January 22nd, 2010
According to the Australian Computer Society and DIAC (The department for immigration) there is a massive shortage in Australia of “Computing Professionals specialising in Network Security/Firewall/Internet Security”.
No surprise there, whats more of a shocker is that the very people who assess the skills of would be migrants to Australia can’t even secure their own website against the most basic types of Injection attacks – namely cross site scripting (I’m guessing its down to the skills shortage)
Security flaw
The ACS however don’t seem to be concerned – I’ve emailed them twice at the beginning of the week about the fault and they’ve yet to reply to my email or even fix it. The carefully crafted link below will generate the above screen shot.
http://www.acs.org.au/index.cfm?action=load&temID=search&searchtxt="><h1>hello</h1><script>alert(document.cookie);</script><input type="hidden"&pageno=1&display=1&searchbtn.x=53&searchbtn.y=16
The code is not malicious, the above script will just output the current cookie to the screen. With security flaws like this lets hope the ACS aren’t “shaping our future”…
Update 27th January It appears that someone at the ACS has fixed the issue, but only to the extent of filtering the <script></script> tags from the input string… HTML injection is still possible, wouldn’t it have been easier just to use html_entities() or similar asp.net function to sanitize the string before displaying it? HTML injection is still a big security risk.
Tags: ACS, CSRF, HTML, JavaScript, Security, XSS
Posted in HTML, Security | No Comments »
November 12th, 2009
Ive been trying to get the HUAWEI E1550 dongle working with my Debian (lenny) installation all day with little success. My first problem was that the dongle would show up as a USB drive and not a modem and required modem-switch to be run to make it show up as a modem on /dev/ttyUSB0.
I couldn’t get modem-switch to compile because it needs udev 1.45 and lenny only has 1.41. Luckily I found a usb_modeswitch which would compile easily enough and does pretty much a similar job. My next issue was that the H flag on usb_modeswitch for HUAWEI didnt work. However, I found on the web these config lines to stick in /etc/usb_modeswitch.conf which seem to work just fine and removes the need for the -H switch.
DefaultVendor = 0×12d1
DefaultProduct = 0×1446
MessageEndpoint = 0×01
MessageContent = “55534243000000000000000000000011060000000000000000000000000000″
Upon running usb_modeswitch it now switched my dongle on. I installed wvdial and used wvdialconf to configure the config file. I then adjusted the phone number in accordance with some forum entries I had read to read..
[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Stupid Mode = 1
Modem Type = Analog Modem
Phone = *99***#1
New PPPD = yes
Modem = /dev/ttyUSB0
Username = guest
Password = guest
I was getting an “invalid dial command” message every time I tried to dial out.
–> WvDial: Internet dialer version 1.60
–> Cannot get information for serial port.
–> Initializing modem.
–> Sending: ATZ
ATZ
OK
–> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
–> Modem initialized.
–> Sending: ATDT*99***#1
–> Waiting for carrier.
ATDT*99***#1
ERROR
–> Invalid dial command.
–> Disconnecting at Thu Nov 12 11:09:27 2009
Turned out there was nothing wrong with my modem configuration – I’d just inserted the SIM card upside down. ooops. My main issue now is I dont have any 3g coverage where I am.
–> WvDial: Internet dialer version 1.60
–> Cannot get information for serial port.
–> Initializing modem.
–> Sending: ATZ
ATZ
OK
–> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
–> Modem initialized.
–> Sending: ATDT*99#
–> Waiting for carrier.
ATDT*99#
NO CARRIER
The conclusion is tho that the E1550 appears to work with linux – even if its a pain to setup. I wont know it works for sure till I can find somewhere with 3 coverage.
Tags: Debian, HUAWEI E1550, modem_switch, usb_modeswitch
Posted in Linux | No Comments »
October 28th, 2009
So I got an email today for a job in Tower Hill (thats central london). The job came with a simple programming test to write a script that parsed a tab separated file and produced a batch script as the output. They kindly provided a working copy of their solution on their website so you could validate the output of your code.
If I was going to advertise a job in a company and provide an online example of my own code I’d make darn sure that, unless the sole purpose of my online code was to find someone who knew what an XSS flaw was, that the link to the script I sent a prospective employee to wasnt vunerable to Cross Site Scripting attacks. Eeek. Worse still as their script seemed to accept either GET or POST variables as inputs (they were probably checking $_REQUEST rather than $_POST or $_GET in their code) it was possible to format a link that injected HTML code straight into their website.
Screenshot of the flaw
You can mitigate the threat from these types of attacks by properly sanitizing your variables before they are displayed. If this is on a HTML page and you are expecting an integer value then intval might be a good function to use, if its a text field you might try htmlentities. If any data is going into a database then you need to be using mysql_escape_string on all of your variables.
As I’ve not alerted the company to the flaw I wont post the URL to the exploit. Luckily the page in question can’t be found within googles’ indexes. I wonder if anyone else will notice…
Tags: CSRF, CSS, hacking, HTML, PHP, Security, Web development
Posted in PHP, Security | No Comments »
October 15th, 2009
Following the success of my Sudoku Solver over the past few days I’ve been practicing my Adobe Flex skills. I’ve now finished converting my Handwriting Recognition tool into Adobe Flex, away from the old SVG/JS mashup that was running it before. This means its finally cross browser compliant and will finally run in Internet Explorer.
I’ve enjoyed my experience developing with Flex, its nice to write a web application and find that it runs exactly how you want it to in every browser. A refreshing change from Javascript/CSS
I’ll release the source code shortly.
Tags: Adobe Flex, Neural Network
Posted in Adobe Flex | No Comments »
October 9th, 2009
So I was at the Perl Mongers meeting last night in London, got talking to someone who assured me there was a story behind the terms big endian and little endian. I was somewhat skeptical but they went on to explain that the terms origin comes from the 1726 novel, Gulliver’s Travels by Johnathan Swift and has something to do with an egg.
Anyhow, since then I’ve done a little bit of research and it turns out that the terms do indeed come from Gulliver’s Travels. Basically Lilliput and Blefuscu were to rival groups, at war over the way they ate their soft boiled eggs. The Lilliput said that the best way was to open them at the little end (small endian) while the Blefuscu considered it better to open them at the big end (big endian). This is apparently where the terms originate.
I’d still love to know who first coined the terms and if there are any more weird computer terms that have their origins from bizarre places… as a side note, did you know that Charles Babbage invented the Cowcatcher?
Tags: big endian, bizarre, little endian
Posted in Random | 2 Comments »