By Alex Rothacker

Privilege escalation attacks consist of exploiting a bug or design flaw in a software application to gain access to resources which normally are protected from an application or user. The result is that the application allows actions with privileges beyond an acceptable level for the specific user.  

By Ivan Arce

In the early years of Core Security Technologies, the company not only offered security consulting services, but often was sub-contracted to do R+D for several security vendors. The first and most intellectually rewarding of such contracts came from Secure Networks Inc. (SNI), a Canadian start-up that was developing a network vulnerability scanner named Ballista Network Auditing System. Our contract work for SNI, plus a couple of local security consulting contracts, were largely responsible for the financial viability of Core in its early days and for that I will be always thankful to the SNI team.

Microsoft has released four new security bulletins in the July 2010 edition of patch Tuesday. These bulletins address five vulnerabilities.

It is not uncommon, and has become expected, for a light patch Tuesday to follow a heavy patch Tuesday release from Microsoft.  Last month, Microsoft released a hefty load of patches with 10 security bulletins addressing 34 vulnerabilities.

By Costin Raiu

Recently, I was sitting around with a number of colleagues from Kaspersky Lab, discussing everybody’s favorite subject: the state of anti-virus testing these days. During the talks, somebody brought up the name of a new, obscure testing organization in the Far East. Nobody else had ever heard of them and so my colleague Aleks Gostev jokingly called them a “rogue Andreas Marx."

By Alex Rothacker

SQL injection is the most common penetration technique employed by hackers to steal valuable information from corporate databases. Yet, as widespread as this method of attack is, a seemingly infinite number of ‘sub-methods,’ or variations of SQL Injection attacks can be carried out against the database.  

By Gunter Ollmann

Common wisdom over the last couple of decades has been to never write down the passwords you use for accessing networked services. But is now the time to begin writing them down? Threats are constantly evolving and perhaps it’s time to revisit one of the longest standing idioms of security – “never write a password down”.

By Robert Hansen

It's hard to narrow down your life's work into one interesting event or tidbit. Even picking 10 would be tough. So instead of picking something I am well-known for, I wanted to look for something I had a lot of fun coming up with that you probably didn't read. I've always been interested in information leakage as an exploit class. It's something most people like to overlook, in favor of the higher-profile exploits. Sure, it's a lot sexier to go after the direct administrative compromise, but I enjoy the nuances of piecing together big puzzles. Information leakage as a class provides me that kind of mental stimulus.

By Chris Wysopal

Vulnerability disclosure is in the spotlight again. First it was Tavis Ormandy disclosing a vulnerability in Microsoft Windows before Microsoft had a fix available. Now a group called Goatse Security has disclosed a vulnerability in an AT&T website that affects Apple iPad 3G owners. The Wall Street Journal reports on the repercussions against vulnerability researchers in “Computer Experts Face Backlash”.

By Robert Hansen

Early this morning Google’s Tavis Ormandy published a vulnerability in the hcp protocol handler. It allows the attacker to run arbitrary commands as the user. In practice it created a lot of alerts and warnings for me - but the XP install I was using is somewhat locked down. So I’m not sure how practical this attack would be over any other attack that causes an alert, as the article mentions. Later his reports says it works around the alerts (I couldn’t reproduce that, but that was his intention). Either way, though, this is some pretty amazing research. However, there are some odd things about this that really struck me the wrong way.

Guest editorial by Alex Rothacker

 Most users are aware of the risks connected to the default, blank and weak username/password combinations associated with most applications. Yet it amazes the research community that many companies still don’t heed the following simple advice:

1) Don’t use easily guessed passwords. 2) Change the default credentials that ship with your apps, and 3) Please do not just leave the passwords blank!