Google helpdesk hacking-Nov 02, 2017
A few weeks ago we brought to your attention Ticket Trick Help Desk Hacking and explained the wide variety of systems which could be susceptable to this attack. Further information on the use of this attack vector to infiltrate Google’s help desk application, Buganizer, is available via the medium article.
Defeating Google's audio reCaptcha with 85% accuracy-Nov 01, 2017
The internet is a weird and wonderful place where two or more parties share a communication link to communicate with each other. For services that assume a human will interact them there is significant scope for abuse of that service by programs designed to take advantage of that service. Computationally it is very cheap to send data over the internet and any function which performs a function on the data received, unless returning a static zero length message, will incur more costs than the sender.
We discuss ways that bot writers can use tools to enable the defeat of reCaptcha to wreak havok
How to perform CSV injection attacks-Oct 08, 2017
As developers of business applications it is very common to create services that produce CSV files. CSV files comprise of tabular data on each row that is delimited by commas. Services for this format are simple to write and blazingly fast. Unfortunatly, partly because how quickly they can be produced, a lot of garbage can make its way into csv files. The fast majority of users will open csv files in the behometh, and much loved, Microsoft Excel. Excel is complete beast and will happily do many things with our csv file.
Ticket trick helpdesk hacking-Sep 21, 2017
A recent public announcement by Inti De Ceukelaire (@securinti) shed some light on an exploit that he has been able to use on multiple websites. He has named this exploit “Ticket trick helpdesk hacking”.
German election voting software found to be insecure-Sep 08, 2017
Recent anaylsis by the Chaos Computer Club have found German voting software PC-Wahl 10 to have fundamental security issues. Their report highlights a host of vulnerabilities which are trivial to exploit. Exploitation could tamper with voting results at municipal polling offices and transmitted to state election authorities.
Python API library for Vulners Database-Sep 08, 2017
Analysing the byte entropy of a FAT formatted disk-Jan 27, 2009
Over at the Honeynet Project they used to run security competitions which were quite a bit of fun. I remembered one in particular which I looked at but hadn’t completed. It dealt with the forensic investigation of a floppy disk. I was tinkering with an application to measure byte entropy and thinking of a way that it could be used in a forensic investigation. There is no point using the little application to analyse my terabyte (TB) sized drives so remembering the floppy disk challenge I downloaded the floppy disk image (1.44MB;MD5 = b676147f63923e1f428131d59b1d6a72).