Why is Address Space Layout Randomization not effective against the Open SSL Heartbleed Vulnerability?

My understanding is that ASLR randomly arranges the key data areas of a process, and so reading contiguously above a buffer as is done in heartbleed would not be enough to achieve the exploit.

Continue reading Why is Address Space Layout Randomization not effective against the Open SSL Heartbleed Vulnerability?

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

Oracle pushed out an emergency update for vulnerabilities dubbed ‘JoltandBleed’ affecting five of its products that rely on its proprietary Jolt protocol. Continue reading Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

SSL Vulnerabilities Detected by A2SV

  • [CVE-2007-1858] Anonymous Cipher
  • [CVE-2012-4929] CRIME(SPDY)
  • [CVE-2014-0160] CCS Injection
  • [CVE-2014-0224] HeartBleed
  • [CVE-2014-3566] SSLv3 POODLE
  • [CVE-2015-0204] FREAK Attack
  • [CVE-2015-4000] LOGJAM Attack
  • [CVE-2016-0800] SSLv2 DROWN

Planned for future:

  • [PLAN] SSL ACCF
  • [PLAN] SSL Information Analysis

Installation & Requirements for A2SV

A.

Read the rest of A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed now! Only available at Darknet.

Continue reading A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed

Free as in Beer, or the Story of Windows Viruses

Whenever there’s a new Windows virus out there wreaking global havoc, the Linux types get smug. “That’ll never happen in our open operating system,” they say. “There are many eyes looking over the source code.” But then there’s a Heartbleed vulnerability that keeps them humble for a little while. Anyway, at least patches are propagated faster in the Linux world, right?

While the Linuxers are holier-than-thou, the Windows folks get defensive. They say that the problem isn’t with Windows, it’s just that it’s the number one target because it’s the most popular OS. Wrong, that’d be Android for the last …read more

Continue reading Free as in Beer, or the Story of Windows Viruses