Security News #0x38

• Kali Linux, the successor to BackTrack, has been released. In a surprising move, Armitage is not included in the default distribution, though it is in the repository.
• Sebastian Krahmer has identified a new privilege escalation attack in Linux. He provides exploit code for an openSUSE12.1 system. The Red Hat folks are calling it CVE 2013-1858,
• The current Windows version (2.5.2.26539) of Firebird SQL server is apparently vulnerable to a buffer overflow exploit allowing remote code execution. Exploit code is available from Metasploit and Eric Romang has a demo.
• Speaking of metasploit, they have a nice piece on the different ways the PSExec tool is used in various modules; well worth reading.
• The slides from the talk by Mark Russinovich on Malware Hunting using Sysinternals Tools from RSA 2013 are online. Required reading for our CCDC team!
• Also in the list of mandatory reading for the CCDC team is a piece from the Spider Labs Blog on writing custom malware for CCDC events.
• Mark Baggett has a great piece on malware re-infection vectors. Are you familiar with a BITS Backdoor? I wasn’t!
• A significant attack on RC4 in TLS has been announced. Unfortunately, the attack does is not named after an obscure Neil Young album.
• There is a nice piece on tricks you can perform in a .pdf document available at corkami.
• Remember students- always ethical all the time. Here is what happens if you don’t.
• Ars Technica has a piece about the encryption in Gauss.
• The fine folks at HP have shipped printers with a wide open telnet port for "debugging". Yeah, that won’t be a problem. See the HP advisory here; this was documented as CVE 2012-5125.
• Just when you think we might get a handle on cyber security, you hear that the NIST National Vulnerability Database was hacked. Couple that with the Swatting of Brian Krebs, a fantastic writer on all things cybersecurity, and you just have to wonder.