Security News #0x51
- There is a new vulnerability in Internet Explorer, MS 13-059 (CVE 2013-1384), and there now is an associated Metasploit module. The exploit appears to be a bit finicky; the module documentation states “On IE 9, it seems to only affect certain releases of mshtml.dll. For example: This module can be used against version 9.0.8112.16446, but not for 9.0.8112.16421”.
- Another week, another Java attack from the folks at Packetstorm. This week’s winner is Oracle Java lookUpByteBI Buffer Overflow, which affects Java 7 Update 21 and Java 6 update 45; the underlying flaw is CVE 2013-2470.
- The folks at Packetstorm also found a vulnerability in Safari; here the underlying vulnerability is older: CVE 2012-3748.
- Back in mid-August, we mentioned CVE 2013-2465, a vulnerability in Java 7 Update 21 and Java 6 Update 45. The Metasploit module is now available, and Eric Romang has a demo.
- Back in August, Tavis Ormandy found a bug in VMWare on Linux system (CVE 2013-1662) that would allow privilege escalation on the host. [It does not allow attacks from a guest to the host.] The Metasploit folks have a nice discussion of how their module exploits this flaw.
- Most savvy folks know that Metasploit exploits often automatically migrate to a
notepad.exeprocess, which leads to the situation where
notepad.exeis making an external network connection. You might think, “Hey, this should never happen legitimately!”. Well, you are almost right. Take a look at Jeffrey Guy’s analysis of
notepad.exeprocesses that make external internet connections.
- Raphael Mudge, author of the free (and most righeous) Armitage tool, and its commercial big brother, Cobalt Strike has been asked once too often to provide support for folks who have downloaded cracked copies of Cobalt Strike. The response on his blog will live forever for its class and humor. Many of my students have repeated their favorite lines from the response, but the universally agreed upon best line is
A plaintext file requires a special tool, called a text editor, to change its content. I recommend notepad.exe or pico. Linux hackers may use WINE to run notepad.exe. Type:
Days later, this still makes me chuckle.
- The folks at Bobby-Tables.com (named after the famous XKCD comic) have a nice site with ways to avoid SQL injection.
- If you are not keeping up with the latest NSA revelations, you might want to catch up:
- Wired talks about how NSA actively targets routers and switches.
- Bruce Schneier talks about the NSA’s cryptographic capabilities.
- The New York Times talks about how NSA is working to foil encryption.
- The Guardian does much the same.
- Finally, there is Bruce Schneier calling for whistleblowers and improved engineering.