HNNEpisode194

From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #194

Recorded October 16, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • One of our illustrious co-hosts, Patrick Laverty, will be co-presenting "Pentesting: Tips, Tricks and Stories" with Aaron Herndon at BSides CT 2019! Ticket sales are open until the day of the show (Saturday, November 3rd) for $20. Go to bsidesct.org to register now!
    • Join us for our Webcast with Signal Sciences entitled Which way should you shift testing in the SDLC? This webcast will be held November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!

    Security News

    1. Critical Code Execution Flaw Found in LIVE555 Streaming Library - A critical code execution vulnerability has been identified in LIVE555 Streaming Media RTSP Server library used by VLC and other media players. Lilith Wyatt, the IT security researcher at Cisco Talos Intelligence Group has discovered the vulnerability. The vulnerability exists in the HTTP packet-parsing functionality of LIVE555 RTSP Server library through which an attacker can send a crafted malicious packet to trigger the vulnerability and cause a stack-based buffer overflow resulting in code execution.
    2. WordPress team working on "wiping older versions from existence on the internet" | ZDNet - Two interesting points: "Instead, we're working on figuring out ways to roll those versions forward automatically without breaking sites for people, and essentially we're working to try to wipe those versions from existence on the internet, and bring people forward. "It is not an easy problem to solve, but we're working on it," and Campbell says the WordPress team has been collaborating with the authors of the most popular plugins on its Plugins repository. It's been helping these plugins follow best coding practices. This has yielded great results, Campbell said, as smaller plugins have now started to follow (or steal) the coding techniques used by these larger projects, and indirectly have raised the security of their own plugins. They gave a presentation at Derbycon, make sure you check it out!
    3. Patch now! Multiple serious flaws found in Drupal - Both critical flaws allow remote code execution (RCE), the first of which is in the PHP DefaultMailSystem::mail() backend affecting Drupal core versions 7.x and 8.x. The advisory for SA-CORE-2018-006 describes this as relating to email variables not being sanitised for shell arguments, leading to a possible RCE. If you run a CMS, or have them in your environment, you need a solid plan to constantly update these systems, and extra protection in the form of security plugins or 3rd party services.
    4. Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking - Ori Karliner at Zimperium analyzed the operating system and found that all of its varieties are vulnerable to four remote code execution bugs, one denial of service, seven information leak and another undisclosed type of security problem. The versions affected are FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components). Amazon has been notified of the situation and the company responded by releasing patches to mitigate the problems. from: https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-found-in-freertos-popular-os-for-embedded-systems/
    5. Hack on 8 adult websites exposes oodles of intimate user data - A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it’s not clear how many of the addresses legitimately belonged to actual users. Robert Angelini, the owner of wifelovers.com and the seven other breached sites, told Ars on Saturday morning that, in the 21 years they operated, fewer than 107,000 people posted to them. You can read the article to get the full list of affected web sites.
    6. Zero-day in popular jQuery plugin actively exploited for at least three years | ZDNet - The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. This worse case scenario is exactly what happened. Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Evidence on YouTube shows tutorials on how to exploit this vulnerability dating all the way back to 2015.
    7. Security flaw in libssh leaves thousands of servers at risk of hijacking | ZDNet - The vulnerability allows an attacker to bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password. An attacker can do this by sending the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate.

    Expert Commentary: Leonard Simon, Springboard

    Leonard Simon is the Senior Security Engineer Consultant at Springboard
    Leonard Simon is a Senior Security Engineer Consultant based in Miami, FL working with businesses to help design, implement, monitor and troubleshoot detailed system security architecture for customers within various industries such as healthcare, government, manufacturing, technology, transportation, retail, financial, legal, hospitality, travel, and utilities. Leonard is an adjunct professor at various university where he teachers several online courses in cybersecurity. Leonard is also a Cybersecurity Mentor at Springboard where he interacts with students weekly talking about their course work as well as providing guidance throughout the course. Leonard holds an M.S. in Management Information System with an Information Security concentration from Nova Southeastern University, a B.S. in Information Technology from Florida International University along with various technical certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Check Point Certified Security Master (CCSM) and Cisco Certified Network Administrator (CCNA). Leonard is also a doctoral student at Capella University working on his Doctor of Information Technology (DIT) degree in Information Assurance and Cybersecurity.

    Certification guides, courses, and resources

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+