Security News #0x32
- We have some new Metasploit modules attacking older versions of Java- Java 7 U7. The first is called Java Applet AverageRangeStatisticImpl Remote Code Execution, and is based on the same CVE 2012-5076 vulnerability exploited this past November. The second is called Java Applet Method Handle Remote Code Execution, and exploits CVE 2012-5088 Eric Romang has a pair of demos.
- While we are on the subject of Java, I am glad that I am not the only one who does not like Oracle adding unwanted software to Java patches.
- Did you know that Metasploit let’s you turn on the microphone on the target system? Me neither!
- But the idea of using SSH and the microphone on your system to play the result on a different system– That’s cool!
- Students- I say it in class over and over- do not test systems you do not own. Read this story of the expulsion of a Canadian student for finding and reporting a security hole.
- The next Baltimore Charmsec meeting is January 31.
- Do you use Twitter? Have you checked your security settings lately?
- You can never go wrong with a story about hacking into a DVR, can you?