Interesting Links 2/19/2013

Posted by Alex, Comments

Interesting Links has been on a bit of a hiatus, but the interesting links have just kept coming, so we're bringing this back for the moment.

1) The last few weeks have been a pretty terrible time to be a ruby on rails admin with the vulnerabilities just pouring down, but this vulnerability found by joernchen of Phenoelit is potentially the most interesting. It has what could be the makings of a new bug class for dynamically typed languages if MySQL doesn't change it's behaviour. My current conspiracy theory on where this is going to crop up next is apps in dynamically typed languages which explicitly parse JSON (or similar) and put the results into parameterised queries.

2) Rich Lundeen continued to beat up ASP.NET MVC's CSRF protection and tease us with content for his BlackHat EU talk that I'm definitely looking forward to.

3) Mathew Green made a post about why he hates CBC-MAC, which taught me some new crypto tricks for breaking systems that use CBC-MAC. It's amazing how much real cryptographers actually know about cryptography

5) The Azimuth Security blog made a comeback with two posts dissecting phone jailbreaks, with Tarjei Mandt on the evasi0n jailbreak for iPhones and Dan Rosenberg on the Framaroot jailbreak for some Android handsets.

6) While Java was the new hotness a few weeks ago a few people published a lot of interesting research on attacking the JVM from an Applet context, but one particular report from Security Explorations caught my eye for section 3.4 Remote, Server-Side Code Execution which is a pretty short read and worthwhile for anyone hacking Java code.

7) While rooting around Mozilla's wiki I found that they're currently prototyping a client-side XSS Filter for Firefox. This is obviously a tricky and dangerous path, but hopefully they will learn from the mistakes of other browsers and have an easier time implementing it.

8) On the topic of browser XSS filters, Gareth Heyes has a post about about about some bypasses he and Mario Heiderich found in Chrome's XSS Auditor.

9) Julien Tinnes sent an email to oss-sec containing an exploit for a linux kernel race condition that seems pretty neat