Security News #0x61
- Last week we mentioned that Veil can check its payloads against VirusTotal; well now Metasploit has a similar feature.
- NICCS has a cyber competitions repository, with information about the when, where and how to complete in competitions across the calendar and across the globe.
- You may want to visit How is My SSL with your commonly used browsers to get a feel for how your SSL connection stack up.
- The folks at GreyHatHAcker have identified some commonly installed products that may allow simple bypass of ASLR on Windows systems.
- It looks like the OpenSuSE website was hacked with up to 79,000 accounts compromised.
- The recently discovered libXfont vulnerability that appears to have been present since 1991 worries me. The Register has some perspective and some more detail.
- Last week, there was an attack on a number of common gaming platforms, including Steam (which locked my kids out of their usual Dota 2 fix). Well, Ars Technica reports that the attack appears to have used NTP servers as amplifiers. John Graham-Cumming has a nice introductory piece on amplification attacks.
- James Mickens has a light-hearted pdf piece about how security often seems to focus on the wrong topics. Now when I say "light-hearted" I mean sufficiently funny that my CCDC team had to stop me and ask me what was so darn funny. Let me quote
Sometimes, when I check my work email, I’ll find a message that says
"Talk Announcement: Vertex-based Elliptic Cryptography on N-way
Bojangle Spaces." I’ll look at the abstract for the talk, and it will say
something like this: "It is well-known that five-way secret sharing has been
illegal since the Protestant Reformation [Luther1517]. However, using recent
advances in polynomial-time Bojangle projections, we demonstrate how a set
of peers who are frenemies can exchange up to five snide remarks that are
robust to Bojangle-chosen plaintext attacks."Advertisements