Application Security: Internet Explorer 8 vulnerabilities

The main class of vulnerability that is detected and patched on Internet Explorer 8 for Windows server include is Remote Code Execution

As of this writing the latest patch came out on Feb 8, 2011 that contained fixes for the a number of issues. Some of these include:

CSS Memory Corruption Vulnerability.

Per CVE-2010-3971 this issue came up because of a vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, that is used in Microsoft Internet Explorer 6 through 8 and other products. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a style sheet.

Uninitialized Memory Corruption Vulnerability.

Per CVE-2011-0035 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption.

Almost all the issues reported lead to remote code execution that if successfully exploited could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Application Security: What is CIA?

Been a long time I wrote anything in this blog. I am preparing for my CISSP examination and thought that I will share some notes here.

CIA forms the fundamental triad of information security and stands for CONFIDENTIALITY, INTEGRITY and AVAILABILITY.

What is Confidentiality? Any item of importance for an individual/organization (also called an asset) should not be disclosed to anyone who has not be granted explicit rights to it.

What is Integrity? Assurance that the data is free of unauthorized manipulation.

What is Availability? All data and services should be available to the legitimate users each time they need.

Anything and everything we do in information security are always directed towards ensuring that the triad is maintained.

Loss of any one of the three may have extreme legal/reputational impact on the organization/individual.

Find width of a tree pointed by head

Considering that the width of the tree is defined as the maximum number of nodes at any one level, the following code should hold good. Drop a comment if you think that this code s***s [:)]

public void maxWidthBST(NodeType rootNode)
        {
            int level=depthBST(rootNode);
            int maxWidth=0;
            int intNodeCount=0;
            for(int counter=1; counter<=level;counter++)
            {
                intNodeCount = NodeCount(rootNode, counter);
                if(intNodeCount>maxWidth)
                {
                    maxWidth = intNodeCount;
                }
            }
            Console.WriteLine(“The maximum width is: ” + maxWidth);
        }

        public int NodeCount(NodeType root, int level)
        {
            int LWidth=0;
            int RWidth=0;
            int totalNodesAtLevel=0;
            if(level<=0) return 0;
            if(level==1)return 1;
            if(level>1)
            {
                if(root.Left !=null) LWidth=NodeCount(root.Left, level-1);
                if(root.Right !=null) RWidth= NodeCount(root.Right, level-1);
                totalNodesAtLevel = LWidth+RWidth;
            }
            return totalNodesAtLevel;
        }

Setting up the Microsoft Windows 7 Event Viewer to display Security Errors

Open Microsoft Management Console (Start->Run->mmc).
In the Console window select File->Add/Remove Snap-In.
In the “Add or Remove Snap Ins” window, select “Group Policy Objects” and click the “Add” button.
In the “Select Group Policy Object” dialog box ensure that “Group Policy Object” is set to “Local Computer”.
Click Finish in the “Select Group Policy Object” dialog box.
Click Ok to close the “Add or Remove Snap Ins” window.
The “Local Computer Policy will now be listed under the “Console Root” folder on the left pane.
Navigate to Local Computer Policy->Computer Configuration-> Windows Settings->Security Settings->Local Policies-> Audit Policy
Right click on “Audit Privilege Use” Policy and select Properties.
Set the Success and Failure check boxes and click Ok to close the properties window.
Exit the tool.
Your new Audit Policy to check Privilege Use should be ready in a couple of second time.

Implement a Stack in C#

<<This is stupid to write my own implementation of stack when .Net framework provides inbuilt structures to do the same. But just checking if things can be done the C++ way.>>

The steps will be like this:

1. Create a class, structNode, that will represent the linked list node that will be the stack item. The node should have containers for data as well as pointers to the next item in the stack.

2. Create a second class that will define the PUSH and the POP methods. The PUSH method will create the new node and add the node to the front of the linked list. Note that in a stack the last item added is the first item removed. Also make sure that the PUSH method updates the NEXT field of the class structNode as follows:

i. if the node is the first item in the stack then NEXT==NULL

ii. if the node is added to a stack that already contains items then make sure that the NEXT field is updated to point to the CURRENT top node; that is the node that was the top node before we added this node.

