Security News #0x87
- As someone who has coached three different teams to the finals of the National Collegiate Cyber Defense Competition, let me say that Raphael Mudge’s analysis is spot on and hugely helpful. Mind you, there is a difference between knowing what Red Team wants to do, and being able to meaningfully stop them…..
- If you are looking for a nice write-up on MS 14-068, head over to Veris Group and read what one of my ace former students has to say.
- There is a new denial of service attack against Minecraft servers.
- If you want to see a technical analysis of MS 15-034, the recently announced vulnerability in HTTP.sys, you might want to head over to Security Swift and a recent piece by Mike Czumak.
- Metasploit is developing a DoS exploit to attack MS15-034. I wonder how long it will be before this becomes remote code execution.
- If you want to see some of the technical details behind the recent Chinese attack against GitHub, check out Netresec.
- There is a (post-authentication) backdoor available for pfSense firewalls. This backdoor was used extensively during the 2015 SECCDC. Sam Cappella talks about his experience on Red Team at the SECCDC, including the development of the backdoor.
- One interesting area of research over the last few years has been looking at statistical patterns of people’s passwords. Take a look at the recent blog post of Julian Dunning to get a better handle on the question.
- CVE 2015-1862 is a vulnerability in Linux systems that can potentially result in privilege escalation. Tavis Ormandy has proof of concept exploits.
- The New York Times has a piece on how car thieves might be able to break into cars using a power amplifier.
- There is a new Metasploit privilege escalation exploit for Mac OS X, named “Rootpipe”. The underlying vulnerability is CVE 2015-1130.
- An older way to attack Windows systems is to pass a URL like file://a.b.c.d to Internet Explorer; then Windows attempts to authenticate via SMB and so credentials can be harvested. It turns out that HTTP redirects (302) can be used to accomplish the same task.
- There is a proof-of-concept exploit for CVE 2015-0240, which is a vulnerability in Samba.
- Have you seen this interesting approach to attacking Gnome screensavers?
- Here is a neat piece on detecting debuggers. Not my area of expertise at all, but an interesting read nevertheless.