Wednesday, May 26, 2010

MouseGlove: 4962 Visits in one Week !

Today I wanna thanks to all the people who have visited in the last week MouseGlove website. I received 3 collaboration emails and one email from a group of Students that wanna upgrade the project. I am so glad about that :D.

Now, please continue to ask questions, ask sources and explanations about the used hardware, I am more then happy to answer you. Of course I am glad to receive collaboration proposals from companies which want my advice to build a better version of MouseGlove. All you need to contact me and to upgrade the project is on the web site under "Contribute Section". Thanks again.

Tuesday, May 25, 2010

New RoboAdmin Version

Hi Folks,
the new RoboAdmin version is available to . Very soon will be available for free a VMware Virtual Machine (Ubuntu 10) within the GUI version of RoboAdmin pre-compiled.

Actually we're doing experiments on the different bundles to come up with different scenarios depending on which system RA is going to administrate. The results are really not bad, it's pretty fast and pretty cheap, in term of CPU, Memory and Threads. Take a look to the following graphs which explain what already said:

In the loading phase we are under 2%. The Loading phase is when RoboAdmin loads the selected bundles into memory. It performs: Loading, Service Connection, Authentication and Session Creation. Again everything under 2% CPU.

As you see we don't generate much entropy at all :D. We don't mess up the Memory layout by creating few threads.

Even during the "user simulation phase", where Eliza intelligence starts up running is old and weak IA algorithm, RoboAdmin is under 5% of CPU usage.

And finally during the code execution phase we are below 6% ! The execution phase is the most important and, of course, expensive one. RoboAdmin needs to translate the administrator will into computer commands and has to send back the command results to the administrator, using the predetermined private channel.

So far so good. I will post the paper as soon as possible for whom is interested on the project.
Stay tuned . . . . . .

Tuesday, May 18, 2010

Browser Measurement (aka: How Unique is your Browser?)

Hi Folks,
today I wanna point out this exhilarating paper written by Peter Eckersley (Electronic Frontier Foundation )
We investigate the degree to which modern web browsersare subject to \device ngerprinting" via the version and con guration information that they will transmit to websites upon request. We implemented one possible ngerprinting algorithm, and collected these ngerprints from a large sample of browsers that visited our test side, We observe that the distribution of our ngerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its ngerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample. By observing returning visitors, we estimate how rapidly browser ngerprints might change over time. In our sample, ngerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a ngerprint was an \upgraded" version of a previously observed browser's
ngerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.
We discuss what privacy threat browser ngerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a tradeo between protection against ngerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti- ngerprinting privacy technologies can be self- defeating if they are not used by a su cient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.

Some self explanatory results (Click on the Image to enlarge) :

We identi ed only three groups of browser with comparatively good resistance to ngerprinting: those that block JavaScript, those that use TorButton,and certain types of smartphone. It is possible that other such categories exist in our data. Cloned machines behind rewalls are fairly resistant to our algorithm, but would not be resistant to ngerprints that measure clock skew or other hardware characteristics.

Finally, I really enjoyed this reading, it's well documented and it's easy to follow. The research process that they followed is complete in term of experiments, results and strong hypothesis and fair conclusion. In the past 5 months I reviewed 5 journal articles but none satisfied me. Finally I found a very nice paper that I totally suggest.

Friday, May 14, 2010


Do you wanna find more stats on CVE such as: what years with more vulnerabilities or what company had more vulnerabilities and so forth ?

Welcome to This is an effort to provide an easy to use web interface to CVE vulnerability information. You can browse for vendors, products and versions and view cve security vulnerabilities related to each of them. You can view statistics about vendors, products and individual versions of products. CVE details are displayed in a single, easy to use page, see a sample here.All data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology except vulnerability type information. Vulnerabilities are classified by using keyword matching and cwe numbers if possible, but they are mostly based on keywords. Please see for more details. All CVSS scores listed on this site are "CVSS Base Scores" provided in NVD feeds. Vulnerability data are updated daily.

Lets try some basic queries. Firs of all I am interested on what year has seen more vulnerabilities.

2006 and 2007 are very close each others and pretty far from the other years. We can deduce that the security measures has been incremented over last past years.. not so bad after all...
Now What about the vulnerability type ?

That's interesting, "execute code" is much more then other categories... Well to me it's quite obvious, the Code Execution is not really a vulnerability, is more a conseguence of a vulnerability. The real vulnerability is what allowed the code execution like Buffer Overflow or File Inclusion or Memory Corruption atc..In fact using this categorization it will be ever bigger then others. But anyway, let's go on. My next interesting query is what are the first top 20 Vendors ? Here we go !

Alright, as we might aspect the vendors are also in "how they are spread" order. Microsoft has the most spread products (so far), then Apple, SUN, IBM etc.. Concluding, this is an amazing place to go to keep upgraded your knowledge about security. Often you will hear from companies let's use Apple which is the most secure platform ... well actually is not true.. Debian is much more ! You will always have a good understanding and a pretty nice perception on which are the most secure platforms, knowing what to suggest from time to time.

Monday, May 10, 2010

window.parent.close() -> code execution.

Hi folks,
today another very didactical 0day has been released. It affects Apple Safari window.parent.close() function.


The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected.

The Exploit (click for enlarge):

Exploit Hight lights

(1) The vulnerable Function:

(2) Buffer Preparation:

(3) Memory Inclusion

I believe this is another interesting example of pointer manipulation (or if you wanna see from the other side, Buffer Overflow ) vulnerability. I wrote this post to remember this example for my next class (Fall 2010).

Sunday, May 9, 2010


Hi Folks,
today I am going to present a new tool (at least for me) for presentation purposes, it 's called Prezi. Sometimes might happen that you got a very excellent idea, but since the way you are presenting-it is quite boring, the audience try to be distracted from the environment. The communication is a very important step of you research, it should be entertaining, direct and incisive. The Prezi's concept is rather cool. Instead of presenting information linearly over a series of slides, the information is actually all on one whiteboard. You then zoom in and zoom out to different elements and pan around. The goal is similar to Timeline 3D, your viewer always knows the context of the data, how it relates to other elements. This makes it simpler for people to see and understand the big picture. You can find out more "show cases" here

This is one of my favorite

Thursday, May 6, 2010

ePart 2010: Switzerland I am coming !

Hi Folks,
ePart 2010 accepted the paper that Marco Prandini and I wrote on Applied Penetration Testing Methodologies, titled: An integrated application of security testing methodologies to e-voting systems . The paper will be published on Springer LNCS proceedings.

From 29 August to September 2 we will be in Lausanne (Switzerland). I know that some of my readers are from Switzerland (in particular from Zurich, not so far from Lausanne), so if you like to have a meeting all together in Lausanne or nearby, please contact me, we'll organize a "security" dinner/lunch.

Tuesday, May 4, 2010

Spirit: Jailbreak iPAD

Hi Folks,
today I wanna share this unique tool SPIRIT: the universal Jailbreaker. It works with iPhone (3.1.1, 3.1.2, and 3.2), iPod and iPad !

What's Spirit?

Spirit is an untethered jailbreak for iPad, iPhone, and iPod touch on the latest firmwares. Spirit is not a carrier unlock. If you currently are using a tethered jailbreak, you have to restore to use Spirit. Do not upgrade if you use an unlock on an iPhone 3G or 3GS. (You can, however, restore to 3.1.2 if you have SHSH blobs for that version.) Requirements Any iPad, iPhone, or iPod touch on firmware 3.1.2, 3.1.3, or 3.2. An activated device: one not stuck on the Connect to iTunes or Emergency Call screen. Any version of iTunes 9 (including 9.1.1). Syncing with iTunes before trying this is highly recommended. (An issue has been reported where Spirit deletes the photos on the device. I will investigate this; in the meantime, please make sure your photos are backed up.)