Showing posts with label offbeat. Show all posts
Showing posts with label offbeat. Show all posts

Feb 20, 2008

No credit = exploit

by Eduardo Tongson filed under , ,

Because Microsoft refused to credit the researcher who reported MS08-011/CVE-2008-0108 a corresponding exploit was publicly released. A person or group going by the name chujwamwdupe chujwamwdupe posted the exploit to Full-disclosure.

Unfortunately, Microsoft has refused to credit you using the name you requested.

I think there's a mixup in the iDefense Labs advisory, unless sillypea is chujwamwdupe. The CREDIT section says:
This vulnerability was reported to VeriSign iDefense by sillypea.

The acknowledgments on the Microsoft bulletin says:
VeriSign iDefense VCP for reporting the Microsoft Works Converter Overrun Vulnerability (CVE-2008-0108).

Microsoft flagged the pseudonym as offensive. This is similar to what happened when Manuel Santamarina Suarez aka FistFuXXer reported MS06-059/CVE-2006-2387. They had to drop FistFuXXer in the bulletin.

I wonder what does the polish word chujwamwdupe really mean ?

2 comments Links to this post

Feb 16, 2008

OpenDNS proxying

by Eduardo Tongson filed under , , ,

An old issue but new to me. Their supposed to be reason for doing this is ridiculous. 

$ dig @resolver1.opendns.com www.google.com

; <<>> DiG 9.4.1-P1 <<>> @resolver1.opendns.com www.google.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3375
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.   IN A

;; ANSWER SECTION:
www.google.com.  30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.67.216.230
google.navigation.opendns.com. 30 IN A 208.67.216.231

;; Query time: 336 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Feb 16 17:36:09 2008
;; MSG SIZE  rcvd: 104

No official statement from OpenDNS on why they continue doing this. I wonder what other cnames are they spoofing. I call shenanigans on OpenDNS. Stopped using and recommending them.

0 comments Links to this post

Feb 13, 2008

Have you seen her?

by Eduardo Tongson filed under ,

If you ask me I have seen her countless times. I don't know her name and maybe she doesn't know she's very popular. If you don't know what I'm talking about read up on domaining and click fraud.

Domaining is the business of acquiring domains for no actual use besides generating revenue through pay per click advertisements. Generic domains and domains that has been deleted but still retains substantial traffic are commonly abused. Revenues from pay per click advertising is seen as an incentive for click fraud.

I performed a DNS lookup on a particular website I wanted to visit recently but is now used for pay per click advertising. I don't know if its sniped, kited or it's not really the URL of SABAGsecurity.

$ dig @8.15.231.113 sabagsecurity.com

; <<>> DiG 9.4.1-P1 <<>> @8.15.231.113 sabagsecurity.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22644
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sabagsecurity.com.  IN A

;; ANSWER SECTION:
sabagsecurity.com. 3600 IN A 8.15.231.100

;; Query time: 260 msec
;; SERVER: 8.15.231.113#53(8.15.231.113)
;; WHEN: Wed Feb 13 16:46:16 2008
;; MSG SIZE  rcvd: 51

Besides hotelcasadeplaya.net, 0-360.net, 00products.com and sabagsecurity.com her sweet smile is featured on another 11,526 domains on that IP alone, disregarding the wildcard DNS records.

1 comments Links to this post

Subscribe to: Posts (Atom)