I was at the CCC (28C3) congress in Berlin recently. Where the two researchers Alexander ‘alech’ Klink and Julian ‘zeri’ Wälde disclosed a DoS vulnerability affecting about all programming languages in the way they utilize hashtables. Funny thing is, most server technologies, PHP, ASP (.NET), Java variants, Pyhon (django) etc, all appear to be vulnerable to different variants of the attack. It consists of abusing the hashtable datastructure(s) in a way…
More+Back in good old 2008, a researcher at the security firm Outpost24 – Jack C. Louis; found a crucial DoS vulnerability in the fundaments of TCP/IP. In fact, it turned out to be so powerful, that all major operating systems appeared to be vulnerable.
We got a PoC…
More+Hey again! I though you needed a christmas present. So, I kind of found a couple of CSRF vulnerabilities in the LaCie Network Space NAS v1.1.6, and I though: Hey, it was a long time ago since I wrote here. So why not disclose something fun… …so well folks, it appears that the NAS do not seperate HTTP GET and POST variables apart from each other. One thing lead to…
More+Yeah, you know the deal. Another network-based attack! This time, a LAND-attack (Local Area Network Denial – attack). I know the first thing that comes to your mind is: “LAME. With a MITM (Man-in-the-Middle), you can at least steal data, with this you simply DoS someone…” Not so fast.
More+Hey! Remember the good old days when the web spouted RFI’s everywhere? We miss those days. So me and Fredrik figured out a new way to reincarnate the old dusty RFI’s! This is an unexpected feature in PHP that allows you to communicate with external servers even though allow_url_include = Off.
More+