Security News- #0x10
- Now I know that most of the students in my class already have jobs or internships lined up. If you don’t though, here are a few opportunities worth examining:
- The folks at Systems Forensics have a nice post on the forensics of the recently launched Google Drive.
- Open Security Research has a great post on how to use Windows native tools to help answer the question- Am I pwned?
- After the PHP story of the past few weeks (CVE 2012-1832, CVE 2012-2311), can I admit to some fatigue to see another PHP bug? CVE 2012-2376 appears to impact PHP on Windows, up to and including the just released 5.4.3 and allow for local file inclusion. Packetstorm has exploit code, at least for Windows XP SP3. See also the ISC Diary for perspective.
- If you are looking for something to do now that class has ended, someone pointed me to a source of exploit exercises. I haven’t tried it- if it is good, please let me know.
- Christian Kirsch has a fascinating discussion of the Top 10 most searched Metasploit exploit and auxiliary modules. It is interesting to see how many old (CVE-1999-0504!) modules are on the list.
- We mentioned MS12-034 last week; apparently even after patching, Windows XP SP 3 is still vulnerable to a DOS; see the work of Cr4sh.
- Nmap 6.0 has been released.
- OpenOffice 2.3.0 and 2.3.1 are vulnerable to CVE 2008-0320, a local exploit. A Metasploit module to exploit this flaw under Windows XP SP3 was just released.