I had a funny thought while talking with some folks from Intel about what the future state of of information security would look like and how that relates to what our favorite nerdy show, Star Trek, has to say on the topic. This is meant to be a funny post, but there may be some truth buried in here somewhere too.

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality. The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication.

Opera Unite, the upcoming version of the Opera browser has a strong vision to change how we look at the web. For those who are unknown to this radical technology, it extends your browser into a full-blown collaboration suite where you can chat with people, leave notes, share files, play media, host your sites, etc. (Wow!!). Opera Unite comes bundled with a bunch of standard services such as Fridge (Notes), The Lounge (chatroom), etc. It is important to understand that these services have two distinct views. One view is of the Service Owner, who installs, customizes and runs these services on his or her computer. The service owner and the computer running these services have associated identifiers. By default, computer name is “home”. So, your administrative homepage is http://admin.home.uid.operaunite.com/. Remember that even though the protocol of communication looks like http, it is not. Opera relays all traffic using a proprietary ucp protocol (encrypted) to asd.opera.com and auth.opera.com (no protocol details except here). The other view is of the Service Page which is used by your users (friends, customers, etc) to access your selected content. These trusted users can access your services from any browser (not just opera unite) and uses the plain http protocol. The service homepage is http://home.uid.operaunite.com/. I was fascinated by this idea, so I decided to look at the security aspects of the product (while it was in beta). Here are my findings in no particular priority order (tested on 10.00 Beta 3 Build 1703). I am including the PoC in their respective sections. Remember to change “home” with your computerid and “infernosec2” with your userid.

By now, most readers will be familiar with the local kernel exploit recently posted. This vulnerability, which affects the 2.6.30 kernel is interesting in a number of ways. This article will look in detail at how the exploit works and the surprising chain of failures which made it possible.

Shoulder surfing isn't very common, and cleartext passwords greatly reduces errors. It has long annoyed me when I can't see what I type: in Windows logins, in PGP, and so on.

Since the Twitter API credentials are stored in the DOM of the Bit.ly website after having logged in it's possible to extract the data via JavaScript and use it in later requests.

Default Password

This ZIP file provides a web page and associated computer code that can be used to remotely take control of any computer system running the Green Dam software. The only requirement is that the user is enticed to look at a site hosting a copy of the exploit page.

When questioned by Teachers TV, teachers complained about a five-page briefing on using glue sticks and being told to wear goggles to put up posters.

Highly sensitive details of a US military missile air defence system were found on a second-hand hard drive bought on eBay.