Apache tomcat denial of service metasploit module

Today I saw that the metasploit project added my auxiliary module for the information disclosure and denial of service vulnerability in Apache Tomcat found by Steve Jones.

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with “recycling of a buffer.”

Apache Tomcat Transfer-Encoding Information Disclosure and DoS




Esta semana un amigo y yo hemos lanzado un nuevo sitio llamado “La subasta mas baja“. La subasta mas baja es el primer sitio de subastas inversas en Mexico. Basicamente cada semana posteamos premios muy atractivos y gana el que haya hecho la “puja” mas baja que NO se haya repetido. Para participar se necesita mandar un mensaje de texto al 22122 (Telcel) o 7766 (IUSACELL/Movistar) con el contenido “SUBIN <clave de la subasta> <puja>”. En nuestra primera semana estamos subastando un IPOD Touch de 8gb de ultima generacion que al parecer se ira por menos de $5.00 mxn. Definitivamente vale la pena que participen y corran la voz =)

Visiten La subasta mas baja y apoyenos!


This week a good friend of mine and I started a new site  called “La subasta mas baja” and it’s the first site for reverse auctions in Mexico. Basically every week we’ll be posting awesome items where the lowest non repeated bid WINS! To bid you need to send a text message to 22122 (Telcel) or 7766 (IUSACELL/Movistar) with the text “SUBIN <Item keyword> <bid>”. In our first auction you can win a last generation Ipod Touch 8gb for less than $5.00 mxn ( Around $0.40 usd ) ! You definitely need to check it out and spread the word if you have friends in Mexico =)

Visit La subasta mas baja and support us!


WEP/WPA key generator for Huawei gateways

We are proud to release our WEP/WPA default key generator for Huawei HG520x and HG530 Gateways. These devices use a weak cipher to generate their default keys and Humberto Ochoa, one of our vulnerability researchers at Websec, did a great job deciphering the algorithm:

Mac2wepkey – WEP/WPA default key generator for Huawei HG250x and HG530 Gateways

Ironically, Prodigy Telmex, the biggest ISP in Mexico, just replaced my old 2wire router with one of these vulnerable modems, a newer and “better” device (According to their technician of course hehe). 


BCBus schedules updated!

The latest BCTransit’s schedules for January-April 2011 have been finally uploaded. To update BCBus, go to settings and at the bottom you will find “Update schedules”. It takes around 35 seconds on my nexus one for Victoria so don’t get impatient.

I added programatically the suffixes “A.M.” and “P.M.” as requested by many of you. Please let me know if you find any inconsistencies in the new schedules. 


Thank you for your patience with my hardware issues.