Hack in the Box Ezine January 2010 - Malware Obfuscation - Tricks and Traps

HITB Reloaded
Download

[Perfect Paperback]Debugging Experts Journal - Artifacts of Inline User Mode Heap Analysis.

Hakin9 January 2010 - Behavioral Analysis of Unwise_.exe Malware!

Check

Whitepaper Released - Design Inaccuracy - Cross Link Authoring Flaw - Scribd Flaw - iPaper Platform

NoScript Nested URL Unescaping Bug

Recent Conferences

SecNiche Security has presented talk at below mentioned conferences
[2009] FOSS (Free and Open Source Software) Conference 2009 Bangalore India
[2009] SecurityByte - Owasp Conference 2009 New Delhi India
[2009] Excalibur Conference 2009 : WUXI China
Download Talks at : Events

Elsevier Computer Fraud and Security Journal - "Security Breaches in Vendor Websites."

Elsevier published paper in Computer Fraud and Security on "Security Breaches in Vendor Websites. "
Check

Internet Explorer 8 : Anti Spoofing is a Myth - Broken Status Address Bar Link Integrity

Interesting status bar link integrity issue.
Check

Hakin9 Edition July - August 2009

Self Exposure Talk with Hakin9 - Interview
An Interview with Hakin9

Hakin9 Edition July - August 2009

Hakin9 has published a new paper on "Hacking through Wild Cards".
http://www.hakin9.org/prt/view/latest-issue/issue/1052.html

Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing

Google docs network was vulnerable to PDF repurposing attacks. The vulnerability was disclosed to Google with a discretion. This was done to mitigate the risk . Google had worked over it and patched it with in a period of 5 days. The Google doc has been refined now and the integrated support for adobe plugin is removed.
http://secniche.org/gmd_hijack/gc_hijack.xhtml
http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf

Whitepaper Released - PDF Silent HTTP Form Repurposing Attacks

This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it. As we have seen, the kind of security mechanism implemented by Adobe in order to remove the insecurities that originate directly from the standalone PDF document in order to circumvent cross domain access. The attack is targeted on the web applications that allow PDF documents to be uploaded on the web server.
PAPER

Troopers 09 Security Conference , Munich Germany

SecNiche Security has presented talk at Troopers 09 Conference.
Website

Google Chrome 1.0.154.59 "throw exception" Memory Exhaustion Vulnerability

Google Chrome 1.0.154.59 "throw exception" Memory Exhaustion Vulnerability
Detail Lookup

Elsevier Network Security Journal : From Vulnerability to Patch - Window of Exposure (WOE)

Elsevier published paper in Network Security Journal on "Window of Exposure (WOE)"
Check

Google Chrome 1.0.154.48 Single Thread Alert Out of Bound Memory Access Vulnerability

Google Chrome 1.0.154.48 Single Thread Alert Out of Bound Memory Access Vulnerability
Detail Lookup

Whitepaper Released - Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications

This paper sheds light on the hyper linking issues observed during penetration testing of web based enterprise applications. This concept can be used to bypass standard XSS filters by creating a malicious Microsoft word document.
PAPER

Hakin9 Edition March-April 2009

Hakin9 has published a new paper on "Mapping HTTP Interface Embedded Devices ".
http://hakin9.org/prt/view/about-the-mag/issue/974.html

SCMamagzine Interview regarding Google Chrome Clickjacking

Google Chrome 1.0.154.43 ClickJacking Vulnerability.
About Interview and SC Magazine Article
http://zeroknock.blogspot.com/2009/02/more-towards-clickjacking-simulating.html

Other News

Google Chrome 1.0.154.43 ClickJacking Vulnerability

Google Chrome 1.0.154.43 ClickJacking Vulnerability.
Detail Lookup

[CVE: 2008-5446] Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability.

Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability.
Detail Lookup

Hakin9 Edition January- February 2009

Hakin9 has published new paper on "Hacking IM Memory Encryption Flaws".
http://hakin9.org/prt/view/about-the-mag/issue/959.html

[BID- 33112]Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.

Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Detail Lookup

XCON2008 and XKungFoo2008 Information Security and Hacking Conferences.

SecNiche Security has presented talks at Xfocus Xcon and Xkungfoo Conferences in the month of november.
http://xcon.xfocus.org
XCON2008 Talk.
http://www.xkungfoo.org

Clubhack 2008 Security Conference

SecNiche Security has presented talk at Clubhack 2008 Conference.
Website

Hakin9 Edition November-December 2008

Hakin9 has published new paper on "Auditing Oracle Applications in Production Environement".
http://hakin9.org/prt/view/about-the-mag/issue/930.html

Google Chrome URI Obfuscation Advisory.

Google Chrome MetaCharacter URI Obfuscation Vulnerability
Detail Lookup

Elsevier Network Security Journal : Hiding a Knife behind a Smile : OBS Hacking Threats

Elsevier published paper in Network Security Journal on "Hiding a Knife behind a Smile : OBS Hacking Threats."
Check

Mozilla Firefox , Opera and Google Chrome Released Advisory.

Google Chrome Window Object Suppressing Remote Denial of Service.
Mozilla Firefox(3.0.3) User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service..
Opera (9.52) Window Object Suppressing Remote Denial of Service.

Detail Lookup

Released Advisories.

[BID 31375] Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos
[VU#868979, CVE-2008-2472] Skype IM Client Password Disclosure Vulnerability.
[VU#916763, CVE-2008-2471] Miranda IM Client Password Disclosure Vulnerability.
[VU#985667, CVE-2008-2473] Pidgin IM Client Password Disclosure Vulnerability.
[BID - 31215]|[CVE-2008- 4127]|[VU#742699] Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
Detail Lookup

Hakin9 publsished a new paper on "Auditing Rich Internet Applications.

Hakin9 publsished a new paper on "Auditing Rich Internet Applications."
Check

MSRC Security Appreciation Meeting , Las Vegas USA .

Its been a matter of positive concern that SecNiche Security has been invited at MSRC security appreciation meeting in Las Vegas USA. The meeting intends to greet the security researchers who are working along with MSRC team over vulnerabilities that are prevailing.The reception is termed under Blackhat Secure.

Shakacon 2008 Hawaii USA Presentations.

The shakacon conference presentation is online. You can grasp at
Fetch.

SNS08-01 Whitepaper - Paranaormal Fallacy -SE Automated Scanning Anomaly..

A new whitepaper is released on automated scan anomaly in Google search engine that affect the automated tools.
Grasp.

SecNiche - Technology Partner for EvilFingers.

EvilFingers aims at uniting different pieces of information into one unanimous framework, where everything is mapped to everything else. This approach helps analysts, engineers, consultants and the management to understand the meaningful relationships between different parts of Information Security that could be lost if it remains untouched.

Evil fingers Technology Partner.

EuSecWest Talk PDF - 2008 London UK Stats

The talk was succesfully presented at the EuSecWest conference this year.The talk was properly scrutinized by DL-PSIRT i.e. Adobe Product Security Incident Response Team. I really appreciate the concern shown by the Adobe Security professionals in relation to this talk. The exchange of views and coordinated discloser is set for protecting PDF applications.

Adobe Product Systems.
EuSecWest 2008