Archive for September, 2007

Sidebar Gadgets Attacks

Thursday, September 27th, 2007

Windows Vista includes the “Windows Sidebar”. This new feature allows users to display ‘gadgets’ on the sidebar and on the Windows desktop. Gadgets are small applications containing HTML, XML and JavaScript. They can be very flexible in design and function.

Gadgets are easy to install, to use and can be easily developed by any Vista user. They can enhance efficiency; they can be fun and can look good on a desktop. Windows Vista includes various gadgets by default, such as a calendar, calculator and currency converter. In addition, a large number of organisations have gadgets for download and use, such as London Underground, Amazon, ebay, etc.

Gadgets can be perceived by users as fun and harmless; but their characteristics can make of Gadgets a potential risk for Vista users. They run with the permissions of the logged on user and operate outside of IE’s Protected Mode. Additionally, gadgets will usually communicate with a remote server to obtain information and a rich gadget API which contains some potentially dangerous methods is available.

At the present time there are two main classes of gadget attacks: - (more…)

Posted in hack-fu | No Comments »

ninja iptables for your server

Friday, September 14th, 2007

Security is often about layers on top of layers on top of layers… And one of these layers is usually an iptables firewall installed in your server. Let’s create a small script to provide our server with the kung-fu fighting techniques needed to defeat the black hats!!
(more…)

Posted in Networking, Shell Script | No Comments »