Common Security Flaws

[Pegun]

Hello all, I'm going to be taking part in Information Security Talent Search next month as offered by my college and I was wondering what common security flaws you guys can think of so that I might better prepare myself and my team for the competition. I know about:

Common patches
SQL Injections
open ports
IE vulnerabilities

Any more you guys can think of?

 

[Red Squirrel]

User input validation, where user input is anything sent from the client to the server, not necessarily something the user physically entered.

For example, user logs in, authenticates then you set a cookie with only their user ID to say that they logged in. This is unsecure. Anyone can just set their own cookie and then log in as that user without ever having to go through the authentication phase. So you want to store the password too (preferably a hash) or a special session ID. Something that any other user wont be able to replicate.

Then there's stuff like radio buttons. Don't think those are the only options the user can select... the user can just inject their own value.

Always validate data on the server, not the client. You can do both, but don't rely on the client one.

 

[Iron Woode]

you could do a class just on Loke.

 

[gsellis]

You are missing a huge gapping hole with focusing on the network and components. The most common security flaw is how we handle and treat the individuals at the keyboard. We do not do enough to counter social engineering attacks. Everything you have listed can be circumvent by 'attacking' executatives (spearphishing), network administrators, knowledge workers, etc. A perfectly patched system can be compromised by poor policies and education.

Your resolutions can include training, multi-factor authentication (physical tokens, etc.), and non-confrontational IT policies.

 

[macd7]

Adobe and Itunes have to be patched about as often as Windows to maintain security, most users have both of these apps installed and don't update them. Very common security issue.

Most common IMO is piracy. Backdoors built into pirated copies of Windows, games, other pirated dl's, etc. Most of China and overall throughout the world more copies of Windows are pirated than legit. Pirated users face an ultimatum of either running WGA cracks which often are trojans to pass WGA or don't update their system and end up running an ancient and vulnerable version of Windows.

Not a popular subject, but piracy and the effects of piracy are staggering. A quick look around torrent sites showing the number of downloaded copies of XP or Win7 or other software easily prove this.

 

[gsellis]

Most common IMO is piracy...

Ah, you reminded me. The other really big one is the commercialization of exploits. The "Russian Business Network" is the mob on the net. They have driven the complete professionalization of exploit tools, methods, and infrastructure (with working DR plans!). The goal is now profit, not fame. So now flaws are not exploited for flashing and damaging ends. They try to hide any indication of an exploit, which in turn, masks any markers to a user that they have been compromised. So, while not a flaw, how they are being used has changed and making them much more damaging and costly.

 

[macd7]

Yep, masked exploits for commercialization would undoubtedly be my main focus. If this is talent search that involves writing a paper, or giving a speech, this topic IMO is a key and global issue, look around on torrent scan and other sites and their is interesting data. This topic will truly capture a readers attention or a listeners attention. The more technical your audience, the more technical your project should be, vice versa if the audience is less technical this subject is even better.

A lot of people into computers would like to read about IE exploits, but exploits in 3rd party apps is really where its at these days and this is a good subject too.

good luck in your competition