Posts | Archive

Mozilla Auto-Update Vulnerability

Mozilla's auto-update system is a feature recently added to Firefox and Thunderbird that promises to bring prompt security updates to users without manual interaction. Unfortunately, this feature contains a vulnerability allowing attackers to hijack the update process and deliver malicious updates, resulting in the victim's host being compromised ...


mPrint Privacy Violations

mPrint is a useful service provided by ITCS of the University of Michigan to allow web-uploaded documents to be printed on campus printers. Unfortunately, the designers of mPrint included several "features" that violate the privacy of its users without their knowledge.

Web Interface

Previously, mPrint consisted of a simple form ...


Honeyd Remote Fingerprinting

Honeyd is a low-interaction honeypot developed by Niels Provos designed to emulate services and personalities of virtual hosts and networks. As honeypot deployments must remain undetected to maintain their value, the ability of an attacker to effectively and remotely fingerprint Honeyd is a serious issue.

IP Fragment Reassembly

According to ...


Mcard Vulnerability

After investigating the security of the Mcard magnetic card system at the University of Michigan, which is used for student and faculty identification cards, I discovered that it is trivial to forge anyone's Mcard given only their UMID/uniqname.

Introduction

The University of Michigan's student/faculty identication cards ...


Wolverine Access Vulnerability

While arranging my class schedule at the University of Michigan, I discovered a vulnerability in Wolverine Access that allowed unrestricted access to the social security numbers, names, and addresses of every student in the University including recent alumni.

Introduction

Wolverine Access (WA) is the University of Michigan's online records ...

Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.