Blog – Page 253 – Andrew Hay

HowTo's

How to disable 3rd party cookies in Firefox 2.0

November 3, 2006
Andrew Hay
1 Comment

Found an interesting blurb on the Mozillazine Forums:

You used to be able to set this via the standard user interface pre-2.0 but now you must go to the address bar and type:

about:config

You can then search for the following string:

network.cookie.cookieBehavior

change the value from 0 to 1 and restart Firefox.

This will prevent the transfer of cookie information from site-to-site. (i.e. msn.com reading your google.com cookies)

News

OllyStepNSearch v0.6.0

October 30, 2006
Andrew Hay
No Comments

Didier Stevens has released a new version of his OllyDbg plugin called OllyStepNSearch.

About OllyDbg:
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

More information can be found here.

About OllyStepNSearch:
This plugin allows you to search for a given text when automatically
stepping through the debugged program.

When the plugin is enabled, it will step automatically through the debugged
program once a step command (like Step Into) is issued.

More information can be found here.

Here is a movie of this example on YouTube, a High Res (XviD) version can be found here.

The “Less Than Zero Threat”

October 24, 2006
Andrew Hay
No Comments

Interesting article (part 1 / part 2) by Alan Shimel on the concept of the “Less Than Zero Day Exploit”.

From the article:

Once a vulnerability is publicly announced, the zero-day clock starts ticking. The announcement is typically followed by some period of time before a patch is made available. This is the Zero-Day period. According to accepted wisdom, organizations face the greatest danger when an attack or exploit targeting the vulnerability is verified in the “wild.”
Some believe this is a flawed argument. As evidence, they point to “underground” vulnerabilities and exploits that are equally as dangerous and much more difficult to detect and protect against because they are “unknown.” At StillSecure we call this class Less-Than-Zero Threat. The chart below shows the relationship between the Less-Than-Zero threat and the Zero-Day threat and the level of risk they pose to the organization. It also takes into account such factors as responsible disclosure, patch deployment, etc.

The conclusion:

Zero-Day, Less-Than-Zero, patching, exploits…the world is a dangerous place. While our attention has been focused by some security vendors and the press on the Zero-Day attack, the Less-Then-Zero threat is also significant enough to warrant your attention and resources. The reason you don’t hear a lot about this type of attack is because the majority of vendors don’t have a silver bullet to sell you for solving the problem. There is still no substitute for good, old-fashioned, best practices in security.

I completely agree with Alan’s final statement. No product is a substitute for security best practices.