lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 31 Mar 2011 06:42:56 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Vulnerabilities in *McAfee.com

Thanks for all your inputs and discussions.

We believe keeping these information as secret is unethical and irresponsible.

----------------------------------------------------------------------------

For those who think/criticize we're unethical /illegal,

there is so-called "Passive Scanning" technique in security testing.

Passive scanning (a.k.a Passive Reconnaissance) is basically examining
web site work flows and its involved source codes for identifying
vulnerabilities without ever attacking the target itself.

Contrary to what most of people think, passive scanning allows
everyone to audit any web sites without breaking the laws and without
alarming firewalls in-front.

Basically it starts as:

1. Do Google Hacking and look for potential information leakage. (Most
of the tools allow you to add your own GH Dorks).

2. Browse the target web site with a scanner that has passive
vulnerability scanning capability -  ratproxy, zaproxy, webscarab,
fiddler+watcher,/ burp-pro or you name it
    Also use meta data extraction tools. And look for potential
information leakage & others

3. Examine all contents of JavaScript & decompiled Flash/Silverlight/Java Applet

4. Look for common vulnerable points and mis-uses
    e.g., for JS files, examine calls like document.URLUnencoded,
document.referer, document.location, window.location,
location.href,document.URL ...etc


Passive scan is just a small subset of assessment realm. Findings are
very limited.

Our recent disclosure of Plesk open redirect flaw was a result from
purely passive scan on a static HTML web site -
http://yehg.net/lab/pr0js/advisories/%5Bplesk_7.0-8.2%5D_open_url_redirection

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