Home > Uncategorized > Security News #0x4F

Security News #0x4F

  • High on this week’s list of coolness are the reports that the tool ZMap can scan the entire Internet in 45 minutes, assuming a good connection. It requires a 64 bit Linux, so I am sad- my home Kali is 32 bit. Hmm. Perhaps an upgrade is in my future? The Washington Post describes some of what the researchers who wrote the tool found.
  • The folks at Packetstorm have a new Java attack that affects Java 7 Update 25; exploit code is provided. The problem lies in the function BytePackedRaster.verify(), which is vulnerable to overflow. I do not think that a CVE number has yet been assigned.
  • You probably recall the PERF privilege escalation exploit for 64 bit Linux systems, which has a couple of exploits, with the most talked about one probably being semtex.c. Well, it looks like there is another exploit, this one targeting ARM systems. Interestingly, the code references CVE-2013-4254, though the MITRE database has not yet assigned that number.
  • MWR Labs was able to bypass the sandbox on Google Chrome as part of the 2013 Pwn2Own event. PoC code now appears to be available.
  • Has anyone tried this Firefox 3.6 exploit or this Firefox 3.5.4/3.0.4 exploit from x90c? The first exploits CVE 2010-1028, while the second exploits CVE 2009-3373.
  • Did you know that there is an exploit circulating for Samsung DVRs?
Learning More
  • Did you know that it is possible to create very small files that when fully uncompressed become enormous? As an example, consider
    root@kali:~/test# dd if=/dev/zero bs=10M count=1 | gzip -9 | gzip -9 
    > test.gz.gz
    1+0 records in
    1+0 records out
    10485760 bytes (10 MB) copied, 0.0692819 s, 151 MB/s

    This uses dd to read 10 MB of zeros from the file-like object /dev/zero. We then pass this through a round of gzip, with maximum compression (the -9 argument) and then do it again; the result is piped out to test.gz.gz. How big do you think the result might be?

    root@kali:~/test# ls -l
    total 4
    -rw-r--r-- 1 root root 117 Aug 25 16:16 test.gz.gz

    Yep- 117 bytes. If you can compress 10 MB (of zeros) to 117 bytes, clearlyyou can "go large" if you want, and have the time:

    root@kali:~/test# dd if=/dev/zero bs=100M count=1 | gzip -9 | gzip -9 
    > test100.gz.gz
    1+0 records in
    1+0 records out
    104857600 bytes (105 MB) copied, 0.675504 s, 155 MB/s
    root@kali:~/test# dd if=/dev/zero bs=1000M count=1 | gzip -9 | gzip -9 
    > test100.gz.gz
    1+0 records in
    1+0 records out
    1048576000 bytes (1.0 GB) copied, 56.5876 s, 18.5 MB/s
    root@kali:~/test# ls -al
    total 20
    drwxr-xr-x  2 root root 4096 Aug 25 16:24 .
    drwxr-xr-x 20 root root 4096 Aug 25 16:03 ..
    -rw-r--r--  1 root root 2588 Aug 25 16:22 test1000.gz.gz
    -rw-r--r--  1 root root  369 Aug 25 16:24 test100.gz.gz
    -rw-r--r--  1 root root  116 Aug 25 16:23 test.gz.gz
  • Are you learning to write your own Windows shellcode? Then the primer at Exploit Monday may help you.
  • While I am thinking about shellcode, did you know that there is an online dissassembler? It ain’t IDA Pro (what is?), but it might be useful if your copy is elsewhere.
  • If you think that it is simple to look through the PHP source code of a website looking for backdoors, let me suggest that you take a look at how Riley Kidd can hide them.
  • I did not see this earlier in the year, but Skeleton Scribe has a nice piece on attacking web applications via the HTTP Host header.
Industry News
  • Those of you who use the Cerberus anti-theft tool for Android phones should read about the recent attacks on the tool.
  • It appears that there was a significant attack against Harbor Freight, involving the (possible) theft of large numbers of credit card numbers.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: