The latest update for Adobe Flash fixes a handful of security flaws. However, this update also changes how the cross-domain socket policy is enforced. The result is that many Flash applications (such the BPS-1K and BPS-10K user interface) will no longer be able to connect to a socket on the originating host. The BPS development team is hard at work on a fix for the UI, but until the 1.2 release containing the fix is available, we are urging our customers to hold off on the Flash upgrade on at least one system. If you have already upgraded to the latest version of Flash and need to downgrade, please see the Archived Flash Players page on Adobe's web site. Our support staff are available to assist customers with this process (1-866-352-6691 prompt 4).

Posted by hdm (2008-04-14 11:03:14)

0 comments | Tags: flash //

StrikePack 25482 is now available to BreakingPoint customers. This StrikePack adds 16 new strikes, improves no existing strikes, and removes no strikes. This StrikePack also adds support in Appsim for the unix time and daytime protocols.

Posted by tmanning (2008-04-11 17:17:11)

0 comments | Tags: strikepack //

Hi, I'm Tod Beardsley. You might remember me from other blogs such as DVLabs and Plan B Security, but now I'm here in the StrikeCenter. It's a fun gig that's about as close to "R&D" as I've gotten -- so far, it's almost exactly half research, half development.

For me, most of the research part so far has been figuring out how Oracle authentication works. If you've ever looked at the Oracle dissector for Wireshark, you've noticed it's pretty sparse. Apparently there are about four people outside of Oracle who do any work at all on the wire protocol, and the guy who wrote a custom parser isn't saying much due to "security factors." This is not surprising, because Oracle's authentication sequence takes forever, with a bunch of pre-authenticated data flying around before access is granted. The sequence goes something like this:

...and so on.

Now, why there's so much traffic between an unauthenticated client and a expensive enterprise-class server is beyond me; Microsoft SQL Server is a very normal and straight-forward exchange of "Access please, here's my username and password." "Sure thing buddy!" But what do I know, I've never written an unbreakable database server, so all this extra cruft must make it extra secure, somehow.

Posted by tbeardsley (2008-04-04 14:56:16)

0 comments | Tags: appsim // oracle // fuzzing //

Newly implemented for BreakingPoint's Application Simulator are four new protocols, all available as part of StrikePack 24931.

For database application simulations, we've added the TDS (Tabular Data Stream) and TNS (Trasparent Network Substrate) protocols, used by Microsoft SQL Server and Oracle Database respectively. These protocols are used for both database authentication and database query requests and responses. TDS typically runs on port TCP/1433, and TNS runs on TCP/1512.

We've also added support for the Financial Information eXchange (FIX) protocol. FIX 5.0 consists of the FIX application protocol and the FIXT session protocol. The FIX Protocol is a series of messaging specifications for the electronic communication of trade-related messages between financial entities such as banks, broker-dealers, exchanges, industry utilities and associations, institutional investors, and information technology providers.

For the database protocols, BreakingPoint supports the following options:

TDS

• Login: Username, password, server name, client name
• Query: Use Database: Database name
• Query: Select: SELECT modifier, column list, table name, WHERE comparison expression, ORDER BY expression

TNS

• Login: Database username, database password, server name, database name, server OS, server banner, client username, client machine name, client program path, client program name
• Query: Select: Column list, table name, WHERE comparison expression, ORDER BY expression

For FIX and FIXT, these configuration options are available:

FIXT

• Heartbeat: Test request id
• Test Request: Test request id
• Resend Request: Begin sequence number, end sequence number
• Reject: Reference sequence number, reference tag id, reference message type, session reject reason, message text Sequence Reset: Gap fill flag, new sequence number
• Logout: Text
• Logon: Heartbeat interval, reset sequence number flag, next expected sequence number, maximum message size, test message indicator, default application version id

FIX

• Business Message Reject: Referenced sequence number, referenced message type, referenced business reject id, business reject reason, text
• Network (Counterparty System) Status Request: network request type, network request id
• Network (Counterparty System) Status Response: network status response type, network request id, network response id, last network response id
• User Request: User request id, user request type, username, password, new password
• User Response: User request id, username, user status, user status text

Finally, these new protocols are now incorporated in four new default BreakingPoint superflows:

• BreakingPoint FIXT Session (FIXT)
• BreakingPoint FIX Session (FIX and FIXT)
• BreakingPoint MS-SQL Server (TDS)
• BreakingPoint Oracle Database (TNS)

Posted by tbeardsley (2008-04-02 16:10:30)

0 comments | Tags: appsim // tds // fix // tns //

StrikePack 24931 is now available to BreakingPoint Customers. This StrikePack adds 5 new strikes. This StrikePack also adds support in Appsim for MSSQL TDS protocol, Oracle TNS protocol, FIXT protocol, and FIX protocol. Superflows for all these protocols have been added to the Application Manager to make integrating these protocols into an Appsim test easy to do.

Posted by tmanning (2008-04-02 15:57:34)

0 comments | Tags: strikepack //