Nash's world

Tag: Servers

Demonstration of Reverse OpenSSL Reverse Heart Bleed Bug CVE-2014-0160

by on Apr.11, 2014, under Programing

heart-bleed-bug Heart Bleed is turning out to be one of the worst bugs to hit web. While sys admins every where have been rushing to fix the web facing servers. Worst of it was thought to be mitigated by patching the servers and loadbalancers that terminated the SSL connections. It has now been demonstrated that clients that use openssl is also effected and these include

  • MariaDB 5.5.36
  • wget 1.15 (leaks memory of earlier connections and own state)
  • curl 7.36.0
  • git 1.9.1 (tested clone / push, leaks not much)
  • nginx 1.4.7 (in proxy mode, leaks memory of previous requests)
  • links 2.8 (leaks contents of previous visits!)
  • links is a great example that demonstrates the effect of this bug on clients. It is a text-based browser that leaks details including headers (cookies, authorization tokens) and page contents

A malicious server can take advantage of this and copy the memory contents from an unsuspecting client memorys as demoed here

rv heart bleed demo 2

here I am trying to load a Image from one of my servers that has social media content then after i load the page i connect to a malicious server that tries to exploit this bug.

Here is the content the server was to able to grab from from the client.
rv heart bleed demo 1

As you can seen I am able to get exif data of the loaded image and partial content of image.

Here is another demo where by i try to connect to maybanklogin page. then connect to my malicious server. As you can see I am able to get the header passed by the page and partial content of the page too

rv heart bleed demo 3

rv heart bleed demo 4

Please do note this is not a bug on server side but a bug on client side so go and update your OpenSSL library asap. You can get the demo code from https://github.com/Lekensteyn/pacemaker

Enhanced by Zemanta
Leave a Comment :, , , , , , , , , , , more...

IGMH mobile/web app open for testing/usage

by on Aug.30, 2012, under News, Programing

It was one of those rare quiet morning in office (touch wood) when Naail @kudanai (http://www.kudanai.com/) pinged me about a interesting problem he had. He asked me for suggestion on scraping IGMH doctors duty roster from this ancient looking aspx page. At the time he had google app engine app and  He was attempting at the time to use YQL to rangle the data out of the page as the page was being served out of a non standard port on the server wich appengine did not like.

I suggested to him to port the app over to django proper and move the whole application over to my server. To this end we ported app over to django added some fancy (ie: stupid) caching so that we dont kill the poor server we were scraping the data from front end is built on jquerytouch and compass. API stubs are also available to any one who want to get some some sane looking data for their own apps. For access ping Naail or me (@NashRafeeg).

To to try it out for yourselves, visit: http://igmh.dot.my

Some Known Issues:
The display code is built on jQTouch, an thus inherits its flaws and shortcomings. For example, we rely on -webkit-overflow-scrolling: touch to handle the inertial scrolling. This will fail on most android devices and so on.
also, yes, we know about the “back” button issue.
The page currently doesn’t have a timed/manual refresh mechanism (which would ideally be present in the queue data view). You have to go back to home, and then back to the view in order to reload the data.

For those of you more technically inclined
The Backend is
* Nginx
* Django with FastCGI
* Mechanize
* Beautiful Soup
Front End is powered by Jquerytouch and Compass

For how we got started on this endeavor hit up http://www.kudanai.com/2012/08/igmh-mobileweb-app-open-for-testingusage.html

Enhanced by Zemanta
1 Comment :, , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...

IDL

Member of The Internet Defense League