ASP.NET Session Cookie Crypto Attack Exploiting

September 20th, 2010 No comments

If the Linux CVE-2010-3081: 64bit Linux Kernel Root Exploit didn’t get you, then this little birdy might. It seems the implementation of the AES encryption algorithm which protects the integrity of the Session Cookies in ASP.NET has a weakness which could enable an attacker to hijack sessions – Which bank? The idea behind the use of AES is to ensure that the crypt’d data hasn’t been tampered with – and hence decryptable, but unfortunately the flawed implementation of the use of AES and how it handles errors gives out some much needed clues for an attacker to pursue.

From TheThreatPost article:

In this case, ASP.NET’s implementation of AES has a bug in the way that it deals with errors when the encrypted data in a cookie has been modified. If the ciphertext has been changed, the vulnerable application will generate an error, which will give an attacker some information about the way that the application’s decryption process works. More errors means more data. And looking at enough of those errors can give the attacker enough data to make the number of bytes that he needs to guess to find the encryption key small enough that it’s actually possible.

There is a Microsoft Security Advisory (2416728) which gives some workarounds until a proper fix is made available. What’s really concerning is this little tidbitt from Thai Duong about Using their tool the Padding Oracle Exploit Tool or POET:

“It’s worth noting that the attack is 100 [per cent] reliable, [that is], one can be sure that once they run the attack, they can exploit the target. It’s just a matter of time. If the attacker is lucky, then he can own any ASP.NET website in seconds. The average time for the attack to complete is 30 minutes. The longest time it ever takes is less than 50 minutes.”

What’s really interesting is seeing the video of the exploit in action on dotnetnuke (don’t close your eyes). ScottGu has blogged about this exploit which goes into far more detail than I can, but if you’re keen there’s a nice document on using the Padding Oracle exploit and includes discussions regarding the JSF View state, cracking CAPTCHA schemes as well as some juicy details on CBC-R.

{lang: 'en-GB'}
Share

CVE-2010-3081: 64bit Linux Kernel Root Exploit

September 20th, 2010 1 comment

Well its been a heavy week on the security front, first up is a Linux root exploit for 64bit Machines.

A vulnerability in the 32-bit compatibility layer for 64-bit systems was reported. It is caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the “compat_alloc_user_space” method with an arbitrary length input.

What does that mean? Essentially, some sanity checks in the compat_alloc_user_space function to check the length and ensure that the pointer to the block of memory is within the user-space of the process is valid was missing. The fix has already been committed but if you are running any x64 versions of Linux, make sure you update your Kernel – especially now that the exploit code is publicly available!

Read up on the exploit by Jeff Arnold from Ksplice and use this very useful CVE-2010-3081 high-profile exploit detection tool to determine if you’re boxens are already compromised.

Of particular note from his article is the breadth of exploitable distributions – see the references below for vendor specific information:

This vulnerability was introduced into the Linux kernel in April 2008, and so essentially every distribution is affected, including RHEL, CentOS, Debian, Ubuntu, Parallels Virtuozzo Containers, OpenVZ, CloudLinux, and SuSE, among others. A few vendors have released kernels that fix the vulnerability if you reboot, but other vendors, including Red Hat, are still working on releasing an updated kernel.

After downloading and running the tool under a non-sudo account, you should cheerfully get the following output.

thushan@dingo:~/tmp$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.32-23-server
!!! Not a RHEL kernel, will skip LSM method
$$$ Backdoor in LSM (1/3): not available.
$$$ Backdoor in timer_list_fops (2/3): checking...not present.
$$$ Backdoor in IDT (3/3): checking...not present.

Your system is free from the backdoors that would be left in memory by the published exploit for CVE-2010-3081.
thushan@dingo:~/tmp$

If not, its time to put those security drills into action!

References

{lang: 'en-GB'}
Share

Windows Phone 7 Developer Tools Released!

September 17th, 2010 No comments

The moment we’ve all been waiting for, the final release of the Windows Phone 7 SDK has been released! What are you waiting for, go download it and try out some cool things!

No Visual Studio installed? Not an issue, it comes with the Express edition of VS2010 and Expression Blend 4 for Windows Phone as well as XNA and Silverlight tools for Windows Phone and an emulator – all for free too!

For more information, see ScottGu’s great post about it!

{lang: 'en-GB'}
Share

OpenIndiana Announced, the fork to Oracle’s OpenSolaris!

September 15th, 2010 No comments

OpenIndianaEarlier today, we had the announcement for OpenIndiana. Aimed to be the de-facto OpenSolaris Distribution that tries to be binary and package compatible with Solaris 11 & Solaris 11 Express. Its apart Illumos Community with 20 core developers providing (eventually) a stable branch with 100% free & open source distribution.

Not only that, you can also download a ready baked OpenIndiana distribution (based on ou_147) or if you’re like me and still using OpenSolaris DEV snv_134, you can upgrade via the IPS management tools. Having said that though, I’m not going to rush and upgrade my zeus box anytime soon as it will take time to settle in, but you can take the baked ISO’s for a spin in a VM 🙂 I have found a few references to OpenSolaris still there and there is currently no xVM Xen (dom0) support nor lx (Linux) branded zones. Not to worry, keep an eye out on the roadmap and release schedule for what they’re going to deliver.

You can get a copy of the OpenIndiana announcement presentation slides as well or follow @openIndiana on twitter. Otherwise, see the Getting Involved guide on the OpenIndiana Wiki and join in!

In a way, its good to know that the beloved OpenSolaris will still live – thanks to the community, but at the same time, how long that community will be turned on by developing and maintaining it will be interesting – though other forks of OpenSolaris are backing it (via Illumos) – like Nexenta and Schillix which has just released a version based on Ilumos. All in all, WATCH THIS PROJECT!

{lang: 'en-GB'}
Share

Moving to Microsoft Visual Studio 2010 free ebook!

September 15th, 2010 No comments

Microsoft Press - Moving to Microsoft Visual Studio 2010Free ebook compliments of Microsoft Press, you can download a PDF. or an XPS of the book and grab the book’s sample code.

The book is broken down into these parts  catering for the following audiences:

  • Part I – for those moving from Visual Studio 2003 to Visual Studio 2010.
  • Part II – for developers moving from Visual Studio 2005.
  • Part III – for developers moving from Visual Studio 2008.

See the blog post about the target audience for this ebook too.

{lang: 'en-GB'}
Share

Channel9: Windows Phone 7 Jump Start

September 14th, 2010 No comments

With the release of the final Windows Phone 7 SDK just days away, now’s the time to get into understanding the concepts, architecture & development side of Windows Phone 7. There’s an interesting series posted on Channel 9 to hep you get there.

This Windows Phone 7 Jump Start video training is for all developers interested in developing applications or games for the new Windows Phone 7 Platform.  The course is based on the Microsoft Windows Phone 7 Developer Training Kit and taught by Microsoft MVP’s and Microsoft Press Authors, Andy Wigley and Rob S. Miles.  Watch these entertaining sessions and complete the labs found on Channel 9 (http://channel9.msdn.com/learn/courses/WP7TrainingKit/) to gain development skills using both XNA and Silverlight. For copies of the student files and links to demo code, you can go to the Windows Phone 7 Born To Learn Forum (http://borntolearn.mslearn.net/wp7/m/classresources/default.aspx).

Enjoy – the ! I’ll be posting about my own adventures soon!

{lang: 'en-GB'}
Share

The Duke lives on, a history of Duke Nukem Forever

September 13th, 2010 No comments

Duke come get some!An interesting article tracking The Death and Rebirth of Duke Nukem Forever was posted on ArsTechnica recently, well worth a read – or at least a watch of the trailer from 1998!

Here’s to hoping 2011 is the year of the Duke. Hail to the king baby!

{lang: 'en-GB'}
Share

Events Downunder: CodeCampOz in Wagga & Windows Phone 7 Deep Dive

September 13th, 2010 No comments

As promised, here are some of the (Microsoft) developer events happening down under.

CodeCampOz (Wagga-Wagga)

When / Where:
20-21st of November 2001 / Charles Sturt University Wagga Wagga | Map | How to get there.

Cost: Free of charge | See the CodeCampOz FAQ

Accommodation: See Charles “Chuck” Sterling‘s list of accommodation places!

