Help
RSS
API
Feed
Maltego
Contact
Domain > blog.malerisch.net
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2015-04-27
173.194.196.121
(
ClassC
)
2024-11-04
142.250.217.115
(
ClassC
)
Port 80
HTTP/1.1 200 OKContent-Type: text/html; charsetUTF-8Expires: Mon, 04 Nov 2024 23:48:57 GMTDate: Mon, 04 Nov 2024 23:48:57 GMTCache-Control: private, max-age0Last-Modified: Thu, 29 Aug 2024 00:05:34 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 1; modeblockServer: GSEAccept-Ranges: noneVary: Accept-EncodingTransfer-Encoding: chunked !DOCTYPE html>html dirltr langen-GB>head>meta contentwidthdevice-width, initial-scale1 nameviewport/>title>malerisch.net/title>meta contenttext/html; charsetUTF-8 http-equivContent-Type/>!-- Chrome, Firefox OS and Opera -->meta content#ffffff nametheme-color/>!-- Windows Phone -->meta content#ffffff namemsapplication-navbutton-color/>meta contentblogger namegenerator/>link hrefhttp://blog.malerisch.net/favicon.ico relicon typeimage/x-icon/>link hrefhttp://blog.malerisch.net/ relcanonical/>link relalternate typeapplication/atom+xml titlemalerisch.net - Atom hrefhttp://blog.malerisch.net/feeds/posts/default />link relalternate typeapplication/rss+xml titlemalerisch.net - RSS hrefhttp://blog.malerisch.net/feeds/posts/default?altrss />link relservice.post typeapplication/atom+xml titlemalerisch.net - Atom hrefhttps://www.blogger.com/feeds/5593108060941425908/posts/default />link relme hrefhttps://www.blogger.com/profile/00603006078110455351 />!--Cant find substitution for tag blog.ieCssRetrofitLinks-->meta contentA blog about security research, web application security, software bugs and exploits. namedescription/>meta contenthttp://blog.malerisch.net/ propertyog:url/>meta contentmalerisch.net propertyog:title/>meta contentA blog about security research, web application security, software bugs and exploits. propertyog:description/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o/w1200-h630-p-k-no-nu/s1.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg/w1200-h630-p-k-no-nu/create_session.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0/w1200-h630-p-k-no-nu/twitter-pic2.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o/w1200-h630-p-k-no-nu/s1.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk/w1200-h630-p-k-no-nu/s1.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k/w1200-h630-p-k-no-nu/email.png propertyog:image/>style typetext/css>@font-face{font-family:Lato;font-style:italic;font-weight:700;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_Gwfo.ttf)format(truetype);}@font-face{font-family:Lato;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wWw.ttf)format(truetype);}@font-face{font-family:Lato;font-style:normal;font-weight:700;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPHA.ttf)format(truetype);}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqg.ttf)format(truetype);}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:normal;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVc.ttf)format(truetype);}/style>style idpage-skin-1 typetext/css>!--/*! normalize.css v3.0.1 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not(controls){display:none;height:0}hidden,template{display:none}a{background:transparent}a:active,a:hover{outline:0}abbrtitle{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html inputtypebutton,inputtypereset,inputtypesubmit{-webkit-appearance:button;cursor:pointer}buttondisabled,html inputdisabled{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}inputtypecheckbox,inputtyperadio{box-sizing:border-box;padding:0}inputtypenumber::-webkit-inner-spin-button,inputtypenumber::-webkit-outer-spin-button{height:auto}inputtypesearch{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}inputtypesearch::-webkit-search-cancel-button,inputtypesearch::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}body{overflow-wrap:break-word;word-break:break-word;word-wrap:break-word}.hidden{display:none}.invisible{visibility:hidden}.container::after,.float-container::after{clear:both;content:;display:table}.clearboth{clear:both}#comments .comment .comment-actions,.subscribe-popup .FollowByEmail .follow-by-email-submit,.widget.Profile .profile-link{background:0 0;border:0;box-shadow:none;color:#970101;cursor:pointer;font-size:14px;font-weight:700;outline:0;text-decoration:none;text-transform:uppercase;width:auto}.dim-overlay{background-color:rgba(0,0,0,.54);height:100vh;left:0;position:fixed;top:0;width:100%}#sharing-dim-overlay{background-color:transparent}input::-ms-clear{display:none}.blogger-logo,.svg-icon-24.blogger-logo{fill:#ff9800;opacity:1}.loading-spinner-large{-webkit-animation:mspin-rotate 1.568s infinite linear;animation:mspin-rotate 1.568s infinite linear;height:48px;overflow:hidden;position:absolute;width:48px;z-index:200}.loading-spinner-large>div{-webkit-animation:mspin-revrot 5332ms infinite steps(4);animation:mspin-revrot 5332ms infinite steps(4)}.loading-spinner-large>div>div{-webkit-animation:mspin-singlecolor-large-film 1333ms infinite steps(81);animation:mspin-singlecolor-large-film 1333ms infinite steps(81);background-size:100%;height:48px;width:3888px}.mspin-black-large>div>div,.mspin-grey_54-large>div>div{background-image:url(https://www.blogblog.com/indie/mspin_black_large.svg)}.mspin-white-large>div>div{background-image:url(https://www.blogblog.com/indie/mspin_white_large.svg)}.mspin-grey_54-large{opacity:.54}@-webkit-keyframes mspin-singlecolor-large-film{from{-webkit-transform:translateX(0);transform:translateX(0)}to{-webkit-transform:translateX(-3888px);transform:translateX(-3888px)}}@keyframes mspin-singlecolor-large-film{from{-webkit-transform:translateX(0);transform:translateX(0)}to{-webkit-transform:translateX(-3888px);transform:translateX(-3888px)}}@-webkit-keyframes mspin-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes mspin-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@-webkit-keyframes mspin-revrot{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(-360deg);transform:rotate(-360deg)}}@keyframes mspin-revrot{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(-360deg);transform:rotate(-360deg)}}.skip-navigation{background-color:#fff;box-sizing:border-box;color:#000;display:block;height:0;left:0;line-height:50px;overflow:hidden;padding-top:0;position:fixed;text-align:center;top:0;-webkit-transition:box-shadow .3s,height .3s,padding-top .3s;transition:box-shadow .3s,height .3s,padding-top .3s;width:100%;z-index:900}.skip-navigation:focus{box-shadow:0 4px 5px 0 rgba(0,0,0,.14),0 1px 10px 0 rgba(0,0,0,.12),0 2px 4px -1px rgba(0,0,0,.2);height:50px}#main{outline:0}.main-heading{position:absolute;clip:rect(1px,1px,1px,1px);padding:0;border:0;height:1px;width:1px;overflow:hidden}.Attribution{margin-top:1em;text-align:center}.Attribution .blogger img,.Attribution .blogger svg{vertical-align:bottom}.Attribution .blogger img{margin-right:.5em}.Attribution div{line-height:24px;margin-top:.5em}.Attribution .copyright,.Attribution .image-attribution{font-size:.7em;margin-top:1.5em}.BLOG_mobile_video_class{display:none}.bg-photo{background-attachment:scroll!important}body .CSS_LIGHTBOX{z-index:900}.extendable .show-less,.extendable .show-more{border-color:#970101;color:#970101;margin-top:8px}.extendable .show-less.hidden,.extendable .show-more.hidden{display:none}.inline-ad{display:none;max-width:100%;overflow:hidden}.adsbygoogle{display:block}#cookieChoiceInfo{bottom:0;top:auto}iframe.b-hbp-video{border:0}.post-body img{max-width:100%}.post-body iframe{max-width:100%}.post-body aimageanchor1{display:inline-block}.byline{margin-right:1em}.byline:last-child{margin-right:0}.link-copied-dialog{max-width:520px;outline:0}.link-copied-dialog .modal-dialog-buttons{margin-top:8px}.link-copied-dialog .goog-buttonset-default{background:0 0;border:0}.link-copied-dialog .goog-buttonset-default:focus{outline:0}.paging-control-container{margin-bottom:16px}.paging-control-container .paging-control{display:inline-block}.paging-control-container .comment-range-text::after,.paging-control-container .paging-control{color:#970101}.paging-control-container .comment-range-text,.paging-control-container .paging-control{margin-right:8px}.paging-control-container .comment-range-text::after,.paging-control-container .paging-control::after{content:\b7;cursor:default;padding-left:8px;pointer-events:none}.paging-control-container .comment-range-text:last-child::after,.paging-control-container .paging-control:last-child::after{content:none}.byline.reactions iframe{height:20px}.b-notification{color:#000;background-color:#fff;border-bottom:solid 1px #000;box-sizing:border-box;padding:16px 32px;text-align:center}.b-notification.visible{-webkit-transition:margin-top .3s cubic-bezier(.4,0,.2,1);transition:margin-top .3s cubic-bezier(.4,0,.2,1)}.b-notification.invisible{position:absolute}.b-notification-close{position:absolute;right:8px;top:8px}.no-posts-message{line-height:40px;text-align:center}@media screen and (max-width:968px){body.item-view .post-body aimageanchor1style*float: left;,body.item-view .post-body aimageanchor1style*float: right;{float:none!important;clear:none!important}body.item-view .post-body aimageanchor1 img{display:block;height:auto;margin:0 auto}body.item-view .post-body>.separator:first-child>aimageanchor1:first-child{margin-top:20px}.post-body aimageanchor{display:block}body.item-view .post-body aimageanchor1{margin-left:0!important;margin-right:0!important}body.item-view .post-body aimageanchor1+aimageanchor1{margin-top:16px}}.item-control{display:none}#comments{border-top:1px dashed rgba(0,0,0,.54);margin-top:20px;padding:20px}#comments .comment-thread ol{margin:0;padding-left:0;padding-left:0}#comments .comment .comment-replybox-single,#comments .comment-thread .comment-replies{margin-left:60px}#comments .comment-thread .thread-count{display:none}#comments .comment{list-style-type:none;padding:0 0 30px;position:relative}#comments .comment .comment{padding-bottom:8px}.comment .avatar-image-container{position:absolute}.comment .avatar-image-container img{border-radius:50%}.avatar-image-container svg,.comment .avatar-image-container .avatar-icon{border-radius:50%;border:solid 1px #3e3f3c;box-sizing:border-box;fill:#3e3f3c;height:35px;margin:0;padding:7px;width:35px}.comment .comment-block{margin-top:10px;margin-left:60px;padding-bottom:0}#comments .comment-author-header-wrapper{margin-left:40px}#comments .comment .thread-expanded .comment-block{padding-bottom:20px}#comments .comment .comment-header .user,#comments .comment .comment-header .user a{color:#3e3f3c;font-style:normal;font-weight:700}#comments .comment .comment-actions{bottom:0;margin-bottom:15px;position:absolute}#comments .comment .comment-actions>*{margin-right:8px}#comments .comment .comment-header .datetime{bottom:0;color:rgba(0,0,0,0.54);display:inline-block;font-size:13px;font-style:italic;margin-left:8px}#comments .comment .comment-footer .comment-timestamp a,#comments .comment .comment-header .datetime a{color:rgba(0,0,0,0.54)}#comments .comment .comment-content,.comment .comment-body{margin-top:12px;word-break:break-word}.comment-body{margin-bottom:12px}#comments.embeddata-num-comments0{border:0;margin-top:0;padding-top:0}#comments.embeddata-num-comments0 #comment-post-message,#comments.embeddata-num-comments0 div.comment-form>p,#comments.embeddata-num-comments0 p.comment-footer{display:none}#comment-editor-src{display:none}.comments .comments-content .loadmore.loaded{max-height:0;opacity:0;overflow:hidden}.extendable .remaining-items{height:0;overflow:hidden;-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);transition:height .3s cubic-bezier(.4,0,.2,1)}.extendable .remaining-items.expanded{height:auto}.svg-icon-24,.svg-icon-24-button{cursor:pointer;height:24px;width:24px;min-width:24px}.touch-icon{margin:-12px;padding:12px}.touch-icon:active,.touch-icon:focus{background-color:rgba(153,153,153,.4);border-radius:50%}svg:not(:root).touch-icon{overflow:visible}htmldirrtl .rtl-reversible-icon{-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.svg-icon-24-button,.touch-icon-button{background:0 0;border:0;margin:0;outline:0;padding:0}.touch-icon-button .touch-icon:active,.touch-icon-button .touch-icon:focus{background-color:transparent}.touch-icon-button:active .touch-icon,.touch-icon-button:focus .touch-icon{background-color:rgba(153,153,153,.4);border-radius:50%}.Profile .default-avatar-wrapper .avatar-icon{border-radius:50%;border:solid 1px #000000;box-sizing:border-box;fill:#000000;margin:0}.Profile .individual .default-avatar-wrapper .avatar-icon{padding:25px}.Profile .individual .avatar-icon,.Profile .individual .profile-img{height:120px;width:120px}.Profile .team .default-avatar-wrapper .avatar-icon{padding:8px}.Profile .team .avatar-icon,.Profile .team .default-avatar-wrapper,.Profile .team .profile-img{height:40px;width:40px}.snippet-container{margin:0;position:relative;overflow:hidden}.snippet-fade{bottom:0;box-sizing:border-box;position:absolute;width:96px}.snippet-fade{right:0}.snippet-fade:after{content:\2026}.snippet-fade:after{float:right}.post-bottom{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap}.post-footer{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1}.post-footer>*{-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto}.post-footer .byline:last-child{margin-right:1em}.jump-link{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}.centered-top-container.sticky{left:0;position:fixed;right:0;top:0;width:auto;z-index:8;-webkit-transition-property:opacity,-webkit-transform;transition-property:opacity,-webkit-transform;transition-property:transform,opacity;transition-property:transform,opacity,-webkit-transform;-webkit-transition-duration:.2s;transition-duration:.2s;-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.centered-top-placeholder{display:none}.collapsed-header .centered-top-placeholder{display:block}.centered-top-container .Header .replaced h1,.centered-top-placeholder .Header .replaced h1{display:none}.centered-top-container.sticky .Header .replaced h1{display:block}.centered-top-container.sticky .Header .header-widget{background:0 0}.centered-top-container.sticky .Header .header-image-wrapper{display:none}.centered-top-container img,.centered-top-placeholder img{max-width:100%}.collapsible{-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);transition:height .3s cubic-bezier(.4,0,.2,1)}.collapsible,.collapsible>summary{display:block;overflow:hidden}.collapsible>:not(summary){display:none}.collapsibleopen>:not(summary){display:block}.collapsible:focus,.collapsible>summary:focus{outline:0}.collapsible>summary{cursor:pointer;display:block;padding:0}.collapsible:focus>summary,.collapsible>summary:focus{background-color:transparent}.collapsible>summary::-webkit-details-marker{display:none}.collapsible-title{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex}.collapsible-title .title{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-box-ordinal-group:1;-webkit-order:0;-ms-flex-order:0;order:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.collapsible-title .chevron-down,.collapsibleopen .collapsible-title .chevron-up{display:block}.collapsible-title .chevron-up,.collapsibleopen .collapsible-title .chevron-down{display:none}.overflowable-container{max-height:48px;overflow:hidden;position:relative}.overflow-button{cursor:pointer}#overflowable-dim-overlay{background:0 0}.overflow-popup{box-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);background-color:#ffffff;left:0;max-width:calc(100% - 32px);position:absolute;top:0;visibility:hidden;z-index:101}.overflow-popup ul{list-style:none}.overflow-popup .tabs li,.overflow-popup li{display:block;height:auto}.overflow-popup .tabs li{padding-left:0;padding-right:0}.overflow-button.hidden,.overflow-popup .tabs li.hidden,.overflow-popup li.hidden{display:none}.ripple{position:relative}.ripple>*{z-index:1}.splash-wrapper{bottom:0;left:0;overflow:hidden;pointer-events:none;position:absolute;right:0;top:0;z-index:0}.splash{background:#ccc;border-radius:100%;display:block;opacity:.6;position:absolute;-webkit-transform:scale(0);-ms-transform:scale(0);transform:scale(0)}.splash.animate{-webkit-animation:ripple-effect .4s linear;animation:ripple-effect .4s linear}@-webkit-keyframes ripple-effect{100%{opacity:0;-webkit-transform:scale(2.5);transform:scale(2.5)}}@keyframes ripple-effect{100%{opacity:0;-webkit-transform:scale(2.5);transform:scale(2.5)}}.search{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;line-height:24px;width:24px}.search.focused{width:100%}.search.focused .section{width:100%}.search form{z-index:101}.search h3{display:none}.search form{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex:1 0 0;-ms-flex:1 0 0px;flex:1 0 0;border-bottom:solid 1px transparent;padding-bottom:8px}.search form>*{display:none}.search.focused form>*{display:block}.search .search-input label{display:none}.centered-top-placeholder.cloned .search form{z-index:30}.search.focused form{border-color:#3e3f3c;position:relative;width:auto}.collapsed-header .centered-top-container .search.focused form{border-bottom-color:transparent}.search-expand{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto}.search-expand-text{display:none}.search-close{display:inline;vertical-align:middle}.search-input{-webkit-box-flex:1;-webkit-flex:1 0 1px;-ms-flex:1 0 1px;flex:1 0 1px}.search-input input{background:0 0;border:0;box-sizing:border-box;color:#3e3f3c;display:inline-block;outline:0;width:calc(100% - 48px)}.search-input input.no-cursor{color:transparent;text-shadow:0 0 0 #3e3f3c}.collapsed-header .centered-top-container .search-action,.collapsed-header .centered-top-container .search-input input{color:#3e3f3c}.collapsed-header .centered-top-container .search-input input.no-cursor{color:transparent;text-shadow:0 0 0 #3e3f3c}.collapsed-header .centered-top-container .search-input input.no-cursor:focus,.search-input input.no-cursor:focus{outline:0}.search-focused>*{visibility:hidden}.search-focused .search,.search-focused .search-icon{visibility:visible}.search.focused .search-action{display:block}.search.focused .search-action:disabled{opacity:.3}.sidebar-container{background-color:#f7f7f7;max-width:320px;overflow-y:auto;-webkit-transition-property:-webkit-transform;transition-property:-webkit-transform;transition-property:transform;transition-property:transform,-webkit-transform;-webkit-transition-duration:.3s;transition-duration:.3s;-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);transition-timing-function:cubic-bezier(0,0,.2,1);width:320px;z-index:101;-webkit-overflow-scrolling:touch}.sidebar-container .navigation{line-height:0;padding:16px}.sidebar-container .sidebar-back{cursor:pointer}.sidebar-container .widget{background:0 0;margin:0 16px;padding:16px 0}.sidebar-container .widget .title{color:#000000;margin:0}.sidebar-container .widget ul{list-style:none;margin:0;padding:0}.sidebar-container .widget ul ul{margin-left:1em}.sidebar-container .widget li{font-size:16px;line-height:normal}.sidebar-container .widget+.widget{border-top:1px dashed #000000}.BlogArchive li{margin:16px 0}.BlogArchive li:last-child{margin-bottom:0}.Label li a{display:inline-block}.BlogArchive .post-count,.Label .label-count{float:right;margin-left:.25em}.BlogArchive .post-count::before,.Label .label-count::before{content:(}.BlogArchive .post-count::after,.Label .label-count::after{content:)}.widget.Translate .skiptranslate>div{display:block!important}.widget.Profile .profile-link{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex}.widget.Profile .team-member .default-avatar-wrapper,.widget.Profile .team-member .profile-img{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;margin-right:1em}.widget.Profile .individual .profile-link{-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column}.widget.Profile .team .profile-link .profile-name{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:block;-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto}.dim-overlay{background-color:rgba(0,0,0,.54);z-index:100}body.sidebar-visible{overflow-y:hidden}@media screen and (max-width:1619px){.sidebar-container{bottom:0;position:fixed;top:0;left:auto;right:0}.sidebar-container.sidebar-invisible{-webkit-transition-timing-function:cubic-bezier(.4,0,.6,1);transition-timing-function:cubic-bezier(.4,0,.6,1);-webkit-transform:translateX(320px);-ms-transform:translateX(320px);transform:translateX(320px)}}.dialog{box-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);background:#ffffff;box-sizing:border-box;color:#3e3f3c;padding:30px;position:fixed;text-align:center;width:calc(100% - 24px);z-index:101}.dialog inputtypeemail,.dialog inputtypetext{background-color:transparent;border:0;border-bottom:solid 1px rgba(62,63,60,.12);color:#3e3f3c;display:block;font-family:Lora, serif;font-size:16px;line-height:24px;margin:auto;padding-bottom:7px;outline:0;text-align:center;width:100%}.dialog inputtypeemail::-webkit-input-placeholder,.dialog inputtypetext::-webkit-input-placeholder{color:#3e3f3c}.dialog inputtypeemail::-moz-placeholder,.dialog inputtypetext::-moz-placeholder{color:#3e3f3c}.dialog inputtypeemail:-ms-input-placeholder,.dialog inputtypetext:-ms-input-placeholder{color:#3e3f3c}.dialog inputtypeemail::-ms-input-placeholder,.dialog inputtypetext::-ms-input-placeholder{color:#3e3f3c}.dialog inputtypeemail::placeholder,.dialog inputtypetext::placeholder{color:#3e3f3c}.dialog inputtypeemail:focus,.dialog inputtypetext:focus{border-bottom:solid 2px #970101;padding-bottom:6px}.dialog input.no-cursor{color:transparent;text-shadow:0 0 0 #3e3f3c}.dialog input.no-cursor:focus{outline:0}.dialog input.no-cursor:focus{outline:0}.dialog inputtypesubmit{font-family:Lora, serif}.dialog .goog-buttonset-default{color:#970101}.subscribe-popup{max-width:364px}.subscribe-popup h3{color:#ffffff;font-size:1.8em;margin-top:0}.subscribe-popup .FollowByEmail h3{display:none}.subscribe-popup .FollowByEmail .follow-by-email-submit{color:#970101;display:inline-block;margin:0 auto;margin-top:24px;width:auto;white-space:normal}.subscribe-popup .FollowByEmail .follow-by-email-submit:disabled{cursor:default;opacity:.3}@media (max-width:800px){.blog-name div.widget.Subscribe{margin-bottom:16px}body.item-view .blog-name div.widget.Subscribe{margin:8px auto 16px auto;width:100%}}body#layout .bg-photo,body#layout .bg-photo-overlay{display:none}body#layout .page_body{padding:0;position:relative;top:0}body#layout .page{display:inline-block;left:inherit;position:relative;vertical-align:top;width:540px}body#layout .centered{max-width:954px}body#layout .navigation{display:none}body#layout .sidebar-container{display:inline-block;width:40%}body#layout .hamburger-menu,body#layout .search{display:none}.widget.Sharing .sharing-button{display:none}.widget.Sharing .sharing-buttons li{padding:0}.widget.Sharing .sharing-buttons li span{display:none}.post-share-buttons{position:relative}.centered-bottom .share-buttons .svg-icon-24,.share-buttons .svg-icon-24{fill:#3e3f3c}.sharing-open.touch-icon-button:active .touch-icon,.sharing-open.touch-icon-button:focus .touch-icon{background-color:transparent}.share-buttons{background-color:#ffffff;border-radius:2px;box-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);color:#3e3f3c;list-style:none;margin:0;padding:8px 0;position:absolute;top:-11px;min-width:200px;z-index:101}.share-buttons.hidden{display:none}.sharing-button{background:0 0;border:0;margin:0;outline:0;padding:0;cursor:pointer}.share-buttons li{margin:0;height:48px}.share-buttons li:last-child{margin-bottom:0}.share-buttons li .sharing-platform-button{box-sizing:border-box;cursor:pointer;display:block;height:100%;margin-bottom:0;padding:0 16px;position:relative;width:100%}.share-buttons li .sharing-platform-button:focus,.share-buttons li .sharing-platform-button:hover{background-color:rgba(128,128,128,.1);outline:0}.share-buttons li svgclass* sharing-,.share-buttons li svgclass^sharing-{position:absolute;top:10px}.share-buttons li span.sharing-platform-button{position:relative;top:0}.share-buttons li .platform-sharing-text{display:block;font-size:16px;line-height:48px;white-space:nowrap}.share-buttons li .platform-sharing-text{margin-left:56px}.flat-button{cursor:pointer;display:inline-block;font-weight:700;text-transform:uppercase;border-radius:2px;padding:8px;margin:-8px}.flat-icon-button{background:0 0;border:0;margin:0;outline:0;padding:0;margin:-12px;padding:12px;cursor:pointer;box-sizing:content-box;display:inline-block;line-height:0}.flat-icon-button,.flat-icon-button .splash-wrapper{border-radius:50%}.flat-icon-button .splash.animate{-webkit-animation-duration:.3s;animation-duration:.3s}h1,h2,h3,h4,h5,h6{margin:0}.post-body h1,.post-body h2,.post-body h3,.post-body h4,.post-body h5,.post-body h6{margin:1em 0}.action-link,a{color:#970101;cursor:pointer;text-decoration:none}.action-link:visited,a:visited{color:#970101}.action-link:hover,a:hover{color:#970101}body{background-color:#ffffff;color:#3e3f3c;font:400 20px Lora, serif;margin:0 auto}.unused{background:#ffffff none repeat scroll top left}.dim-overlay{z-index:100}.all-container{min-height:100vh;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column}body.sidebar-visible .all-container{overflow-y:scroll}.page{max-width:1280px;width:100%}.Blog{padding:0;padding-left:136px}.main_content_container{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;margin:0 auto;max-width:1600px;width:100%}.centered-top-container{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto}.centered-top,.centered-top-placeholder{box-sizing:border-box;width:100%}.centered-top{box-sizing:border-box;margin:0 auto;max-width:1280px;padding:44px 136px 32px 136px;width:100%}.centered-top h3{color:rgba(255,255,255,0.54);font:700 14px Lato, sans-serif}.centered{width:100%}.centered-top-firstline{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:relative;width:100%}.main_header_elements{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1;overflow-x:hidden;width:100%}htmldirrtl .main_header_elements{-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}body.search-view .centered-top.search-focused .blog-name{display:none}.widget.Header img{max-width:100%}.blog-name{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;min-width:0;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1;-webkit-transition:opacity .2s cubic-bezier(.4,0,.2,1);transition:opacity .2s cubic-bezier(.4,0,.2,1)}.subscribe-section-container{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}.search{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-ordinal-group:4;-webkit-order:3;-ms-flex-order:3;order:3;line-height:24px}.search svg{margin-bottom:0px;margin-top:0px;padding-bottom:0;padding-top:0}.search,.search.focused{display:block;width:auto}.search .section{opacity:0;position:absolute;right:0;top:0;-webkit-transition:opacity .2s cubic-bezier(.4,0,.2,1);transition:opacity .2s cubic-bezier(.4,0,.2,1)}.search-expand{background:0 0;border:0;margin:0;outline:0;padding:0;display:block}.search.focused .search-expand{visibility:hidden}.hamburger-menu{float:right;height:24px}.search-expand,.subscribe-section-container{margin-left:44px}.hamburger-section{-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;margin-left:44px;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}htmldirrtl .hamburger-section{-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1}.search-expand-icon{display:none}.search-expand-text{display:block}.search-input{width:100%}.search-focused .hamburger-section{visibility:visible}.centered-top-secondline .PageList ul{margin:0;max-height:288px;overflow-y:hidden}.centered-top-secondline .PageList li{margin-right:30px}.centered-top-secondline .PageList li:first-child a{padding-left:0}.centered-top-secondline .PageList .overflow-popup ul{overflow-y:auto}.centered-top-secondline .PageList .overflow-popup li{display:block}.centered-top-secondline .PageList .overflow-popup li.hidden{display:none}.overflowable-contents li{display:inline-block;height:48px}.sticky .blog-name{overflow:hidden}.sticky .blog-name .widget.Header h1{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.sticky .blog-name .widget.Header p,.sticky .centered-top-secondline{display:none}.centered-top-container,.centered-top-placeholder{background:#000000 none repeat scroll top left}.centered-top .svg-icon-24{fill:#ffffff}.blog-name h1,.blog-name h1 a{color:#f44d14;font:700 24px Lato, sans-serif;line-height:24px;text-transform:uppercase}.widget.Header .header-widget p{font:700 14px Lato, sans-serif;font-style:italic;color:rgba(255,255,255,0.54);line-height:1.6;max-width:676px}.centered-top .flat-button{color:#ffffff;cursor:pointer;font:700 14px Lato, sans-serif;line-height:24px;text-transform:uppercase;-webkit-transition:opacity .2s cubic-bezier(.4,0,.2,1);transition:opacity .2s cubic-bezier(.4,0,.2,1)}.subscribe-button{background:0 0;border:0;margin:0;outline:0;padding:0;display:block}htmldirltr .search form{margin-right:12px}.search.focused .section{opacity:1;margin-right:36px;width:calc(100% - 36px)}.search input{border:0;color:rgba(255,255,255,0.54);font:700 16px Lato, sans-serif;line-height:24px;outline:0;width:100%}.search form{padding-bottom:0}.search inputtypesubmit{display:none}.search input::-webkit-input-placeholder{text-transform:uppercase}.search input::-moz-placeholder{text-transform:uppercase}.search input:-ms-input-placeholder{text-transform:uppercase}.search input::-ms-input-placeholder{text-transform:uppercase}.search input::placeholder{text-transform:uppercase}.centered-top-secondline .dim-overlay,.search .dim-overlay{background:0 0}.centered-top-secondline .PageList .overflow-button a,.centered-top-secondline .PageList li a{color:#ffffff;font:700 14px Lato, sans-serif;line-height:48px;padding:12px}.centered-top-secondline .PageList li.selected a{color:#ffffff}.centered-top-secondline .overflow-popup .PageList li a{color:#3e3f3c}.PageList ul{padding:0}.sticky .search form{border:0}.sticky{box-shadow:0 0 20px 0 rgba(0,0,0,.7)}.sticky .centered-top{padding-bottom:0;padding-top:0}.sticky .blog-name h1,.sticky .search,.sticky .search-expand,.sticky .subscribe-button{line-height:40px}.sticky .hamburger-section,.sticky .search-expand,.sticky .search.focused .search-submit{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:40px}.subscribe-popup h3{color:rgba(0,0,0,0.84);font:700 24px Lato, sans-serif;margin-bottom:24px}.subscribe-popup div.widget.FollowByEmail .follow-by-email-address{color:rgba(0,0,0,0.84);font:700 14px Lato, sans-serif}.subscribe-popup div.widget.FollowByEmail .follow-by-email-submit{color:#3e3f3c;font:700 14px Lato, sans-serif;margin-top:24px}.post-content{-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1;margin-right:76px;max-width:676px;width:100%}.post-filter-message{background-color:#970101;color:#ffffff;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;font:700 16px Lato, sans-serif;margin:40px 136px 48px 136px;padding:10px;position:relative}.post-filter-message>*{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto}.post-filter-message .search-query{font-style:italic;quotes:\201c \201d \2018 \2019}.post-filter-message .search-query::before{content:open-quote}.post-filter-message .search-query::after{content:close-quote}.post-filter-message div{display:inline-block}.post-filter-message a{color:#ffffff;display:inline-block;text-transform:uppercase}.post-filter-description{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin-right:16px}.post-title{margin-top:0}body.feed-view .post-outer-container{margin-top:85px}body.feed-view .feed-message+.post-outer-container,body.feed-view .post-outer-container:first-child{margin-top:0}.post-outer{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:relative}.post-outer .snippet-thumbnail{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;background:#000;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;height:256px;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;margin-right:136px;overflow:hidden;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2;position:relative;width:256px}.post-outer .thumbnail-empty{background:0 0}.post-outer .snippet-thumbnail-img{background-position:center;background-repeat:no-repeat;background-size:cover;width:100%;height:100%}.post-outer .snippet-thumbnail img{max-height:100%}.post-title-container{margin-bottom:16px}.post-bottom{-webkit-box-align:baseline;-webkit-align-items:baseline;-ms-flex-align:baseline;align-items:baseline;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between}.post-share-buttons-bottom{float:left}.footer{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;margin:auto auto 0 auto;padding-bottom:32px;width:auto}.post-header-container{margin-bottom:12px}.post-header-container .post-share-buttons-top{float:right}.post-header-container .post-header{float:left}.byline{display:inline-block;margin-bottom:8px}.byline,.byline a,.flat-button{color:#3e3f3c;font:700 14px Lato, sans-serif}.flat-button.ripple .splash{background-color:rgba(62,63,60,.4)}.flat-button.ripple:hover{background-color:rgba(62,63,60,.12)}.post-footer .byline{text-transform:uppercase}.post-comment-link{line-height:1}.blog-pager{float:right;margin-right:468px;margin-top:48px}.FeaturedPost{margin-bottom:56px}.FeaturedPost h3{margin:16px 136px 8px 136px}.shown-ad{margin-bottom:85px;margin-top:85px}.shown-ad .inline-ad{display:block;max-width:676px}body.feed-view .shown-ad:last-child{display:none}.post-title,.post-title a{color:#3e3f3c;font:700 36px Lato, sans-serif;line-height:1.3333333333}.feed-message{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif;margin-bottom:52px}.post-header-container .byline,.post-header-container .byline a{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif}.post-header-container .byline.post-author:not(:last-child)::after{content:\b7}.post-header-container .byline.post-author:not(:last-child){margin-right:0}.post-snippet-container{font:400 20px Lora, serif}.sharing-button{text-transform:uppercase;word-break:normal}.post-outer-container .svg-icon-24{fill:#3e3f3c}.post-body{color:#3e3f3c;font:400 20px Lora, serif;line-height:2;margin-bottom:24px}.blog-pager .blog-pager-older-link{color:#3e3f3c;float:right;font:700 14px Lato, sans-serif;text-transform:uppercase}.no-posts-message{margin:32px}body.item-view .Blog .post-title-container{background-color:#f44d14;box-sizing:border-box;margin-bottom:-1px;padding-bottom:86px;padding-right:290px;padding-left:140px;padding-top:124px;width:100%}body.item-view .Blog .post-title,body.item-view .Blog .post-title a{color:#ffffff;font:700 48px Lato, sans-serif;line-height:1.4166666667;margin-bottom:0}body.item-view .Blog{margin:0;margin-bottom:85px;padding:0}body.item-view .Blog .post-content{margin-right:0;max-width:none}body.item-view .comments,body.item-view .shown-ad,body.item-view .widget.Blog .post-bottom{margin-bottom:0;margin-right:400px;margin-left:140px;margin-top:0}body.item-view .widget.Header header p{max-width:740px}body.item-view .shown-ad{margin-bottom:24px;margin-top:24px}body.item-view .Blog .post-header-container{padding-left:140px}body.item-view .Blog .post-header-container .post-author-profile-pic-container{background-color:#f44d14;border-top:1px solid #f44d14;float:left;height:84px;margin-right:24px;margin-left:-140px;padding-left:140px}body.item-view .Blog .post-author-profile-pic{max-height:100%}body.item-view .Blog .post-header{float:left;height:84px}body.item-view .Blog .post-header>*{position:relative;top:50%;-webkit-transform:translateY(-50%);-ms-transform:translateY(-50%);transform:translateY(-50%)}body.item-view .post-body{color:#3e3f3c;font:400 20px Lora, serif;line-height:2}body.item-view .Blog .post-body-container{padding-right:290px;position:relative;margin-left:140px;margin-top:20px;margin-bottom:32px}body.item-view .Blog .post-body{margin-bottom:0;margin-right:110px}body.item-view .Blog .post-body::first-letter{float:left;font-size:80px;font-weight:600;line-height:1;margin-right:16px}body.item-view .Blog .post-body divstyle*text-align: center::first-letter{float:none;font-size:inherit;font-weight:inherit;line-height:inherit;margin-right:0}body.item-view .Blog .post-body::first-line{color:#3e3f3c}body.item-view .Blog .post-body-container .post-sidebar{right:0;position:absolute;top:0;width:290px}body.item-view .Blog .post-body-container .post-sidebar .sharing-button{display:inline-block}.widget.Attribution{clear:both;font:600 14px Open Sans, sans-serif;padding-top:2em}.widget.Attribution .blogger{margin:12px}.widget.Attribution svg{fill:rgba(0, 0, 0, 0.54)}body.item-view .PopularPosts{margin-left:140px}body.item-view .PopularPosts .widget-content>ul{padding-left:0}body.item-view .PopularPosts .widget-content>ul>li{display:block}body.item-view .PopularPosts .post-content{margin-right:76px;max-width:664px}body.item-view .PopularPosts .post:not(:last-child){margin-bottom:85px}body.item-view .post-body-container img{height:auto;max-width:100%}body.item-view .PopularPosts>.title{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif;margin-bottom:36px}body.item-view .post-sidebar .post-labels-sidebar{margin-top:48px;min-width:150px}body.item-view .post-sidebar .post-labels-sidebar h3{color:#3e3f3c;font:700 14px Lato, sans-serif;margin-bottom:16px}body.item-view .post-sidebar .post-labels-sidebar a{color:#3e3f3c;display:block;font:400 14px Lato, sans-serif;font-style:italic;line-height:2}body.item-view blockquote{font:italic 700 36px Lato, sans-serif;font-style:italic;quotes:\201c \201d \2018 \2019}body.item-view blockquote::before{content:open-quote}body.item-view blockquote::after{content:close-quote}body.item-view .post-bottom{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;float:none}body.item-view .widget.Blog .post-share-buttons-bottom{-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}body.item-view .widget.Blog .post-footer{line-height:1;margin-right:24px}.widget.Blog body.item-view .post-bottom{margin-right:0;margin-bottom:80px}body.item-view .post-footer .post-labels .byline-label{color:#3e3f3c;font:700 14px Lato, sans-serif}body.item-view .post-footer .post-labels a{color:#3e3f3c;display:inline-block;font:400 14px Lato, sans-serif;line-height:2}body.item-view .post-footer .post-labels a:not(:last-child)::after{content:, }body.item-view #comments{border-top:0;padding:0}body.item-view #comments h3.title{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif;margin-bottom:48px}body.item-view #comments .comment-form h4{position:absolute;clip:rect(1px,1px,1px,1px);padding:0;border:0;height:1px;width:1px;overflow:hidden}.heroPost{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:relative}.widget.Blog .heroPost{margin-left:-136px}.heroPost .big-post-title .post-snippet{color:#ffffff}.heroPost.noimage .post-snippet{color:#3e3f3c}.heroPost .big-post-image-top{display:none;background-size:cover;background-position:center}.heroPost .big-post-title{background-color:#f44d14;box-sizing:border-box;-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;max-width:888px;min-width:0;padding-bottom:84px;padding-right:76px;padding-left:136px;padding-top:76px}.heroPost.noimage .big-post-title{-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;max-width:480px;width:480px}.heroPost .big-post-title h3{margin:0 0 24px}.heroPost .big-post-title h3 a{color:#ffffff}.heroPost .big-post-title .post-body{color:#ffffff}.heroPost .big-post-title .item-byline{color:#ffffff;margin-bottom:24px}.heroPost .big-post-title .item-byline .post-timestamp{display:block}.heroPost .big-post-title .item-byline a{color:#ffffff}.heroPost .byline,.heroPost .byline a,.heroPost .flat-button{color:#ffffff}.heroPost .flat-button.ripple .splash{background-color:rgba(255,255,255,.4)}.heroPost .flat-button.ripple:hover{background-color:rgba(255,255,255,.12)}.heroPost .big-post-image{background-position:center;background-repeat:no-repeat;background-size:cover;-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;width:392px}.heroPost .big-post-text{background-color:#e7e8e0;box-sizing:border-box;color:#3e3f3c;-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;min-width:0;padding:48px}.heroPost .big-post-text .post-snippet-fade{color:#3e3f3c;background:-webkit-linear-gradient(right,#e7e8e0,rgba(231, 232, 224, 0));background:linear-gradient(to left,#e7e8e0,rgba(231, 232, 224, 0))}.heroPost .big-post-text .byline,.heroPost .big-post-text .byline a,.heroPost .big-post-text .jump-link,.heroPost .big-post-text .sharing-button{color:#3e3f3c}.heroPost .big-post-text .snippet-item::first-letter{color:#f44d14;float:left;font-weight:700;margin-right:12px}.sidebar-container{background-color:#ffffff}body.sidebar-visible .sidebar-container{box-shadow:0 0 20px 0 rgba(0,0,0,.7)}.sidebar-container .svg-icon-24{fill:#000000}.sidebar-container .navigation .sidebar-back{float:right}.sidebar-container .widget{padding-right:16px;margin-right:0;margin-left:38px}.sidebar-container .widget+.widget{border-top:solid 1px #bdbdbd}.sidebar-container .widget .title{font:400 16px Lato, sans-serif}.collapsible{width:100%}.widget.Profile{border-top:0;margin:0;margin-left:38px;margin-top:24px;padding-right:0}body.sidebar-visible .widget.Profile{margin-left:0}.widget.Profile h2{display:none}.widget.Profile h3.title{color:#000000;margin:16px 32px}.widget.Profile .individual{text-align:center}.widget.Profile .individual .default-avatar-wrapper .avatar-icon{margin:auto}.widget.Profile .team{margin-bottom:32px;margin-left:32px;margin-right:32px}.widget.Profile ul{list-style:none;padding:0}.widget.Profile li{margin:10px 0;text-align:left}.widget.Profile .profile-img{border-radius:50%;float:none}.widget.Profile .profile-info{margin-bottom:12px}.profile-snippet-fade{background:-webkit-linear-gradient(right,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);height:1.7em;position:absolute;right:16px;top:11.7em;width:96px}.profile-snippet-fade::after{content:\2026;float:right}.widget.Profile .profile-location{color:#000000;font-size:16px;margin:0;opacity:.74}.widget.Profile .team-member .profile-link::after{clear:both;content:;display:table}.widget.Profile .team-member .profile-name{word-break:break-word}.widget.Profile .profile-datablock .profile-link{color:#000000;font:700 16px Lato, sans-serif;font-size:24px;text-transform:none;word-break:break-word}.widget.Profile .profile-datablock .profile-link+div{margin-top:16px!important}.widget.Profile .profile-link{font:700 16px Lato, sans-serif;font-size:14px}.widget.Profile .profile-textblock{color:#000000;font-size:14px;line-height:24px;margin:0 18px;opacity:.74;overflow:hidden;position:relative;word-break:break-word}.widget.Label .list-label-widget-content li a{width:100%;word-wrap:break-word}.extendable .show-less,.extendable .show-more{font:700 16px Lato, sans-serif;font-size:14px;margin:0 -8px}.widget.BlogArchive .post-count{color:#3e3f3c}.Label li{margin:16px 0}.Label li:last-child{margin-bottom:0}.post-snippet.snippet-container{max-height:160px}.post-snippet .snippet-item{line-height:40px}.post-snippet .snippet-fade{background:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);color:#3e3f3c;height:40px}.hero-post-snippet.snippet-container{max-height:160px}.hero-post-snippet .snippet-item{line-height:40px}.hero-post-snippet .snippet-fade{background:-webkit-linear-gradient(left,#f44d14 0,#f44d14 20%,rgba(244, 77, 20, 0) 100%);background:linear-gradient(to left,#f44d14 0,#f44d14 20%,rgba(244, 77, 20, 0) 100%);color:#ffffff;height:40px}.hero-post-snippet a{color:#790101}.hero-post-noimage-snippet.snippet-container{max-height:320px}.hero-post-noimage-snippet .snippet-item{line-height:40px}.hero-post-noimage-snippet .snippet-fade{background:-webkit-linear-gradient(left,#e7e8e0 0,#e7e8e0 20%,rgba(231, 232, 224, 0) 100%);background:linear-gradient(to left,#e7e8e0 0,#e7e8e0 20%,rgba(231, 232, 224, 0) 100%);color:#3e3f3c;height:40px}.popular-posts-snippet.snippet-container{max-height:160px}.popular-posts-snippet .snippet-item{line-height:40px}.popular-posts-snippet .snippet-fade{background:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);color:#3e3f3c;height:40px}.profile-snippet.snippet-container{max-height:192px}.profile-snippet .snippet-item{line-height:24px}.profile-snippet .snippet-fade{background:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);color:#000000;height:24px}.hero-post-noimage-snippet .snippet-item::first-letter{font-size:80px;line-height:80px}#comments a,#comments cite,#comments div{font-size:16px;line-height:1.4}#comments .comment .comment-header .user,#comments .comment .comment-header .user a{color:#3e3f3c;font:700 14px Lato, sans-serif}#comments .comment .comment-header .datetime a{color:rgba(0,0,0,0.54);font:700 14px Lato, sans-serif}#comments .comment .comment-header .datetime a::before{content:\b7 }#comments .comment .comment-content{margin-top:6px}#comments .comment .comment-actions{color:#3e3f3c;font:700 14px Lato, sans-serif}#comments .continue{display:none}#comments .comment-footer{margin-top:8px}.cmt_iframe_holder{margin-left:140px!important}body.variant-rockpool_deep_orange .centered-top-secondline .PageList .overflow-popup li a{color:#000}body.variant-rockpool_pink .blog-name h1,body.variant-rockpool_pink .blog-name h1 a{text-transform:none}body.variant-rockpool_deep_orange .post-filter-message{background-color:#000000}@media screen and (max-width:1619px){.page{float:none;margin:0 auto;max-width:none!important}.page_body{max-width:1280px;margin:0 auto}}@media screen and (max-width:1280px){.heroPost .big-post-image{display:table-cell;left:auto;position:static;top:auto}.heroPost .big-post-title{display:table-cell}}@media screen and (max-width:1168px){.centered-top-container,.centered-top-placeholder{padding:24px 24px 32px 24px}.sticky{padding:0 24px}.subscribe-section-container{margin-left:48px}.hamburger-section{margin-left:48px}.big-post-text-inner,.big-post-title-inner{margin:0 auto;max-width:920px}.centered-top{padding:0;max-width:920px}.Blog{padding:0}body.item-view .Blog{padding:0 24px;margin:0 auto;max-width:920px}.post-filter-description{margin-right:36px}.post-outer{display:block}.post-content{max-width:none;margin:0}.post-outer .snippet-thumbnail{width:920px;height:613.3333333333px;margin-bottom:16px}.post-outer .snippet-thumbnail.thumbnail-empty{display:none}.shown-ad .inline-ad{max-width:100%}body.item-view .Blog{padding:0;max-width:none}.post-filter-message{margin:24px calc((100% - 920px)/ 2);max-width:none}.FeaturedPost h3,body.feed-view .blog-posts,body.feed-view .feed-message{margin-left:calc((100% - 920px)/ 2);margin-right:calc((100% - 920px)/ 2)}body.item-view .Blog .post-title-container{padding:62px calc((100% - 920px)/ 2) 24px}body.item-view .Blog .post-header-container{padding-left:calc((100% - 920px)/ 2)}body.item-view .Blog .post-body-container,body.item-view .comments,body.item-view .post-outer-container>.shown-ad,body.item-view .widget.Blog .post-bottom{margin:32px calc((100% - 920px)/ 2);padding:0}body.item-view .cmt_iframe_holder{margin:32px 24px!important}.blog-pager{margin-left:calc((100% - 920px)/ 2);margin-right:calc((100% - 920px)/ 2)}body.item-view .post-bottom{margin:0 auto;max-width:968px}body.item-view .PopularPosts .post-content{max-width:100%;margin-right:0}body.item-view .Blog .post-body{margin-right:0}body.item-view .Blog .post-sidebar{display:none}body.item-view .widget.Blog .post-share-buttons-bottom{margin-right:24px}body.item-view .PopularPosts{margin:0 auto;max-width:920px}body.item-view .comment-thread-title{margin-left:calc((100% - 920px)/ 2)}.heroPost{display:block}.heroPost .big-post-title{display:block;max-width:none;padding:24px}.heroPost .big-post-image{display:none}.heroPost .big-post-image-top{display:block;height:613.3333333333px;margin:0 auto;max-width:920px}.heroPost .big-post-image-top-container{background-color:#f44d14}.heroPost.noimage .big-post-title{max-width:none;width:100%}.heroPost.noimage .big-post-text{position:static;width:100%}.heroPost .big-post-text{padding:24px}}@media screen and (max-width:968px){body{font-size:14px}.post-header-container .byline,.post-header-container .byline a{font-size:14px}.post-title,.post-title a{font-size:24px}.post-outer .snippet-thumbnail{width:100%;height:calc((100vw - 48px) * 2 / 3)}body.item-view .Blog .post-title-container{padding:62px 24px 24px 24px}body.item-view .Blog .post-header-container{padding-left:24px}body.item-view .Blog .post-body-container,body.item-view .PopularPosts,body.item-view .comments,body.item-view .post-outer-container>.shown-ad,body.item-view .widget.Blog .post-bottom{margin:32px 24px;padding:0}.FeaturedPost h3,body.feed-view .blog-posts,body.feed-view .feed-message{margin-left:24px;margin-right:24px}.post-filter-message{margin:24px 24px 48px 24px}body.item-view blockquote{font-size:18px}body.item-view .Blog .post-title{font-size:24px}body.item-view .Blog .post-body{font-size:14px}body.item-view .Blog .post-body::first-letter{font-size:56px;line-height:56px}.main_header_elements{position:relative;display:block}.search.focused .section{margin-right:0;width:100%}htmldirltr .search form{margin-right:0}.hamburger-section{margin-left:24px}.search-expand-icon{display:block;float:left;height:24px;margin-top:-12px}.search-expand-text{display:none}.subscribe-section-container{margin-top:12px}.subscribe-section-container{float:left;margin-left:0}.search-expand{position:absolute;right:0;top:0}htmldirltr .search-expand{margin-left:24px}.centered-top.search-focused .subscribe-section-container{opacity:0}.blog-name{float:none}.blog-name{margin-right:36px}.centered-top-secondline .PageList li{margin-right:24px}.centered-top.search-focused .subscribe-button,.centered-top.search-focused .subscribe-section-container{opacity:1}body.item-view .comment-thread-title{margin-left:24px}.blog-pager{margin-left:24px;margin-right:24px}.heroPost .big-post-image-top{width:100%;height:calc(100vw * 2 / 3)}.popular-posts-snippet.snippet-container,.post-snippet.snippet-container{font-size:14px;max-height:112px}.popular-posts-snippet .snippet-item,.post-snippet .snippet-item{line-height:2}.popular-posts-snippet .snippet-fade,.post-snippet .snippet-fade{height:28px}.hero-post-snippet.snippet-container{font-size:14px;max-height:112px}.hero-post-snippet .snippet-item{line-height:2}.hero-post-snippet .snippet-fade{height:28px}.hero-post-noimage-snippet.snippet-container{font-size:14px;line-height:2;max-height:224px}.hero-post-noimage-snippet .snippet-item{line-height:2}.hero-post-noimage-snippet .snippet-fade{height:28px}.hero-post-noimage-snippet .snippet-item::first-letter{font-size:56px;line-height:normal}body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1{margin-left:-24px!important;margin-right:-24px!important}body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: left;,body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: right;{margin-left:0!important;margin-right:0!important}body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: left; img,body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: right; img{max-width:100%}}@media screen and (min-width:1620px){.page{float:left}.centered-top{max-width:1600px;padding:44px 456px 32px 136px}.sidebar-container{box-shadow:none;float:right;max-width:320px;z-index:32}.sidebar-container .navigation{display:none}.hamburger-section,.sticky .hamburger-section{display:none}.search.focused .section{margin-right:0;width:100%}#footer{padding-right:320px}}-->/style>style idtemplate-skin-1 typetext/css>!--body#layout .hidden,body#layout .invisible {display: inherit;}body#layout .navigation {display: none;}body#layout .page {display: inline-block;vertical-align: top;width: 55%;}body#layout .sidebar-container {display: inline-block;float: right;width: 40%;}body#layout .hamburger-menu,body#layout .search {display: none;}-->/style>script typetext/javascript> (function(i,s,o,g,r,a,m){iGoogleAnalyticsObjectr;irir||function(){ (ir.qir.q||).push(arguments)},ir.l1*new Date();as.createElement(o), ms.getElementsByTagName(o)0;a.async1;a.srcg;m.parentNode.insertBefore(a,m) })(window,document,script,https://www.google-analytics.com/analytics.js,ga); ga(create, UA-27751410-1, auto, blogger); ga(blogger.send, pageview); /script>script asyncasync srchttps://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js>/script>meta namegoogle-adsense-platform-account contentca-host-pub-1556223355139109/>meta namegoogle-adsense-platform-domain contentblogspot.com/>/head>body classcontainer feed-view version-1-3-3 variant-rockpool_deep_orange>a classskip-navigation href#main tabindex0>Skip to main content/a>div classall-container>div classcentered-top-placeholder>/div>header classcentered-top-container rolebanner>div classcentered-top>div classcentered-top-firstline container>div classmain_header_elements container>!-- Blog name and header -->div classblog-name>div classsection idheader nameHeader>div classwidget Header data-version2 idHeader1>div classheader-widget>div>h1>malerisch.net/h1>/div>p>Security research, divulgations and food for thought./p>/div>/div>/div>/div>!-- End blog name and header -->!-- Search -->div classsearch>button aria-labelSearch classflat-button search-expand touch-icon-button>div classsearch-expand-text>Search/div>div classsearch-expand-icon flat-icon-button>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_search_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/button>div classsection idsearch_top nameSearch (Top)>div classwidget BlogSearch data-version2 idBlogSearch1>h3 classtitle>Search This Blog/h3>div classwidget-content rolesearch>form actionhttp://blog.malerisch.net/search target_top>div classsearch-input>input aria-labelSearch this blog autocompleteoff nameq placeholderSearch this blog value/>/div>label classsearch-submit>input typesubmit/>div classflat-icon-button ripple>svg classsvg-icon-24 search-icon>use xlink:href/responsive/sprite_v1_6.css.svg#ic_search_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/label>/form>/div>/div>/div>/div>/div>!-- Hamburger menu -->div classhamburger-section container>button classsvg-icon-24-button hamburger-menu flat-icon-button ripple>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_menu_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/button>/div>!-- End hamburger menu -->/div>nav rolenavigation>div classcentered-top-secondline section idpage_list_top namePage list (top)>div classwidget PageList data-version2 idPageList1>h3 classtitle>Pages/h3>div classwidget-content>div classoverflowable-container>div classoverflowable-contents>div classcontainer>ul classtabs>li classoverflowable-item selected>a hrefhttp://blog.malerisch.net/>Home/a>/li>li classoverflowable-item>a hrefhttp://blog.malerisch.net/p/security-research.html>Security Research/a>/li>li classoverflowable-item>a hrefhttp://blog.malerisch.net/p/advisories.html>Advisories/a>/li>li classoverflowable-item>a hrefhttp://blog.malerisch.net/p/presentations.html>Presentations/a>/li>li classoverflowable-item>a hrefhttp://blog.malerisch.net/p/white-papers.html>White Papers/a>/li>li classoverflowable-item>a hrefhttp://blog.malerisch.net/p/tools.html>Tools/a>/li>li classoverflowable-item>a hrefhttps://www.youtube.com/user/malerischnet>Videos/a>/li>/ul>/div>/div>div classoverflow-button hidden>a>More…/a>/div>/div>/div>/div>/div>/nav>/div>/header>div classmain_content_container clearfix>div classpage>div classpage_body>div classcentered>main classcentered-bottom idmain rolemain tabindex-1>h2 classmain-heading>Posts/h2>div classmain section idpage_body namePage body>div classwidget FeaturedPost data-version2 idFeaturedPost1>div classwidget-content>div classheroPost>div classbig-post-image-top-container>style> .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/s640\/s1.png);} @media (max-width: 480px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w480-h320-p-k-no-nu\/s1.png);}}@media (max-width: 640px) and (min-width: 481px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w640-h426-p-k-no-nu\/s1.png);}}@media (max-width: 800px) and (min-width: 641px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w800-h533-p-k-no-nu\/s1.png);}}/* Last tag covers anything over one higher than the previous max-size cap. */@media (min-width: 801px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w1200-h800-p-k-no-nu\/s1.png);}} /style>a classbig-post-image-top hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html>/a>/div>div classbig-post-title>div classbig-post-title-inner>h3 classpost-title>a hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html>UXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies.../a>/h3>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html relbookmark titlepermanent link>time classpublished datetime2017-04-26T11:52:00+02:00 title2017-04-26T11:52:00+02:00>April 26, 2017/time>/a>/span>/div>/div>div classcontainer post-body entry-content idpost-snippet-6344425046060755751>div classhero-post-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>During the HITB2017AMS talk given in Amsterdam with @Steventseeley , I promised that I would have disclosed vulnerabilities affecting a security vendor product other than Trend Micro. For those who have come to my blog for the first time and are looking at "insecurities" of security vendors, you might be interested as well on how we found 200+ remote code execution vulnerabilities in Trend Micro software ... But this blog post is dedicated to two McAfee products instead: McAfee Endpoint Security and SiteAdvisor Enterprise (now part of McAfee Endpoint Security). For simplicity, I will just refer to McAfee Endpoint Security for the rest of this post. First let's demonstrate a particular type of XSS, a UXSS, considering that fact that it only affects the McAfee Endpoint Security plugin and does not depend on a particular web site or web application. There are two different injection points: - UXSS when user visits a red labelled web site - the payload is rendere/div>a classsnippet-fade r-snippet-fade hidden href>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-FeaturedPost1-footer-0-6344425046060755751 classsharing data-titleUXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies...>button aria-controlssharing-popup-FeaturedPost1-footer-0-6344425046060755751 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-FeaturedPost1-footer-0-6344425046060755751 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-FeaturedPost1-footer-0-6344425046060755751 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&target data-urlhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targetfacebook data-urlhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targettwitter data-urlhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targetpinterest data-urlhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targetemail data-urlhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html#comments onclick>Post a Comment/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html titleUXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies...>Read more/a>/div>/div>/div>/div>a classbig-post-image hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html stylebackground-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o/w612/s1.png);>/a>/div>/div>/div>div classwidget Blog data-version2 idBlog1>div classfeed-message>Recent posts/div>div classblog-posts hfeed container>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_2529423599838874335>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w256-h256-p-k-no-nu\/create_session.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w1167-h778-p-k-no-nu\/create_session.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w968-h645-p-k-no-nu\/create_session.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w600-h400-p-k-no-nu\/create_session.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name2529423599838874335>/a>h3 classpost-title entry-title>a hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html relbookmark titlepermanent link>time classpublished datetime2017-04-20T09:59:00+02:00 title2017-04-20T09:59:00+02:00>April 20, 2017/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-2529423599838874335>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>In the last few months, I have been testing several Trend Micro products with Steven Seeley ( @steventseeley ). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities and for the first time we presented the outcome of our research at Hack In The Box 2017 Amsterdam in April. The presentation is available as a PDF or as a Slideshare . Since it was not possible to cover all discovered vulnerabilities with a single presentation, this blog post will cover and analyze a further vulnerability that did not make it to the slides, and which affects the Trend Micro Threat Discovery Appliance (TDA) product. CVE-2016-8584 - TDA Session Generation Authentication Bypass This was an interesting vulnerability, discovered after observing that two consecutive login attempts against the web interface returned the same session_id token. Following this observation, our inference was that time factor played a role. After further analysis and reversing of the TDA libra/div>a classsnippet-fade r-snippet-fade hidden hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-2529423599838874335 classsharing data-titleTrend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)>button aria-controlssharing-popup-Blog1-footer-0-2529423599838874335 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-2529423599838874335 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-2529423599838874335 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&target data-urlhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targetfacebook data-urlhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targettwitter data-urlhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targetpinterest data-urlhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targetemail data-urlhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html#comments onclick>2 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html titleTrend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_4627155078781729495>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w256-h256-p-k-no-nu\/twitter-pic2.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w1167-h778-p-k-no-nu\/twitter-pic2.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w968-h645-p-k-no-nu\/twitter-pic2.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w600-h400-p-k-no-nu\/twitter-pic2.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name4627155078781729495>/a>h3 classpost-title entry-title>a hrefhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html>Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html relbookmark titlepermanent link>time classpublished datetime2016-12-01T13:08:00+01:00 title2016-12-01T13:08:00+01:00>December 01, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-4627155078781729495>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>It is time for another advisory or better a blog post about Alcatel Lucent Omnivista and its vulnerabilities. Omnivista is a central management network tool and it is typically used in medium/large organisation with a complex VoIP/SIP infrastructure. Interestingly enough, this software belongs to the niche of "undownloadable" software and it requires a license to work as well. My "luck" came during an engagement where it was already installed and this post documents one of the many 0days discovered during such audit. The reasons why I wanted to dedicate a single blog post on this vulnerability are several. First, remote code execution (RCE) is always a sweet bug to show. Second, I strongly believe that documenting vulnerabilities in applications using old protocols and standards, respectively GIOP and CORBA, can be beneficial for the infosec community, since no many examples of vulnerabilities in such applications are available or published on the Interne/div>a classsnippet-fade r-snippet-fade hidden hrefhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-4627155078781729495 classsharing data-titleAlcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)>button aria-controlssharing-popup-Blog1-footer-0-4627155078781729495 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-4627155078781729495 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-4627155078781729495 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&target data-urlhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targetfacebook data-urlhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targettwitter data-urlhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targetpinterest data-urlhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targetemail data-urlhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html#comments onclick>6 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html titleAlcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_2848216952693500772>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w256-h256-p-k-no-nu\/s1.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w1167-h778-p-k-no-nu\/s1.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w968-h645-p-k-no-nu\/s1.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w600-h400-p-k-no-nu\/s1.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name2848216952693500772>/a>h3 classpost-title entry-title>a hrefhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html>Pwning a thin client in less than one minute, again!/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html relbookmark titlepermanent link>time classpublished datetime2016-10-03T07:53:00+02:00 title2016-10-03T07:53:00+02:00>October 03, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-2848216952693500772>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized> Back in 2015, I have published a blog post titled " Pwning a thin client in less two minutes " which attracted a lot of curiosity from the Internet and which was also featured in the HACKADAY blog. Today, together with Vincent Hutsebaut ( @vhutsebaut ), we are releasing a further technique to pwn the same thin client and get a root shell without authentication, in less than one minute! The attack detailed below is a typical kiosk attack which consists in a local privilege escalation which affects different versions of HP Thin Pro OS (HP ThinPro 4.4, HP ThinPro 5.0, HP ThinPro 5.1, HP ThinPro 5.2, HP ThinPro 5.2.1, HP ThinPro 6.0, HP ThinPro 6.1). The vulnerability (CVE-2016-2246) has been patched by HP and a technical bulletin has been published . HP stated that they have fixed the issue before our report was sent to them and were on the way to publish a security bulletin when we contacted them. Since the patch is out, let's dive into the vulnerability, which i/div>a classsnippet-fade r-snippet-fade hidden hrefhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-2848216952693500772 classsharing data-titlePwning a thin client in less than one minute, again!>button aria-controlssharing-popup-Blog1-footer-0-2848216952693500772 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-2848216952693500772 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-2848216952693500772 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&target data-urlhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targetfacebook data-urlhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targettwitter data-urlhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targetpinterest data-urlhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targetemail data-urlhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html#comments onclick>2 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html titlePwning a thin client in less than one minute, again!>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>div classsnippet-thumbnail thumbnail-empty>/div>div classpost-content container>div classpost-title-container>a name5109742040991891728>/a>h3 classpost-title entry-title>a hrefhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html>Microsoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html relbookmark titlepermanent link>time classpublished datetime2016-09-14T18:16:00+02:00 title2016-09-14T18:16:00+02:00>September 14, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-5109742040991891728>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>In the last year, as a personal research project, I started to look more into browsers and decided to fuzz some high-level targets, such as Edge and IE11, together with Steven Seeley ( @steventseeley ). I have to admit that it is quite hard nowadays to approach this kind of research, especially with limited time and resources (just few virtual machines running at home…), but nevertheless it became an incredible learning experience. Given our constraints, the fuzzing focus was to target other things than common targeted components, such as DOM, JavaScript and so on, so we decided to go for the PDF file format. One of the interesting conditions that we found was the one that has just been patched by Microsoft and detailed in the MS16-115 security bulletin. The vulnerability is an out-of-bounds read which can lead to memory information disclosure. The technical advisory can be found at Steven Seeley's web site: http://srcincite.io/advisories/src-2016-0039/ . References/div>a classsnippet-fade r-snippet-fade hidden hrefhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-5109742040991891728 classsharing data-titleMicrosoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115)>button aria-controlssharing-popup-Blog1-footer-0-5109742040991891728 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-5109742040991891728 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-5109742040991891728 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&target data-urlhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targetfacebook data-urlhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targettwitter data-urlhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targetpinterest data-urlhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targetemail data-urlhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html#comments onclick>Post a Comment/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html titleMicrosoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115)>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_4414957384997929325>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w256-h256-p-k-no-nu\/s1.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w1167-h778-p-k-no-nu\/s1.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w968-h645-p-k-no-nu\/s1.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w600-h400-p-k-no-nu\/s1.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name4414957384997929325>/a>h3 classpost-title entry-title>a hrefhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html>TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html relbookmark titlepermanent link>time classpublished datetime2016-05-20T00:20:00+02:00 title2016-05-20T00:20:00+02:00>May 20, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-4414957384997929325>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>It's time for another advisory ( CVE-2015-3326 ), a simple one, for a vulnerability which can be found quickly and trivially. For those of you who just want to give a glance at the post, I suggest to directly watch the picture which says it all! The following vulnerability was discovered on TrendMicro SMEX (ScanMail for Microsoft Exchange) 10 SP2 but it affects other versions as well. While surfing the SMEX web administrative interface using a web proxy, I have noticed something in the HTTP request - the session token itself and its format, a number. After observing a significant number of logins, the session token was always represented with an number composed of minimum 4 digits and maximum 5 digits, as shown in the screen shot below: Although the observed session tokens were never generated sequentially, the lack of a cryptographically strong PRNG for the session identifier, allows a malicious user to trivially guess the token. This attack can be easily automated./div>a classsnippet-fade r-snippet-fade hidden hrefhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-4414957384997929325 classsharing data-titleTrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326>button aria-controlssharing-popup-Blog1-footer-0-4414957384997929325 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-4414957384997929325 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-4414957384997929325 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&target data-urlhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targetfacebook data-urlhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targettwitter data-urlhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targetpinterest data-urlhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targetemail data-urlhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html#comments onclick>1 comment/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html titleTrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_2820815798478501437>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w256-h256-p-k-no-nu\/email.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w1167-h778-p-k-no-nu\/email.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w968-h645-p-k-no-nu\/email.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w600-h400-p-k-no-nu\/email.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name2820815798478501437>/a>h3 classpost-title entry-title>a hrefhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html>Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html/>a classtimestamp-link hrefhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html relbookmark titlepermanent link>time classpublished datetime2015-09-10T21:29:00+02:00 title2015-09-10T21:29:00+02:00>September 10, 2015/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-2820815798478501437>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>Microsoft released a security bulletin ( MS15-101 ) describing a .NET MVC Denial of Service vulnerability ( CVE-2015-2526 ) that I reported back in April. This blog post analyses the vulnerability in details, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013. For those of you who want to see the bug, you can directly skip to the last part of this post or watch the video directly... ;-) A bit of theory The .NET framework (4.5 tested version) uses backtracking regular expression matcher when performing a match against an expression. Backtracking is based on the NFA (non-deterministic finite automata) algorithm engine which is designed to validate all input states. By providing an “evil” regex expression – an expression for which the engine can be forced to calculate an exponential number of states - it is possible to force the engine to calculate an exponential number of states, leading to a condition defined su/div>a classsnippet-fade r-snippet-fade hidden hrefhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-2820815798478501437 classsharing data-titleMicrosoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)>button aria-controlssharing-popup-Blog1-footer-0-2820815798478501437 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-2820815798478501437 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-2820815798478501437 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&target data-urlhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targetfacebook data-urlhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targettwitter data-urlhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targetpinterest data-urlhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targetemail data-urlhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html#comments onclick>3 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html titleMicrosoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)>Read more/a>/div>/div>/div>/div>/article>/div>div classblog-pager container idblog-pager>a classblog-pager-older-link flat-button ripple hrefhttp://blog.malerisch.net/search?updated-max2015-09-10T21:29:00%2B02:00&max-results7 titleMore posts>More posts/a>/div>/div>/div>/main>/div>/div>/div>aside classsidebar-container sidebar-invisible rolecomplementary>div classnavigation container>button classsvg-icon-24-button sidebar-back flat-icon-button ripple>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_arrow_forward_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/button>/div>div classsidebar section idsidebar nameSidebar>div classwidget BlogArchive data-version2 idBlogArchive1>details classcollapsible extendable>summary>div classcollapsible-title>h3 classtitle>Archive/h3>svg classsvg-icon-24 chevron-down>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_more_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>svg classsvg-icon-24 chevron-up>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_less_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/summary>div classwidget-content>div idArchiveList>div idBlogArchive1_ArchiveList>div classfirst-items>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2017/>2017span classpost-count>2/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2017/04/>Aprilspan classpost-count>2/span>/a>/div>div classhierarchy-content>ul classposts hierarchy>li>a hrefhttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html>UXSS in McAfee Endpoint Security, www.mcafee.com a.../a>/li>li>a hrefhttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>Trend Micro Threat Discovery Appliance - Session G.../a>/li>/ul>/div>/li>/ul>/div>/li>/ul>/div>div classremaining-items>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2016/>2016span classpost-count>4/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2016/12/>Decemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2016/10/>Octoberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2016/09/>Septemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2016/05/>Mayspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2015/>2015span classpost-count>3/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2015/09/>Septemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2015/04/>Aprilspan classpost-count>2/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2014/>2014span classpost-count>1/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2014/08/>Augustspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2013/>2013span classpost-count>3/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2013/12/>Decemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2013/09/>Septemberspan classpost-count>2/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2012/>2012span classpost-count>13/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2012/12/>Decemberspan classpost-count>8/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2012/10/>Octoberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2012/06/>Junespan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2012/04/>Aprilspan classpost-count>3/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2011/>2011span classpost-count>2/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttp://blog.malerisch.net/2011/12/>Decemberspan classpost-count>2/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>/ul>/div>span classshow-more flat-button>Show more/span>span classshow-less hidden flat-button>Show less/span>/div>/div>/div>/details>/div>div classwidget Label data-version2 idLabel1>details classcollapsible extendable>summary>div classcollapsible-title>h3 classtitle>Labels/h3>svg classsvg-icon-24 chevron-down>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_more_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>svg classsvg-icon-24 chevron-up>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_less_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/summary>div classwidget-content list-label-widget-content>div classfirst-items>ul>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/.net>.net/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/0day>0day/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/0days>0days/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/advisory>advisory/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/alcatel>alcatel/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/avant%20browser>avant browser/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/beef>beef/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/bookmark>bookmark/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/brute%20force%20pin%20callmanager%20cisco%20phone>brute force pin callmanager cisco phone/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/burp>burp/a>/li>/ul>/div>div classremaining-items>ul>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/burp%20extension>burp extension/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/burp%20pro>burp pro/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/burpcsj>burpcsj/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/corba>corba/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/cors>cors/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/crash>crash/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/crawljax>crawljax/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/csrf>csrf/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/CVE-2016-2246>CVE-2016-2246/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/cve2015-2526>cve2015-2526/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/cve2016-3374>cve2016-3374/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/dos>dos/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/edge>edge/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/exploit>exploit/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/feed>feed/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/file%20upload>file upload/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/firefox>firefox/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/giop>giop/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/hitb2012ams>hitb2012ams/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/hitb2017ams>hitb2017ams/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/hp>hp/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/html5>html5/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/i.maxthon.com>i.maxthon.com/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/integer%20overflow>integer overflow/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/junit>junit/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/kemp>kemp/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/kiosk%20hacking>kiosk hacking/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/load%20master>load master/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/lucent>lucent/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/maxthon>maxthon/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/mcafee>mcafee/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/metasploit>metasploit/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/microsoft>microsoft/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/ms16-115>ms16-115/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/mvc>mvc/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/omniorb>omniorb/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/omnivista>omnivista/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/oracle%20glassfish>oracle glassfish/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/pdf>pdf/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/poc>poc/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/rce>rce/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/redos>redos/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/regex>regex/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/remote%20code%20execution>remote code execution/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/root%20shell>root shell/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/security>security/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/security%20conference>security conference/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/selenium>selenium/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/selenium%20ide>selenium ide/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/smex>smex/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/sop>sop/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/thinpro>thinpro/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/trend%20micro>trend micro/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/trendmicro>trendmicro/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/tutorial>tutorial/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/unauthenticated>unauthenticated/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/uxss>uxss/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/web%20application%20testing>web application testing/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/web%20hacking>web hacking/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/xcs>xcs/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/xhr>xhr/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/xsrf>xsrf/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/xss>xss/a>/li>li>a classlabel-name hrefhttp://blog.malerisch.net/search/label/zero%20client>zero client/a>/li>/ul>/div>span classshow-more flat-button>Show more/span>span classshow-less hidden flat-button>Show less/span>/div>/details>/div>/div>/aside>/div>footer classfooter section idfooter nameFooter>div classwidget Attribution data-version2 idAttribution1>div classwidget-content>div classblogger>a hrefhttps://www.blogger.com relnofollow>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>Powered by Blogger/a>/div>/div>/div>/footer>/div>script typetext/javascript srchttps://resources.blogblog.com/blogblog/data/res/1536289703-rockpool_compiled.js asynctrue>/script>script typetext/javascript srchttps://www.blogger.com/static/v1/widgets/2591855913-widgets.js>/script>script typetext/javascript>window__wavt AOuZoY4NxYDEnXrWnMaeu3msTn-KRkjxbw:1730764137201;_WidgetManager._Init(//www.blogger.com/rearrange?blogID\x3d5593108060941425908,//blog.malerisch.net/,5593108060941425908);_WidgetManager._SetDataContext({name: blog, data: {blogId: 5593108060941425908, title: malerisch.net, url: http://blog.malerisch.net/, canonicalUrl: http://blog.malerisch.net/, homepageUrl: http://blog.malerisch.net/, searchUrl: http://blog.malerisch.net/search, canonicalHomepageUrl: http://blog.malerisch.net/, blogspotFaviconUrl: http://blog.malerisch.net/favicon.ico, bloggerUrl: https://www.blogger.com, hasCustomDomain: true, httpsEnabled: true, enabledCommentProfileImages: false, gPlusViewType: FILTERED_POSTMOD, adultContent: false, analyticsAccountNumber: UA-27751410-1, encoding: UTF-8, locale: en-GB, localeUnderscoreDelimited: en_gb, languageDirection: ltr, isPrivate: false, isMobile: false, isMobileRequest: false, mobileClass: , isPrivateBlog: false, isDynamicViewsAvailable: true, feedLinks: \x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22malerisch.net - Atom\x22 href\x3d\x22http://blog.malerisch.net/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22malerisch.net - RSS\x22 href\x3d\x22http://blog.malerisch.net/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22malerisch.net - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5593108060941425908/posts/default\x22 /\x3e\n, meTag: \x3clink rel\x3d\x22me\x22 href\x3d\x22https://www.blogger.com/profile/00603006078110455351\x22 /\x3e\n, adsenseHostId: ca-host-pub-1556223355139109, adsenseHasAds: false, adsenseAutoAds: false, boqCommentIframeForm: true, loginRedirectParam: , view: , dynamicViewsCommentsSrc: //www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js, dynamicViewsScriptSrc: //www.blogblog.com/dynamicviews/6eb7ce967db05cf0, plusOneApiSrc: https://apis.google.com/js/platform.js, disableGComments: true, interstitialAccepted: false, sharing: {platforms: {name: Get link, key: link, shareMessage: Get link, target: }, {name: Facebook, key: facebook, shareMessage: Share to Facebook, target: facebook}, {name: BlogThis!, key: blogThis, shareMessage: BlogThis!, target: blog}, {name: Twitter, key: twitter, shareMessage: Share to Twitter, target: twitter}, {name: Pinterest, key: pinterest, shareMessage: Share to Pinterest, target: pinterest}, {name: Email, key: email, shareMessage: Email, target: email}, disableGooglePlus: true, googlePlusShareButtonWidth: 0, googlePlusBootstrap: \x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e}, hasCustomJumpLinkMessage: false, jumpLinkMessage: Read more, pageType: index, pageName: , pageTitle: malerisch.net, metaDescription: A blog about security research, web application security, software bugs and exploits.}}, {name: features, data: {}}, {name: messages, data: {edit: Edit, linkCopiedToClipboard: Link copied to clipboard, ok: Ok, postLink: Post link}}, {name: template, data: {name: Notable, localizedName: Notable, isResponsive: true, isAlternateRendering: false, isCustom: false, variant: rockpool_deep_orange, variantId: rockpool_deep_orange}}, {name: view, data: {classic: {name: classic, url: ?view\x3dclassic}, flipcard: {name: flipcard, url: ?view\x3dflipcard}, magazine: {name: magazine, url: ?view\x3dmagazine}, mosaic: {name: mosaic, url: ?view\x3dmosaic}, sidebar: {name: sidebar, url: ?view\x3dsidebar}, snapshot: {name: snapshot, url: ?view\x3dsnapshot}, timeslide: {name: timeslide, url: ?view\x3dtimeslide}, isMobile: false, title: malerisch.net, description: A blog about security research, web application security, software bugs and exploits., url: http://blog.malerisch.net/, type: feed, isSingleItem: false, isMultipleItems: true, isError: false, isPage: false, isPost: false, isHomepage: true, isArchive: false, isLabelSearch: false}}, {name: widgets, data: {title: malerisch.net (Header), type: Header, sectionId: header, id: Header1}, {title: , type: BlogArchive, sectionId: sidebar, id: BlogArchive1}, {title: Labels, type: Label, sectionId: sidebar, id: Label1}, {title: Search This Blog, type: BlogSearch, sectionId: search_top, id: BlogSearch1}, {title: Pages, type: PageList, sectionId: page_list_top, id: PageList1}, {title: , type: FeaturedPost, sectionId: page_body, id: FeaturedPost1, postId: 6344425046060755751}, {title: Blog Posts, type: Blog, sectionId: page_body, id: Blog1, posts: {id: 6344425046060755751, title: UXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies..., featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o/s640/s1.png, showInlineAds: false}, {id: 2529423599838874335, title: Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584), featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg/s400/create_session.png, showInlineAds: false}, {id: 4627155078781729495, title: Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796), featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0/s640/twitter-pic2.png, showInlineAds: false}, {id: 2848216952693500772, title: Pwning a thin client in less than one minute, again!, featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o/s640/s1.png, showInlineAds: false}, {id: 5109742040991891728, title: Microsoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115), showInlineAds: false}, {id: 4414957384997929325, title: TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326, featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk/s640/s1.png, showInlineAds: false}, {id: 2820815798478501437, title: Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101), featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k/s640/email.png, showInlineAds: false}, headerByline: {regionName: header1, items: {name: timestamp, label: }}, footerBylines: {regionName: footer1, items: {name: share, label: }, {name: comments, label: comments}, {name: labels, label: Labels:}, {name: icons, label: }}, {regionName: footer3, items: {name: location, label: Location:}}, allBylineItems: {name: timestamp, label: }, {name: share, label: }, {name: comments, label: comments}, {name: labels, label: Labels:}, {name: icons, label: }, {name: location, label: Location:}}, {title: , type: PopularPosts, sectionId: page_body, id: PopularPosts1, posts: {title: TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326, id: 4414957384997929325}, {title: Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796), id: 4627155078781729495}, {title: Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101), id: 2820815798478501437}}, {type: Attribution, sectionId: footer, id: Attribution1}});_WidgetManager._RegisterWidget(_HeaderView, new _WidgetInfo(Header1, header, document.getElementById(Header1), {}, displayModeFull));_WidgetManager._RegisterWidget(_BlogArchiveView, new _WidgetInfo(BlogArchive1, sidebar, document.getElementById(BlogArchive1), {languageDirection: ltr, loadingMessage: Loading\x26hellip;}, displayModeFull));_WidgetManager._RegisterWidget(_LabelView, new _WidgetInfo(Label1, sidebar, document.getElementById(Label1), {}, displayModeFull));_WidgetManager._RegisterWidget(_BlogSearchView, new _WidgetInfo(BlogSearch1, search_top, document.getElementById(BlogSearch1), {}, displayModeFull));_WidgetManager._RegisterWidget(_PageListView, new _WidgetInfo(PageList1, page_list_top, document.getElementById(PageList1), {title: Pages, links: {isCurrentPage: true, href: http://blog.malerisch.net/, title: Home}, {isCurrentPage: false, href: http://blog.malerisch.net/p/security-research.html, id: 3397001519315383469, title: Security Research}, {isCurrentPage: false, href: http://blog.malerisch.net/p/advisories.html, id: 5522611234554604637, title: Advisories}, {isCurrentPage: false, href: http://blog.malerisch.net/p/presentations.html, id: 8502388347045514244, title: Presentations}, {isCurrentPage: false, href: http://blog.malerisch.net/p/white-papers.html, id: 3119887251035520285, title: White Papers}, {isCurrentPage: false, href: http://blog.malerisch.net/p/tools.html, id: 6365220155684648645, title: Tools}, {isCurrentPage: false, href: https://www.youtube.com/user/malerischnet, title: Videos}, mobile: false, showPlaceholder: true, hasCurrentPage: true}, displayModeFull));_WidgetManager._RegisterWidget(_FeaturedPostView, new _WidgetInfo(FeaturedPost1, page_body, document.getElementById(FeaturedPost1), {}, displayModeFull));_WidgetManager._RegisterWidget(_BlogView, new _WidgetInfo(Blog1, page_body, document.getElementById(Blog1), {cmtInteractionsEnabled: false, lightboxEnabled: true, lightboxModuleUrl: https://www.blogger.com/static/v1/jsbin/1888409851-lbx__en_gb.js, lightboxCssUrl: https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css}, displayModeFull));_WidgetManager._RegisterWidget(_PopularPostsView, new _WidgetInfo(PopularPosts1, page_body, document.getElementById(PopularPosts1), {}, displayModeFull));_WidgetManager._RegisterWidget(_AttributionView, new _WidgetInfo(Attribution1, footer, document.getElementById(Attribution1), {}, displayModeFull));/script>/body>/html>
Port 443
HTTP/1.1 200 OKContent-Type: text/html; charsetUTF-8Expires: Mon, 04 Nov 2024 23:48:57 GMTDate: Mon, 04 Nov 2024 23:48:57 GMTCache-Control: private, max-age0Last-Modified: Thu, 29 Aug 2024 00:05:34 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 1; modeblockServer: GSEAccept-Ranges: noneVary: Accept-EncodingTransfer-Encoding: chunked !DOCTYPE html>html dirltr langen-GB>head>meta contentwidthdevice-width, initial-scale1 nameviewport/>title>malerisch.net/title>meta contenttext/html; charsetUTF-8 http-equivContent-Type/>!-- Chrome, Firefox OS and Opera -->meta content#ffffff nametheme-color/>!-- Windows Phone -->meta content#ffffff namemsapplication-navbutton-color/>meta contentblogger namegenerator/>link hrefhttps://blog.malerisch.net/favicon.ico relicon typeimage/x-icon/>link hrefhttp://blog.malerisch.net/ relcanonical/>link relalternate typeapplication/atom+xml titlemalerisch.net - Atom hrefhttps://blog.malerisch.net/feeds/posts/default />link relalternate typeapplication/rss+xml titlemalerisch.net - RSS hrefhttps://blog.malerisch.net/feeds/posts/default?altrss />link relservice.post typeapplication/atom+xml titlemalerisch.net - Atom hrefhttps://www.blogger.com/feeds/5593108060941425908/posts/default />link relme hrefhttps://www.blogger.com/profile/00603006078110455351 />!--Cant find substitution for tag blog.ieCssRetrofitLinks-->meta contentA blog about security research, web application security, software bugs and exploits. namedescription/>meta contenthttp://blog.malerisch.net/ propertyog:url/>meta contentmalerisch.net propertyog:title/>meta contentA blog about security research, web application security, software bugs and exploits. propertyog:description/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o/w1200-h630-p-k-no-nu/s1.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg/w1200-h630-p-k-no-nu/create_session.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0/w1200-h630-p-k-no-nu/twitter-pic2.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o/w1200-h630-p-k-no-nu/s1.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk/w1200-h630-p-k-no-nu/s1.png propertyog:image/>meta contenthttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k/w1200-h630-p-k-no-nu/email.png propertyog:image/>style typetext/css>@font-face{font-family:Lato;font-style:italic;font-weight:700;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_FQft1dw.woff2)format(woff2);unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:Lato;font-style:italic;font-weight:700;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_Gwft.woff2)format(woff2);unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:Lato;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2)format(woff2);unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:Lato;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2)format(woff2);unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:Lato;font-style:normal;font-weight:700;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2)format(woff2);unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:Lato;font-style:normal;font-weight:700;font-display:swap;src:url(//fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2)format(woff2);unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxJMkq1umA.woff2)format(woff2);unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxJFkq1umA.woff2)format(woff2);unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxI9kq1umA.woff2)format(woff2);unicode-range:U+0302-0303,U+0305,U+0307-0308,U+0310,U+0312,U+0315,U+031A,U+0326-0327,U+032C,U+032F-0330,U+0332-0333,U+0338,U+033A,U+0346,U+034D,U+0391-03A1,U+03A3-03A9,U+03B1-03C9,U+03D1,U+03D5-03D6,U+03F0-03F1,U+03F4-03F5,U+2016-2017,U+2034-2038,U+203C,U+2040,U+2043,U+2047,U+2050,U+2057,U+205F,U+2070-2071,U+2074-208E,U+2090-209C,U+20D0-20DC,U+20E1,U+20E5-20EF,U+2100-2112,U+2114-2115,U+2117-2121,U+2123-214F,U+2190,U+2192,U+2194-21AE,U+21B0-21E5,U+21F1-21F2,U+21F4-2211,U+2213-2214,U+2216-22FF,U+2308-230B,U+2310,U+2319,U+231C-2321,U+2336-237A,U+237C,U+2395,U+239B-23B7,U+23D0,U+23DC-23E1,U+2474-2475,U+25AF,U+25B3,U+25B7,U+25BD,U+25C1,U+25CA,U+25CC,U+25FB,U+266D-266F,U+27C0-27FF,U+2900-2AFF,U+2B0E-2B11,U+2B30-2B4C,U+2BFE,U+3030,U+FF5B,U+FF5D,U+1D400-1D7FF,U+1EE00-1EEFF;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxIvkq1umA.woff2)format(woff2);unicode-range:U+0001-000C,U+000E-001F,U+007F-009F,U+20DD-20E0,U+20E2-20E4,U+2150-218F,U+2190,U+2192,U+2194-2199,U+21AF,U+21E6-21F0,U+21F3,U+2218-2219,U+2299,U+22C4-22C6,U+2300-243F,U+2440-244A,U+2460-24FF,U+25A0-27BF,U+2800-28FF,U+2921-2922,U+2981,U+29BF,U+29EB,U+2B00-2BFF,U+4DC0-4DFF,U+FFF9-FFFB,U+10140-1018E,U+10190-1019C,U+101A0,U+101D0-101FD,U+102E0-102FB,U+10E60-10E7E,U+1D2C0-1D2D3,U+1D2E0-1D37F,U+1F000-1F0FF,U+1F100-1F1AD,U+1F1E6-1F1FF,U+1F30D-1F30F,U+1F315,U+1F31C,U+1F31E,U+1F320-1F32C,U+1F336,U+1F378,U+1F37D,U+1F382,U+1F393-1F39F,U+1F3A7-1F3A8,U+1F3AC-1F3AF,U+1F3C2,U+1F3C4-1F3C6,U+1F3CA-1F3CE,U+1F3D4-1F3E0,U+1F3ED,U+1F3F1-1F3F3,U+1F3F5-1F3F7,U+1F408,U+1F415,U+1F41F,U+1F426,U+1F43F,U+1F441-1F442,U+1F444,U+1F446-1F449,U+1F44C-1F44E,U+1F453,U+1F46A,U+1F47D,U+1F4A3,U+1F4B0,U+1F4B3,U+1F4B9,U+1F4BB,U+1F4BF,U+1F4C8-1F4CB,U+1F4D6,U+1F4DA,U+1F4DF,U+1F4E3-1F4E6,U+1F4EA-1F4ED,U+1F4F7,U+1F4F9-1F4FB,U+1F4FD-1F4FE,U+1F503,U+1F507-1F50B,U+1F50D,U+1F512-1F513,U+1F53E-1F54A,U+1F54F-1F5FA,U+1F610,U+1F650-1F67F,U+1F687,U+1F68D,U+1F691,U+1F694,U+1F698,U+1F6AD,U+1F6B2,U+1F6B9-1F6BA,U+1F6BC,U+1F6C6-1F6CF,U+1F6D3-1F6D7,U+1F6E0-1F6EA,U+1F6F0-1F6F3,U+1F6F7-1F6FC,U+1F700-1F7FF,U+1F800-1F80B,U+1F810-1F847,U+1F850-1F859,U+1F860-1F887,U+1F890-1F8AD,U+1F8B0-1F8BB,U+1F8C0-1F8C1,U+1F900-1F90B,U+1F93B,U+1F946,U+1F984,U+1F996,U+1F9E9,U+1FA00-1FA6F,U+1FA70-1FA7C,U+1FA80-1FA89,U+1FA8F-1FAC6,U+1FACE-1FADC,U+1FADF-1FAE9,U+1FAF0-1FAF8,U+1FB00-1FBFF;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxJOkq1umA.woff2)format(woff2);unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxJPkq1umA.woff2)format(woff2);unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:Lora;font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/lora/v35/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2)format(woff2);unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4taVIGxA.woff2)format(woff2);unicode-range:U+0460-052F,U+1C80-1C8A,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4kaVIGxA.woff2)format(woff2);unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4saVIGxA.woff2)format(woff2);unicode-range:U+1F00-1FFF;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4jaVIGxA.woff2)format(woff2);unicode-range:U+0370-0377,U+037A-037F,U+0384-038A,U+038C,U+038E-03A1,U+03A3-03FF;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4iaVIGxA.woff2)format(woff2);unicode-range:U+0307-0308,U+0590-05FF,U+200C-2010,U+20AA,U+25CC,U+FB1D-FB4F;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x5caVIGxA.woff2)format(woff2);unicode-range:U+0302-0303,U+0305,U+0307-0308,U+0310,U+0312,U+0315,U+031A,U+0326-0327,U+032C,U+032F-0330,U+0332-0333,U+0338,U+033A,U+0346,U+034D,U+0391-03A1,U+03A3-03A9,U+03B1-03C9,U+03D1,U+03D5-03D6,U+03F0-03F1,U+03F4-03F5,U+2016-2017,U+2034-2038,U+203C,U+2040,U+2043,U+2047,U+2050,U+2057,U+205F,U+2070-2071,U+2074-208E,U+2090-209C,U+20D0-20DC,U+20E1,U+20E5-20EF,U+2100-2112,U+2114-2115,U+2117-2121,U+2123-214F,U+2190,U+2192,U+2194-21AE,U+21B0-21E5,U+21F1-21F2,U+21F4-2211,U+2213-2214,U+2216-22FF,U+2308-230B,U+2310,U+2319,U+231C-2321,U+2336-237A,U+237C,U+2395,U+239B-23B7,U+23D0,U+23DC-23E1,U+2474-2475,U+25AF,U+25B3,U+25B7,U+25BD,U+25C1,U+25CA,U+25CC,U+25FB,U+266D-266F,U+27C0-27FF,U+2900-2AFF,U+2B0E-2B11,U+2B30-2B4C,U+2BFE,U+3030,U+FF5B,U+FF5D,U+1D400-1D7FF,U+1EE00-1EEFF;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x5OaVIGxA.woff2)format(woff2);unicode-range:U+0001-000C,U+000E-001F,U+007F-009F,U+20DD-20E0,U+20E2-20E4,U+2150-218F,U+2190,U+2192,U+2194-2199,U+21AF,U+21E6-21F0,U+21F3,U+2218-2219,U+2299,U+22C4-22C6,U+2300-243F,U+2440-244A,U+2460-24FF,U+25A0-27BF,U+2800-28FF,U+2921-2922,U+2981,U+29BF,U+29EB,U+2B00-2BFF,U+4DC0-4DFF,U+FFF9-FFFB,U+10140-1018E,U+10190-1019C,U+101A0,U+101D0-101FD,U+102E0-102FB,U+10E60-10E7E,U+1D2C0-1D2D3,U+1D2E0-1D37F,U+1F000-1F0FF,U+1F100-1F1AD,U+1F1E6-1F1FF,U+1F30D-1F30F,U+1F315,U+1F31C,U+1F31E,U+1F320-1F32C,U+1F336,U+1F378,U+1F37D,U+1F382,U+1F393-1F39F,U+1F3A7-1F3A8,U+1F3AC-1F3AF,U+1F3C2,U+1F3C4-1F3C6,U+1F3CA-1F3CE,U+1F3D4-1F3E0,U+1F3ED,U+1F3F1-1F3F3,U+1F3F5-1F3F7,U+1F408,U+1F415,U+1F41F,U+1F426,U+1F43F,U+1F441-1F442,U+1F444,U+1F446-1F449,U+1F44C-1F44E,U+1F453,U+1F46A,U+1F47D,U+1F4A3,U+1F4B0,U+1F4B3,U+1F4B9,U+1F4BB,U+1F4BF,U+1F4C8-1F4CB,U+1F4D6,U+1F4DA,U+1F4DF,U+1F4E3-1F4E6,U+1F4EA-1F4ED,U+1F4F7,U+1F4F9-1F4FB,U+1F4FD-1F4FE,U+1F503,U+1F507-1F50B,U+1F50D,U+1F512-1F513,U+1F53E-1F54A,U+1F54F-1F5FA,U+1F610,U+1F650-1F67F,U+1F687,U+1F68D,U+1F691,U+1F694,U+1F698,U+1F6AD,U+1F6B2,U+1F6B9-1F6BA,U+1F6BC,U+1F6C6-1F6CF,U+1F6D3-1F6D7,U+1F6E0-1F6EA,U+1F6F0-1F6F3,U+1F6F7-1F6FC,U+1F700-1F7FF,U+1F800-1F80B,U+1F810-1F847,U+1F850-1F859,U+1F860-1F887,U+1F890-1F8AD,U+1F8B0-1F8BB,U+1F8C0-1F8C1,U+1F900-1F90B,U+1F93B,U+1F946,U+1F984,U+1F996,U+1F9E9,U+1FA00-1FA6F,U+1FA70-1FA7C,U+1FA80-1FA89,U+1FA8F-1FAC6,U+1FACE-1FADC,U+1FADF-1FAE9,U+1FAF0-1FAF8,U+1FB00-1FBFF;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4vaVIGxA.woff2)format(woff2);unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVIGxA.woff2)format(woff2);unicode-range:U+0100-02BA,U+02BD-02C5,U+02C7-02CC,U+02CE-02D7,U+02DD-02FF,U+0304,U+0308,U+0329,U+1D00-1DBF,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20C0,U+2113,U+2C60-2C7F,U+A720-A7FF;}@font-face{font-family:Open Sans;font-style:normal;font-weight:600;font-stretch:100%;font-display:swap;src:url(//fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI.woff2)format(woff2);unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;}/style>style idpage-skin-1 typetext/css>!