Custom URL Schemes; Skimming Trends; #Apple T2 Chip Update; #MSFT APT for MacOS @IntelAdvanced @zer0pwn
My Next Class
| Intrusion Detection In-Depth | San Antonio | May 28th - Jun 2nd 2019 |
| Defending Web Applications Security Essentials | Munich | Jul 1st - Jul 6th 2019 |
Dangers of Custom URL Schemes
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
Get a free ISC sticker (login required):
https://isc.sans.edu/sticker.html
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
Get a free ISC sticker (login required):
https://isc.sans.edu/sticker.html
iTunes
MP3 Download
RSS Feed
Google Play
Stitcher
Podbean
Amazon Echo
YouTube
Spreaker
iOS App
Spotify
Discussion
The Shibboleth vulnerability is quite interesting. In their example, the SAML signature covers the entire and they've made modifications to it (the changes to the uid) that should cause the signature to fail validation. This vulnerability speaks to larger architectural issues with Shibboleth. Obviously the signature validation is happening on a DIFFERENT document (the inline DTD defs are resolved and replaced) than the attribute extraction code works on (the inline DTD variables are not replaced). This is a HUGE no no and leads to the confused deputy issues that caused the vulnerability. I would bet other SP SAML parsing code is making similar mistakes.
Posted by Anonymous on Tue Jan 16 2018, 16:54
Login here to join the discussion.
| Intrusion Detection In-Depth | San Antonio | May 28th - Jun 2nd 2019 |
| Defending Web Applications Security Essentials | Munich | Jul 1st - Jul 6th 2019 |
| Intrusion Detection In-Depth | London | Jul 8th - Jul 13th 2019 |
| Intrusion Detection In-Depth | Boston | Jul 29th - Aug 3rd 2019 |
| Defending Web Applications Security Essentials | San Jose | Aug 12th - Aug 17th 2019 |
| Defending Web Applications Security Essentials | Arlington | Aug 14th - Aug 19th 2019 |
| Defending Web Applications Security Essentials | Brussels | Sep 2nd - Sep 7th 2019 |
| Intrusion Detection In-Depth | London | Sep 23rd - Sep 28th 2019 |
| Intrusion Detection In-Depth | Chicago | Oct 9th - Oct 14th 2019 |
| Defending Web Applications Security Essentials | San Francisco | Dec 2nd - Dec 7th 2019 |
