Security News #0x7D
With my class starting in just a few weeks, I am going to try to catch up on all of the cyber security news that has started to fill my inbox to bursting.
- Did you know that John Troony has a page full of PHP webshells available for analysis? Just don’t trust them- remember the story about the C99/C99.PHP shells.
- Raphael Mudge has developed and released a virtual machine named Morning Catch configured to be used as a sample system for phishing attacks. Similar in spirit to Metasploitable, students can use the system as a target in phishing and other types of attacks.
- If you spend a lot of time working in Virtual Box, you might want to know about a Metasploit module that attacks VirtualBox up to 4.3.6 running on Windows 7 SP1 (x64). The underlying problem is in 3D acceleration on the virtual machines; it is designatedCVE 2014-0983.
- Firefox 15-22 is exploitable via a Metasploit module. There are two underlying problems, CVE 2013- 1710 and 2013-1670.
- Various NTP server implementations are vulnerable to DoS Amplification. In an amplification attack, the attacker sends x bytes of traffic to a server that responds by sending n times x bytes of traffic at a different system. In one of the vulnerabilities, the amplification factor n is 46, so an attacker can flood the target with 46 times the traffic they themselves can send out.
- One new topic in the upcoming book (and not in these notes) is the DNS amplification attack. if you want to know if your DNS server might be contributing to DNS amplification attacks, check out the Open Resolver Project.
- Brad Antoniewicz has developed an an ActiveX control and tutorial for Internet Explorer to help students learn the basics of browser exploitation. Most cool.
- If you are a student who participates in CTF competitions, check out this collection of CTF writeups.
- The Mid-Atlantic CCDC virtual qualifiers are set for March 2-7, with the finals March 25-28.
Hacking the World
- The Nest thermostat is vulnerable to attack, at least by folks close enough to gain physical access to the device.