Home > Uncategorized > Security News- #0x10

Security News- #0x10

  • Now I know that most of the students in my class already have jobs or internships lined up. If you don’t though, here are a few opportunities worth examining:
  • The folks at Systems Forensics have a nice post on the forensics of the recently launched Google Drive.
  • Open Security Research has a great post on how to use Windows native tools to help answer the question- Am I pwned?
  • After the PHP story of the past few weeks (CVE 2012-1832, CVE 2012-2311), can I admit to some fatigue to see another PHP bug? CVE 2012-2376 appears to impact PHP on Windows, up to and including the just released 5.4.3 and allow for local file inclusion. Packetstorm has exploit code, at least for Windows XP SP3. See also the ISC Diary for perspective.
  • If you are looking for something to do now that class has ended, someone pointed me to a source of exploit exercises. I haven’t tried it- if it is good, please let me know.
  • Christian Kirsch has a fascinating discussion of the Top 10 most searched Metasploit exploit and auxiliary modules. It is interesting to see how many old (CVE-1999-0504!) modules are on the list.
  • We mentioned MS12-034 last week; apparently even after patching, Windows XP SP 3 is still vulnerable to a DOS; see the work of Cr4sh.
  • Nmap 6.0 has been released.
  • OpenOffice 2.3.0 and 2.3.1 are vulnerable to CVE 2008-0320, a local exploit. A Metasploit module to exploit this flaw under Windows XP SP3 was just released.
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: