Blog Entries - Analysis

While receiving phishing emails in my University inbox is a common occurrence, a recent email caught my eye due to its increased sophistication and University-specific information.

Read the rest of this entry »

Later this week, I’ll be presenting at the Black Hat DC Briefings on weaknesses in the security of live virtual machine migration as implemented by popular vendors such as VMware and Xen.  I thought I’d provide a teaser in advance of my presentation detailing some of the topics that will be discussed.

Read the rest of this entry »

CWSandbox is one of the most comprehensive and full featured platforms for automated malware analysis. In this post, we detail how a malware sample being analyzed by CWSandbox may detect and evade the monitoring functionality of CWSandbox in order to disguise its malicious activities.

Read the rest of this entry »

Facebook’s new-fangled applications functionality seemed like a ripe opportunity for nasty cross-site scripting bugs. As it turns out, multiple XSS vulnerabilities were present in the fb:swf tag of the Facebook Markup Language.

Read the rest of this entry »

Some random technical notes on the T-Mobile WiFi Hotspots offered at locations such as Starbucks. Since I spend a fair amount of time at the 24-hour Starbucks on Washtenaw, I often end up playing around with the Cisco WAP instead of actually doing work.

Read the rest of this entry »

Given my previous experience with the Mcard identification system at the University of Michigan, I was interested when I heard that RFID technology was being integrated into the Mcards. I will explore the Mcard RFID and other current uses of RFID on campus.

Read the rest of this entry »

While Google’s Safe Browsing service has been available for some time via the Google Toolbar, this feature will see wide deployment with the release of Mozilla Corp’s Firefox 2. In this analysis, we will delve into the workings of Google’s Safe Browsing service and its integration with Firefox.

Read the rest of this entry »

Mozilla’s auto-update system is a feature recently added to Firefox and Thunderbird that promises to bring prompt security updates to users without manual interaction. Unfortunately, this feature contains a vulnerability allowing attackers to hijack the update process and deliver malicious updates, resulting in the victim’s host being compromised.

Read the rest of this entry »

Honeyd is a low-interaction honeypot developed by Niels Provos designed to emulate services and personalities of virtual hosts and networks. As honeypot deployments must remain undetected to maintain their value, the ability of an attacker to effectively and remotely fingerprint Honeyd is a serious issue.

Read the rest of this entry »

After investigating the security of the Mcard magnetic card system at the University of Michigan, which is used for student and faculty identification cards, I discovered that it is trivial to forge anyone’s Mcard given only their UMID/uniqname.

Read the rest of this entry »