Home > Uncategorized > Security News #0x7F

Security News #0x7F

  • I have been asked how to make your computer "100%" secure. Last year, someone posted an excellent video with recommendations. I can’t quite endorse the method; if you watch to the end the attacker is still able to get in, but it did require some significant effort. Call it "99+%" security and I am happy. My students should know though, that this technique is not permitted during Exercise 1.
  • There is a proof of concept for a privilege escalation attack on Windows 8.1 that exploits a race condition during login. The underlying issue is CVE 2015-0004 and was patched in MS 15-003.
  • There is a new Metasploit module to bypass protected mode on Internet Explorer on Windows 7 SP1 (32 bits). The underlying problem is CVE 2015-0016, which was patched in MS15-004.
  • Did you know you can crack the WEP key of a wireless network without being in signal range of the AP and without sending any packets to the AP? (I didn’t!). Take a look at this piece at the Penetration Testing Lab that describes the Hirte attack. [The key is finding a client that has connected to the AP in the past!]
  • If you want to learn about the technical details behind CVE 2014-9322, a privilege escalation exploit in recent (<3.17.5) Linux kernels, take a look at this blog post from Rafal Wojtczuk at Bromium Labs.
  • Samsung phones are vulnerable to an attack named currupdate. [As an aside, is anyone else tired of naming vulnerabilities? It’s like folks are trying to sell products!] The underlying issues are named CVE 2015-0863 and CVE 2015-0864, though they have not yet made it to the MITRE database.
  • May DDos attacks rely on amplification, where at attacker sends a (spoofed) packet to a host of size s, which sends to the DDoS target of size a*s. The number a is the amplification factor of the attack, and if a is large then a small number of attackers can flood the bandwidth of a victim. Last year a DDoS attack against the city of Columbia (MO) was launched using MSSQL achieving an amplification of as much as 440. Take a look at Default Deny for the technical details.
  • Here is a neat trick to tunnel Meterpreter over SSH.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: