Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

blowdart blowdart Peek-a-boo
  • Impressions of Windows 8

    @vesuvius:

  • Heartbleed

    , evildictait​or wrote

    *snip*

    It was RCE because with a web.config you get the machine key of the ASP.NET application. With the machine key of the ASP.NET application you can sign any data as part of the ViewState, which means that you can fabricate malicious viewstate which is then deserialized. And although it wasn't widely known at the time, the deserializer was vulnerable to RCE (CVE-2013-3171).

    So tl;dr is that the web.config oracle was RCE at the time if your web.config contained a machine key and used viewstates anywhere in your application.

    Even now it's more than an information disclosure; with the machine key you can still get an arbitrary file delete from the ASP.NET machine account (which isn't many files, but it isn't zero files either), and this bug has been around since at least 2012.

    Then, like I suggest, you take it up with TWC. You've said you're internal before, so you should know the routes.

  • Things to say to Cortana

    what does the fox say?

     

    (I can't get the clippy one to work though :()

  • Win Phone 8.1 beef.

    , DeathBy​VisualStudio wrote

    *snip*

    That's all well and good but I doubt that's the reason this feature was left out. The phone doesn't know you're driving.

    It can do. There's driving mode :D

  • Heartbleed

    , evildictait​or wrote

    *snip*

    It's an RCE if it's got a machine key in it and .NET <= 4.5

    Then perhaps you can ask MSRC to reclassify. The maximum security impact given to bulletins is a subject of much discussion and we always choose the most serious. Building a new auth token and having code act on it isn't an RCE.

  • Cortana, where are you?

    She is. Kinda. You just need to change your region settings. However as that switches to US bing some of the results may be wrong. And all temperatures are in stupid scale.

  • Heartbleed

    , evildictait​or wrote

     Or the web.config padding oracle that was RCE versus most IIS installs?

    That was not an RCE. That was an Information Disclosure attack. If you're going to discuss ASP.NET bugs I'd ask you get their impact right, as I'm responsible for some of that process.

  • Heartbleed

    , Bass wrote

    the only reason this vulnerability was discovered is because OpenSSL is open source.

    Not true. It wasn't discovered by code reviewing but by testing of the binaries, black box testing, as you would also do with closed source.

    http://www.latinpost.com/articles/10440/20140411/heartbleed-bug-discovered.htm

    According to Karjalainen, he and Hietamäki were testing some new features for Codenomicon's protocol test suite with a feature called Heartbeat, which sends data between servers to see if it comes back unaltered.

     

  • IE6 hate is misdirected

    , brian.​shapiro wrote

    Also, at the time, every other browser that was released didn't conform to standards, either. Firefox at first didn't. Chrome at first didn't. Safari at first didn't. Opera at first didn't. It took each of them some time to get up to code. In the mean time, web devs often had to do work-arounds to deal with the quirks of each of them. It was quite annoying.

    And then they started adding their own features, and pushing for those to become standards. Which is why HTML5 is kinda a mess. And google's HTML5 "standard" demos only work in Chrome.

  • IE6 hate is misdirected

    And third, intentionally breaking standards isn't excusable.

    This has to be the best troll I've seen this week so far.