Thursday, June 28, 2007
Maia Mailguard Security Risk Advisory
SNOsoft has discovered a high risk vulnerability in Maia Mailguard version 1.0.2 that makes it possible for an attacker to execute arbitrary commands on the affected system. The advisory will be published on Netragard's website shortly. Until then users of the Maia Mailguard web application should suspend use or add .htaccess capabilities to the web server to mitigate the risk of compromise.
Monday, June 18, 2007
SNOsoft SILC
For those of you that are participating in our Exploit Acquisition Program please contact simon@snosoft.com for information on how to access our new Secure Internet Live Conferencing (SILC) server for discussing your research in a secure way. Don't try scanning for the server yourself because you won't find it and your IP address will be banned. If you have any new research or items that you would like to submit, please fill out an EAF and email it to simon@snosoft.com.
Thursday, May 24, 2007
How secure are security appliances?
We've started focusing on the security of appliances that are installed in corporate and government networks. To our amazement most of these appliances are more insecure than the operating systems and software that we've (being the security industry) been picking on so aggressively. In fact, we are looking at one appliance right now that is made up of software, that is unpatched, and dates back as far as 5 years. This particular appliance is vulnerable to at least 28 critical known security issues, and god knows how many other "unique" issues. Expect to see advisories from us in the future specifically focused on security appliances.
Wednesday, May 23, 2007
Mac Security
Adriel Desautels, Netragard's CTO was interviewed by ZDNET with regards to his opinion on the security of Apple OSX. Click here to read the interview.
Monday, March 19, 2007
McAfee VirusScan for Mac (Virex) - local root compromise
Netragard has released another vulnerability. This time it is a local root compromise using McAfee VirusScan for Mac. Granted this isn't all that exciting but if you're at all interested it can be found here.
http://www.netragard.com/pdfs/research/NETRAGARD-20070220.txt
http://www.netragard.com/pdfs/research/NETRAGARD-20070220.txt
Friday, March 16, 2007
FrontBase Database Advisory
Kevin Finisterre found a FrontBase Database <= 4.2.7. buffer overflow vulnerabilitiy that was recently released by SNOsoft on Netragard's website. This particular vulnerability enables an attacker to gain remote access to a system. The official advisory (that contains working Proof of Concept) can be found here.
Thursday, February 1, 2007
@Mail Webmail Security Research
The SNOsoft Research Team recently performed a light weight security assessment of the @Mail Webmail product. @Mail is very much like OWA with respect to look, feel and functionality. The result of this research project was the discovery of two bugs in the product. These bugs were released as formal advisories by Netragard and can be viewed below:
http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt
http://www.netragard.com/pdfs/research/ATMAIL-XSS-NETRAGARD-20061206.txt
http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt
http://www.netragard.com/pdfs/research/ATMAIL-XSS-NETRAGARD-20061206.txt
Thursday, January 4, 2007
Month of Web Application Bugs (MOWAB)
Inspired by Kevin at digitalmunitions who also happens to be the Chief Research Officer at Netragard L.L.C., one of the original founders of SNOsoft, and his current Month of Apple Bugs (MOAB), SNOsoft will be working to produce the Month of Web Application Bugs (MOWAB). Any researchers interested in participating should email me directly at simon@snosoft.com, or just post a comment to this blog.
I should note, credit for this idea goes to Titon...
I should note, credit for this idea goes to Titon...
Subscribe to:
Posts (Atom)