Registration: http://codecampoz2010.eventbrite.com/

Agenda:

  • Saturday – 20th November

    • 0800: Welcome & Housekeeping
    • 0830: Domain Driven Design with Entity Framework 4.0 (Omar Besiso)
    • 0930: Developing with Microsoft Commerce Server 2009 R2 (Lewis Benge)
    • 1030: Morning Tea
    • 1100: Extending Office with VSTO (Jake Ginnivan)
    • 1200: Magellan – a navigation framework for WPF (Paul Stovell)
    • 1300: Lunch
    • 1400: HTML 5.0, the useful bits – what you can use now! (Alex Mackey)
    • 1500: Afternoon Tea
    • 1530: Real World Unit Testing & Future (Rajitha Aththanyake)
  • Sunday – 21st November

    • 0800: Welcome & Housekeeping
    • 0830: Windows Azure Compute for Developers (Steven Nagy)
    • 0930: Windows Phone with Silverlight (Nick Randolph)
    • 1030: Morning Tea
    • 1100: Not a WIF of Federation (Rory Primrose)
    • 12:00: Behaviour Driven Development with StoryQ (Liam McLennan)
    • 13:00: Lunch
    • 1400: Battle of the Containers (TBA)
    • 1500: Afternoon Tea
    • 1530: Team Build Patterns & Practices (Mitch Denny)
    • 1630: Wrap-up

Windows Phone 7 Deep Dive (Melbourne/Sydney/Adelaide/Brisbane)

When / Where

  • Melbourne: 20th-21st September | Register Now >
    • Exhibition Room| Level 5, 4 Freshwater Place, Southbank VIC 3006 | Map
  • Sydney: 23rd-24th September | Register Now >
    • Exchange |  1 Epping Road North Ryde Sydney, NSW 2113 | Map
  • Adelaide: 27th-28th September | Register Now >
    • Board Room | Level 26, Santos House, 91 King William Street Adelaide SA 5000 | Map
  • Brisbane: 29th-30th September | Register Now >
    • Theatre 2 | Level 9, Waterfront Place 1 Eagle Street Brisbane QLD 4000 | Map

Cost: Free of charge

Registration: See Dave Glover’s blog post.

Please bring your laptop with you on the day.

Agenda:

Day 1
•    9.45am registration for a 10am start
•    Session 1: Introduction and Windows Phone User Experience Overview
•    Session 2: Animation, Orientation and Overlays
•    Session 3: Application Lifecycle, Navigation, Application Tiles and Notification
•    Session 4: Tasks and Touch
•    Session 5: Working with the Accelerometer, Sounds and Location
•    5.30pm close

Day 2

•    9.15am registration for a 9.30am start
•    Session 6: Connecting and Consuming the Web
•    Session 7: Retrieving, Storing and Synchronizing Data
•    Session 8: Silverlight Analytics, Unit Testing and other Frameworks
•    Session 9: Security, Authentication and Performance
•    5.30pm close

Workshop information

Are you interested in Windows Phone 7 Development? Are you keen to get ahead of the competition to create apps for the Windows Phone 7?
Windows Phone 7 is a fresh exciting mobility platform and potentially a land of opportunity for killer apps! These workshops are designed to take your skills to the next level beyond the online training kits and helps you explore some more complex scenarios.

Prerequisites

You need Silverlight/WPF, C# .NET Framework skills and you should have completed a subset of hands on labs from the following:
•    Windows Phone 7 Training Kit
•    Windows Phone 7 Jump Start Training
•    Windows Phone Design Day Recordings

Instructor

The workshop will be run by Nick Randolph from Built to Roam.

{lang: 'en-GB'}
Share

I’m still here

September 13th, 2010 No comments

Well its been a while since I last posted, but I’m still here. Infact I’ve just realised that xkcd has stolen my plans for world domination.

XKCD - Password Reuse

I’m only kidding, what would I do with all that information? I have enough princes offering me the opportunity to help them move money out of West Africa! Alas, OpenSolaris is now dead (RIP dear friend), we’re eagerly awaiting word of OpenIndiana and The Illumos Project to see where things are going to go. The Android momentum has picked up and Windows Phone 7 is just around the corner!

I’ve also changed my jobs and now I’m working for Readify as a Senior Developer. A company full of talented bright people (the author of Autofac or Paul Stovel of Magellan fame for instance) & skills in so many different areas I’m ashamed to be even be seen in the office – which is a great thing because we’re a mobile office (some day!). You might even see me at a few local Australian developer events now and I’ll be sure to advertise them when I come across any.

Essentially, its back to the days of being more involved with the developer community, times have changed since Developerfusion (for one, we have StackOverflow) and getting into up and coming technology – which this time around is Windows Phone 7. So I’ll be starting a series of posts on Windows Phone 7 as well as Android soon.

http://www.illumos.org/
{lang: 'en-GB'}
Share

Think this is funny? Think this is some kind of mother flipping joke? Mother flippers think everything’s a mother flipping joke.

July 28th, 2010 No comments