3. The second class should also contain the Pop() method to return/display the stack item that is currently at the top. You should ensure that a check for an empty stack is done before you try to pop a value. In this operation also the NEXT item needs to be updated as below:

i. set tempObjNode = currentTopNode;

ii. set currentTopNode = currentTopNode.NEXT;

iii.return tempObj;

A sample code will look like:

using System;
using System.IO;

public class structNode
{
protected int data;

protected structNode nextNode;

    public structNode NextNode
    {
        set{nextNode = value;}
        get{return nextNode;}
    }

    public int NodeData
    {
        set{data=value;}
        get{return data;}
    }

    public structNode(structNode nextStackNode, int stackData)
    {
        NodeData=stackData;
        NextNode = nextStackNode;
    }
}

public class NStack
{
public structNode Push(structNode objNode, int data)
{

        Console.WriteLine(“Create a new Node for the stack.\n”);
        structNode _elementN = new structNode(null, 0);
        _elementN.NodeData = data;
        Console.WriteLine(“The node is now ready. Check if this is the first node in the stack Linked list.\n”);
        if(objNode == null)
        {
            Console.WriteLine(“Yes. This is the first node of the stack Linked list.\n”);
            _elementN.NextNode = null;
            return _elementN;
        }
        else
        {
            Console.WriteLine(“Inserting the new node.\n”);
            _elementN.NextNode = objNode;
            Console.WriteLine(“Node inserted successfully!!!!!”);
            return _elementN;
        }

}

    public structNode Pop(structNode objNode)
    {
        Console.WriteLine(“In Pop Method. Check if the stack is empty…”);
        if(objNode == null)
        {
            throw new InvalidOperationException(“The stack is empty!”);
        }
        if(objNode.NextNode == null)
        {
            Console.WriteLine(“This is the last node of the stack\n”);
            Console.WriteLine(“:{0}”, objNode.NodeData);
            objNode = null;
        }
        else
        {
            Console.WriteLine(“:{0}”, objNode.NodeData);
            objNode = objNode.NextNode;
        }
        return objNode;
    }

}

class mainController
{
    static void Main()
    {
        NStack objNStack = new NStack();
        structNode objstructNode = null;
        int intChoice = 0;
        do
        {
            Console.WriteLine(“Enter the Choice.\n”);
            intChoice = Convert.ToInt32(Console.ReadLine());
            switch(intChoice)
            {
            case 1:
                Console.WriteLine(“Enter Stack Data:\t”);
                int intCounter = Convert.ToInt32(Console.ReadLine());
                objstructNode = objNStack.Push(objstructNode, intCounter); break;

            case 2: if(objstructNode != null)
                {
                    objstructNode = objNStack.Pop(objstructNode);
                }
                break;
            case 3: break;
            }
        }while(intChoice!=3);
    }
}

SDL Threat Modeling Tool Demo

Microsoft’s threat modeling tool – elaborate TM is a must for any worthwhile application. The video below as well as more details around MS SDL can be found here.

<projectPath.dbproj’>cannot be opened because its project type (.dbproj) is not supported by this version of the application. To open it, please use a version that supports this type of project.

Tried the solution here, not resolved. Tried the solution here, still not resolved! Reinstalled the VS 2008 database edition to check (currently has VS 2008 enterprise edition…

Reverse a string in C#


using System;
using System.Data;
using System.Collections;
using System.Linq;
using System.Text;

public class checkString
{
public static void Main()
{
string strSource = "ABCacd12";

ReverseString(strSource);
}

public static void ReverseAString(string str)
{
int counter =0;
counter=str.Length;
StringBuilder strReversed = new StringBuilder();
while(counter!=0)
{
counter--;
strReversed.Append(str.ElementAt(counter));
}
Console.WriteLine(strReversed.ToString());
}
}

Finding if a string contains all unique characters.

I have used C# for this code snippet.


public class checkString
{
public static void Main()
{
string strSource = "ABCacd12";
if(CheckString1(strSource))
{
Console.WriteLine("Unique!!!");
}
else
{
Console.WriteLine("Not Unique!!!");
}
}

public static bool CheckString1(string str)
{
int strLength = str.Length;
for(int i=0;i<strLength;i++)
{
for(int j=i+1;j<strLength;j++)
{
if(str.ElementAt(i)==str.ElementAt(j)) return false;
}
}
return true;
}

}

Remove Duplicates from an Unsorted single linked list

void SLList::removeDuplicates()
{
    if(header)
    {
        Node *temp, *curChkNode, *last;
        temp=curChkNode=header;
        int curVal=0, length=0, counter=0;
        length=sllLength();
        cout<<"\nThe length of the list is:\t"<<length;
        while(counter!=length && curChkNode)
        {
            temp=curChkNode->next;
            curVal=curChkNode->data;
            while(temp)
            {
                if(curVal==temp->data)
                {
                    cout<<"\nA DUPLICATE IS PRESENT FOR:\t"<<curVal;
                    last->next=temp->next;
                }
                last=temp;
                temp=temp->next;
            }
            curChkNode=curChkNode->next;
            counter++;
        }
    }
    else
    {
        cout<<"\nThe list is empty\n";
    }
    return;
}