Archive for November, 2007

The Best Sweater for Riding, Running, Training + Chilling from Pearl Izumi

November 27, 2007

Over Thanksgiving, we went up to Tahoe to cook and chill with friends. Every time we go to South Lake, we stop in at the Pearl Izumi outlet to see what sort of wicked deals they have. For those of you living under a rock for the last 20 years, Pearl Izumi is probably (IMHO) the BEST gear for riding, running, training, living, etc that one can own. Their apparel is an excellent fit (assuming you take care of yourself) and will just about last forever if you take care of it.

During this trip, Lauren (the spunky manager of the store) pointed me toward a sweater in particular that had me drooling. Dubbed the Woolie Mammoth Long Sleeve Jersey. It’s simply something that you want to live in non-stop. Sporting two-toned ribbed (gotta love ribbed) Merino Wool, I’ve basically been wearing it non-stop since coming back Friday night. SO DAMN NICE!

pearl_izumi_woolie_mammoth.jpg

Lauren has a bunch in stock and will ship anywhere you need for a $4 (yes I did say $4) flat-rate. Check out their site for more info and how to contact her. They regularly post deals as they get new shipments.

If you get a chance to roll in there, do so. She’s super nice and will set you up with killer gear…AND since it’s an outlet, you get away with sub-Amazon prices.

Advertisements

Injection attack vulnerability in phpMyAdmin w/ fix

November 12, 2007

phpMyAdmin

Over the last several weeks Jason Lidow of DigiTrust Group and I have been chatting back-and-forth about a number of vulnerabilities he and his team have been finding in open-source packages using MySQL and PHP. In particular, his DigiTrust Group guys have been uncovering a gaggle of exposures in phpMyAdmin, the most widely used control panel for managing MySQL from virtual hosts (I use it on more than a couple of my web apps).

Over the weekend, Jason sent over an issue that piqued my interests. It details potential injection attacks in phpMyAdmin. I hate these things. They’re dirty, and I don’t mean in the good way. The attack described would let normal users take over administrator’s accounts..

This one in particular is more evil than others I’ve come across as it’s a one-time action with an evergreen effect.

The phpMyAdmin folks have developed a patch/fix for the exposure and is now available at http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7.

The super-geeky report of the vulnerability is available here:
http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html.

To read more about Jason’s crack team go here http://www.digitrustgroup.com. These guys are probably the best I’ve seen at what they do (they actually scare me a little). DigiTrust Group has, over the last several years, turned from a few wunderkind genius hacker types to a serious consulting org that works for everyone from Fortune 1000s to small and medium-sized companies as they grow and need help finding potential IP and infrastructure exposures.

What’s an injection attack???:

This type of XSS vulnerability is also referred to as a stored or persistent or second-order vulnerability, and it allows the most powerful kinds of attacks. It is frequently referred to as HTML injection. A type 2 XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server (in a database, filesystem, or other location), and later displayed to users in a web page without being encoded using HTML entities. A classic example of this is with online message boards, where users are allowed to post HTML formatted messages for other users to read.

These vulnerabilities are usually more significant than other types because an attacker can inject the script just once. This could potentially hit a large number of other users with little need for social engineering or the web application could even be infected by a cross-site scripting virus.

The methods of injection can vary a great deal, and an attacker may not need to use the web application itself to exploit such a hole. Any data received by the web application (via email, system logs, etc) that can be controlled by an attacker must be encoded prior to re-display in a dynamic page, else an XSS vulnerability of this type could result.