Publications
MWR InfoSecurity work with the CPNI (Centre for the Protection of National Infrastructure) to publish security advisories (formerly known as UNIRAS Alerts) which we discover via client assignments or research projects. These advisories disclose and discuss vulnerabilities in systems which are in widespread use and CPNI then liaise with the vendors to secure the application in question. The disclosure of these vulnerabilities gives CPNI the ability to provide timely information concerning potential IT security problems that could affect the Critical National Infrastructure community.
The work of CPNI is underpinned by the principle of responsible disclosure. Information is released to stakeholders at the appropriate time, with the aim of minimising any possible disruption from the threat.
Further information on the work of the CPNI can be found at www.cpni.gov.uk
Recent advisories produced by MWR InfoSecurity are listed below in date order. On this page you can also find recent presentations and White Papers from MWR InfoSecurity consultants.
Full TextHashCookies - A Simple Recipe
May 07, 2009
Since HTTP is stateless it utilises sessions in order to track a user’s state when using web based applications. Several vectors which exist which could permit an attacker to gain access to a user’s session and so could result in compromise of the users account or other sensitive information. The use of a changing and expiring session ID can enable a user’s session to be protected from a number of attacks. By transmitting a random salt to a web browser the web browser is able to use this salt in order to generate a new cookie by hashing information which only the web browser and web server know; this cookie is a HashCookie. Provided the salt is protected during the initial exchange, or an attacker is not in a position to intercept this communication, then in all instances even if an attacker is able to obtain a valid session ID for a user of a web based application the use of HashCookies would provide them no leverage over the user’s session. Implementation requires HashCookie support from both the web browser and web server.
Presentation: DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks
Nov 15, 2008
Rafael Dominguez Vega presented at DeepSec 2008 about his research into attacking administrative web interfaces. His talk included demonstrations of these kinds of attacks through SSID and DHCP script injection vulnerabilities discovered by in the course of his research. The slides for this presentation are available from the download link above.
Presentation: DefCon16 - Virtually Hacking
Aug 12, 2008
On Friday 8th August 2008 MWR InfoSecurity's John Fitzpatrick presented the talk 'Virtually Hacking' at DefCon 16 in Las Vegas. The presentation looked at VMware security and can be downloaded using the link provided above.
White Paper: Behind Enemy Lines: Administrative Application Attacks
Jul 31, 2008
A white paper was released by MWR InfoSecurity discussing the security implications of administrative web applications.
This explains how the use of alternative protocols (such as DHCP and 802.11) can be used to perform web based attacks. The white paper also explains the different methods available for exploiting these issues in practice, and details how tools can be built to test and exploit them.
The paper is based upon original research by Rafael Dominguez Vega and can be downloaded using the link provided above.
White Paper: IBM WebSphere MQ Security Part 1
May 06, 2008
The first in a series of white papers discussing IBM WebSphere MQ security has been released by Martyn Ruks of MWR InfoSecurity.
IBM’s WebSphere MQ is a widely used and respected middleware application for handling messaging within an enterprise network. Its popularity and level of adoption arises from its robustness, scalability, functionality and compatibility with a wide range of platforms and applications. Whilst the software has a large number of security features the complexity of the environments within which it operates often results in it being poorly configured. This environmental complexity and the richness of the product’s feature set can make it an attractive target to attackers. In an era when “front-end” web applications and “back-end” databases are subject to increasingly intensive security testing the weakest link in an application can now often be found in the middleware.
Applications that are not well documented within penetration testing manuals and for which there is no well defined testing toolkit available can often be brushed over during a penetration test. However, a skilled attacker will not concern themselves with such limitations and could exploit any vulnerabilities that are present in the system with devastating effect. This paper documents the results of research and investigation into WebSphere MQ systems and introduces a methodology for assessing the security of the software product from the perspective of a penetration tester.
It has been discovered that WebSphere MQ environments can be secured but this is not a trivial process and a detailed understanding of the technology is required. The information included within this document can be used to understand the requirements of those people who are responsible for the security of such environments.