29 בדצמבר 2006
Membership, Roles and Tasks
It is common knowledge that passwords should not be kept in a database. Too many Databases had been stolen and with them many usernames and passwords. In some countries it is against the low to save passwords in a database.
Still a huge percentage of Identity systems still store passwords. Why ?Well, Some people just do not know that passwords should not be kept persistent.Some are just lazy, They do not have the time to implement a system that creates a good random number (Salt) and hashes the salt concatenated to the password etc. It uses this...
5 בדצמבר 2006
Security Testing tools & links
SamSpade : http://www.samspade.org/
WebScrab : http://www.owasp.org/software/webscrab.html
MD5 Online Crackers: http://gdataonline.com/seekhash.php
Rainbow : http://www.antsight.com/zsl/rainbowcrack/
E-Or: (support input from paros) http://www.sensepost.com/research/eor/
Known Vulnerabilities List:
4 בדצמבר 2006
Buffer Overflow / Overrun examples
Everybody knows the buffer overrun problem but many people asked me to see a real life example.
So I bring here 5 examples of different kinds of buffer overrun.
By the way these example do not work on vista as vista protects the stack. So Vista is a secure environment …
Classic Buffer Overrun Example.
The classic problem: a buffer is copied in to a bigger buffer and override the stack and with it the return address.
1. Compile the code
2. Run the code using a perl script.
Example of how a stack-based buffer overrun can be used to execute...