Home > Uncategorized > Security News #0x1D: Javageddon- the Aftermath

Security News #0x1D: Javageddon- the Aftermath

  • How does last week’s Java exploit work? Thexploit points out that the problem can be exploited with simple Java code.
  • DeepEnd Research put out a technical analysis of the underlying problem.
  • Immunity Products also put out an analysis of the vulnerability that is probably the best of the bunch.
  • After the attack was included in Metasploit, but before Sun issued a patch, there were a number of workarounds suggested. The most common suggestion was to disable Java in the browser (which is what I did!). It is hard to believe, but it turns out that it is quite difficult to disable Java in Internet Explorer; see also KB 2751647. You can use AppArmor in some Linux distributions.
  • Some folks suggested that last week’s Java Zero Day was part of a targeted attack. Eric Romang has an interesting analysis of the issue.
  • By Tuesday, the exploit had made its way into Blackhole, and on Wednesday Seculert reported that tens of thousands of machines had been infected this way.
  • On Wednesday, we learned that Oracle had known about the vulnerabilities used
    by this exploit for four months.
  • On Thursday, Oracle announced the patch, which I am sure that you have now installed. [If not, then do it now!]
  • How long did it take researchers to find exploitable flaws in the patch? Three hours.. Sigh.
  • Just to talk about something other than Java, on Tuesday Agarri provided details of how to exploit PostgeSQL 8.4.12 via CVE 2012-3488 and CVE 2012-3489.
  • Kaspersky Lab is running a competition for student research papers.
  • M3g9tr0n shares how he cracked 122 million passwords in five months.
  • If you are looking for research packet captures, you may want to check out this list of publicly available PCAP files.
  • Some of my students have commented on my extreme care when opening links, especially shortened links you commonly find on Twitter. Read people, read. And don’t miss the XKCD reference.
  • While I am thinking of class, Splunk has a book on their search processing language that may be valuable.
  • ShmooCon 2013 has been announced. Whoo-Shmoo!

BTW- I grabbed the phrase “Javageddon” from @ErrataRob. After seeing it, there was no way I could avoid re-using it…

Categories: Uncategorized
  1. September 18, 2012 at 4:14 pm

    The list of publicly available pcap files has moved and is now available at http://www.netresec.com/?page=PcapFiles

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: