The Github enterprise SQL scare, malware that lives in your browser, Dan’s mail server war story, your feedback, a righteous roundup & more!

Note: This is a shorter episode because the hosts are new and the first recording was also a double episode recording, expect them to get longer as the guys get more comfortable!

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Malware hosted in your browser

  • Last show, we talked about malware, blocking it via URLs, and malware which spoofs the domain names, thereby bypassing many URL-based filters.
  • This show, we have an instance of malware which completely defeats all of the above, in a very simple and clever way.
  • A common way to steal credentials is hosting a webpage which looks a lot like the real thing. Google, Facebook, Paypal, etc are all targets of this. It is simple to do. Just throw up a web page, and start directing people to it.
  • Lots of ways to defeat this with conventional tools
  • This method bypasses all those tools
  • Tom Scott tweeted about malware he received via email.
  • when you click on the link, you get what appears to be a Google Login page.
  • The URI is of the form: data:text/html,https…… lots of spaces <script src=date:text/html;…. etc
  • However, it is hosted entirely within your browser
  • Matt Hughes reportrd that Andriod actually tries to autofill his Google account credentials on that data URI
  • This has been around at least a year, and was written about by linkcabin
    spoofs the login page by hosting it in your browser.
  • Suprisingly common and is often using to phish Google or Paypal

Bug Bounty – GitHub Enterprise SQL Injection

  • This story involves responsible research and disclosure by Orange Tsai
  • GitHub Enterprise is the on-premises version of GitHub.com that you can deploy a whole GitHub service in your private network for businesses
  • You can get 45-days free trial and download the VM from enterprise.github.com.
  • Code is downloaded, configured, and observations begin.
  • GitHub uses a custom library to obfuscate their source code. If you search for ruby_concealer.so on Google, you will find a snippet in a gist.
  • The first two days are getting the VM running etc.
  • Day 3-5 are learning Rails by code reviewing.
  • On 6, an SQL Injection is found

Feedback:

War Story:

Round Up:

Question? Comments? Contact us here!