Home > Uncategorized > Security News #0x52

Security News #0x52

  • Last week we discussed a Metasploit module for an Internet Explorer vulnerability; well here is another. This one was patched in MS13-055, and the underlying flaw (CVE 2013-3163) is a use after free issue. The module is written only for Internet Explorer 8, on Windows 7 (or XP).
  • This is not so much an exploit, as a description of an attack vector (as no PoC code is available). Tom Van Goethem has a fantastic piece on how to exploit WordPress prior to 3.6.1. His idea is to use the PHP function unserialize(). As noted on the PHP web site, passing untrusted data to this function is, well, bad. As in remote code execution bad. He is able to pick out a few cases in WordPress where the function is called, and then find a way to get user supplied data to the function. A great piece, and a great write-up. If you want to get a broader perspective, rather than a technical one, you might want to take a look at the Threatpost piece.
  • Mac OSX has been showing up here lately, for all the wrong reasons. This week we draw your attention to a post of MagerValp who discovered back in May that logging in to OSX 10.7 – 10.8.4 can result in the clear text password being exposed to other logged in users.
For Students
  • Carnal0wnage describes how he used a custom Windows password filter at the National CCDC that would send out credentials back to the attacker anytime they were changed on the domain controller.
  • Did you realize that you can write a PHP Backdoor without using any alphanumeric characters?
Industry News
  • Graham Sutherland has a nice piece, where he shows how he found that the Dropbox client does not enforce ASLR. This could be problematic, as it may allow attackers an easier way to develop ROP chains.
  • While we are talking about Dropbox, there was a nice pair of pieces on how and why Dropbox apparently opens and scans certain file types that are uploaded to their service. The take away from the second piece was that this is being done to make them more easily accessible via web browsers.
  • Vodaphone Germany appears to have lost personal details, including banking information, for some two million customers.
  • Ars Technica reports that the NIST is recommending that some previously published encryption standards not be used due to security concerns, possibly related to the latest NSA revalations.
  • Here is the post of Matt Green on NSA that was asked to be removed. If you don’t know the story, check out the discussion in Ars Technica.
Categories: Uncategorized
  1. No comments yet.
  1. December 15, 2013 at 8:34 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: