Monthly Archives: August 2004

SECURITY ALERT : XSS Vulnerability in dasBlog

Hi, last week i found a Cross-Site Scripting vulnerability in dasBlog that allows to inject script code in certain administrative pages and to “steal” the administrative cookie. I will post a detailed advisory later this week. for now – if … Continue reading

Posted in Uncategorized | Leave a comment

LookOut only seems to work as Admin

i wasn’t able to run LookOut as a Non-Admin. The Toolbar won’t show up when logged on as a normal user. This makes it fairly unusable for me :( It’s funny that Microsoft bought and released a product on their shopping tour … Continue reading

Posted in Uncategorized | Leave a comment

SeDebugPrivilege and Debugger Users

I recently read a story in a germany magazine about developing with Visual Studio under a non-Admin account. I am happy that this topic gets more and more press coverage so that people start to think about it. But there … Continue reading

Posted in Uncategorized | Leave a comment

ACL Support for .NET

came across my way today – looks useful. “A C# library containing wrapper classes for ACL, ACE, Security descriptors, Security Attributes, Access tokens, etc. The archive also contains 3 samples: A “Task manager” WinForms application that uses the library to … Continue reading

Posted in Uncategorized | Leave a comment

ARP Spoofing and XP SP2

I don’t know what Microsoft has changed to the ARP cache behaviour…but ARP spoofing attacks are still possible! You can easily reproduce that (you need at least three machines – one could also be a router) – Download and start Cain … Continue reading

Posted in Uncategorized | Leave a comment

NMAP Patch…And Changes to ARP

with the help of dana epp, fyodor has a patched version of nmap (nmap-3.55SP2) for download. It seems that Microsoft also did some modification to the ARP cache. This was about time! Let’s see how XPSP2 performs with some tools … Continue reading

Posted in Uncategorized | Leave a comment

NMAP is broken under XP SP2

Microsoft removed raw sockets from Windows XP SP2. Before SP2 they were only available to Administrators and some people argued that with this powerful features Windows XP will be the “denial of service tool of choice for internet hackers everywhere” There … Continue reading

Posted in Uncategorized | Leave a comment