Skip to main content

BlackHat Presentation on ATM hack withdrawn

Juniper's Researcher Barnaby Jack was to present a talk on how a flaw into ATMs of a particular vendor can be exploited. The talk was to be presented into BlackHat Las Vegas. The show was cancelled on the request of the affected vendor which sought some time to fix up the flaw. Juniper too agreed that the talk would have far reaching impact on ATM security. They are offering help to ATM vendors to fix up the flaw found in Jack's research.

This is not the first time a Black Hat presentation was withdrawn. In 2005, Cisco and Internet Security Systems (ISS), now owned by IBM, threatened to sue researcher Michael Lynn just hours before he was to deliver a talk about vulnerabilities in the Cisco IOS. Lynn quit his job at ISS and proceeded anyway. Soon after, he settled with the two companies, essentially promising not to further discuss the exploit.

Last year Jeremiah Grossman and RSnake too delayed their presentation on Clickjacking after they received request from Adobe.

In 2007, security services consultant IOActive bowed to pressure from HID Global to withdraw its presentation. IOActive's director of research and development, Chris Paget, had planned to demonstrate security weaknesses in HID's RFID technology.


Popular posts from this blog

SQL Injection in search field

Earlier I had written about performing SQL injection in search field and how to do a DoS attack and privilege escalation using 'Like' operators. Now another SQLi exploitation I came across recently. That too in the search field. This becomes important as lots of people don't pay much attention on the search forms/ fields in the application. My aim is to show that a search form can also be exploited with SQL Injection. The following queries are based on a real world exploitation. The steps and data are for just illustration purpose only. Suppose, the search form provides the details of users who have accessed the application some time and their login time details etc, we just need to provide their name in the search box provided. All the data were being going as Post request. So, to just fingerprint the database, I provide, 'nil'+'esh' in the search field and it successfully gives me the results. That means the database behind the application is concatenat…

File Upload through Null Byte Injection

Sometimes, during file upload we come across situation wherein there would be check on the file extension at the client side as well as server side too. If the application does allow only .jpeg extension to be uploaded, the client side java script checks for the extension of the file before passing the request. We all know that how easily this can be defeated.
Some applications, checks for the extension at the server side also. That's not easy to bypass. However there are some ways with which it still can be bypassed. Most of server side scripts are written in high level languages such as Php, Java etc who still use some C/C++ libraries to read the file name and contents. That leads to the problem. In C/C++ a line ends with /00 or which is called Null Byte. So whenever the interpreter sees a null byte at the end of the a string, it stops reading thinking it has reached at the end of the string.
This can be used for the bypass. It works for many servers, specially php servers. Th…

Insecure protocols

Some basic insecure protocols and risk associated with them: