Security News #0x84

• The big news of the week is the rowhammer attack which exploits hardware level features of DRAM chips. In particular, repeated accesses in one part of a memory row can flip a bit in an adjacent row. If that bit controls whether the process has read-write access to its own memory, then the attack can be leveraged to cause privilege escalation.
• Incursus Absconditus has a nice piece that shows how to hijack existing SSH connections.
• Did you know that it is possible to perform a full packet capture on a Windows box, beginning with system boot without using tools like Wireshark or tcpdump?
• GreyHatHacker.NET summarizes a number of techniques that can be used to bypass Windows UAC (User Account Control).
• Business Insider has an infographic that shows the largest data breaches by time.
• If you are a student (and aren’t we all students?) you might be interested in a nice piece by Mark Vavrusa entitled What a C programmer should know about memory.

Advertisements