milw0rm.com · Domains · Slashdot Mirror

Re:unanimous multi-polling? by OriginalArlen · 2008-08-21 22:38 · Score: 2, Interesting · on DNS Poisoning Hits One of China's Biggest ISPs

The only real fix available now for the fundamental vulnerability is DNSSEC. There's an excellent doc up on ISC's site called DNSSEC in Six Minutes for those who read bothered to read Kaminsky's actual presentation (especially the last 40 or so slides on subtle ways security systems like SSL break when you can't trust DNS), put that together with the ten hour exploit for patched servers, and realised we're not out of the woods yet by a long chalk...

Re:So what? by x_MeRLiN_x · 2008-08-06 13:27 · Score: 3, Insightful · on Students Learn To Write Viruses

So..? The ability to "hack software" is the ability to find exploits. An exploit that only you know is far more dangerous than one that circulates widely enough to reach the attention of a college lecturer.

There are public lists of unpacthced exploits. It's easy to become part of an underground community that pools their exploits.

My point being, this knowledge is incredibly easy to obtain by anyone. I'm inclined to believe that college students receiving tuition from an ethical hacker who presumably intend to gain legal employment are less of a risk to society than people who decide to Google for the latest exploits so they can exact revenge on an employer (for example) or those with truly nefarious intentions and are talented enough not to need outside tuition.

Obscure Security Fix ? by coretx · 2008-07-02 23:39 · Score: 1 · on ICQ Starts Blocking Alternative Clients

ICQ 6 - HTML Injection & execution ? http://www.milw0rm.com/video/watch.php?id=75 Here you can see the vulnerability in action. ICQ renders useing IE ... :'( Does it have to do something with this news ;)

Re:Vulnerabilities galore! by Butterspoon · 2008-06-12 01:59 · Score: 1 · on Joomla! A User's Guide

Wow. Just compare these two:

Ok, it's not terribly scientific but the difference is striking. Note also that Drupal is currently on version 6.2.

Re:Vulnerabilities galore! by Butterspoon · 2008-06-12 01:59 · Score: 1 · on Joomla! A User's Guide

Wow. Just compare these two:

Ok, it's not terribly scientific but the difference is striking. Note also that Drupal is currently on version 6.2.

Re:Vulnerabilities galore! by Anonymous Coward · 2008-06-11 14:02 · Score: 1, Informative · on Joomla! A User's Guide

A search for CVE identifiers related to Joomla returns 244 hits:
http://nvd.nist.gov/nvd.cfm

New exploits for the vulnerabilities are released several times per week:
http://milw0rm.com/search.php?dong=joomla

Sounds like really good quality stuff... Notice that most of the vulnerabilities are for 3rd party add-ons or earlier versions...

Sounds like really good quality comment...

Vulnerabilities galore! by WD · 2008-06-11 09:01 · Score: 3, Informative · on Joomla! A User's Guide

A search for CVE identifiers related to Joomla returns 244 hits:
http://nvd.nist.gov/nvd.cfm

New exploits for the vulnerabilities are released several times per week:
http://milw0rm.com/search.php?dong=joomla

Sounds like really good quality stuff...

what about security.. by Anonymous Coward · 2008-05-16 18:50 · Score: 0 · on Keeping Customer From Accessing My Database?

One reason to heavily restrict sqlplus style access to an Oracle database is that unless you're completely on top of your patching there's a significant risk that anyone with that access can get their privileges escalated to DBA level using one of the many SQL Injection vulnerabilities in Oracle packages. If you want the really paranoid option you can point out that there are probably zero-days in there as well, even if you are fully patched (AFAIK NGS SQuirreL (a database security scanner) will mention those in any reporting you do).

If you're looking for examples to show your management, then a quick trip to millw0rm should do the trick http://www.milw0rm.com/exploits/4994 , http://www.milw0rm.com/exploits/4570 etc etc

what about security.. by Anonymous Coward · 2008-05-16 18:50 · Score: 0 · on Keeping Customer From Accessing My Database?

One reason to heavily restrict sqlplus style access to an Oracle database is that unless you're completely on top of your patching there's a significant risk that anyone with that access can get their privileges escalated to DBA level using one of the many SQL Injection vulnerabilities in Oracle packages. If you want the really paranoid option you can point out that there are probably zero-days in there as well, even if you are fully patched (AFAIK NGS SQuirreL (a database security scanner) will mention those in any reporting you do).

If you're looking for examples to show your management, then a quick trip to millw0rm should do the trick http://www.milw0rm.com/exploits/4994 , http://www.milw0rm.com/exploits/4570 etc etc

Already been used by caluml · 2008-04-24 03:10 · Score: 4, Informative · on Patch the Linux Kernel Without Reboots

There was a kernel exploit recently where someone submitted a patch that modified the running kernel using this technology. It didn't work for me, so I had to resort to patching the .c that was affected - but a lot of people reported that it worked.

Security hole actually in Fully Modded phpBB by Hynee · 2008-03-18 04:23 · Score: 2, Informative · on Mass Website Hack Compromises 200,000 Sites

As reported in Secunia, the SQL injection bug was found in Fully Modded phpBB on 12-Mar, see here.

The Fully Modded phpBB website is down, but it is basically a fork or extension of the base phpBB code, which remains secure.

I know I've labored the point about phpBB not being vulnerable to this kind of attack, but it really is built from the ground up for security. This exploit does not affect phpBB, just the heavily modified for "Fully Modded phpBB".

Re:Beauty of OSS by smittyoneeach · 2008-02-10 12:12 · Score: 2, Funny · on Linux Kernel 2.6 Local Root Exploit

Did you follow http://www.milw0rm.com/exploits/5092?

Allow me to past in the first couple of lines:

/* * jessica_biel_naked_in_my_bed.c *

Apparently, milw0rm does have a patch for that.

Re:I am so depressed ... by Cytlid · 2008-02-10 08:55 · Score: 4, Informative · on Linux Kernel 2.6 Local Root Exploit

Uh oh. There's another link, (not the one from the /. article) that worked on my machine:

http://www.milw0rm.com/exploits/5093

Notice the original article links to 5092.

Re:Lopsided... by Weedlekin · 2008-02-07 00:06 · Score: 1 · on Mac Hack Contest Redux

"This is from 2006 and is a fairly basic security flaw. http://milw0rm.com/exploits/1545 "

It was (past tense because Apple patched it in 2006) strictly a local exploit, and therefore of negligible risk. This is why the same milwOrm.com site lists a bunch of them for other UNIX variants that have excellent security records, e.g. AIX, Solaris, and HP/UX, and even QNX.

"Mac OS X simply has not been a valuable enough target in the past to be attacked in a meaningful way."

Or perhaps it's due to the fact that milw0rm.com has a total of 9 _remote vulnerabilities_ for OS X and various programs that run on it, the last of which was reported in March 2007, while their listing for Windows and software for Windows contains well over 30 entries reported in 2008 (which isn't even two months old yet!).

Re:Lopsided... by phantomcircuit · 2008-02-06 18:23 · Score: 1 · on Mac Hack Contest Redux

This is from 2006 and is a fairly basic security flaw. http://milw0rm.com/exploits/1545 Mac OS X simply has not been a valuable enough target in the past to be attacked in a meaningful way.

milw0rm by Anonymous Coward · 2007-11-20 09:54 · Score: 0 · on Using Google To Crack MD5 Passwords

hmm .. slashdoting the milcracker.. *cowers*

http://milw0rm.com/cracker/insert.php

Also, it is indexed by google :-)
I guess the lesson is to search google first, and if it's not there, submit to the milcracker.

The real Linux news today. by ubiquitin · 2007-10-09 17:07 · Score: 5, Interesting · on Linux Kernel v2.6.23 Released

An exploit with feature-complete proof of concept was released for x86_64 linux kernel ia32syscall emulation by cliph at isec in Poland. Exploit code was wildly popular on milw0rm, indicating that this local exploit has lots of potential.

The real Linux news today. by ubiquitin · 2007-10-09 17:07 · Score: 5, Interesting · on Linux Kernel v2.6.23 Released

An exploit with feature-complete proof of concept was released for x86_64 linux kernel ia32syscall emulation by cliph at isec in Poland. Exploit code was wildly popular on milw0rm, indicating that this local exploit has lots of potential.

Re:Help me out by Lesrahpem · 2007-06-08 21:48 · Score: 1 · on Microsoft's IIS is Twice as Likely to Host Malware?

Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.

This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.

Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
http://milw0rm.com/exploits/4016
http://milw0rm.com/exploits/2056
http://milw0rm.com/exploits/1260
http://milw0rm.com/exploits/1178
And those are just the public ones.

Re:Help me out by Lesrahpem · 2007-06-08 21:48 · Score: 1 · on Microsoft's IIS is Twice as Likely to Host Malware?

Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.

This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.

Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
http://milw0rm.com/exploits/4016
http://milw0rm.com/exploits/2056
http://milw0rm.com/exploits/1260
http://milw0rm.com/exploits/1178
And those are just the public ones.

Re:Help me out by Lesrahpem · 2007-06-08 21:48 · Score: 1 · on Microsoft's IIS is Twice as Likely to Host Malware?

Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.

This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.

Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
http://milw0rm.com/exploits/4016
http://milw0rm.com/exploits/2056
http://milw0rm.com/exploits/1260
http://milw0rm.com/exploits/1178
And those are just the public ones.

Re:Help me out by Lesrahpem · 2007-06-08 21:48 · Score: 1 · on Microsoft's IIS is Twice as Likely to Host Malware?

Actually, this statistic means more than might be obvious. According to netcraft there are around 65,588,298 servers running Apache on the Internet (53.76% of all web sites), and 38,836,030 servers running IIS on the Internet (31.83% of all web sites). Now, we can safely assume that all of those servers running IIS are running Windows since IIS only runs on Windows. Apache runs on many different operating systems, but it's logical to assume that most Apache server are not running Windows.

This means that even though there are about half as many IIS web servers (therefore, windows) on the internet as Apache (mostly non-windows) web servers, servers running Windows/IIS are still twice as likely to be hosting malware as the Apache/*nix servers. I think it's a fairly interesting statistic when looked at from that perspective.

Oh, and for the guy who said "Patches? Patches for what? Has IIS had any remotely exploitable holes since version 5?":
http://milw0rm.com/exploits/4016
http://milw0rm.com/exploits/2056
http://milw0rm.com/exploits/1260
http://milw0rm.com/exploits/1178
And those are just the public ones.

Re:Your confusion by Shadow-isoHunt · 2007-05-26 19:11 · Score: 2, Informative · on Apple Mac OS X Update For 17 Vulnerabilities

No exploits, eh? Ever search on milw0rm.com? Quite a few exploits there. Do you monitor any security lists at all? BugTraq?

linux == good by rolz · 2007-05-13 23:44 · Score: 1 · on Microsoft Says Free Software Violates 235 Patents

I'm reading only one thing, Microsoft (tm) admitting FOSS software is great. And they want a piece of it. Sadly enough FOSS people tend to hate m$ because of all the evil things they do. Like having WGA phone home every day. Not to mention all the US law that windows(tm) falls under, which makes it an economical risk for other countries. Novell got $$$ out of the deal, the FOSS people that mattered, - possible exception being miguell- left. It's an empty shell now, microsoft is getting desperate. Furthermore Suse uses RPM,hah. It's as simple as this. Microsoft does not have a patent, on "opereating systems". Anything that makes sence to have been patented will be invented around. But Microsoft will not dare to make the list of patents known. Like SCO all they have is some idle thread. linux and windows are entirely different operating systems. Linux has in the past done it's best to avoid patents that make sence. For example SeH(structured exception handling) which is in all lightlyhood better than the signals used in linux, was not "ripped" because of these issues. Email programs would infringe 15 pattents. Tell me how xmail manages that ;). most of those however will be UI? can you really patent a "reply all" button? (Let me save the courts some work) No. There are Billions of lines of opensource software, we only infringe 235 pattents of microsoft? Let microsoft make a list of 235 things opensource software should be allowed to do, and then let the courts decide. Ofcourse this won't happen. All they want is to send some stupid press releases out. They are desperate, they should have though of 235 ways to make Vista not suck so badly. Tell me how can you screw up copy and move of files http://forums.microsoft.com/TechNet/ShowPost.aspx? PostID=1358057&SiteID=17 write a browser that anno 2007 only needs this to overwrite arbitrary files http://www.milw0rm.com/exploits/3892 ... Windows just doesn't make sence anymore. The dumbed down UI with poor performance was great in the earlier days of IT, but it didn't evolve right. Sorry. One more thing, are they going to sue, all those african/south american childs who are just now recieving their XO's (OLPC) ? How's that for being evil?

Re:It would be nice to have real information on th by Anonymous Coward · 2007-04-07 08:19 · Score: 0 · on Windows .ANI Problem Surfaced Two Years Ago

advisory: http://www.determina.com/security.research/vulnera bilities/ani-header.html
proof of concept source code: http://www.milw0rm.com/exploits/3651
third party patch source code: http://aircash.sourceforge.net/zerodaypatches.html
information from Microsoft: http://www.microsoft.com/technet/security/Bulletin /MS07-017.mspx