Security-Protocols

Michal Zalewski and his colleague Filipe Almeida have released DOM Checker which is an automated tool for validating browser security policy enforcement. Below is a description of DOM Checker from the page:

The tool features several fairly neat features, including exhaustive hierarchy crawling and side-channel blind write validation to reduce the number of false positives.

DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers, and we had worked closely with vendors to resolve them (although it’s worth noting that the tool still reports anywhere from 10 to 30 low-risk, design-related information disclosure issues in these programs).

Our hope is that this tool may serve as a framework for ongoing browser security research, and would be integrated by browser vendors with their regression testing and general release QA processes.

Project Page:
http://code.google.com/p/dom-checker/

Access live instance for testing
http://lcamtuf.coredump.cx/dom_checker/

QueFuzz is a small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data. QueFuzz has a very short learning curve, unlike many other fuzzing frameworks. It may not be as powerful but you can have it up and running in under a minute.

Unlike other fuzzers QueFuzz is not focused on data generation. It relies on a valid application to generate the data and instead just mutates the network traffic inline and passes it on.

Below is an example:

1. Setup an iptables rule that queues all outgoing packets with a TCP dst port of 21.

iptables -A OUTPUT -p tcp –dport 21 -j QUEUE

2. Start QueFuzz with an FTP template that looks like this

replace USER USERRRRRRRRRRRRRRRRRRRRRRR
replace PASS PAS%nSSSSS%nSSSSS
$./quefuzz -t ftp.fuz

3. Open your FTP client, and connect to your server as normal. QueFuzz takes care of the packet mutation inline, all you have to do is monitor your server with a debugger for any potential crashes.

QueFuzz was created by Chris Rohlf.

QueFuzz Project page:
http://code.google.com/p/quefuzz/

“Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.”

Full story here..

What is everyone’s take on this?

Michal Zalewski has released Bunny the Fuzzer which is an open source general purpose closed loop protocol blind fuzzer. Bunny uses automatically generated C-level instrumentation to focus on runtime inputs observed to trigger new control flow paths or interesting parameter variations - and to bail out early on dead-end fuzzing routes.

This notably improves flow path coverage and overall quality of the fuzzing process. The tool is designed to maintain a near-native execution speed, and requires virtually no setup, even when dealing with complex and large code bases. This is probably a major improvement over previous closed loop solutions. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.

Bunny is currently known to support Linux, FreeBSD, and Cygwin on IA32 systems.

If you found any flaws using bunny, post a comment here. Also, the name of this fuzzer kind of reminds me of Fluffy Bunny. The guy who was hacking all kinds of crazy sites and leaving that funny pink bunny on the sites he owned. Good times…

You can find the documentation here:
http://code.google.com/p/bunny-the-fuzzer/wiki/BunnyDoc

Download the current version here:
http://code.google.com/p/bunny-the-fuzzer/

Scan any file for viruses before you download it to your computer with Dr.Web. After installing the Firefox extension, you can scan any directly linked file for viruses through your web browser’s right-click menu. Dr.Web downloads the file to their servers, and then scans it for viruses and then reports back to you if its a clean file or not. Dr.Web is free to use and works with Firefox, Internet Explorer and or Opera.

Unfortunately, re-directed downloads like those in Gmail, and or Yahoo mail will not work.

Dr.Web Anti-Virus Link Checker for Firefox Extension
Dr.Web Anti-Virus Link Checker for Internet Explorer
Dr.Web Anti-Virus Link Checker for Opera