Security News #0x2A: Thanksgiving Edition
It looks to have been a quiet week; I guess everyone is either full and watching the games, or heading out to the mall….
- Astrobaby has a nice piece on how to hack into an Ubuntu 12.04 system with Metasploit. Some folks have pointed out that the article assumes that a malicious executable gets on the system somehow, but to my mind that is not the interesting portion of the piece. Rather it is how the author shows how to string together a couple of different techniques to leverage that executable to a root shell.
- Scott Sutherland at NetSPI shows how to use Metasploit and local administrator account to get database administrator privileges on SQL Server databases.
- For all those students out there- be safe! That means do not try to hack into systems that you do not own. Even if you do so with the best of intentions, things don’t always work out well. Earlier this week Andrew Auernheimer was found guilty of a federal crime for his actions in connection with an insecure web application on an AT&T web site. If you want to understand some of the legal issues, take a look at Robert David Graham’s piece on the subject.