Security News #0x6D
- There is a DoS vulnerability in all versions of Apache prior to 2.4.8. The vulnerability is CVE 2013-6438, and can be exploited by sending some carefully crafted requests. Details of the flaw, and PoC code for the DoS exploit can be found at Dr. Cruft.
- Would you like to learn more about the Sysinternals suite of tools for Windows systems. (Please nod and say "Yes!"). You may want to take a look at the sequence of Sysinternals lessons from How-To Geek. Even I learned a few new things!
- Here is a nice article that talks about techniques for detecting LD_PRELOAD attacks. If you don’t already know, LD_PRELOAD is similar in spirit to .dll hijacking, where instead of manipulating the location of files, you instead preload the location of certain function calls. If you do check out the post, you will also want to head over the corresponding reddit discussion, which brings up a number of different perspectives.
- Are you interested in BIOS based rootkits? For VMware systems or real systems? With technical details? Take a look at this very interesting tutorial on n0where.net. I sure hope the various CCDC Red Teams decide not to visit this page; it would be more than tough for a student to figure this out in a competition.
- If you want to hear a tale of how Prezi got pwned (responsibly) and how they responded, take a look at their blog entry.
- Core Security has a nice discussion of the recent MS14-006 update. The underlying vulnerability can blue-screen or render unresponsive a Windows system simply through network traffic. What is interesting in Core’s piece is that this vulnerability remains (unpatched) in Windows 7 systems, and that it parallels a similar problem in Linux.
- Now that the end of CCDC season is upon us, many folks are reflecting on their value. You might want to take a look at Matt Weeks’ take on his blog Thoughts on Security. Ben Heise responded on Twitter, and explained his thinking in more detail on the corresponding reddit page for the article. The good folks at PPP presented their arguments in favor of CTF over CCDC. On Twitter, Raphael Mudge stood by his comments from last year praising CCDC and similar events. Finally, a student from James Madison joined the conversation.
- My thoughts? I have coached CCDC teams for Towson beginning with the first mid-Atlantic CCDC nine years ago. My students’ learning benefited enormously, and we all had fun. As a teacher, what else would I need? Is it perfect? No! Does it truly determine which team is "best"? No, if for no other reason than it only tests a subset of the skills needed to be a professional. Is is better (or worse) than a CTF exercise? I’ll tackle that question after we determine which is better- baseball or football. Win or lose though, we’ll be back next year to learn more and to have more fun.
- If you don’t know what a CCDC event is, here are some press pieces from the just completed mid-Atlantic CCDC:
- This isn’t quite "news" anymore; let’s agree to call it "not too olds". Late March saw a new 0-day exploit targeting Word and Outlook. The vulnerability could be triggered by
.rtffiles opened in Word or simply previewed in Outlook. Microsoft’s defensive recommendation is to use EMET and/or to disable opening
.rtffiles. The underlying vulnerability is CVE 2014-1761.
- If you are not following the story of NSA and RSA, you should.
- It has been a while, but now Ars Technica is reporting on a new attack against Phillips smart TVs. The best part? The attack is via WiFi! Whoo-hoo! Sure, it is password protected, but there is a default hardcoded password. Take a look at Threatpost for more.
- If hacking a TV is too pedestrian, how about hacking a Tesla? As in the automobile.