Home > Uncategorized > Security News #0x36: One week, Two Java 0-days.

Security News #0x36: One week, Two Java 0-days.

  • Last week we mentioned a Linux privilege escalation (CVE 2013-0871). Well there is another Linux privilege escalation out there; this one is CVE 2013-1763. This time the problem is in Linux kernels prior to 3.7.10 (including e.g. Ubuntu 12.04), in one of the core networking components. Worse yet, there are at least two different exploits out there. Exploit-db has one, but you can get them both from Security Focus.
  • By correctly manipulating the clock, you can bypass subsequent password checks when using sudo.
  • Mark Baggett has a wonderful demonstration of a file hiding technique on Windows that is well worth a look. Catch the video over at PaulDotCom.
  • Unallocated space is holding an Arduino night next week in Severn, MD.
  • Ars Technica reports on a new method to bypass the iOS passcodes that prevent unauthorized users from gaining access to your iPhone.
  • While I am mentioning Ars Technica, they also report on MiniDuke, a new piece of sophisticated malware. You may want to see the Securelist discussion as well.
  • Wired has a discussion on some of the different Stuxnet versions that have been identified.
  • The website http://icanhazip.com/ simply returns your public IP address.
  • Yes, there are more Java 0-days out there. Actually, there were two zero-days this past week. Of course these are in the wild. Symantec reports that these latest attacks may be related to the recent attack on Bit9; you may also be interested in Brian Krebs’ take.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: