Security News #0x3B
- Hey students- do you have a great idea that should be better known? Submit your paper to Security B-Sides DC. The conference is October 19-20, and they will be accepting paper proposals from April 15 through June 30.
- The Spider Labs blog has a great piece on techniques to defend web applications, especially aimed at CCDC teams.
- Raphael Mudge describes his experience on the Red Team at WRCCDC.
- If you were interested in last week’s discussion of a vulnerability in MongoDB, then you may also want to read this bit of analysis of MongoDB at the Spider Labs blog.
- Speaking of last week’s MongoDB issues (CVE 2013-1892), the folks at Metasploit now have an exploit module while Eric Romang has a demo. These exploit MongoDB 2.2.3 on Ubuntu 10.04.
- Metasploit now has a module for CVE 2013-1493, last month’s Java vulnerability. That problem lied in the color management system. Well, that and the fact that you were running Java at all. Interestingly, the Metasploit blog tells us that they came across this attack in a Trojan targeting Windows Minecraft players.
- PostgreSQL announced a vulnerability. Listed as CVE 2013-1899, it may be possible to use this vulnerability to remotely execute code, though this has not yet been demonstrated. Metasploit has a scanner module to detect the vulnerable versions.
- The folks at Cyber Arms have a nice piece on the use of oclHashcat-Plus.
- Are you interested in trying out the grsecurity Linux kernel hardening package? The folks at the Network Journal have installation instructions for a CentOS 6.4 system.