Heine

From bug to exploit - Bakery SSO

Heine —Mon, 2013/02/18 - 12:59

I recently evaluated the Bakery Single Sign-On System aka Bakery SSO aka Bakery on behalf of clients. This article describes how I moved from finding a small weakness in version 2.x-alpha-3 to an exploit.

If you haven't updated all your sites to Bakery 2.0-alpha4 (6.x, 7.x), go and do so now.

Read more about From bug to exploit - Bakery SSO

Solving getting bogus dates via MSSQL_QUERY

Heine —Thu, 2012/11/29 - 19:24

If you get bogus dates back from MSSQL, make sure PHP is compiled against the FreeTDS libary that's currently in use. If not, recompile PHP.

Read more about Solving getting bogus dates via MSSQL_QUERY

Explaining the Drupal < 7.16 Installer vulnerability

Heine —Wed, 2012/10/24 - 11:24

SA-CORE-2012-003 fixes an issue in the Drupal installer that enables an attacker to cause the site to use a different attacker-controlled database.

The installer vulnerability was found while preparing my DrupalJam presentation (NL) on security audits and reported via the (awesome!) SecuriTeam Secure Disclosure program. As promised on IRC & Reddit, here's some additional information on the root cause(s).

Bounties: What to do with a high impact Drupal vulnerability?

Heine —Mon, 2012/06/11 - 10:31

The security landscape is changing. There's been on and off talk about bounties for security vulnerabilities and some firms already buy vulnerabilities (SecuriTeam, ZDI). This also causes me to re-evaluate the value of a vulnerability.

Suppose I've recently found an arbitrary code execution vulnerability that could very likely be exploited on a large fraction of 400K+ Drupal sites.

What do you think I should do with it?

For the comments: What's your opinion on a security vulnerability bounty program?

Update: I've reported the vulnerability via SecuriTeam. It has been fixed with the release of Drupal 7.16. See SA-CORE-2012-003 for details.

Report to the Drupal security team

91% (78 votes)

Wait for a bug-bounty program, then report

5% (4 votes)

Sell to the highest bidder

3% (3 votes)

Other (please comment)

1% (1 vote)

Total votes: 86

Drupal CSRF Exploit reported on packetstorm

Heine —Fri, 2012/03/09 - 11:06

On March 2^nd 2012, security researcher Ivano Binetti published an advisory on Drupal 7 anti-CSRF measures. He/She rightly identified the long standing Logout CSRF annoyance (#144538), but the rest of his/her advisory is not helpful.

Homeopathie & Influenza tijdens pandemie 1918 - Opinie Feb 2012 Arts & Auto

Heine —Sat, 2012/02/25 - 21:12

De Opinie in de Arts & Auto (Feb 2012) —een uitgave van de Vereniging voor Arts, Kwakzalver & Auto (VvAA)— verwijst naar een publicatie van Dewey over het homeopatisch behandelen van Influenza in 1918.

Na enig speurwerk heb ik een kopie gevonden en bijgevoegd voor geïnteresseerden.

Read more about Homeopathie & Influenza tijdens pandemie 1918 - Opinie Feb 2012 Arts & Auto

From bug to exploit - Bakery SSO

Solving getting bogus dates via MSSQL_QUERY

Explaining the Drupal < 7.16 Installer vulnerability

Bounties: What to do with a high impact Drupal vulnerability?

Drupal CSRF Exploit reported on packetstorm

Homeopathie & Influenza tijdens pandemie 1918 - Opinie Feb 2012 Arts & Auto

Pages

Recent posts

Security reviews