May. 28, 2008
So, we had yet another OWASP – meeting here in Stockholm, Sweden yesterday. I must say I was pleased to see that so many people took the time to attend and listen to us three speakers.
I held yet another speech on SQL injection and yet again overestimated my ability to deliver slides at a pace of 0.78 minutes per slide. Skipping through a few of them gave me just the little time I needed to finish up with a short demo 
After a few requests for the presentation I decided to put it online together with the small DNS server and samle code I used to demonstrate the DNS-channeling parts.
The DNS server has a brief help describing each parameter. Basically in order to try it out, it needs to be run on either:
- An authorative DNS in the zone against which we are tunneling our queries. Please note that in the event of a zone having multiple DNS servers assigned to it, all queries will NOT end up at the same resolver.
- On the host assigned as the DNS server on the victim DB server
When starting the dns_server.pl script a zone for which it answer queries needs to be specified. This is done with the “-q” option. In my cheat sheet I am using the zone inj.cqure.net and therefore need to start the DNS server like this: ./dns_server.pl -q inj.cqure.net
A zip-file containing the PDF presentation, a subset of the cheat sheet I used and my small DNS server is available for download from here.
Feel free to drop me a line if you have any questions.
Posted by patrik in Security | No Comments
May. 20, 2008
Last weeks OpenSSL issues in Debian based distributions didn’t go unnoticed for most of us. The introduction of openssl-vulnkey screwed up the Network Manager based OpenVPN GUI as it does no longer properly supply the underlying daemon with the passkey correctly.
Running OpenVPN from the command line now asks for the password three times as seen below:
Tue May 20 19:37:12 2008 /usr/sbin/openssl-vulnkey -q /home/user/openvpn/key.pem
Enter pass phrase for /home/user/openvpn/key.pem:
Enter pass phrase for /home/user/openvpn/key.pem:
Enter Private Key Password:
There is a incorrect but working workaround suggested at Ubuntu launchpad:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/230197/
It suggests replacing openssl-vulnkey that is intended for checking x509 certificates with openvpn-vulnkey used for checking OpenVPN shared static keys. Replacing openssl-vulnkey with /bin/true works just as good as the suggested workaround at launchpad but obviously removes the intended check for blacklisted keys as well.
So check your keys using openssl-vulnkey, replace any keys needing replacing, make a backup of openssl-vulnkey and replace it with /bin/true TEMPORARLY. If your interested in monitoring the activity of the bug, become a subscriber at the link above. If not wait for the security update and make sure to apply it ones it’s released.
Posted by patrik in Ubuntu | No Comments
May. 9, 2008
I’ve been looking at the sweet small Asus Eee PC’s for quite some time now. I have had a hard time deciding whether to wait for the 900-series or buy the ones that are available in stores now. Giving it some thought I decided to wait for the new ones AND buy one now 
What can I say it’s a small pink beauty and so far I love it.
Posted by patrik in Ubuntu | No Comments
May. 2, 2008
Have you ever found yourself calling your collegue to show them your mad skills during an application test. Just to seconds later realize that you’re a Teletubby as session information got mixed up between browsers and you actually achieved nothing?
Posted by patrik in Testing | No Comments
May. 1, 2008
In addition to fixing some walls in our kitchen I have had the chance to work on some old tools today. First I fixed MSSQLScan so that it now handles running out of sockets and timeouts much better. Then I also had the chance to do the last touch-up on a tool (DBPwAudit) I had previously worked on that can be used to scan databases for weak passwords. DBPwAudit has an architecture that allows it to scan new databases by simply dropping a JDBC driver in the right directory and creating som simple rules in a rules.conf file. Be sure to check it out at http://www.cqure.net