Monthly Archives: August 2004

Hi, last week i found a Cross-Site Scripting vulnerability in dasBlog that allows to inject script code in certain administrative pages and to “steal” the administrative cookie. I will post a detailed advisory later this week. for now – if … Continue reading →

i wasn’t able to run LookOut as a Non-Admin. The Toolbar won’t show up when logged on as a normal user. This makes it fairly unusable for me :( It’s funny that Microsoft bought and released a product on their shopping tour … Continue reading →

I recently read a story in a germany magazine about developing with Visual Studio under a non-Admin account. I am happy that this topic gets more and more press coverage so that people start to think about it. But there … Continue reading →

came across my way today – looks useful. “A C# library containing wrapper classes for ACL, ACE, Security descriptors, Security Attributes, Access tokens, etc. The archive also contains 3 samples: A “Task manager” WinForms application that uses the library to … Continue reading →

I don’t know what Microsoft has changed to the ARP cache behaviour…but ARP spoofing attacks are still possible! You can easily reproduce that (you need at least three machines – one could also be a router) – Download and start Cain … Continue reading →

with the help of dana epp, fyodor has a patched version of nmap (nmap-3.55SP2) for download. It seems that Microsoft also did some modification to the ARP cache. This was about time! Let’s see how XPSP2 performs with some tools … Continue reading →

Microsoft removed raw sockets from Windows XP SP2. Before SP2 they were only available to Administrators and some people argued that with this powerful features Windows XP will be the “denial of service tool of choice for internet hackers everywhere” There … Continue reading →

i found an explanation why setting compatibility mode on mstsc.exe solves the “localhost” problem…(see here). sounds reasonable: “And why does this work? Well, my guess is that mstsc.exe uses something like the Win32 EnumServices API to check if you can run … Continue reading →

SSH is much more than a “secure” alternative to telnet. besides terminal services it supports: Strong Encryption (AES-256, 3DES, Blowfish…) Strong Authentication ((One Time) Passwords, Public Keys) File Transfer Port Forwarding SSH is also not suspectible to Man-In-The-Middle attacks (besides the … Continue reading →

Hi, a while ago i wrote a paper on how to tunnel terminal services through a ssh (secure shell) connection. this solution had one problem – it was required on the client side to connect with the Remote Desktop Client to localhost … Continue reading →