more parameters it uses for this purpose, the more accurate the result is. For example, Nmap employs a wide range of metrics: various TCP metrics (the timestamp values behavior, re-ordering TCP options), IP metrics (an algorithm for a packet order number calculation, processing of IP packet flags) and other metrics.

June 20, 2012

SCADA Security: How To Stay Alive

Hardly could have anyone imagined a couple of years ago that viruses would jump to the real world bringing power capable of attacking whole production systems and breaking down machines and industrial plants, let alone stealing data and interrupting software operations. It might seem inconceivable: networks on plants are usually separated from public and internal networks, software and hardware are distinct from those used in common networks; moreover, all processes are strictly regulated and closely controlled...

And still, when it comes not to a single hacker but a group of professionals in SCADA, skilled hackers and engineers, most probably endorsed by a state, everything gets possible.

June 9, 2012

MaxPatrol Supports Skybox® Security Risk Control

Skybox Security is the leading provider of proactive security management solutions for global enterprises.

The integration of Skybox Security Risk Control and the MaxPatrol Vulnerability and Compliance Management System is based on the popularity of these products with corporate network customers.

June 8, 2012

Vulnerability in Nginx Eliminated

Vladimir Kochetkov, a Positive Research expert, has detected severe vulnerability in Nginx under Windows.

When it comes to Windows platforms, there are many ways of gaining access to one and the same file, some of which were not considered by nginx developers. Nginx versions for Windows (from 0.7.52 to 1.2.0 and 1.3.0 included) proved vulnerable to bypassing security restrictions. The vulnerability enabled an attacker to redirect HTTP requests to certain URL bypassing the rules set in the location directives of the web server configuration.