Netragard Blog

Netragard Blog2020-04-24T15:31:19-04:00

OpenBase 10.0.5 (All Platforms)

Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise.The first vulnerability discovered is a command injection vulnerability that affects several of the default Stored Procedures. Specifically, it is possible to execute system commands as the root user by inserting a series of backticks into the pre-defined Stored Procedures.The second vulnerability discovered in Buffer Overflow that causes heap corruption. [...]

Netragard In The News

Apple patched two issues in Xcode Tools 2.5 on Tuesday, including one flaw that could allow remote code execution. Apple credited researcher Kevin Finisterre of Netragard for reporting both issues. Read the full article here.Netragard, LLC. -- The Specialist in Anti Hacking.

Hackers Welcome – We’re in forbes again.

When legitimate security researchers notify technology vendors about security flaws in their technology, the best thing that the vendor can do is to welcome the information with open arms. When a vendor reacts with hostility it appears as if the vendor is attempting quash the security research instead of resolving the vulnerabilities identified by the research. While the hostile reaction is usually an attempt to "save face" it usually does [...]

China Hacked by the US?

As the list of nations claiming they were targeted by Internet attacks emanating from China continues to grow, the world's most populous country has turned the mirror back on other governments. In statements made in the Chinese Cadres Tribune, Vice Minister of Information Industry Lou Qinjian claimed that the United States and other "hostile" governments were attacking China's infrastructure, according to a news report carried by wire service Reuters. Lou [...]

Pentagon hacked by China?

For all of you who wanted "proof" about the cyberwar between China and the US, here's an article for you. Unfortunately I think that China is in a better technological position with their "Golden Shield" firewall than we are with our ad-hoc Internet infrastructure. Specifically if you consider that "Golden Shield" is rumored to be IPS capable.Netragard, LLC. -- The Specialist in Anti Hacking.

China Cyber Shield – Forbes

This article was literally our idea. We contacted Andrew Greenberg at Forbes Magazine and discussed the possibility of China's Operation Golden Shield being used as an offensive weapon during a Cyber war. Jayson Street, a long time SNOsoft team member is quoted in this article.Netragard, LLC. -- The Specialist in Anti Hacking.

Bug Brokers: eBay-like Bug Site Doomed

Netragard's CTO (our founder) was interviewed by eWeek for this article. Again, focused on the e-bay like exploit auction site that we feel is doomed to fail.Netragard, LLC. -- The Specialist in Anti Hacking.

Hackers Nasdaq – Our founder comments in forbes.

Our founder, Adriel Desautels, comments about purchasing exploits in this Forbes article. The article also outlines a new business called WabiSabiLabi that is attempting to gain traction in the exploit market by using an e-bay like bidding structure. While this seems like a good idea at first glance the idea will face significant trust problems as it appears that anyone can bid on an exploit. The question that we have [...]

Maia Mailguard Security Risk Advisory

SNOsoft has discovered a high risk vulnerability in Maia Mailguard version 1.0.2 that makes it possible for an attacker to execute arbitrary commands on the affected system. The advisory will be published on Netragard's website shortly. Until then users of the Maia Mailguard web application should suspend use or add .htaccess capabilities to the web server to mitigate the risk of compromise.Netragard, LLC. -- The Specialist in Anti Hacking.

SNOsoft SILC

For those of you that are participating in our Exploit Acquisition Program please contact [email protected] for information on how to access our new Secure Internet Live Conferencing (SILC) server for discussing your research in a secure way. Don't try scanning for the server yourself because you won't find it and your IP address will be banned. If you have any new research or items that you would like to submit, [...]

How secure are security appliances?

We've started focusing on the security of appliances that are installed in corporate and government networks. To our amazement most of these appliances are more insecure than the operating systems and software that we've (being the security industry) been picking on so aggressively. In fact, we are looking at one appliance right now that is made up of software, that is unpatched, and dates back as far as 5 years. [...]

Load More Posts