the IE exploit used in the last week attack against google and other american companies is now on Metasploit
here a video of aurora (the code name given my McAfee for this exploit)
The "Aurora" IE Exploit in Action
Monday, January 18 2010
Aurora in action
By Pierre Lacave on Monday, January 18 2010, 07:07 - Security
The "Aurora" IE Exploit in Action
Friday, January 15 2010
Firefox is 5 years old
By Pierre Lacave on Friday, January 15 2010, 05:22
Firefox is 5 years old today !
In the middle of the war for web browser supremacy, today is an important day. Firefox changed the way we used internet by easing, securing and improving our web experience.
Happy birthday Firefox
for a sum up of what changed in the last 5 years of Firefox http://hacks.mozilla.org/2009/11/5-years/
Wednesday, December 16 2009
Debug android project with eclipse
By Pierre Lacave on Wednesday, December 16 2009, 14:44 - Linux
Developing android application is fairly easy if you know java, but as it use a android virtual machine to run your application, debugs are somehow not clearly appearing.
The good news is Android Plugin for Eclipse also has excellent integration with the Eclipse debugger.
you can test by yourself by adding a NullPointerException
into your code. If you run your application again, you'll eventually see this:
To find out more about the error, set a breakpoint in your source code on the line Object o = null;
(double-click on the marker bar next to the source code line).
Then select Run > Debug History > Hello, Android from the menu to enter debug mode.
Your app will restart in the emulator, but this time it will suspend when it reaches the breakpoint you set.
You can then step through the code in Eclipse's Debug Perspective, just as you would for any other application.
Sunday, November 1 2009
Solve Sudoku using SQL
By Pierre Lacave on Sunday, November 1 2009, 22:01 - SGDB
Say we have a sudoku like this:
first you need to put all the number as if they were in a signle row :
"53 7 6 195 98 6 8 6 34 8 3 17 2 6 6 28 419 5 8 79"
then use with Oracle the following query (recursive subquery)
with x( s, ind ) as
( select sud, instr( sud, ' ' )
from ( select '53 7 6 195 98 6 8 6 34 8 3 17 2 6 6 28 419 5 8 79' sud from dual )
union all
select substr( s, 1, ind - 1 ) || z || substr( s, ind + 1 )
, instr( s, ' ', ind + 1 )
from x
, ( select to_char( rownum ) z
from dual
connect by rownum <= 9
) z
where ind > 0
and not exists ( select null
from ( select rownum lp
from dual
connect by rownum <= 9
)
where z = substr( s, trunc( ( ind - 1 ) / 9 ) * 9 + lp, 1 )
or z = substr( s, mod( ind - 1, 9 ) - 8 + lp * 9, 1 )
or z = substr( s, mod( trunc( ( ind - 1 ) / 3 ), 3 ) * 3
+ trunc( ( ind - 1 ) / 27 ) * 27 + lp
+ trunc( ( lp - 1 ) / 3 ) * 6
, 1 )
)
)
select s
from x
where ind = 0
/
Saturday, October 31 2009
Firefox 3.6 Beta 1
By Pierre Lacave on Saturday, October 31 2009, 21:50
Today the Mozilla foundation released the first version of the Beta of Firefox 3.6
the new features are :
- Users can now change their browser’s appearance with a single click, with built in support for Personas.
- Firefox 3.6 will alert users about out of date plugins to keep them safe.
- Open, native video can now be displayed full screen, and supports poster frames.
- Support for the WOFF font format.
- Improved JavaScript performance, overall browser responsiveness and startup time.
- Support for new CSS, DOM and HTML5 web technologies.
You can download it here
Monday, October 26 2009
Web Application Security Consortium (WASC) 2008 report
By Pierre Lacave on Monday, October 26 2009, 13:34 - Security
The Web Application Security Consotium has announced the statistics for 2008.
The statistics includes data about 12186 web applications with 97554 detected vulnerabilities of different risk levels. The analysis shows that more than 13%* of all reviewed sites can be compromised completely automatically. About 49% of web applications contain vulnerabilities of high risk level (Urgent and Critical) detected during automatic scanning However, detailed manual and automated assessment by white box method allows to detect these high risk level vulnerabilities with probability up to 80-96%. The probability to detect vulnerabilities with risk level more than medium (PCI DSS compliance level) is more than 86% by any method. At the same time, detailed analysis shows that 99% of web applications are not compliant with PCI DSS standard.
The most widespread vulnerabilities are Cross-Site Scripting, Information Leakage, SQL Injection, Insufficient Transport Layer Protection, Fingerprinting и HTTP Response Splitting. As a rule, Cross-Site Scripting, SQL Injection and HTTP Response Splitting vulnerabilities are caused by design errors, while Information Leakage, Insufficient Transport Layer Protection and Fingerprinting are often caused by insufficient administration (e.g., access control).
The probability to detect vulnerabilities of different risk levels
The most widespread vulnerabilities in web applications (% Vulns ALL)
The probability to detect the most widespread vulnerabilities in web applications (% Sites ALL)
Percent of vulnerabilities out of total number of vulnerabilities (% Vulns ALL)
The probability to detect vulnerabilities depending on their origin
The probability to detect the most risky vulnerabilities in Web applications (% Sites BlackBox & WhiteBox)
Source : projects.webappsec.org
Saturday, October 24 2009
Fedora 12 Released
By Pierre Lacave on Saturday, October 24 2009, 14:38 - Linux
Adam Will writes :
The Fedora project has announced the release of Fedora 12 Beta, which is available here. This will be the final pre-release before the final release in November. New features of Fedora 12 highlighted in the announcement include substantial improvements and fixes to the major graphics drivers, including experimental 3D acceleration support for AMD Radeon r600+-based adapters; improved mobile broadband support and new Bluetooth PAN tethering support in NetworkManager; improved performance in the 32-bit releases; significant fixes and improvements to audio support, including easy Bluetooth audio support; initial implementation of completely open source Broadcom wireless networking via the openfwwf project; significant improvements to the Fedora virtualization stack; and easy access to the Moblin desktop environment and a preview of the new GNOME Shell interface for GNOME. Further details on the major new features of Fedora 12 can be found in the release announcement and feature list. Known issues are documented in the common bugs page.
Saturday, October 10 2009
Command Line copy & paste
By Pierre Lacave on Saturday, October 10 2009, 13:16 - Linux
xclip is a command line interface for X11, based on the system of pipes. i nice and easy, works like a charm
to copy the full output of a directory in a the clipboard
$>ls -la | xclip
to copy the full content of a file
$>xclip /etc/shadow
to output the content
$>xclip -o
to output the content in a file
$xclip -o > ~/myfile
Saturday, September 12 2009
Linux Kernel Update 2.6.31
By Pierre Lacave on Saturday, September 12 2009, 11:37 - Linux
Linux 2.6.31 kernel released on 9 September, 2009
Among all the changes, a few changes deserve to be noticed here :
USB 3 support
Thanks to Intel, Linux now support USB 3 and xHCI. No xHCI hardware hit the mass market yet. Linux is still a step ahead !
CUSE
The awaited extension of the famous FUSE. With this new "virtual device" File system, we will be able to link application in different layers, a good example case i read on the net would be to "proxying" OSS audio from OSS apps through the ALSA userspace layer.
ATI kernel mode
For those having problem with your old ATI GPU, this new release should fix quite a lot of freeze in X.
Better memomy management under pressure.
Benchmark showed a drop of 50% of memory major Fault when using a graphical desktop !
http://kernel.org/
All your base are belong to us
By Pierre Lacave on Saturday, September 12 2009, 11:09