Home > Uncategorized > Security News #0x4D

Security News #0x4D

Exploits
  • There is a new privilege escalation exploit circulating for Linux. CVE 2013-0268 affects kernels prior to 3.7.6; the issue is with the /dev/cpu/*/msr subsystem. SecurityFocus has PoC exploit code, but I could not get it compiled. Such are the tribulations of a Saturday morning!
  • The folks at Sekurak have found some interesting vulnerabilities in HP Laser Jet printers. Apparently they leak sensitive configuration details (like the administrator password) on publicly accessible web pages. Whoopsie!
  • Ars Technica reports that attackers went after a number of Tor nodes. Apparently malicious JavaScript was being served by Freedom Hosting only to folks using Tor. Interest in Freedom Hosting may be from law enforcement, and may be related to a crack down on child pornography; see the report from Wired. The malicious Javascript attacked Firefox 17, which has a known memory management vulnerability, and it turns out that this version of Firefox was included in a browser bundle offered by the Tor project. The malware itself apparently only reports the MAC address and Windows hostname, which is sent (along with the host IP) to a server. As folks have found the IP address of that server, there has been a lot of speculation as to who pulled off the attack; suggested culprits include SAIC, the FBI, and the NSA. That said, the reality remains unclear.

    As you might expect, Metasploit is working on a module. I wanted to give the current version of the module a spin, but it is not yet part of Kali. I grabbed the code from GitHub and dropped it into my Kali (with the clever name test) but the exploit failed.

    msf exploit(test) > [-] 10.0.2.201       test - Windows XP not found, 
    sending 404: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 
    Firefox/17.0
    [-] 10.0.2.201       test - Windows XP not found, sending 404: 
    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
    

    For now at least, the module requires Windows XP, and I did not have the time to break one of those antique VMs out of storage. Perhaps next week….

    The underlying vulnerability that started all of this is CVE 2013-1690.

  • Tim Medin has a great piece on how to use psexec to bypass UAC.
Security Tools
  • A new version (0.63) of PuTTY has been released to patch some security holes.
  • And since we are mentioning security tools with holes, note also that NetworkMiner 1.4.1 is vulnerable to multiple attacks as well.
For Students
  • Did you know that Wireshark can decode TLS/SSL traffic?
  • We all know that Metasploit likes to migrate off into notepad.exe processes. Well, Raphael Mudge of Armitage fame discusses some of the consequences of that choice. For example, what would happen if some clever student removed notepad.exe from the target? Then what?
Learning More
  • Did you know that it is trivial to recover passwords stored in Chrome? Me neither!
  • Are you interested in learning how to obfuscate Java code? Khai Tran has a tutorial on Java obfuscation techniques using Klassmaster.
  • Infobyte has a nice piece on hacking a Lexmark N4000e Print Server.
Industry News
  • The MIT Technology Review reports that the Chinese group APT1, aka CommentCrew was found hacking into a honeypot of Kyle Wilhoit that was set up like a local water authority.
  • CyberArms reports on a hack presented at OHM 2013, where an unnamed hacker was able to maintain access to a system after it was wiped by first modifying the firmware of the hard drive. You can find the technical details at SpritesMods.
  • There is a problem with Windows phones; if the phone connects to a (rouge) access point, then the user’s domain credentials might be recoverable.
  • Threatpost reports on unpatched vulnerabilities in the Cisco TelePresence system.
  • From the "I can’t believe it" files, it turns out that some Xerox photocopiers will occasionally change numbers in copies- changing a six into an eight for example.
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: