Home > Uncategorized > Security News #0x74

Security News #0x74

Exploits
Learning More
  • Aaron Portnoy has a nice piece at Phrack where he discusses modern exploit development. He shows how to attack Adobe Shockwave Player in a way that bypasses most modern security security features; he is able to get remote code execution on Windows 8 x64 with EMET.
  • Did you know that you can run Mimikatz against the memory of a virtual machine? I didn’t!
  • If you want to learn more about the CVE 2014-0196 Linux kernel privilege escalation bug, head over to Inside Security.
  • If you want to learn more about the recently announced OpenSSL bug, head over to the blog post of Masashi Kikuchi, How I discovered CCS Injection Vulnerability (CVE-2014-0224).
Industry News
  • It looks like the folks at TrueCrypt have ceased development work and are recommending folks migrate away from the platform. Brian Krebs has some details from last month’s announcement. A new group, led by Thomas Bruderer and Jos Doekbrijder has sprung up to keep TrueCrypt going in some fashion.
  • And if you ever wonder if we are going to evolve past this stage where seemingly every piece of software has a security vulnerability, here is a report of a root level exploit in chkrootkit, a tool to check to see if an attacker has gotten root on your system. Sigh.
  • And if you haven’t read Quinn Norton’s piece Everything is Broken, then let me suggest that you do so. Soon!
  • Last week saw an XSS attack that hit users of TweetDeck. Even better, the attack was self-propagating; essentially it was a TweetDeck XSS virus. Of course, if you were on Twitter that day, you almost certainly saw it fly by your feed; it certainly hit mine (@MikeOLearyTU.)
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: