Security News #0x80
- ET Pwn Phone? (Thanks to Ryan for the idea!) This is a Metasploit module that exploits the futex_requeue bug in Android phones prior to June 2014. This exploits CVE 2014-3153.
- It is possible to crash the Google email application with a single email. What makes this denial of service particularly problematic is that the target then needs to find a way to delete the malicious email without using the Google mail application.
- Internet Explorer 10 and 11 are vulnerable to a universal cross site scripting attack. As yet, this is unpatched; there isn’t even a CVE number. Of course, Metasploit has a module. A technical description is available.
- An attacker that has gained a foothold on a network often needs to obtain network credentials before moving laterally. One interesting approach is to ask the user. This is a new Metasploit module to phish credentials by popping up a dialog box on a compromised system.
- Linux is not immune to this type of attack. Here is a Metasploit module that steals passwords used to unlock the screensaver or use the Policy Kit
- Are you interested in learning more about how a Linux system boots?
- Recent Samsung televisions allow for voice control. The catch is that the voice recognition is not done on the television, but rather at a remote site. Now imagine that every word you speak in your living room is sent to a third party. Maybe I don’t need a TV with voice recognition.
- LD_PRELOAD is a way of modifying code execution in Linux without modifying the code; this is done by changing the library functions that the code relies on. One malicious use of LD_PRELOAD is as a way to hide malware and rootkits. haxelion has one of the best write-ups on the topic I have seen, especially the question of detection.
- Nat McHugh has provided a step-by-step method to generate MD5 collisions using Amazon AWS and HashClash at a cost of roughly 65 cents per collision.
- Stephen Brennan has a nice tutorial on how to write your own shell. Well worth a read.