Southern writes:  

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

more: UnixWiz

SECUNIA ADVISORY ID: SA47077

VERIFY ADVISORY: http://secunia.com/advisories/47077/

RELEASE DATE: 2011-12-06

DESCRIPTION: Multiple vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session. The vulnerabilities are reported in versions prior to 11.60. Read More...

Southern writes:  

CNET's Download.Com is one of the most popular (currently ranked #174 worldwide by Alexa) and longest-running (been around since 1996) major sites on the Internet. As a download repository, their key value ad was that they screened software to avoid malware, spyware, ad-ware, viruses and other harmful content that certain shady software contains. Even many security experts recommended them as a safe place to download software online. Download.Com is run by CNET, which is part of the 17-billion dollar CBS media empire. Many people assumed that a major site like this wouldn't resort to unethical monetization schemes like adding spyware and other malware to their downloads.

Unfortunately, those people were wrong. Read More...

Crypto writes:  

There have been several reports of sites being injected with a php-string. Typically code is inserted into several tables. From the information gathered so far it looks targeted at ASP, IIS and MSSQL backends, but that is just speculation at this time.

When discovered yesterday about 80 sites showed in Google, this morning about 200, by lunch 1000 and a few minutes ago 4000+. Read More...

Southern writes:  

A team of Stanford University researchers has bad news to report about Captchas, those often unreadable, always annoying distorted letters that you're required to type in at many a Web site to prove that you're really a human.

Many Captchas don't work well at all. More precisely, the researchers invented a standard way to decode those irksome letters and numbers found in Captchas on many major Web sites, including Visa's Authorize.net, Blizzard, eBay, and Wikipedia. This chart shows how successful Decaptcha was in decoding each Web site's anti-bot mechanism. The column marked "precision" shows the success rate.

This chart shows how successful Decaptcha was in decoding each Web site's anti-bot mechanism. The column labeled "precision" shows the success rate.

Their decoding technique borrows concepts from the field of machine vision, which has developed techniques to control robots by removing noise from images and detecting shapes. The Stanford tool, called Decaptcha, uses these algorithms to clean up the image so it can be split into more readily recognized letters and numbers.

"Most Captchas are designed without proper testing and no usability testing," Elie Bursztein, 31, a postdoctoral researcher at the Stanford Security Laboratory, told CNET yesterday. "We hope our work will push people to be more rigorous in their approach in Captcha design." Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

more: CNET

Southern writes:  

From www.squarefree.com
I discovered arbitrary code execution holes in Firefox, Internet Explorer, and Opera that involve human reaction time. One version of the attack works like this:

The secret word fills the blank in the sentence 'If ____ web developers would use alternate text correctly!' It is all lowercase.

The page contains a captcha displaying the word "only" and asks you to type the word to verify that you are a human. As soon as you type 'n', the site attempts to install software, resulting in a security dialog. When you type 'y' at the end of the word, you trigger the 'Yes' button in the dialog. I made a demo of this attack for Firefox and Mozilla.

Another form of the attack involves convincing the user to double-click a certain spot on the screen. This spot happens to be the location where the 'Yes' button will appear. The first click triggers the dialog; the second click lands on the 'Yes' button. I made a demo of this attack for Firefox and Mozilla.

more: squarefree