Security Advisory Lingo Demystified F'Reals

Inspired by Cisco Security Advisory Lingo Demystified.

Remote code execution: Can be used to pop up porn ads and send spam.

Mitigating factors: Bold-faced lies.

Workarounds: Hold onto your butts, we're not patching this anytime soon.

Not exploitable in the default configuration: Remote code execution.

Limited targeted attacks: You've been owned 6 times in the time it took you to read this.

Responsible disclosure: Researcher allowed the vendor to drag their feet for 18 months in order to ensure credit in the advisory.

Crafted packet: Who knows, Metasploit does all that nerd stuff.

Denial of service condition: Remote code execution.

Krpata's Law

Godwin's Law: "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches 1."

Krpata's Law: As any online discussion grows longer, the probability of someone linking to XKCD approaches 1.

Interesting Firefox Alert

Not sure I know what this means or whether it's useful yet, but if you try to make Firefox FTP to an SSH server (ftp://whatever:22) and hit Stop before it times out, it'll pop up an alert with the SSH version string.









Happens the same way whether you put it in the nav bar, img tag, script tag, or whatever. Wonder if there's any way to get at that programmatically.

DFU Mode

If you're uncoordinated and easily confused like I am, here's a video on how to put your iPhone into DFU mode that even I was able to follow. Thank you, random college kid and wandering roommate.

Blackhat/DEFCON

Ok, I'm apparently not going to get around to a full recap of Blackhat/DEFCON, so here's some bullet points.

• Shawn Moyer/Nathan Hamiel talk was first and probably best at BH. I don't think most people got it. I'm not sure I even 100% got it.
  
• Thanks to the DEFCON goons who got me into the BH speakers party. Maybe next year I will be there for real.
• WhiteHat dinner was excellent! Good people over there.
  
• Mandiant training was good. A little more "find malware in Windows boxes" than I'd have liked, but overall a very valuable experience.
• HackProv! (Did you know that Chicago plays "Big Buddha" differently than Boston? They use swears.)
  
• Badges by December. Seriously badge fail.
• My favorite moment of the whole trip was making an analog iPhone amplifier out of a plastic cup and Seventeen magazine at the Riv bar at like 3am.
• Also, some dude was like "I don't think you guys like the same music as me" but it turns out his iPod was loaded up with 90's industrial and we were all like "sup man"
• Honestly by the time DEFCON rolled around I was pretty much talked out, I only ended up going to a very small number of talks. "The Psychology of Security Unusability" was excellent but much too rushed

Hallway/bar track was the best. Met a ton of cool people, and probably (maybe?) justified the money my company spent to send me out there. Definitely looking forward to next year, though I may skip the training.

XSS-ing the user agent. Is there a point?

Still haven't gotten around to recapping the rest of BlackHat/DEFCON. It's still on the list. In the meantime...

I've been seeing a lot of this lately:
User-Agent: <script>window.location='http://somewhere'</script> (compatible; MSIE 7.0; ...etc etc)

I'm not sure if this is attacking a specific vulnerability, or just trolling for unknown XSS vulnerabilities. Doesn't seem like the most subtle way to do it in either case. Anyone know?

Post BlackHat/DEFCON

Unfortunately the blogging failed closed after Blackhat Part 1, as the network got a little too dangerous to start throwing my Blogger credentials across it.

I have a ton to write about, and it's going to take me several posts. In the meantime, DEFCON BEES