Security News #0x22
Let me give a shout out to the Bowie State Cyber Club and thank them for their hospitality on my visit last week. Don’t forget out discussion of hacking tools!
- Always be aware of security- and this means being careful with shortened URLs. Threatpost describes a study from Web of Trust that shows a significant fraction of shortened URLs point to potentially hostile locations.
- Metasploit has added a module for CVE 2012-1182, a vulnerability in Samba 3.6.3 that allows for remote code execution as root. The Metasploit module targets include Ubuntu 10.04, 11.04, and 11.10.
- IEEE lost 100,000 plain text passwords thanks to a misconfigured FTP server. Some simple analysis of the resulting password has been performed. Naked Security provides some context.
- Even more Java vulnerabilities have been reported to Oracle. Ars Technica provides some context.
- Gal Badishi provides some insight to how CVE 2011-0611, a vulnerability in Adobe Flash, can be exploited.
- One of the servers for Sourceforge distributed for a short time a version of phpMyAdmin 126.96.36.199 that contained a backdoor (CVE 2012-5159). Once again, Ars Technica provides some valuable context.
- The Illinios CCDC has a new proposed competition topology.
- The CSAW CTF is ongoing, with 576 teams on the scoreboard.
- Here is a nice page that describes how someone qualified for DefCon 2004. What is especially nice is that the author provided a link to the original executables as well.
- I have not tried ExploitShield, but from the article is seems to be worth a look. Perhaps when I find some time….