Home > Uncategorized > Security News #0x4B

Security News #0x4B

Exploits
  • We recently noted that Apache Struts up to 2.3.15 is vulnerable to a remote code execution attack. (CVE 2013-2251). Well, the folks at Rapid7 now have a Metasploit module to exploit it (and a spiffy new web interface).
  • Rob Heaton shows how the Rails default settings include an applications security token in version control, and that an attacker with this knowledge can execute code remotely on the application’s server.
  • Kuronosec reports on MS 13-056, DirectShow Arbitrary Memory Overwrite Vulnerability. This is an issue with how Windows parses .gif files; they even provide a PoC to demonstrate the technique.
Security Tools
  • Did you know that there are simple programs out there that can identify TrueCrypt, Bitlocker, or other encrypted files? Here is TCHunt looking for a TrueCrypt volume on a test system:
    c:\Users\seldon\Desktop>TCHunt.exe
    _/_/_/_/_/    _/_/_/  _/    _/                     _/
       _/      _/        _/    _/  _/   _/  _/_/_/  _/_/_/_/
      _/      _/        _/_/_/_/  _/   _/  _/    _/  _/
     _/      _/        _/    _/  _/   _/  _/    _/  _/
    _/        _/_/_/  _/    _/   _/_/_/  _/    _/    _/_/ v1.6
    
    Allowed options for TCHunt:
      -d [ --dir ] arg      The directory to search (recursive).
      -h [ --help ]         Print this message and exit.
      -v [ --verbose ]      Print verbose output.
    
    
    c:\Users\seldon\Desktop>TCHunt.exe -d c:\Users
    Suspect_File:   c:\Users\seldon\Desktop\TrueCryptVol
    

    Total elapsed time- about two seconds!

For Students
  • Raphael Mudge has a great piece on situational awareness in Meterpreter. He shows you how to find out about the process, token, system architecture, and desktop from within a Meterpreter shell.
  • It may not be in style, but there is a lot of value in knowing the various command line options on a Windows system. Do you know the Windows equivalents of cat and grep? Take a look at this piece from TunnelsUp.
Learning More
  • The folks at Addepar describe how they found a bug (CVE 2013-3300) in Lift. The piece shows a couple of nice things- how paying close attention to the errors can find larger flaws, and how important it is for programmers to think hard about error messages- who should get them, and what they should contain.
Industry News
  • Last week Forbes reported on research to show how to hack into cars, including taking control of speed, brakes, and steering in a moving car.
  • Speaking of cars, The Guardian reports on an injunction from the High Court of London against a British security researcher, Flavio Garcia, who apparently was able to crack the security of devices that allow the starting of various brands of luxury cars. He is being prevented from revealing his techniques as he had planned at the next USENIX conference.
  • Forbes also has an article on how "smart homes", where everything from thermostats to lights are hooked up to a controller, can also be attacked remotely.
  • And since we are talking about hacking practically everything that is not hermetically sealed, Fox News reports on research of Todd Humphreys from the University of Texas; his group was able to spoof GPS signals, and send a multi-million dollar yacht off course.
  • TechCrunch reports on an attack at Stanford; they have asked everyone there to re-set their passwords. Interestingly, the article is written by Billy Gallagher, the co-student body president at Stanford.
  • You know that the security industry is going to be around for a while yet when the MITRE folks have to increase the number of digits in CVE identifiers. Will we look back on the "good old days" when fewer than 10,000 vulnerabilities were found each year?
  • Financial Review reports that systems manufactured by Lenovo have been banned from secret and top secret networks in many countries.
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: