Have you ever had a penetration tester ask permission to execute an attack or perform some other action? You should have, because we would prefer to do that rather than just try that “risky” exploit or make the configuration change. To be clear, most penetration testers don’t go rogue. If the company that does your assessments is doing these types of actions without checking with you first, it’s time to reconsider who you are contracting for your assessments.
Imagine this: you go to your mailbox and pull out the assorted letters and circulars. One of the letters is from your doctor’s office, informing you that the office was broken into and an unsecured laptop was stolen; it contained data on some of the patients and your data may have been on the laptop.
The reality is that those letters are appearing in mailboxes nationwide. Continue reading
Recently, the SecureState Research and Innovation team found a critical flaw in the latest, stable releases of Firebird SQL. Firebird SQL is an open source SQL server that can sometimes be found bundled with other software packages. The vulnerability SecureState found is a remotely exploitable stack buffer overflow which can be triggered by an unauthenticated user. The vulnerability occurs when the length of a group identifier field in the CNCT information of data sent by the client is not properly validated. This allows 32 bytes to be written to the stack when only 4 should be allowed. The result leads to overwriting a critical pointer which is later used to read a function pointer. Continue reading
If hackers were able to manipulate the world’s accounting systems, governments and corporations would be in a frenzy. Guess what? Hackers can and will.
OWASP Cleveland Chapter Meeting
Featuring Joe Kuemerle
Tuesday, December 18th from Noon – 2 p.m.
23340 Miles Road, Cleveland, OH 44128 (SecureState)
Presentation: Reverse Engineering .NET and Java