We stick to basics thereby reiterating the hidden elements of security from this complex systems. We respect the researchers and hackers who work effortlessly to support community at par. We believe in hunting core to deface the reality of this machine world. The Niche of Security lockdown.
Optimized Derivative of Complex Security
HOME
Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing
Google docs network was vulnerable to PDF repurposing attacks. The
vulnerability was disclosed to Google with a discretion.
This was done to mitigate the risk . Google had worked over it and
patched it with in a period of 5 days. The Google doc has
been refined now and the integrated support for adobe plugin is removed.
http://secniche.org/gmd_hijack/gc_hijack.xhtml
http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf
Whitepaper Released - PDF Silent HTTP Form Repurposing Attacks
This paper sheds light on the modified approach to trigger web attacks
through JavaScript protocol handler in the context of browser when a PDF is opened
in it. As we have seen, the kind of security mechanism implemented by Adobe in order
to remove the insecurities that originate directly from the standalone PDF document
in order to circumvent cross domain access. The attack is targeted on the web applications
that allow PDF documents to be uploaded on the web server.
PAPER
Troopers 09 Security Conference , Munich Germany
SecNiche Security has presented talk at Troopers 09 Conference.
Website
Google Chrome 1.0.154.59 "throw exception" Memory Exhaustion Vulnerability
Google Chrome 1.0.154.59 "throw exception" Memory Exhaustion Vulnerability
Detail Lookup
Elsevier Network Security Journal : From Vulnerability to Patch - Window of Exposure (WOE)
Elsevier published paper in Network Security Journal on "Window of Exposure (WOE)"
Check
Google Chrome 1.0.154.48 Single Thread Alert Out of Bound Memory Access Vulnerability
Google Chrome 1.0.154.48 Single Thread Alert Out of Bound Memory Access Vulnerability
Detail Lookup
Whitepaper Released - Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications
This paper sheds light on the hyper linking issues observed during penetration testing of web based enterprise
applications. This concept can be used to bypass standard XSS filters by creating a malicious Microsoft word document.
PAPER
Hakin9 Edition March-April 2009
Hakin9 has published a new paper on "Mapping HTTP Interface Embedded Devices ".
http://hakin9.org/prt/view/about-the-mag/issue/974.html
SCMamagzine Interview regarding Google Chrome Clickjacking
Google Chrome 1.0.154.43 ClickJacking Vulnerability.
About Interview and SC Magazine Article
http://zeroknock.blogspot.com/2009/02/more-towards-clickjacking-simulating.html
Other News
http://www.eweek.com/c/a/Security/From-Internet-Explorer-8-to-Google-Chrome-an-Eye-on-Clickjacking/http://www.scmagazineus.com/Google-working-on-fix-for-clickjacking-vulnerability-in-Chrome/article/126658/
http://news.zdnet.co.uk/security/0,1000000189,39605988,00.htm
http://blog.internetnews.com/skerner/2009/01/new-clickjacking-attack-for-ch.html
http://news.cnet.com/8301-1009_3-10152438-83.html
http://rcpmag.com/news/article.aspx?editorialsid=10563
http://www.heise-online.co.uk/security/Popular-browsers-continue-to-be-vulnerable-to-clickjacking-attacks-Updated--/news/112518
Google Chrome 1.0.154.43 ClickJacking Vulnerability
Google Chrome 1.0.154.43 ClickJacking Vulnerability.
Detail Lookup
[CVE: 2008-5446] Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability.
Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability.
Detail Lookup
Hakin9 Edition January- February 2009
Hakin9 has published new paper on "Hacking IM Memory Encryption Flaws".
http://hakin9.org/prt/view/about-the-mag/issue/959.html
[BID- 33112]Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Detail Lookup
XCON2008 and XKungFoo2008 Information Security and Hacking Conferences.
SecNiche Security has presented talks at Xfocus Xcon and Xkungfoo Conferences
in the month of november.
http://xcon.xfocus.org
XCON2008 Talk.
http://www.xkungfoo.org
Clubhack 2008 Security Conference
SecNiche Security has presented talk at Clubhack 2008 Conference.
Website
Hakin9 Edition November-December 2008
Hakin9 has published new paper on "Auditing Oracle Applications in Production Environement".
http://hakin9.org/prt/view/about-the-mag/issue/930.html
Google Chrome URI Obfuscation Advisory.
Google Chrome MetaCharacter URI Obfuscation Vulnerability
Detail Lookup
Elsevier Network Security Journal : Hiding a Knife behind a Smile : OBS Hacking Threats
Elsevier published paper in Network Security Journal on "Hiding a Knife behind a Smile : OBS Hacking Threats."
Check
Mozilla Firefox , Opera and Google Chrome Released Advisory.
Google Chrome Window Object Suppressing Remote Denial of Service.
Mozilla Firefox(3.0.3) User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service..
Opera (9.52) Window Object Suppressing Remote Denial of Service.
Detail Lookup
Released Advisories.
[BID 31375] Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos
[VU#868979, CVE-2008-2472] Skype IM Client Password Disclosure Vulnerability.
[VU#916763, CVE-2008-2471] Miranda IM Client Password Disclosure Vulnerability.
[VU#985667, CVE-2008-2473] Pidgin IM Client Password Disclosure Vulnerability.
[BID - 31215]|[CVE-2008- 4127]|[VU#742699] Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
Detail Lookup
Hakin9 publsished a new paper on "Auditing Rich Internet Applications.
Hakin9 publsished a new paper on "Auditing Rich Internet Applications."
Check
MSRC Security Appreciation Meeting , Las Vegas USA .
Its been a matter of positive concern that SecNiche Security has been invited
at MSRC security appreciation meeting in Las Vegas USA. The meeting intends to
greet the security researchers who are working along with MSRC team over
vulnerabilities that are prevailing.The reception is termed under Blackhat
Secure.
Shakacon 2008 Hawaii USA Presentations.
The shakacon conference presentation is online. You can grasp at
Fetch.
SNS08-01 Whitepaper - Paranaormal Fallacy -SE Automated Scanning Anomaly..
A new whitepaper is released on automated scan anomaly in Google
search engine that affect the automated tools.
Grasp.
SecNiche - Technology Partner for EvilFingers.
EvilFingers aims at uniting different pieces of information into one unanimous framework,
where everything is mapped to everything else. This approach helps analysts, engineers,
consultants and the management to understand the meaningful relationships between different
parts of Information Security that could be lost if it remains untouched.
Evil fingers Technology Partner.
EuSecWest Talk PDF - 2008 London UK Stats
The talk was succesfully presented at the EuSecWest conference this year.The talk
was properly scrutinized by DL-PSIRT i.e. Adobe Product Security Incident Response
Team. I really appreciate the concern shown by the Adobe Security professionals in
relation to this talk. The exchange of views and coordinated discloser is set
for protecting PDF applications.
Adobe Product Systems.
EuSecWest 2008