--/*! normalize.css v3.0.1 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not(controls){display:none;height:0}hidden,template{display:none}a{background:transparent}a:active,a:hover{outline:0}abbrtitle{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html inputtypebutton,inputtypereset,inputtypesubmit{-webkit-appearance:button;cursor:pointer}buttondisabled,html inputdisabled{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}inputtypecheckbox,inputtyperadio{box-sizing:border-box;padding:0}inputtypenumber::-webkit-inner-spin-button,inputtypenumber::-webkit-outer-spin-button{height:auto}inputtypesearch{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}inputtypesearch::-webkit-search-cancel-button,inputtypesearch::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}body{overflow-wrap:break-word;word-break:break-word;word-wrap:break-word}.hidden{display:none}.invisible{visibility:hidden}.container::after,.float-container::after{clear:both;content:;display:table}.clearboth{clear:both}#comments .comment .comment-actions,.subscribe-popup .FollowByEmail .follow-by-email-submit,.widget.Profile .profile-link{background:0 0;border:0;box-shadow:none;color:#970101;cursor:pointer;font-size:14px;font-weight:700;outline:0;text-decoration:none;text-transform:uppercase;width:auto}.dim-overlay{background-color:rgba(0,0,0,.54);height:100vh;left:0;position:fixed;top:0;width:100%}#sharing-dim-overlay{background-color:transparent}input::-ms-clear{display:none}.blogger-logo,.svg-icon-24.blogger-logo{fill:#ff9800;opacity:1}.loading-spinner-large{-webkit-animation:mspin-rotate 1.568s infinite linear;animation:mspin-rotate 1.568s infinite linear;height:48px;overflow:hidden;position:absolute;width:48px;z-index:200}.loading-spinner-large>div{-webkit-animation:mspin-revrot 5332ms infinite steps(4);animation:mspin-revrot 5332ms infinite steps(4)}.loading-spinner-large>div>div{-webkit-animation:mspin-singlecolor-large-film 1333ms infinite steps(81);animation:mspin-singlecolor-large-film 1333ms infinite steps(81);background-size:100%;height:48px;width:3888px}.mspin-black-large>div>div,.mspin-grey_54-large>div>div{background-image:url(https://www.blogblog.com/indie/mspin_black_large.svg)}.mspin-white-large>div>div{background-image:url(https://www.blogblog.com/indie/mspin_white_large.svg)}.mspin-grey_54-large{opacity:.54}@-webkit-keyframes mspin-singlecolor-large-film{from{-webkit-transform:translateX(0);transform:translateX(0)}to{-webkit-transform:translateX(-3888px);transform:translateX(-3888px)}}@keyframes mspin-singlecolor-large-film{from{-webkit-transform:translateX(0);transform:translateX(0)}to{-webkit-transform:translateX(-3888px);transform:translateX(-3888px)}}@-webkit-keyframes mspin-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes mspin-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@-webkit-keyframes mspin-revrot{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(-360deg);transform:rotate(-360deg)}}@keyframes mspin-revrot{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(-360deg);transform:rotate(-360deg)}}.skip-navigation{background-color:#fff;box-sizing:border-box;color:#000;display:block;height:0;left:0;line-height:50px;overflow:hidden;padding-top:0;position:fixed;text-align:center;top:0;-webkit-transition:box-shadow .3s,height .3s,padding-top .3s;transition:box-shadow .3s,height .3s,padding-top .3s;width:100%;z-index:900}.skip-navigation:focus{box-shadow:0 4px 5px 0 rgba(0,0,0,.14),0 1px 10px 0 rgba(0,0,0,.12),0 2px 4px -1px rgba(0,0,0,.2);height:50px}#main{outline:0}.main-heading{position:absolute;clip:rect(1px,1px,1px,1px);padding:0;border:0;height:1px;width:1px;overflow:hidden}.Attribution{margin-top:1em;text-align:center}.Attribution .blogger img,.Attribution .blogger svg{vertical-align:bottom}.Attribution .blogger img{margin-right:.5em}.Attribution div{line-height:24px;margin-top:.5em}.Attribution .copyright,.Attribution .image-attribution{font-size:.7em;margin-top:1.5em}.BLOG_mobile_video_class{display:none}.bg-photo{background-attachment:scroll!important}body .CSS_LIGHTBOX{z-index:900}.extendable .show-less,.extendable .show-more{border-color:#970101;color:#970101;margin-top:8px}.extendable .show-less.hidden,.extendable .show-more.hidden{display:none}.inline-ad{display:none;max-width:100%;overflow:hidden}.adsbygoogle{display:block}#cookieChoiceInfo{bottom:0;top:auto}iframe.b-hbp-video{border:0}.post-body img{max-width:100%}.post-body iframe{max-width:100%}.post-body aimageanchor1{display:inline-block}.byline{margin-right:1em}.byline:last-child{margin-right:0}.link-copied-dialog{max-width:520px;outline:0}.link-copied-dialog .modal-dialog-buttons{margin-top:8px}.link-copied-dialog .goog-buttonset-default{background:0 0;border:0}.link-copied-dialog .goog-buttonset-default:focus{outline:0}.paging-control-container{margin-bottom:16px}.paging-control-container .paging-control{display:inline-block}.paging-control-container .comment-range-text::after,.paging-control-container .paging-control{color:#970101}.paging-control-container .comment-range-text,.paging-control-container .paging-control{margin-right:8px}.paging-control-container .comment-range-text::after,.paging-control-container .paging-control::after{content:\b7;cursor:default;padding-left:8px;pointer-events:none}.paging-control-container .comment-range-text:last-child::after,.paging-control-container .paging-control:last-child::after{content:none}.byline.reactions iframe{height:20px}.b-notification{color:#000;background-color:#fff;border-bottom:solid 1px #000;box-sizing:border-box;padding:16px 32px;text-align:center}.b-notification.visible{-webkit-transition:margin-top .3s cubic-bezier(.4,0,.2,1);transition:margin-top .3s cubic-bezier(.4,0,.2,1)}.b-notification.invisible{position:absolute}.b-notification-close{position:absolute;right:8px;top:8px}.no-posts-message{line-height:40px;text-align:center}@media screen and (max-width:968px){body.item-view .post-body aimageanchor1style*float: left;,body.item-view .post-body aimageanchor1style*float: right;{float:none!important;clear:none!important}body.item-view .post-body aimageanchor1 img{display:block;height:auto;margin:0 auto}body.item-view .post-body>.separator:first-child>aimageanchor1:first-child{margin-top:20px}.post-body aimageanchor{display:block}body.item-view .post-body aimageanchor1{margin-left:0!important;margin-right:0!important}body.item-view .post-body aimageanchor1+aimageanchor1{margin-top:16px}}.item-control{display:none}#comments{border-top:1px dashed rgba(0,0,0,.54);margin-top:20px;padding:20px}#comments .comment-thread ol{margin:0;padding-left:0;padding-left:0}#comments .comment .comment-replybox-single,#comments .comment-thread .comment-replies{margin-left:60px}#comments .comment-thread .thread-count{display:none}#comments .comment{list-style-type:none;padding:0 0 30px;position:relative}#comments .comment .comment{padding-bottom:8px}.comment .avatar-image-container{position:absolute}.comment .avatar-image-container img{border-radius:50%}.avatar-image-container svg,.comment .avatar-image-container .avatar-icon{border-radius:50%;border:solid 1px #3e3f3c;box-sizing:border-box;fill:#3e3f3c;height:35px;margin:0;padding:7px;width:35px}.comment .comment-block{margin-top:10px;margin-left:60px;padding-bottom:0}#comments .comment-author-header-wrapper{margin-left:40px}#comments .comment .thread-expanded .comment-block{padding-bottom:20px}#comments .comment .comment-header .user,#comments .comment .comment-header .user a{color:#3e3f3c;font-style:normal;font-weight:700}#comments .comment .comment-actions{bottom:0;margin-bottom:15px;position:absolute}#comments .comment .comment-actions>*{margin-right:8px}#comments .comment .comment-header .datetime{bottom:0;color:rgba(0,0,0,0.54);display:inline-block;font-size:13px;font-style:italic;margin-left:8px}#comments .comment .comment-footer .comment-timestamp a,#comments .comment .comment-header .datetime a{color:rgba(0,0,0,0.54)}#comments .comment .comment-content,.comment .comment-body{margin-top:12px;word-break:break-word}.comment-body{margin-bottom:12px}#comments.embeddata-num-comments0{border:0;margin-top:0;padding-top:0}#comments.embeddata-num-comments0 #comment-post-message,#comments.embeddata-num-comments0 div.comment-form>p,#comments.embeddata-num-comments0 p.comment-footer{display:none}#comment-editor-src{display:none}.comments .comments-content .loadmore.loaded{max-height:0;opacity:0;overflow:hidden}.extendable .remaining-items{height:0;overflow:hidden;-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);transition:height .3s cubic-bezier(.4,0,.2,1)}.extendable .remaining-items.expanded{height:auto}.svg-icon-24,.svg-icon-24-button{cursor:pointer;height:24px;width:24px;min-width:24px}.touch-icon{margin:-12px;padding:12px}.touch-icon:active,.touch-icon:focus{background-color:rgba(153,153,153,.4);border-radius:50%}svg:not(:root).touch-icon{overflow:visible}htmldirrtl .rtl-reversible-icon{-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.svg-icon-24-button,.touch-icon-button{background:0 0;border:0;margin:0;outline:0;padding:0}.touch-icon-button .touch-icon:active,.touch-icon-button .touch-icon:focus{background-color:transparent}.touch-icon-button:active .touch-icon,.touch-icon-button:focus .touch-icon{background-color:rgba(153,153,153,.4);border-radius:50%}.Profile .default-avatar-wrapper .avatar-icon{border-radius:50%;border:solid 1px #000000;box-sizing:border-box;fill:#000000;margin:0}.Profile .individual .default-avatar-wrapper .avatar-icon{padding:25px}.Profile .individual .avatar-icon,.Profile .individual .profile-img{height:120px;width:120px}.Profile .team .default-avatar-wrapper .avatar-icon{padding:8px}.Profile .team .avatar-icon,.Profile .team .default-avatar-wrapper,.Profile .team .profile-img{height:40px;width:40px}.snippet-container{margin:0;position:relative;overflow:hidden}.snippet-fade{bottom:0;box-sizing:border-box;position:absolute;width:96px}.snippet-fade{right:0}.snippet-fade:after{content:\2026}.snippet-fade:after{float:right}.post-bottom{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap}.post-footer{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1}.post-footer>*{-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto}.post-footer .byline:last-child{margin-right:1em}.jump-link{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}.centered-top-container.sticky{left:0;position:fixed;right:0;top:0;width:auto;z-index:8;-webkit-transition-property:opacity,-webkit-transform;transition-property:opacity,-webkit-transform;transition-property:transform,opacity;transition-property:transform,opacity,-webkit-transform;-webkit-transition-duration:.2s;transition-duration:.2s;-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.centered-top-placeholder{display:none}.collapsed-header .centered-top-placeholder{display:block}.centered-top-container .Header .replaced h1,.centered-top-placeholder .Header .replaced h1{display:none}.centered-top-container.sticky .Header .replaced h1{display:block}.centered-top-container.sticky .Header .header-widget{background:0 0}.centered-top-container.sticky .Header .header-image-wrapper{display:none}.centered-top-container img,.centered-top-placeholder img{max-width:100%}.collapsible{-webkit-transition:height .3s cubic-bezier(.4,0,.2,1);transition:height .3s cubic-bezier(.4,0,.2,1)}.collapsible,.collapsible>summary{display:block;overflow:hidden}.collapsible>:not(summary){display:none}.collapsibleopen>:not(summary){display:block}.collapsible:focus,.collapsible>summary:focus{outline:0}.collapsible>summary{cursor:pointer;display:block;padding:0}.collapsible:focus>summary,.collapsible>summary:focus{background-color:transparent}.collapsible>summary::-webkit-details-marker{display:none}.collapsible-title{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex}.collapsible-title .title{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;-webkit-box-ordinal-group:1;-webkit-order:0;-ms-flex-order:0;order:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.collapsible-title .chevron-down,.collapsibleopen .collapsible-title .chevron-up{display:block}.collapsible-title .chevron-up,.collapsibleopen .collapsible-title .chevron-down{display:none}.overflowable-container{max-height:48px;overflow:hidden;position:relative}.overflow-button{cursor:pointer}#overflowable-dim-overlay{background:0 0}.overflow-popup{box-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);background-color:#ffffff;left:0;max-width:calc(100% - 32px);position:absolute;top:0;visibility:hidden;z-index:101}.overflow-popup ul{list-style:none}.overflow-popup .tabs li,.overflow-popup li{display:block;height:auto}.overflow-popup .tabs li{padding-left:0;padding-right:0}.overflow-button.hidden,.overflow-popup .tabs li.hidden,.overflow-popup li.hidden{display:none}.ripple{position:relative}.ripple>*{z-index:1}.splash-wrapper{bottom:0;left:0;overflow:hidden;pointer-events:none;position:absolute;right:0;top:0;z-index:0}.splash{background:#ccc;border-radius:100%;display:block;opacity:.6;position:absolute;-webkit-transform:scale(0);-ms-transform:scale(0);transform:scale(0)}.splash.animate{-webkit-animation:ripple-effect .4s linear;animation:ripple-effect .4s linear}@-webkit-keyframes ripple-effect{100%{opacity:0;-webkit-transform:scale(2.5);transform:scale(2.5)}}@keyframes ripple-effect{100%{opacity:0;-webkit-transform:scale(2.5);transform:scale(2.5)}}.search{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;line-height:24px;width:24px}.search.focused{width:100%}.search.focused .section{width:100%}.search form{z-index:101}.search h3{display:none}.search form{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:1;-webkit-flex:1 0 0;-ms-flex:1 0 0px;flex:1 0 0;border-bottom:solid 1px transparent;padding-bottom:8px}.search form>*{display:none}.search.focused form>*{display:block}.search .search-input label{display:none}.centered-top-placeholder.cloned .search form{z-index:30}.search.focused form{border-color:#3e3f3c;position:relative;width:auto}.collapsed-header .centered-top-container .search.focused form{border-bottom-color:transparent}.search-expand{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto}.search-expand-text{display:none}.search-close{display:inline;vertical-align:middle}.search-input{-webkit-box-flex:1;-webkit-flex:1 0 1px;-ms-flex:1 0 1px;flex:1 0 1px}.search-input input{background:0 0;border:0;box-sizing:border-box;color:#3e3f3c;display:inline-block;outline:0;width:calc(100% - 48px)}.search-input input.no-cursor{color:transparent;text-shadow:0 0 0 #3e3f3c}.collapsed-header .centered-top-container .search-action,.collapsed-header .centered-top-container .search-input input{color:#3e3f3c}.collapsed-header .centered-top-container .search-input input.no-cursor{color:transparent;text-shadow:0 0 0 #3e3f3c}.collapsed-header .centered-top-container .search-input input.no-cursor:focus,.search-input input.no-cursor:focus{outline:0}.search-focused>*{visibility:hidden}.search-focused .search,.search-focused .search-icon{visibility:visible}.search.focused .search-action{display:block}.search.focused .search-action:disabled{opacity:.3}.sidebar-container{background-color:#f7f7f7;max-width:320px;overflow-y:auto;-webkit-transition-property:-webkit-transform;transition-property:-webkit-transform;transition-property:transform;transition-property:transform,-webkit-transform;-webkit-transition-duration:.3s;transition-duration:.3s;-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);transition-timing-function:cubic-bezier(0,0,.2,1);width:320px;z-index:101;-webkit-overflow-scrolling:touch}.sidebar-container .navigation{line-height:0;padding:16px}.sidebar-container .sidebar-back{cursor:pointer}.sidebar-container .widget{background:0 0;margin:0 16px;padding:16px 0}.sidebar-container .widget .title{color:#000000;margin:0}.sidebar-container .widget ul{list-style:none;margin:0;padding:0}.sidebar-container .widget ul ul{margin-left:1em}.sidebar-container .widget li{font-size:16px;line-height:normal}.sidebar-container .widget+.widget{border-top:1px dashed #000000}.BlogArchive li{margin:16px 0}.BlogArchive li:last-child{margin-bottom:0}.Label li a{display:inline-block}.BlogArchive .post-count,.Label .label-count{float:right;margin-left:.25em}.BlogArchive .post-count::before,.Label .label-count::before{content:(}.BlogArchive .post-count::after,.Label .label-count::after{content:)}.widget.Translate .skiptranslate>div{display:block!important}.widget.Profile .profile-link{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex}.widget.Profile .team-member .default-avatar-wrapper,.widget.Profile .team-member .profile-img{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;margin-right:1em}.widget.Profile .individual .profile-link{-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column}.widget.Profile .team .profile-link .profile-name{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;display:block;-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto}.dim-overlay{background-color:rgba(0,0,0,.54);z-index:100}body.sidebar-visible{overflow-y:hidden}@media screen and (max-width:1619px){.sidebar-container{bottom:0;position:fixed;top:0;left:auto;right:0}.sidebar-container.sidebar-invisible{-webkit-transition-timing-function:cubic-bezier(.4,0,.6,1);transition-timing-function:cubic-bezier(.4,0,.6,1);-webkit-transform:translateX(320px);-ms-transform:translateX(320px);transform:translateX(320px)}}.dialog{box-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);background:#ffffff;box-sizing:border-box;color:#3e3f3c;padding:30px;position:fixed;text-align:center;width:calc(100% - 24px);z-index:101}.dialog inputtypeemail,.dialog inputtypetext{background-color:transparent;border:0;border-bottom:solid 1px rgba(62,63,60,.12);color:#3e3f3c;display:block;font-family:Lora, serif;font-size:16px;line-height:24px;margin:auto;padding-bottom:7px;outline:0;text-align:center;width:100%}.dialog inputtypeemail::-webkit-input-placeholder,.dialog inputtypetext::-webkit-input-placeholder{color:#3e3f3c}.dialog inputtypeemail::-moz-placeholder,.dialog inputtypetext::-moz-placeholder{color:#3e3f3c}.dialog inputtypeemail:-ms-input-placeholder,.dialog inputtypetext:-ms-input-placeholder{color:#3e3f3c}.dialog inputtypeemail::-ms-input-placeholder,.dialog inputtypetext::-ms-input-placeholder{color:#3e3f3c}.dialog inputtypeemail::placeholder,.dialog inputtypetext::placeholder{color:#3e3f3c}.dialog inputtypeemail:focus,.dialog inputtypetext:focus{border-bottom:solid 2px #970101;padding-bottom:6px}.dialog input.no-cursor{color:transparent;text-shadow:0 0 0 #3e3f3c}.dialog input.no-cursor:focus{outline:0}.dialog input.no-cursor:focus{outline:0}.dialog inputtypesubmit{font-family:Lora, serif}.dialog .goog-buttonset-default{color:#970101}.subscribe-popup{max-width:364px}.subscribe-popup h3{color:#ffffff;font-size:1.8em;margin-top:0}.subscribe-popup .FollowByEmail h3{display:none}.subscribe-popup .FollowByEmail .follow-by-email-submit{color:#970101;display:inline-block;margin:0 auto;margin-top:24px;width:auto;white-space:normal}.subscribe-popup .FollowByEmail .follow-by-email-submit:disabled{cursor:default;opacity:.3}@media (max-width:800px){.blog-name div.widget.Subscribe{margin-bottom:16px}body.item-view .blog-name div.widget.Subscribe{margin:8px auto 16px auto;width:100%}}body#layout .bg-photo,body#layout .bg-photo-overlay{display:none}body#layout .page_body{padding:0;position:relative;top:0}body#layout .page{display:inline-block;left:inherit;position:relative;vertical-align:top;width:540px}body#layout .centered{max-width:954px}body#layout .navigation{display:none}body#layout .sidebar-container{display:inline-block;width:40%}body#layout .hamburger-menu,body#layout .search{display:none}.widget.Sharing .sharing-button{display:none}.widget.Sharing .sharing-buttons li{padding:0}.widget.Sharing .sharing-buttons li span{display:none}.post-share-buttons{position:relative}.centered-bottom .share-buttons .svg-icon-24,.share-buttons .svg-icon-24{fill:#3e3f3c}.sharing-open.touch-icon-button:active .touch-icon,.sharing-open.touch-icon-button:focus .touch-icon{background-color:transparent}.share-buttons{background-color:#ffffff;border-radius:2px;box-shadow:0 2px 2px 0 rgba(0,0,0,.14),0 3px 1px -2px rgba(0,0,0,.2),0 1px 5px 0 rgba(0,0,0,.12);color:#3e3f3c;list-style:none;margin:0;padding:8px 0;position:absolute;top:-11px;min-width:200px;z-index:101}.share-buttons.hidden{display:none}.sharing-button{background:0 0;border:0;margin:0;outline:0;padding:0;cursor:pointer}.share-buttons li{margin:0;height:48px}.share-buttons li:last-child{margin-bottom:0}.share-buttons li .sharing-platform-button{box-sizing:border-box;cursor:pointer;display:block;height:100%;margin-bottom:0;padding:0 16px;position:relative;width:100%}.share-buttons li .sharing-platform-button:focus,.share-buttons li .sharing-platform-button:hover{background-color:rgba(128,128,128,.1);outline:0}.share-buttons li svgclass* sharing-,.share-buttons li svgclass^sharing-{position:absolute;top:10px}.share-buttons li span.sharing-platform-button{position:relative;top:0}.share-buttons li .platform-sharing-text{display:block;font-size:16px;line-height:48px;white-space:nowrap}.share-buttons li .platform-sharing-text{margin-left:56px}.flat-button{cursor:pointer;display:inline-block;font-weight:700;text-transform:uppercase;border-radius:2px;padding:8px;margin:-8px}.flat-icon-button{background:0 0;border:0;margin:0;outline:0;padding:0;margin:-12px;padding:12px;cursor:pointer;box-sizing:content-box;display:inline-block;line-height:0}.flat-icon-button,.flat-icon-button .splash-wrapper{border-radius:50%}.flat-icon-button .splash.animate{-webkit-animation-duration:.3s;animation-duration:.3s}h1,h2,h3,h4,h5,h6{margin:0}.post-body h1,.post-body h2,.post-body h3,.post-body h4,.post-body h5,.post-body h6{margin:1em 