Security News #0x7F
- I have been asked how to make your computer "100%" secure. Last year, someone posted an excellent video with recommendations. I can’t quite endorse the method; if you watch to the end the attacker is still able to get in, but it did require some significant effort. Call it "99+%" security and I am happy. My students should know though, that this technique is not permitted during Exercise 1.
- There is a proof of concept for a privilege escalation attack on Windows 8.1 that exploits a race condition during login. The underlying issue is CVE 2015-0004 and was patched in MS 15-003.
- There is a new Metasploit module to bypass protected mode on Internet Explorer on Windows 7 SP1 (32 bits). The underlying problem is CVE 2015-0016, which was patched in MS15-004.
- Did you know you can crack the WEP key of a wireless network without being in signal range of the AP and without sending any packets to the AP? (I didn’t!). Take a look at this piece at the Penetration Testing Lab that describes the Hirte attack. [The key is finding a client that has connected to the AP in the past!]
- If you want to learn about the technical details behind CVE 2014-9322, a privilege escalation exploit in recent (<3.17.5) Linux kernels, take a look at this blog post from Rafal Wojtczuk at Bromium Labs.
- Samsung phones are vulnerable to an attack named currupdate. [As an aside, is anyone else tired of naming vulnerabilities? It’s like folks are trying to sell products!] The underlying issues are named CVE 2015-0863 and CVE 2015-0864, though they have not yet made it to the MITRE database.
- May DDos attacks rely on amplification, where at attacker sends a (spoofed) packet to a host of size s, which sends to the DDoS target of size a*s. The number a is the amplification factor of the attack, and if a is large then a small number of attackers can flood the bandwidth of a victim. Last year a DDoS attack against the city of Columbia (MO) was launched using MSSQL achieving an amplification of as much as 440. Take a look at Default Deny for the technical details.
- Here is a neat trick to tunnel Meterpreter over SSH.