Security News #0x3D

• This is a but old, but worth sharing. One of my students has had good luck in class settings using the Windows 7 SYSRET privilege escalation attack. This was patched last summer as part of MS12-042 (CVE 2012-0217), and there is a technical discussion available at Vupen.
• You did install the latest Java patch, right? Metasploit has a module that will exploit Java 7 Update 17, and Eric Romang has a demo of it in action.
• Threatpost has a discussion of the ongoing attacks against WordPress installations; the folks at Sucuri have some technical details.
• The folks at SpiderLabs have a nice piece on how to develop custom Modsecurity rules to mitigate the kinds of attacks being thrown at WordPress installations.
• Ars Technica reports that NPR was attacked this week by a group calling itself the "Syrian Electronic Army".
• John Christmas from Solera has a description of what went down with Red Team at the recent MACCDC.
• And talking about CCDC events, Mudge lost a bunch of data on his system at the National CCDC. He used a VM on that system as a team server, and as the competition wound down another red team member accidentally ran an rm -rf on it, thinking it was a student system. Guess what- he had set up the VMWare Host-Guest file system, so a few local directories were mounted on the VM. Were. They are gone now….
• Hey students- did you know that NoVA Infosec has a board with job postings?
• And if you are not looking for a job because you have more schooling in front of you, how about applying for the Snort Scholarship?