Dolos DNS Rebiner: What You Need to Know
Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using ... Read More
What is Zombie POODLE?
This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came to develop a new CBC padding oracle scanner, and a ... Read More
TLS CBC Padding Oracles in 2019
Since August, I’ve spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary (i.e. MiTM) to hijack authenticated HTTPS sessions. The ... Read More
What is GOLDENDOODLE Attack?
This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came to develop a new CBC padding oracle scanner, and a ... Read More
The Election Fix: Upgrading Georgia’s Electronic Voting Machines
Electronic voting systems are touted as a modern solution for fast and accurate vote tallies, but without appropriate safeguards, these systems run the very serious risk of eroding public confidence in election results. In Georgia, we’ve been using the iconic AccuVote TSX machines from Diebold for as long as I’ve ... Read More
Introducing Zombie POODLE and GOLDENDOODLE
I’m excited to announce that I will be presenting at this year’s Black Hat Asia about my research into detecting and exploiting CBC padding oracles! Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I’ll be discussing. Similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, ... Read More
Fuzzing PHP for Fun and Profit
PHP is probably the single most prevalent server-side scripting language on the web. PHP has been the de facto choice for popular blog platforms like WordPress, Joomla and Drupal, which makes it a very attractive target for a wide range of attackers. It is also a very ideal system for ... Read More
Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype
Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty ... Read More
WPA3: What You Need To Know
Earlier this month, the Wi-Fi Alliance made a press release announcing the availability of WPA3. Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts ... Read More
Google’s Newest Feature: Find My Home
The commoditization of personal data in recent years has created huge opportunities for anyone with the skills to collect, catalogue and correlate every aspect of our lives. For many years now, there has been a war between browser vendors and unscrupulous advertisers looking for tricks to uniquely identify users and ... Read More