0}.action-link,a{color:#970101;cursor:pointer;text-decoration:none}.action-link:visited,a:visited{color:#970101}.action-link:hover,a:hover{color:#970101}body{background-color:#ffffff;color:#3e3f3c;font:400 20px Lora, serif;margin:0 auto}.unused{background:#ffffff none repeat scroll top left}.dim-overlay{z-index:100}.all-container{min-height:100vh;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column}body.sidebar-visible .all-container{overflow-y:scroll}.page{max-width:1280px;width:100%}.Blog{padding:0;padding-left:136px}.main_content_container{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;margin:0 auto;max-width:1600px;width:100%}.centered-top-container{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto}.centered-top,.centered-top-placeholder{box-sizing:border-box;width:100%}.centered-top{box-sizing:border-box;margin:0 auto;max-width:1280px;padding:44px 136px 32px 136px;width:100%}.centered-top h3{color:rgba(255,255,255,0.54);font:700 14px Lato, sans-serif}.centered{width:100%}.centered-top-firstline{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:relative;width:100%}.main_header_elements{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1;overflow-x:hidden;width:100%}htmldirrtl .main_header_elements{-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}body.search-view .centered-top.search-focused .blog-name{display:none}.widget.Header img{max-width:100%}.blog-name{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;min-width:0;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1;-webkit-transition:opacity .2s cubic-bezier(.4,0,.2,1);transition:opacity .2s cubic-bezier(.4,0,.2,1)}.subscribe-section-container{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}.search{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;-webkit-box-ordinal-group:4;-webkit-order:3;-ms-flex-order:3;order:3;line-height:24px}.search svg{margin-bottom:0px;margin-top:0px;padding-bottom:0;padding-top:0}.search,.search.focused{display:block;width:auto}.search .section{opacity:0;position:absolute;right:0;top:0;-webkit-transition:opacity .2s cubic-bezier(.4,0,.2,1);transition:opacity .2s cubic-bezier(.4,0,.2,1)}.search-expand{background:0 0;border:0;margin:0;outline:0;padding:0;display:block}.search.focused .search-expand{visibility:hidden}.hamburger-menu{float:right;height:24px}.search-expand,.subscribe-section-container{margin-left:44px}.hamburger-section{-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;margin-left:44px;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}htmldirrtl .hamburger-section{-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1}.search-expand-icon{display:none}.search-expand-text{display:block}.search-input{width:100%}.search-focused .hamburger-section{visibility:visible}.centered-top-secondline .PageList ul{margin:0;max-height:288px;overflow-y:hidden}.centered-top-secondline .PageList li{margin-right:30px}.centered-top-secondline .PageList li:first-child a{padding-left:0}.centered-top-secondline .PageList .overflow-popup ul{overflow-y:auto}.centered-top-secondline .PageList .overflow-popup li{display:block}.centered-top-secondline .PageList .overflow-popup li.hidden{display:none}.overflowable-contents li{display:inline-block;height:48px}.sticky .blog-name{overflow:hidden}.sticky .blog-name .widget.Header h1{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.sticky .blog-name .widget.Header p,.sticky .centered-top-secondline{display:none}.centered-top-container,.centered-top-placeholder{background:#000000 none repeat scroll top left}.centered-top .svg-icon-24{fill:#ffffff}.blog-name h1,.blog-name h1 a{color:#f44d14;font:700 24px Lato, sans-serif;line-height:24px;text-transform:uppercase}.widget.Header .header-widget p{font:700 14px Lato, sans-serif;font-style:italic;color:rgba(255,255,255,0.54);line-height:1.6;max-width:676px}.centered-top .flat-button{color:#ffffff;cursor:pointer;font:700 14px Lato, sans-serif;line-height:24px;text-transform:uppercase;-webkit-transition:opacity .2s cubic-bezier(.4,0,.2,1);transition:opacity .2s cubic-bezier(.4,0,.2,1)}.subscribe-button{background:0 0;border:0;margin:0;outline:0;padding:0;display:block}htmldirltr .search form{margin-right:12px}.search.focused .section{opacity:1;margin-right:36px;width:calc(100% - 36px)}.search input{border:0;color:rgba(255,255,255,0.54);font:700 16px Lato, sans-serif;line-height:24px;outline:0;width:100%}.search form{padding-bottom:0}.search inputtypesubmit{display:none}.search input::-webkit-input-placeholder{text-transform:uppercase}.search input::-moz-placeholder{text-transform:uppercase}.search input:-ms-input-placeholder{text-transform:uppercase}.search input::-ms-input-placeholder{text-transform:uppercase}.search input::placeholder{text-transform:uppercase}.centered-top-secondline .dim-overlay,.search .dim-overlay{background:0 0}.centered-top-secondline .PageList .overflow-button a,.centered-top-secondline .PageList li a{color:#ffffff;font:700 14px Lato, sans-serif;line-height:48px;padding:12px}.centered-top-secondline .PageList li.selected a{color:#ffffff}.centered-top-secondline .overflow-popup .PageList li a{color:#3e3f3c}.PageList ul{padding:0}.sticky .search form{border:0}.sticky{box-shadow:0 0 20px 0 rgba(0,0,0,.7)}.sticky .centered-top{padding-bottom:0;padding-top:0}.sticky .blog-name h1,.sticky .search,.sticky .search-expand,.sticky .subscribe-button{line-height:40px}.sticky .hamburger-section,.sticky .search-expand,.sticky .search.focused .search-submit{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:40px}.subscribe-popup h3{color:rgba(0,0,0,0.84);font:700 24px Lato, sans-serif;margin-bottom:24px}.subscribe-popup div.widget.FollowByEmail .follow-by-email-address{color:rgba(0,0,0,0.84);font:700 14px Lato, sans-serif}.subscribe-popup div.widget.FollowByEmail .follow-by-email-submit{color:#3e3f3c;font:700 14px Lato, sans-serif;margin-top:24px}.post-content{-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-ordinal-group:2;-webkit-order:1;-ms-flex-order:1;order:1;margin-right:76px;max-width:676px;width:100%}.post-filter-message{background-color:#970101;color:#ffffff;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;font:700 16px Lato, sans-serif;margin:40px 136px 48px 136px;padding:10px;position:relative}.post-filter-message>*{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto}.post-filter-message .search-query{font-style:italic;quotes:\201c \201d \2018 \2019}.post-filter-message .search-query::before{content:open-quote}.post-filter-message .search-query::after{content:close-quote}.post-filter-message div{display:inline-block}.post-filter-message a{color:#ffffff;display:inline-block;text-transform:uppercase}.post-filter-description{-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;margin-right:16px}.post-title{margin-top:0}body.feed-view .post-outer-container{margin-top:85px}body.feed-view .feed-message+.post-outer-container,body.feed-view .post-outer-container:first-child{margin-top:0}.post-outer{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:relative}.post-outer .snippet-thumbnail{-webkit-box-align:center;-webkit-align-items:center;-ms-flex-align:center;align-items:center;background:#000;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;height:256px;-webkit-box-pack:center;-webkit-justify-content:center;-ms-flex-pack:center;justify-content:center;margin-right:136px;overflow:hidden;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2;position:relative;width:256px}.post-outer .thumbnail-empty{background:0 0}.post-outer .snippet-thumbnail-img{background-position:center;background-repeat:no-repeat;background-size:cover;width:100%;height:100%}.post-outer .snippet-thumbnail img{max-height:100%}.post-title-container{margin-bottom:16px}.post-bottom{-webkit-box-align:baseline;-webkit-align-items:baseline;-ms-flex-align:baseline;align-items:baseline;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;-ms-flex-pack:justify;justify-content:space-between}.post-share-buttons-bottom{float:left}.footer{-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;margin:auto auto 0 auto;padding-bottom:32px;width:auto}.post-header-container{margin-bottom:12px}.post-header-container .post-share-buttons-top{float:right}.post-header-container .post-header{float:left}.byline{display:inline-block;margin-bottom:8px}.byline,.byline a,.flat-button{color:#3e3f3c;font:700 14px Lato, sans-serif}.flat-button.ripple .splash{background-color:rgba(62,63,60,.4)}.flat-button.ripple:hover{background-color:rgba(62,63,60,.12)}.post-footer .byline{text-transform:uppercase}.post-comment-link{line-height:1}.blog-pager{float:right;margin-right:468px;margin-top:48px}.FeaturedPost{margin-bottom:56px}.FeaturedPost h3{margin:16px 136px 8px 136px}.shown-ad{margin-bottom:85px;margin-top:85px}.shown-ad .inline-ad{display:block;max-width:676px}body.feed-view .shown-ad:last-child{display:none}.post-title,.post-title a{color:#3e3f3c;font:700 36px Lato, sans-serif;line-height:1.3333333333}.feed-message{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif;margin-bottom:52px}.post-header-container .byline,.post-header-container .byline a{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif}.post-header-container .byline.post-author:not(:last-child)::after{content:\b7}.post-header-container .byline.post-author:not(:last-child){margin-right:0}.post-snippet-container{font:400 20px Lora, serif}.sharing-button{text-transform:uppercase;word-break:normal}.post-outer-container .svg-icon-24{fill:#3e3f3c}.post-body{color:#3e3f3c;font:400 20px Lora, serif;line-height:2;margin-bottom:24px}.blog-pager .blog-pager-older-link{color:#3e3f3c;float:right;font:700 14px Lato, sans-serif;text-transform:uppercase}.no-posts-message{margin:32px}body.item-view .Blog .post-title-container{background-color:#f44d14;box-sizing:border-box;margin-bottom:-1px;padding-bottom:86px;padding-right:290px;padding-left:140px;padding-top:124px;width:100%}body.item-view .Blog .post-title,body.item-view .Blog .post-title a{color:#ffffff;font:700 48px Lato, sans-serif;line-height:1.4166666667;margin-bottom:0}body.item-view .Blog{margin:0;margin-bottom:85px;padding:0}body.item-view .Blog .post-content{margin-right:0;max-width:none}body.item-view .comments,body.item-view .shown-ad,body.item-view .widget.Blog .post-bottom{margin-bottom:0;margin-right:400px;margin-left:140px;margin-top:0}body.item-view .widget.Header header p{max-width:740px}body.item-view .shown-ad{margin-bottom:24px;margin-top:24px}body.item-view .Blog .post-header-container{padding-left:140px}body.item-view .Blog .post-header-container .post-author-profile-pic-container{background-color:#f44d14;border-top:1px solid #f44d14;float:left;height:84px;margin-right:24px;margin-left:-140px;padding-left:140px}body.item-view .Blog .post-author-profile-pic{max-height:100%}body.item-view .Blog .post-header{float:left;height:84px}body.item-view .Blog .post-header>*{position:relative;top:50%;-webkit-transform:translateY(-50%);-ms-transform:translateY(-50%);transform:translateY(-50%)}body.item-view .post-body{color:#3e3f3c;font:400 20px Lora, serif;line-height:2}body.item-view .Blog .post-body-container{padding-right:290px;position:relative;margin-left:140px;margin-top:20px;margin-bottom:32px}body.item-view .Blog .post-body{margin-bottom:0;margin-right:110px}body.item-view .Blog .post-body::first-letter{float:left;font-size:80px;font-weight:600;line-height:1;margin-right:16px}body.item-view .Blog .post-body divstyle*text-align: center::first-letter{float:none;font-size:inherit;font-weight:inherit;line-height:inherit;margin-right:0}body.item-view .Blog .post-body::first-line{color:#3e3f3c}body.item-view .Blog .post-body-container .post-sidebar{right:0;position:absolute;top:0;width:290px}body.item-view .Blog .post-body-container .post-sidebar .sharing-button{display:inline-block}.widget.Attribution{clear:both;font:600 14px Open Sans, sans-serif;padding-top:2em}.widget.Attribution .blogger{margin:12px}.widget.Attribution svg{fill:rgba(0, 0, 0, 0.54)}body.item-view .PopularPosts{margin-left:140px}body.item-view .PopularPosts .widget-content>ul{padding-left:0}body.item-view .PopularPosts .widget-content>ul>li{display:block}body.item-view .PopularPosts .post-content{margin-right:76px;max-width:664px}body.item-view .PopularPosts .post:not(:last-child){margin-bottom:85px}body.item-view .post-body-container img{height:auto;max-width:100%}body.item-view .PopularPosts>.title{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif;margin-bottom:36px}body.item-view .post-sidebar .post-labels-sidebar{margin-top:48px;min-width:150px}body.item-view .post-sidebar .post-labels-sidebar h3{color:#3e3f3c;font:700 14px Lato, sans-serif;margin-bottom:16px}body.item-view .post-sidebar .post-labels-sidebar a{color:#3e3f3c;display:block;font:400 14px Lato, sans-serif;font-style:italic;line-height:2}body.item-view blockquote{font:italic 700 36px Lato, sans-serif;font-style:italic;quotes:\201c \201d \2018 \2019}body.item-view blockquote::before{content:open-quote}body.item-view blockquote::after{content:close-quote}body.item-view .post-bottom{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;float:none}body.item-view .widget.Blog .post-share-buttons-bottom{-webkit-box-flex:0;-webkit-flex:0 1 auto;-ms-flex:0 1 auto;flex:0 1 auto;-webkit-box-ordinal-group:3;-webkit-order:2;-ms-flex-order:2;order:2}body.item-view .widget.Blog .post-footer{line-height:1;margin-right:24px}.widget.Blog body.item-view .post-bottom{margin-right:0;margin-bottom:80px}body.item-view .post-footer .post-labels .byline-label{color:#3e3f3c;font:700 14px Lato, sans-serif}body.item-view .post-footer .post-labels a{color:#3e3f3c;display:inline-block;font:400 14px Lato, sans-serif;line-height:2}body.item-view .post-footer .post-labels a:not(:last-child)::after{content:, }body.item-view #comments{border-top:0;padding:0}body.item-view #comments h3.title{color:rgba(0,0,0,0.54);font:700 16px Lato, sans-serif;margin-bottom:48px}body.item-view #comments .comment-form h4{position:absolute;clip:rect(1px,1px,1px,1px);padding:0;border:0;height:1px;width:1px;overflow:hidden}.heroPost{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:relative}.widget.Blog .heroPost{margin-left:-136px}.heroPost .big-post-title .post-snippet{color:#ffffff}.heroPost.noimage .post-snippet{color:#3e3f3c}.heroPost .big-post-image-top{display:none;background-size:cover;background-position:center}.heroPost .big-post-title{background-color:#f44d14;box-sizing:border-box;-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;max-width:888px;min-width:0;padding-bottom:84px;padding-right:76px;padding-left:136px;padding-top:76px}.heroPost.noimage .big-post-title{-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;max-width:480px;width:480px}.heroPost .big-post-title h3{margin:0 0 24px}.heroPost .big-post-title h3 a{color:#ffffff}.heroPost .big-post-title .post-body{color:#ffffff}.heroPost .big-post-title .item-byline{color:#ffffff;margin-bottom:24px}.heroPost .big-post-title .item-byline .post-timestamp{display:block}.heroPost .big-post-title .item-byline a{color:#ffffff}.heroPost .byline,.heroPost .byline a,.heroPost .flat-button{color:#ffffff}.heroPost .flat-button.ripple .splash{background-color:rgba(255,255,255,.4)}.heroPost .flat-button.ripple:hover{background-color:rgba(255,255,255,.12)}.heroPost .big-post-image{background-position:center;background-repeat:no-repeat;background-size:cover;-webkit-box-flex:0;-webkit-flex:0 0 auto;-ms-flex:0 0 auto;flex:0 0 auto;width:392px}.heroPost .big-post-text{background-color:#e7e8e0;box-sizing:border-box;color:#3e3f3c;-webkit-box-flex:1;-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;min-width:0;padding:48px}.heroPost .big-post-text .post-snippet-fade{color:#3e3f3c;background:-webkit-linear-gradient(right,#e7e8e0,rgba(231, 232, 224, 0));background:linear-gradient(to left,#e7e8e0,rgba(231, 232, 224, 0))}.heroPost .big-post-text .byline,.heroPost .big-post-text .byline a,.heroPost .big-post-text .jump-link,.heroPost .big-post-text .sharing-button{color:#3e3f3c}.heroPost .big-post-text .snippet-item::first-letter{color:#f44d14;float:left;font-weight:700;margin-right:12px}.sidebar-container{background-color:#ffffff}body.sidebar-visible .sidebar-container{box-shadow:0 0 20px 0 rgba(0,0,0,.7)}.sidebar-container .svg-icon-24{fill:#000000}.sidebar-container .navigation .sidebar-back{float:right}.sidebar-container .widget{padding-right:16px;margin-right:0;margin-left:38px}.sidebar-container .widget+.widget{border-top:solid 1px #bdbdbd}.sidebar-container .widget .title{font:400 16px Lato, sans-serif}.collapsible{width:100%}.widget.Profile{border-top:0;margin:0;margin-left:38px;margin-top:24px;padding-right:0}body.sidebar-visible .widget.Profile{margin-left:0}.widget.Profile h2{display:none}.widget.Profile h3.title{color:#000000;margin:16px 32px}.widget.Profile .individual{text-align:center}.widget.Profile .individual .default-avatar-wrapper .avatar-icon{margin:auto}.widget.Profile .team{margin-bottom:32px;margin-left:32px;margin-right:32px}.widget.Profile ul{list-style:none;padding:0}.widget.Profile li{margin:10px 0;text-align:left}.widget.Profile .profile-img{border-radius:50%;float:none}.widget.Profile .profile-info{margin-bottom:12px}.profile-snippet-fade{background:-webkit-linear-gradient(right,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);height:1.7em;position:absolute;right:16px;top:11.7em;width:96px}.profile-snippet-fade::after{content:\2026;float:right}.widget.Profile .profile-location{color:#000000;font-size:16px;margin:0;opacity:.74}.widget.Profile .team-member .profile-link::after{clear:both;content:;display:table}.widget.Profile .team-member .profile-name{word-break:break-word}.widget.Profile .profile-datablock .profile-link{color:#000000;font:700 16px Lato, sans-serif;font-size:24px;text-transform:none;word-break:break-word}.widget.Profile .profile-datablock .profile-link+div{margin-top:16px!important}.widget.Profile .profile-link{font:700 16px Lato, sans-serif;font-size:14px}.widget.Profile .profile-textblock{color:#000000;font-size:14px;line-height:24px;margin:0 18px;opacity:.74;overflow:hidden;position:relative;word-break:break-word}.widget.Label .list-label-widget-content li a{width:100%;word-wrap:break-word}.extendable .show-less,.extendable .show-more{font:700 16px Lato, sans-serif;font-size:14px;margin:0 -8px}.widget.BlogArchive .post-count{color:#3e3f3c}.Label li{margin:16px 0}.Label li:last-child{margin-bottom:0}.post-snippet.snippet-container{max-height:160px}.post-snippet .snippet-item{line-height:40px}.post-snippet .snippet-fade{background:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);color:#3e3f3c;height:40px}.hero-post-snippet.snippet-container{max-height:160px}.hero-post-snippet .snippet-item{line-height:40px}.hero-post-snippet .snippet-fade{background:-webkit-linear-gradient(left,#f44d14 0,#f44d14 20%,rgba(244, 77, 20, 0) 100%);background:linear-gradient(to left,#f44d14 0,#f44d14 20%,rgba(244, 77, 20, 0) 100%);color:#ffffff;height:40px}.hero-post-snippet a{color:#790101}.hero-post-noimage-snippet.snippet-container{max-height:320px}.hero-post-noimage-snippet .snippet-item{line-height:40px}.hero-post-noimage-snippet .snippet-fade{background:-webkit-linear-gradient(left,#e7e8e0 0,#e7e8e0 20%,rgba(231, 232, 224, 0) 100%);background:linear-gradient(to left,#e7e8e0 0,#e7e8e0 20%,rgba(231, 232, 224, 0) 100%);color:#3e3f3c;height:40px}.popular-posts-snippet.snippet-container{max-height:160px}.popular-posts-snippet .snippet-item{line-height:40px}.popular-posts-snippet .snippet-fade{background:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);color:#3e3f3c;height:40px}.profile-snippet.snippet-container{max-height:192px}.profile-snippet .snippet-item{line-height:24px}.profile-snippet .snippet-fade{background:-webkit-linear-gradient(left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);background:linear-gradient(to left,#ffffff 0,#ffffff 20%,rgba(255, 255, 255, 0) 100%);color:#000000;height:24px}.hero-post-noimage-snippet .snippet-item::first-letter{font-size:80px;line-height:80px}#comments a,#comments cite,#comments div{font-size:16px;line-height:1.4}#comments .comment .comment-header .user,#comments .comment .comment-header .user a{color:#3e3f3c;font:700 14px Lato, sans-serif}#comments .comment .comment-header .datetime a{color:rgba(0,0,0,0.54);font:700 14px Lato, sans-serif}#comments .comment .comment-header .datetime a::before{content:\b7 }#comments .comment .comment-content{margin-top:6px}#comments .comment .comment-actions{color:#3e3f3c;font:700 14px Lato, sans-serif}#comments .continue{display:none}#comments .comment-footer{margin-top:8px}.cmt_iframe_holder{margin-left:140px!important}body.variant-rockpool_deep_orange .centered-top-secondline .PageList .overflow-popup li a{color:#000}body.variant-rockpool_pink .blog-name h1,body.variant-rockpool_pink .blog-name h1 a{text-transform:none}body.variant-rockpool_deep_orange .post-filter-message{background-color:#000000}@media screen and (max-width:1619px){.page{float:none;margin:0 auto;max-width:none!important}.page_body{max-width:1280px;margin:0 auto}}@media screen and (max-width:1280px){.heroPost .big-post-image{display:table-cell;left:auto;position:static;top:auto}.heroPost .big-post-title{display:table-cell}}@media screen and (max-width:1168px){.centered-top-container,.centered-top-placeholder{padding:24px 24px 32px 24px}.sticky{padding:0 24px}.subscribe-section-container{margin-left:48px}.hamburger-section{margin-left:48px}.big-post-text-inner,.big-post-title-inner{margin:0 auto;max-width:920px}.centered-top{padding:0;max-width:920px}.Blog{padding:0}body.item-view .Blog{padding:0 24px;margin:0 auto;max-width:920px}.post-filter-description{margin-right:36px}.post-outer{display:block}.post-content{max-width:none;margin:0}.post-outer .snippet-thumbnail{width:920px;height:613.3333333333px;margin-bottom:16px}.post-outer .snippet-thumbnail.thumbnail-empty{display:none}.shown-ad .inline-ad{max-width:100%}body.item-view .Blog{padding:0;max-width:none}.post-filter-message{margin:24px calc((100% - 920px)/ 2);max-width:none}.FeaturedPost h3,body.feed-view .blog-posts,body.feed-view .feed-message{margin-left:calc((100% - 920px)/ 2);margin-right:calc((100% - 920px)/ 2)}body.item-view .Blog .post-title-container{padding:62px calc((100% - 920px)/ 2) 24px}body.item-view .Blog .post-header-container{padding-left:calc((100% - 920px)/ 2)}body.item-view .Blog .post-body-container,body.item-view .comments,body.item-view .post-outer-container>.shown-ad,body.item-view .widget.Blog .post-bottom{margin:32px calc((100% - 920px)/ 2);padding:0}body.item-view .cmt_iframe_holder{margin:32px 24px!important}.blog-pager{margin-left:calc((100% - 920px)/ 2);margin-right:calc((100% - 920px)/ 2)}body.item-view .post-bottom{margin:0 auto;max-width:968px}body.item-view .PopularPosts .post-content{max-width:100%;margin-right:0}body.item-view .Blog .post-body{margin-right:0}body.item-view .Blog .post-sidebar{display:none}body.item-view .widget.Blog .post-share-buttons-bottom{margin-right:24px}body.item-view .PopularPosts{margin:0 auto;max-width:920px}body.item-view .comment-thread-title{margin-left:calc((100% - 920px)/ 2)}.heroPost{display:block}.heroPost .big-post-title{display:block;max-width:none;padding:24px}.heroPost .big-post-image{display:none}.heroPost .big-post-image-top{display:block;height:613.3333333333px;margin:0 auto;max-width:920px}.heroPost .big-post-image-top-container{background-color:#f44d14}.heroPost.noimage .big-post-title{max-width:none;width:100%}.heroPost.noimage .big-post-text{position:static;width:100%}.heroPost .big-post-text{padding:24px}}@media screen and (max-width:968px){body{font-size:14px}.post-header-container .byline,.post-header-container .byline a{font-size:14px}.post-title,.post-title a{font-size:24px}.post-outer .snippet-thumbnail{width:100%;height:calc((100vw - 48px) * 2 / 3)}body.item-view .Blog .post-title-container{padding:62px 24px 24px 24px}body.item-view .Blog .post-header-container{padding-left:24px}body.item-view .Blog .post-body-container,body.item-view .PopularPosts,body.item-view .comments,body.item-view .post-outer-container>.shown-ad,body.item-view .widget.Blog .post-bottom{margin:32px 24px;padding:0}.FeaturedPost h3,body.feed-view .blog-posts,body.feed-view .feed-message{margin-left:24px;margin-right:24px}.post-filter-message{margin:24px 24px 48px 24px}body.item-view blockquote{font-size:18px}body.item-view .Blog .post-title{font-size:24px}body.item-view .Blog .post-body{font-size:14px}body.item-view .Blog .post-body::first-letter{font-size:56px;line-height:56px}.main_header_elements{position:relative;display:block}.search.focused .section{margin-right:0;width:100%}htmldirltr .search form{margin-right:0}.hamburger-section{margin-left:24px}.search-expand-icon{display:block;float:left;height:24px;margin-top:-12px}.search-expand-text{display:none}.subscribe-section-container{margin-top:12px}.subscribe-section-container{float:left;margin-left:0}.search-expand{position:absolute;right:0;top:0}htmldirltr .search-expand{margin-left:24px}.centered-top.search-focused .subscribe-section-container{opacity:0}.blog-name{float:none}.blog-name{margin-right:36px}.centered-top-secondline .PageList li{margin-right:24px}.centered-top.search-focused .subscribe-button,.centered-top.search-focused .subscribe-section-container{opacity:1}body.item-view .comment-thread-title{margin-left:24px}.blog-pager{margin-left:24px;margin-right:24px}.heroPost .big-post-image-top{width:100%;height:calc(100vw * 2 / 3)}.popular-posts-snippet.snippet-container,.post-snippet.snippet-container{font-size:14px;max-height:112px}.popular-posts-snippet .snippet-item,.post-snippet .snippet-item{line-height:2}.popular-posts-snippet .snippet-fade,.post-snippet .snippet-fade{height:28px}.hero-post-snippet.snippet-container{font-size:14px;max-height:112px}.hero-post-snippet .snippet-item{line-height:2}.hero-post-snippet .snippet-fade{height:28px}.hero-post-noimage-snippet.snippet-container{font-size:14px;line-height:2;max-height:224px}.hero-post-noimage-snippet .snippet-item{line-height:2}.hero-post-noimage-snippet .snippet-fade{height:28px}.hero-post-noimage-snippet .snippet-item::first-letter{font-size:56px;line-height:normal}body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1{margin-left:-24px!important;margin-right:-24px!important}body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: left;,body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: right;{margin-left:0!important;margin-right:0!important}body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: left; img,body.item-view .post-body-container .separatorstyle*text-align: center aimageanchor1style*float: right; img{max-width:100%}}@media screen and (min-width:1620px){.page{float:left}.centered-top{max-width:1600px;padding:44px 456px 32px 136px}.sidebar-container{box-shadow:none;float:right;max-width:320px;z-index:32}.sidebar-container .navigation{display:none}.hamburger-section,.sticky .hamburger-section{display:none}.search.focused .section{margin-right:0;width:100%}#footer{padding-right:320px}}-->/style>style idtemplate-skin-1 typetext/css>!--body#layout .hidden,body#layout .invisible {display: inherit;}body#layout .navigation {display: none;}body#layout .page {display: inline-block;vertical-align: top;width: 55%;}body#layout .sidebar-container {display: inline-block;float: right;width: 40%;}body#layout .hamburger-menu,body#layout .search {display: none;}-->/style>script typetext/javascript> (function(i,s,o,g,r,a,m){iGoogleAnalyticsObjectr;irir||function(){ (ir.qir.q||).push(arguments)},ir.l1*new Date();as.createElement(o), ms.getElementsByTagName(o)0;a.async1;a.srcg;m.parentNode.insertBefore(a,m) })(window,document,script,https://www.google-analytics.com/analytics.js,ga); ga(create, UA-27751410-1, auto, blogger); ga(blogger.send, pageview); /script>script asyncasync srchttps://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js>/script>meta namegoogle-adsense-platform-account contentca-host-pub-1556223355139109/>meta namegoogle-adsense-platform-domain contentblogspot.com/>/head>body classcontainer feed-view version-1-3-3 variant-rockpool_deep_orange>a classskip-navigation href#main tabindex0>Skip to main content/a>div classall-container>div classcentered-top-placeholder>/div>header classcentered-top-container rolebanner>div classcentered-top>div classcentered-top-firstline container>div classmain_header_elements container>!-- Blog name and header -->div classblog-name>div classsection idheader nameHeader>div classwidget Header data-version2 idHeader1>div classheader-widget>div>h1>malerisch.net/h1>/div>p>Security research, divulgations and food for thought./p>/div>/div>/div>/div>!-- End blog name and header -->!-- Search -->div classsearch>button aria-labelSearch classflat-button search-expand touch-icon-button>div classsearch-expand-text>Search/div>div classsearch-expand-icon flat-icon-button>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_search_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/button>div classsection idsearch_top nameSearch (Top)>div classwidget BlogSearch data-version2 idBlogSearch1>h3 classtitle>Search This Blog/h3>div classwidget-content rolesearch>form actionhttps://blog.malerisch.net/search target_top>div classsearch-input>input aria-labelSearch this blog autocompleteoff nameq placeholderSearch this blog value/>/div>label classsearch-submit>input typesubmit/>div classflat-icon-button ripple>svg classsvg-icon-24 search-icon>use xlink:href/responsive/sprite_v1_6.css.svg#ic_search_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/label>/form>/div>/div>/div>/div>/div>!-- Hamburger menu -->div classhamburger-section container>button classsvg-icon-24-button hamburger-menu flat-icon-button ripple>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_menu_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/button>/div>!-- End hamburger menu -->/div>nav rolenavigation>div classcentered-top-secondline section idpage_list_top namePage list (top)>div classwidget PageList data-version2 idPageList1>h3 classtitle>Pages/h3>div classwidget-content>div classoverflowable-container>div classoverflowable-contents>div classcontainer>ul classtabs>li classoverflowable-item selected>a hrefhttps://blog.malerisch.net/>Home/a>/li>li classoverflowable-item>a hrefhttps://blog.malerisch.net/p/security-research.html>Security Research/a>/li>li classoverflowable-item>a hrefhttps://blog.malerisch.net/p/advisories.html>Advisories/a>/li>li classoverflowable-item>a hrefhttps://blog.malerisch.net/p/presentations.html>Presentations/a>/li>li classoverflowable-item>a hrefhttps://blog.malerisch.net/p/white-papers.html>White Papers/a>/li>li classoverflowable-item>a hrefhttps://blog.malerisch.net/p/tools.html>Tools/a>/li>li classoverflowable-item>a hrefhttps://www.youtube.com/user/malerischnet>Videos/a>/li>/ul>/div>/div>div classoverflow-button hidden>a>More…/a>/div>/div>/div>/div>/div>/nav>/div>/header>div classmain_content_container clearfix>div classpage>div classpage_body>div classcentered>main classcentered-bottom idmain rolemain tabindex-1>h2 classmain-heading>Posts/h2>div classmain section idpage_body namePage body>div classwidget FeaturedPost data-version2 idFeaturedPost1>div classwidget-content>div classheroPost>div classbig-post-image-top-container>style> .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/s640\/s1.png);} @media (max-width: 480px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w480-h320-p-k-no-nu\/s1.png);}}@media (max-width: 640px) and (min-width: 481px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w640-h426-p-k-no-nu\/s1.png);}}@media (max-width: 800px) and (min-width: 641px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w800-h533-p-k-no-nu\/s1.png);}}/* Last tag covers anything over one higher than the previous max-size cap. */@media (min-width: 801px) { .big-post-image-top {background-image:url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o\/w1200-h800-p-k-no-nu\/s1.png);}} /style>a classbig-post-image-top hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html>/a>/div>div classbig-post-title>div classbig-post-title-inner>h3 classpost-title>a hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html>UXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies.../a>/h3>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html relbookmark titlepermanent link>time classpublished datetime2017-04-26T11:52:00+02:00 title2017-04-26T11:52:00+02:00>April 26, 2017/time>/a>/span>/div>/div>div classcontainer post-body entry-content idpost-snippet-6344425046060755751>div classhero-post-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>During the HITB2017AMS talk given in Amsterdam with @Steventseeley , I promised that I would have disclosed vulnerabilities affecting a security vendor product other than Trend Micro. For those who have come to my blog for the first time and are looking at "insecurities" of security vendors, you might be interested as well on how we found 200+ remote code execution vulnerabilities in Trend Micro software ... But this blog post is dedicated to two McAfee products instead: McAfee Endpoint Security and SiteAdvisor Enterprise (now part of McAfee Endpoint Security). For simplicity, I will just refer to McAfee Endpoint Security for the rest of this post. First let's demonstrate a particular type of XSS, a UXSS, considering that fact that it only affects the McAfee Endpoint Security plugin and does not depend on a particular web site or web application. There are two different injection points: - UXSS when user visits a red labelled web site - the payload is rendere/div>a classsnippet-fade r-snippet-fade hidden href>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-FeaturedPost1-footer-0-6344425046060755751 classsharing data-titleUXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies...>button aria-controlssharing-popup-FeaturedPost1-footer-0-6344425046060755751 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-FeaturedPost1-footer-0-6344425046060755751 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-FeaturedPost1-footer-0-6344425046060755751 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&target data-urlhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targetfacebook data-urlhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targettwitter data-urlhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targetpinterest data-urlhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID6344425046060755751&targetemail data-urlhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html#comments onclick>Post a Comment/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html titleUXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies...>Read more/a>/div>/div>/div>/div>a classbig-post-image hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html stylebackground-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o/w612/s1.png);>/a>/div>/div>/div>div classwidget Blog data-version2 idBlog1>div classfeed-message>Recent posts/div>div classblog-posts hfeed container>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_2529423599838874335>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w256-h256-p-k-no-nu\/create_session.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w1167-h778-p-k-no-nu\/create_session.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w968-h645-p-k-no-nu\/create_session.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_2529423599838874335 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg\/w600-h400-p-k-no-nu\/create_session.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name2529423599838874335>/a>h3 classpost-title entry-title>a hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html relbookmark titlepermanent link>time classpublished datetime2017-04-20T09:59:00+02:00 title2017-04-20T09:59:00+02:00>April 20, 2017/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-2529423599838874335>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>In the last few months, I have been testing several Trend Micro products with Steven Seeley ( @steventseeley ). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities and for the first time we presented the outcome of our research at Hack In The Box 2017 Amsterdam in April. The presentation is available as a PDF or as a Slideshare . Since it was not possible to cover all discovered vulnerabilities with a single presentation, this blog post will cover and analyze a further vulnerability that did not make it to the slides, and which affects the Trend Micro Threat Discovery Appliance (TDA) product. CVE-2016-8584 - TDA Session Generation Authentication Bypass This was an interesting vulnerability, discovered after observing that two consecutive login attempts against the web interface returned the same session_id token. Following this observation, our inference was that time factor played a role. After further analysis and reversing of the TDA libra/div>a classsnippet-fade r-snippet-fade hidden hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-2529423599838874335 classsharing data-titleTrend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)>button aria-controlssharing-popup-Blog1-footer-0-2529423599838874335 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-2529423599838874335 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-2529423599838874335 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&target data-urlhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targetfacebook data-urlhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targettwitter data-urlhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targetpinterest data-urlhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2529423599838874335&targetemail data-urlhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html#comments onclick>2 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html titleTrend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_4627155078781729495>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w256-h256-p-k-no-nu\/twitter-pic2.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w1167-h778-p-k-no-nu\/twitter-pic2.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w968-h645-p-k-no-nu\/twitter-pic2.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_4627155078781729495 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0\/w600-h400-p-k-no-nu\/twitter-pic2.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name4627155078781729495>/a>h3 classpost-title entry-title>a hrefhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html>Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html relbookmark titlepermanent link>time classpublished datetime2016-12-01T13:08:00+01:00 title2016-12-01T13:08:00+01:00>December 01, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-4627155078781729495>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>It is time for another advisory or better a blog post about Alcatel Lucent Omnivista and its vulnerabilities. Omnivista is a central management network tool and it is typically used in medium/large organisation with a complex VoIP/SIP infrastructure. Interestingly enough, this software belongs to the niche of "undownloadable" software and it requires a license to work as well. My "luck" came during an engagement where it was already installed and this post documents one of the many 0days discovered during such audit. The reasons why I wanted to dedicate a single blog post on this vulnerability are several. First, remote code execution (RCE) is always a sweet bug to show. Second, I strongly believe that documenting vulnerabilities in applications using old protocols and standards, respectively GIOP and CORBA, can be beneficial for the infosec community, since no many examples of vulnerabilities in such applications are available or published on the Interne/div>a classsnippet-fade r-snippet-fade hidden hrefhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-4627155078781729495 classsharing data-titleAlcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)>button aria-controlssharing-popup-Blog1-footer-0-4627155078781729495 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-4627155078781729495 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-4627155078781729495 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&target data-urlhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targetfacebook data-urlhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targettwitter data-urlhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targetpinterest data-urlhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4627155078781729495&targetemail data-urlhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html#comments onclick>6 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html titleAlcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_2848216952693500772>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w256-h256-p-k-no-nu\/s1.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w1167-h778-p-k-no-nu\/s1.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w968-h645-p-k-no-nu\/s1.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_2848216952693500772 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o\/w600-h400-p-k-no-nu\/s1.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name2848216952693500772>/a>h3 classpost-title entry-title>a hrefhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html>Pwning a thin client in less than one minute, again!/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html relbookmark titlepermanent link>time classpublished datetime2016-10-03T07:53:00+02:00 title2016-10-03T07:53:00+02:00>October 03, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-2848216952693500772>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized> Back in 2015, I have published a blog post titled " Pwning a thin client in less two minutes " which attracted a lot of curiosity from the Internet and which was also featured in the HACKADAY blog. Today, together with Vincent Hutsebaut ( @vhutsebaut ), we are releasing a further technique to pwn the same thin client and get a root shell without authentication, in less than one minute! The attack detailed below is a typical kiosk attack which consists in a local privilege escalation which affects different versions of HP Thin Pro OS (HP ThinPro 4.4, HP ThinPro 5.0, HP ThinPro 5.1, HP ThinPro 5.2, HP ThinPro 5.2.1, HP ThinPro 6.0, HP ThinPro 6.1). The vulnerability (CVE-2016-2246) has been patched by HP and a technical bulletin has been published . HP stated that they have fixed the issue before our report was sent to them and were on the way to publish a security bulletin when we contacted them. Since the patch is out, let's dive into the vulnerability, which i/div>a classsnippet-fade r-snippet-fade hidden hrefhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-2848216952693500772 classsharing data-titlePwning a thin client in less than one minute, again!>button aria-controlssharing-popup-Blog1-footer-0-2848216952693500772 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-2848216952693500772 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-2848216952693500772 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&target data-urlhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targetfacebook data-urlhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targettwitter data-urlhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targetpinterest data-urlhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2848216952693500772&targetemail data-urlhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html#comments onclick>2 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html titlePwning a thin client in less than one minute, again!>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>div classsnippet-thumbnail thumbnail-empty>/div>div classpost-content container>div classpost-title-container>a name5109742040991891728>/a>h3 classpost-title entry-title>a hrefhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html>Microsoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html relbookmark titlepermanent link>time classpublished datetime2016-09-14T18:16:00+02:00 title2016-09-14T18:16:00+02:00>September 14, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-5109742040991891728>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>In the last year, as a personal research project, I started to look more into browsers and decided to fuzz some high-level targets, such as Edge and IE11, together with Steven Seeley ( @steventseeley ). I have to admit that it is quite hard nowadays to approach this kind of research, especially with limited time and resources (just few virtual machines running at home…), but nevertheless it became an incredible learning experience. Given our constraints, the fuzzing focus was to target other things than common targeted components, such as DOM, JavaScript and so on, so we decided to go for the PDF file format. One of the interesting conditions that we found was the one that has just been patched by Microsoft and detailed in the MS16-115 security bulletin. The vulnerability is an out-of-bounds read which can lead to memory information disclosure. The technical advisory can be found at Steven Seeley's web site: http://srcincite.io/advisories/src-2016-0039/ . References/div>a classsnippet-fade r-snippet-fade hidden hrefhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-5109742040991891728 classsharing data-titleMicrosoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115)>button aria-controlssharing-popup-Blog1-footer-0-5109742040991891728 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-5109742040991891728 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-5109742040991891728 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&target data-urlhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targetfacebook data-urlhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targettwitter data-urlhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targetpinterest data-urlhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID5109742040991891728&targetemail data-urlhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html#comments onclick>Post a Comment/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html titleMicrosoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115)>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_4414957384997929325>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w256-h256-p-k-no-nu\/s1.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w1167-h778-p-k-no-nu\/s1.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w968-h645-p-k-no-nu\/s1.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_4414957384997929325 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk\/w600-h400-p-k-no-nu\/s1.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name4414957384997929325>/a>h3 classpost-title entry-title>a hrefhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html>TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html relbookmark titlepermanent link>time classpublished datetime2016-05-20T00:20:00+02:00 title2016-05-20T00:20:00+02:00>May 20, 2016/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-4414957384997929325>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>It's time for another advisory ( CVE-2015-3326 ), a simple one, for a vulnerability which can be found quickly and trivially. For those of you who just want to give a glance at the post, I suggest to directly watch the picture which says it all! The following vulnerability was discovered on TrendMicro SMEX (ScanMail for Microsoft Exchange) 10 SP2 but it affects other versions as well. While surfing the SMEX web administrative interface using a web proxy, I have noticed something in the HTTP request - the session token itself and its format, a number. After observing a significant number of logins, the session token was always represented with an number composed of minimum 4 digits and maximum 5 digits, as shown in the screen shot below: Although the observed session tokens were never generated sequentially, the lack of a cryptographically strong PRNG for the session identifier, allows a malicious user to trivially guess the token. This attack can be easily automated./div>a classsnippet-fade r-snippet-fade hidden hrefhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-4414957384997929325 classsharing data-titleTrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326>button aria-controlssharing-popup-Blog1-footer-0-4414957384997929325 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-4414957384997929325 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-4414957384997929325 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&target data-urlhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targetfacebook data-urlhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targettwitter data-urlhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targetpinterest data-urlhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID4414957384997929325&targetemail data-urlhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html#comments onclick>1 comment/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html titleTrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326>Read more/a>/div>/div>/div>/div>/article>article classpost-outer-container>div classpost-outer>a classsnippet-thumbnail hrefhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html>span classsnippet-thumbnail-img idsnippet_thumbnail_id_2820815798478501437>/span>style> @media (min-width: 1168px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w256-h256-p-k-no-nu\/email.png); } } @media (min-width: 969px) and (max-width: 1167px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w1167-h778-p-k-no-nu\/email.png); } } @media (min-width: 601px) and (max-width: 968px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w968-h645-p-k-no-nu\/email.png); } } @media (max-width: 600px) { #snippet_thumbnail_id_2820815798478501437 { background-image: url(https\:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k\/w600-h400-p-k-no-nu\/email.png); } } /style>/a>div classpost-content container>div classpost-title-container>a name2820815798478501437>/a>h3 classpost-title entry-title>a hrefhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html>Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)/a>/h3>/div>div classpost-header-container container>div classpost-header>div classpost-header-line-1>span classbyline post-timestamp>meta contenthttp://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html/>a classtimestamp-link hrefhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html relbookmark titlepermanent link>time classpublished datetime2015-09-10T21:29:00+02:00 title2015-09-10T21:29:00+02:00>September 10, 2015/time>/a>/span>/div>/div>/div>div classcontainer post-body entry-content idpost-snippet-2820815798478501437>div classpost-snippet snippet-container r-snippet-container>div classsnippet-item r-snippetized>Microsoft released a security bulletin ( MS15-101 ) describing a .NET MVC Denial of Service vulnerability ( CVE-2015-2526 ) that I reported back in April. This blog post analyses the vulnerability in details, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013. For those of you who want to see the bug, you can directly skip to the last part of this post or watch the video directly... ;-) A bit of theory The .NET framework (4.5 tested version) uses backtracking regular expression matcher when performing a match against an expression. Backtracking is based on the NFA (non-deterministic finite automata) algorithm engine which is designed to validate all input states. By providing an “evil” regex expression – an expression for which the engine can be forced to calculate an exponential number of states - it is possible to force the engine to calculate an exponential number of states, leading to a condition defined su/div>a classsnippet-fade r-snippet-fade hidden hrefhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html>/a>/div>/div>div classpost-bottom>div classpost-footer>div classpost-footer-line post-footer-line-0>div classbyline post-share-buttons goog-inline-block>div aria-ownssharing-popup-Blog1-footer-0-2820815798478501437 classsharing data-titleMicrosoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)>button aria-controlssharing-popup-Blog1-footer-0-2820815798478501437 aria-labelShare classsharing-button touch-icon-button flat-button ripple idsharing-button-Blog1-footer-0-2820815798478501437 rolebutton>Share/button>div classshare-buttons-container>ul aria-hiddentrue aria-labelShare classshare-buttons hidden idsharing-popup-Blog1-footer-0-2820815798478501437 rolemenu>li>span aria-labelGet link classsharing-platform-button sharing-element-link data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&target data-urlhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleGet link>svg classsvg-icon-24 touch-icon sharing-link>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_link_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Get link/span>/span>/li>li>span aria-labelShare to Facebook classsharing-platform-button sharing-element-facebook data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targetfacebook data-urlhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to Facebook>svg classsvg-icon-24 touch-icon sharing-facebook>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Facebook/span>/span>/li>li>span aria-labelShare to Twitter classsharing-platform-button sharing-element-twitter data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targettwitter data-urlhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to Twitter>svg classsvg-icon-24 touch-icon sharing-twitter>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Twitter/span>/span>/li>li>span aria-labelShare to Pinterest classsharing-platform-button sharing-element-pinterest data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targetpinterest data-urlhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to Pinterest>svg classsvg-icon-24 touch-icon sharing-pinterest>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Pinterest/span>/span>/li>li>span aria-labelEmail classsharing-platform-button sharing-element-email data-hrefhttps://www.blogger.com/share-post.g?blogID5593108060941425908&postID2820815798478501437&targetemail data-urlhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleEmail>svg classsvg-icon-24 touch-icon sharing-email>use xlink:href/responsive/sprite_v1_6.css.svg#ic_24_email_dark xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Email/span>/span>/li>li aria-hiddentrue classhidden>span aria-labelShare to other apps classsharing-platform-button sharing-element-other data-urlhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html rolemenuitem tabindex-1 titleShare to other apps>svg classsvg-icon-24 touch-icon sharing-sharingOther>use xlink:href/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>span classplatform-sharing-text>Other Apps/span>/span>/li>/ul>/div>/div>/div>span classbyline post-comment-link container>a classcomment-link flat-button ripple hrefhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html#comments onclick>3 comments/a>/span>/div>/div>div classbyline jump-link>a classflat-button ripple hrefhttps://blog.malerisch.net/2015/09/net-mvc-redos-denial-of-service-vulnerability-cve-2015-2526.html titleMicrosoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101)>Read more/a>/div>/div>/div>/div>/article>/div>div classblog-pager container idblog-pager>a classblog-pager-older-link flat-button ripple hrefhttps://blog.malerisch.net/search?updated-max2015-09-10T21:29:00%2B02:00&max-results7 titleMore posts>More posts/a>/div>/div>/div>/main>/div>/div>/div>aside classsidebar-container sidebar-invisible rolecomplementary>div classnavigation container>button classsvg-icon-24-button sidebar-back flat-icon-button ripple>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_arrow_forward_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/button>/div>div classsidebar section idsidebar nameSidebar>div classwidget BlogArchive data-version2 idBlogArchive1>details classcollapsible extendable>summary>div classcollapsible-title>h3 classtitle>Archive/h3>svg classsvg-icon-24 chevron-down>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_more_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>svg classsvg-icon-24 chevron-up>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_less_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/summary>div classwidget-content>div idArchiveList>div idBlogArchive1_ArchiveList>div classfirst-items>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2017/>2017span classpost-count>2/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2017/04/>Aprilspan classpost-count>2/span>/a>/div>div classhierarchy-content>ul classposts hierarchy>li>a hrefhttps://blog.malerisch.net/2017/04/uxss-mcafee-endpoint-security-and-site-advisor-cve-2016-8011.html>UXSS in McAfee Endpoint Security, www.mcafee.com a.../a>/li>li>a hrefhttps://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html>Trend Micro Threat Discovery Appliance - Session G.../a>/li>/ul>/div>/li>/ul>/div>/li>/ul>/div>div classremaining-items>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2016/>2016span classpost-count>4/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2016/12/>Decemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2016/10/>Octoberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2016/09/>Septemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2016/05/>Mayspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2015/>2015span classpost-count>3/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2015/09/>Septemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2015/04/>Aprilspan classpost-count>2/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2014/>2014span classpost-count>1/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2014/08/>Augustspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2013/>2013span classpost-count>3/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2013/12/>Decemberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2013/09/>Septemberspan classpost-count>2/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2012/>2012span classpost-count>13/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2012/12/>Decemberspan classpost-count>8/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2012/10/>Octoberspan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2012/06/>Junespan classpost-count>1/span>/a>/div>div classhierarchy-content>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2012/04/>Aprilspan classpost-count>3/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2011/>2011span classpost-count>2/span>/a>/div>div classhierarchy-content>ul classhierarchy>li classarchivedate>div classhierarchy-title>a classpost-count-link hrefhttps://blog.malerisch.net/2011/12/>Decemberspan classpost-count>2/span>/a>/div>div classhierarchy-content>/div>/li>/ul>/div>/li>/ul>/div>span classshow-more flat-button>Show more/span>span classshow-less hidden flat-button>Show less/span>/div>/div>/div>/details>/div>div classwidget Label data-version2 idLabel1>details classcollapsible extendable>summary>div classcollapsible-title>h3 classtitle>Labels/h3>svg classsvg-icon-24 chevron-down>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_more_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>svg classsvg-icon-24 chevron-up>use xlink:href/responsive/sprite_v1_6.css.svg#ic_expand_less_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>/div>/summary>div classwidget-content list-label-widget-content>div classfirst-items>ul>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/.net>.net/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/0day>0day/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/0days>0days/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/advisory>advisory/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/alcatel>alcatel/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/avant%20browser>avant browser/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/beef>beef/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/bookmark>bookmark/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/brute%20force%20pin%20callmanager%20cisco%20phone>brute force pin callmanager cisco phone/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/burp>burp/a>/li>/ul>/div>div classremaining-items>ul>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/burp%20extension>burp extension/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/burp%20pro>burp pro/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/burpcsj>burpcsj/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/corba>corba/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/cors>cors/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/crash>crash/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/crawljax>crawljax/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/csrf>csrf/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/CVE-2016-2246>CVE-2016-2246/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/cve2015-2526>cve2015-2526/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/cve2016-3374>cve2016-3374/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/dos>dos/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/edge>edge/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/exploit>exploit/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/feed>feed/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/file%20upload>file upload/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/firefox>firefox/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/giop>giop/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/hitb2012ams>hitb2012ams/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/hitb2017ams>hitb2017ams/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/hp>hp/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/html5>html5/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/i.maxthon.com>i.maxthon.com/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/integer%20overflow>integer overflow/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/junit>junit/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/kemp>kemp/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/kiosk%20hacking>kiosk hacking/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/load%20master>load master/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/lucent>lucent/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/maxthon>maxthon/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/mcafee>mcafee/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/metasploit>metasploit/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/microsoft>microsoft/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/ms16-115>ms16-115/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/mvc>mvc/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/omniorb>omniorb/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/omnivista>omnivista/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/oracle%20glassfish>oracle glassfish/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/pdf>pdf/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/poc>poc/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/rce>rce/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/redos>redos/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/regex>regex/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/remote%20code%20execution>remote code execution/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/root%20shell>root shell/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/security>security/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/security%20conference>security conference/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/selenium>selenium/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/selenium%20ide>selenium ide/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/smex>smex/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/sop>sop/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/thinpro>thinpro/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/trend%20micro>trend micro/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/trendmicro>trendmicro/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/tutorial>tutorial/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/unauthenticated>unauthenticated/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/uxss>uxss/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/web%20application%20testing>web application testing/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/web%20hacking>web hacking/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/xcs>xcs/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/xhr>xhr/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/xsrf>xsrf/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/xss>xss/a>/li>li>a classlabel-name hrefhttps://blog.malerisch.net/search/label/zero%20client>zero client/a>/li>/ul>/div>span classshow-more flat-button>Show more/span>span classshow-less hidden flat-button>Show less/span>/div>/details>/div>/div>/aside>/div>footer classfooter section idfooter nameFooter>div classwidget Attribution data-version2 idAttribution1>div classwidget-content>div classblogger>a hrefhttps://www.blogger.com relnofollow>svg classsvg-icon-24>use xlink:href/responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp xmlns:xlinkhttp://www.w3.org/1999/xlink>/use>/svg>Powered by Blogger/a>/div>/div>/div>/footer>/div>script typetext/javascript srchttps://resources.blogblog.com/blogblog/data/res/1536289703-rockpool_compiled.js asynctrue>/script>script typetext/javascript srchttps://www.blogger.com/static/v1/widgets/2591855913-widgets.js>/script>script typetext/javascript>window__wavt AOuZoY5wrRZdfUSi_1hf6LZt3TNVrf5r-Q:1730734073425;_WidgetManager._Init(//www.blogger.com/rearrange?blogID\x3d5593108060941425908,//blog.malerisch.net/,5593108060941425908);_WidgetManager._SetDataContext({name: blog, data: {blogId: 5593108060941425908, title: malerisch.net, url: https://blog.malerisch.net/, canonicalUrl: http://blog.malerisch.net/, homepageUrl: https://blog.malerisch.net/, searchUrl: https://blog.malerisch.net/search, canonicalHomepageUrl: http://blog.malerisch.net/, blogspotFaviconUrl: https://blog.malerisch.net/favicon.ico, bloggerUrl: https://www.blogger.com, hasCustomDomain: true, httpsEnabled: true, enabledCommentProfileImages: false, gPlusViewType: FILTERED_POSTMOD, adultContent: false, analyticsAccountNumber: UA-27751410-1, encoding: UTF-8, locale: en-GB, localeUnderscoreDelimited: en_gb, languageDirection: ltr, isPrivate: false, isMobile: false, isMobileRequest: false, mobileClass: , isPrivateBlog: false, isDynamicViewsAvailable: true, feedLinks: \x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22malerisch.net - Atom\x22 href\x3d\x22https://blog.malerisch.net/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22malerisch.net - RSS\x22 href\x3d\x22https://blog.malerisch.net/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22malerisch.net - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5593108060941425908/posts/default\x22 /\x3e\n, meTag: \x3clink rel\x3d\x22me\x22 href\x3d\x22https://www.blogger.com/profile/00603006078110455351\x22 /\x3e\n, adsenseHostId: ca-host-pub-1556223355139109, adsenseHasAds: false, adsenseAutoAds: false, boqCommentIframeForm: true, loginRedirectParam: , view: , dynamicViewsCommentsSrc: //www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js, dynamicViewsScriptSrc: //www.blogblog.com/dynamicviews/6eb7ce967db05cf0, plusOneApiSrc: https://apis.google.com/js/platform.js, disableGComments: true, interstitialAccepted: false, sharing: {platforms: {name: Get link, key: link, shareMessage: Get link, target: }, {name: Facebook, key: facebook, shareMessage: Share to Facebook, target: facebook}, {name: BlogThis!, key: blogThis, shareMessage: BlogThis!, target: blog}, {name: Twitter, key: twitter, shareMessage: Share to Twitter, target: twitter}, {name: Pinterest, key: pinterest, shareMessage: Share to Pinterest, target: pinterest}, {name: Email, key: email, shareMessage: Email, target: email}, disableGooglePlus: true, googlePlusShareButtonWidth: 0, googlePlusBootstrap: \x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e}, hasCustomJumpLinkMessage: false, jumpLinkMessage: Read more, pageType: index, pageName: , pageTitle: malerisch.net, metaDescription: A blog about security research, web application security, software bugs and exploits.}}, {name: features, data: {}}, {name: messages, data: {edit: Edit, linkCopiedToClipboard: Link copied to clipboard, ok: Ok, postLink: Post link}}, {name: template, data: {name: Notable, localizedName: Notable, isResponsive: true, isAlternateRendering: false, isCustom: false, variant: rockpool_deep_orange, variantId: rockpool_deep_orange}}, {name: view, data: {classic: {name: classic, url: ?view\x3dclassic}, flipcard: {name: flipcard, url: ?view\x3dflipcard}, magazine: {name: magazine, url: ?view\x3dmagazine}, mosaic: {name: mosaic, url: ?view\x3dmosaic}, sidebar: {name: sidebar, url: ?view\x3dsidebar}, snapshot: {name: snapshot, url: ?view\x3dsnapshot}, timeslide: {name: timeslide, url: ?view\x3dtimeslide}, isMobile: false, title: malerisch.net, description: A blog about security research, web application security, software bugs and exploits., url: https://blog.malerisch.net/, type: feed, isSingleItem: false, isMultipleItems: true, isError: false, isPage: false, isPost: false, isHomepage: true, isArchive: false, isLabelSearch: false}}, {name: widgets, data: {title: malerisch.net (Header), type: Header, sectionId: header, id: Header1}, {title: , type: BlogArchive, sectionId: sidebar, id: BlogArchive1}, {title: Labels, type: Label, sectionId: sidebar, id: Label1}, {title: Search This Blog, type: BlogSearch, sectionId: search_top, id: BlogSearch1}, {title: Pages, type: PageList, sectionId: page_list_top, id: PageList1}, {title: , type: FeaturedPost, sectionId: page_body, id: FeaturedPost1, postId: 6344425046060755751}, {title: Blog Posts, type: Blog, sectionId: page_body, id: Blog1, posts: {id: 6344425046060755751, title: UXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies..., featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTrmXQgj6d-lqNdf-I2EBeUE0lh7NJjg6CTFutM6pF6Wu7lpLaPRDg_NDeR9-zMoqwf6YhPzeW60eGyhjibEF_j0xtr3LB1zbq5xT-3ijN2N_CiL_aZ_-5N88hSTiLUth2iYNeMM8vM6o/s640/s1.png, showInlineAds: false}, {id: 2529423599838874335, title: Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584), featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgXqASmgcOuD0WbIpO1bAWXrk5mrB39QPUHqP3AMMmdJ9vQjuB3YjrKLgQgDw4ycTKBr_w_lcXp3gjD2H3YR5GSykkRvjdL-AYtHDWNIL5_32jUy4YeSg90IFo42w1sGM_8bE8nzUFeHg/s400/create_session.png, showInlineAds: false}, {id: 4627155078781729495, title: Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796), featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNwcgRWZsbMobKG0FR4JForFOKWAtnt4-2I4fTOBAQuE7qTImBJeg9kw5OIcZtyTU5z-ApH9-lHx2r9qXwxRTJ7pfWmgqai4BUm2gZNG0aK0Ojbswy8D2btO-qqjYOckLgV-gabH9wFL0/s640/twitter-pic2.png, showInlineAds: false}, {id: 2848216952693500772, title: Pwning a thin client in less than one minute, again!, featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_2URaUgdMKI9YGn8GaMnjcp-kByL5_Ose19eNLhuiXy0fSXQJRqXggOgrSMIq2ekzKYGZJp1TMlC413J617YYPaqNFXLZ_qd6fCCMEV7B7aggaN6qJG3-s18PR0OGSVhjPMYLKP5C19o/s640/s1.png, showInlineAds: false}, {id: 5109742040991891728, title: Microsoft Windows PDF Library Information Disclosure Vulnerability - CVE-2016-3374 (MS16-115), showInlineAds: false}, {id: 4414957384997929325, title: TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326, featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoJuIjtjHHC4BxqIRLTHmr5WX1G0gVqHiQtF-d3s5sKBRD_S0cH8g0t39i7QZ1lvh9rm0kfN0N6FVuGByImDgeYnqKLUGDFe2DVbKJ1quz3Y61focJDSyk4jNUAJTYRg7SK7vehOE1INk/s640/s1.png, showInlineAds: false}, {id: 2820815798478501437, title: Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101), featuredImage: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO6f_2DislvzTIQUdhlHi4GZzr2ashXsKCN3gNh2jmXJXFVn5IM2h1PJtccQ2Rqa2eA-c3D9e-PmSL0fW346R8vO5uvilXH1dcAukRpBkPA_YI-Fuh0SZSKJJTJwy6wKr2UhRD7BDfu2k/s640/email.png, showInlineAds: false}, headerByline: {regionName: header1, items: {name: timestamp, label: }}, footerBylines: {regionName: footer1, items: {name: share, label: }, {name: comments, label: comments}, {name: labels, label: Labels:}, {name: icons, label: }}, {regionName: footer3, items: {name: location, label: Location:}}, allBylineItems: {name: timestamp, label: }, {name: share, label: }, {name: comments, label: comments}, {name: labels, label: Labels:}, {name: icons, label: }, {name: location, label: Location:}}, {title: , type: PopularPosts, sectionId: page_body, id: PopularPosts1, posts: {title: TrendMicro ScanMail for Microsoft Exchange (SMEX) predictable session token - CVE-2015-3326, id: 4414957384997929325}, {title: Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796), id: 4627155078781729495}, {title: Microsoft .NET MVC ReDoS (Denial of Service) Vulnerability - CVE-2015-2526 (MS15-101), id: 2820815798478501437}}, {type: Attribution, sectionId: footer, id: Attribution1}});_WidgetManager._RegisterWidget(_HeaderView, new _WidgetInfo(Header1, header, document.getElementById(Header1), {}, displayModeFull));_WidgetManager._RegisterWidget(_BlogArchiveView, new _WidgetInfo(BlogArchive1, sidebar, document.getElementById(BlogArchive1), {languageDirection: ltr, loadingMessage: Loading\x26hellip;}, displayModeFull));_WidgetManager._RegisterWidget(_LabelView, new _WidgetInfo(Label1, sidebar, document.getElementById(Label1), {}, displayModeFull));_WidgetManager._RegisterWidget(_BlogSearchView, new _WidgetInfo(BlogSearch1, search_top, document.getElementById(BlogSearch1), {}, displayModeFull));_WidgetManager._RegisterWidget(_PageListView, new _WidgetInfo(PageList1, page_list_top, document.getElementById(PageList1), {title: Pages, links: {isCurrentPage: true, href: https://blog.malerisch.net/, title: Home}, {isCurrentPage: false, href: https://blog.malerisch.net/p/security-research.html, id: 3397001519315383469, title: Security Research}, {isCurrentPage: false, href: https://blog.malerisch.net/p/advisories.html, id: 5522611234554604637, title: Advisories}, {isCurrentPage: false, href: https://blog.malerisch.net/p/presentations.html, id: 8502388347045514244, title: Presentations}, {isCurrentPage: false, href: https://blog.malerisch.net/p/white-papers.html, id: 3119887251035520285, title: White Papers}, {isCurrentPage: false, href: https://blog.malerisch.net/p/tools.html, id: 6365220155684648645, title: Tools}, {isCurrentPage: false, href: https://www.youtube.com/user/malerischnet, title: Videos}, mobile: false, showPlaceholder: true, hasCurrentPage: true}, displayModeFull));_WidgetManager._RegisterWidget(_FeaturedPostView, new _WidgetInfo(FeaturedPost1, page_body, document.getElementById(FeaturedPost1), {}, displayModeFull));_WidgetManager._RegisterWidget(_BlogView, new _WidgetInfo(Blog1, page_body, document.getElementById(Blog1), {cmtInteractionsEnabled: false, lightboxEnabled: true, lightboxModuleUrl: https://www.blogger.com/static/v1/jsbin/1888409851-lbx__en_gb.js, lightboxCssUrl: https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css}, displayModeFull));_WidgetManager._RegisterWidget(_PopularPostsView, new _WidgetInfo(PopularPosts1, page_body, document.getElementById(PopularPosts1), {}, displayModeFull));_WidgetManager._RegisterWidget(_AttributionView, new _WidgetInfo(Attribution1, footer, document.getElementById(Attribution1), {}, displayModeFull));/script>/body>/html>
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]