From Security Weekly WikiJump to navigationJump to search
PaulDotCom Security Weekly - Episode 223 "Cigar Lounge soiree" - for Thursday December 9th, 2010.
Roundtable Discussion Topic:
Which cigars does the PaulDotCom crew want in their stockings for Christmas?
Stories For Discussion
- Low Orbit Ion Cannon - [Larry] A quote I saw on twitter today, "Remember when your DDoS tools weren't on SourceForge?". So, this is the tool that Anonymous is using as part of the voluntary DDoS attacks against those that are "against" Wikileaks. Now the source is out there. I wonder if there is any special attack, an additional implementation of slowloris. At least now we have the source that we can learn from the code. After a quick look, it doesn't appear to be a terribly sophisticated attack, but apparently it doesn't need to be.
- Maintaining administrative access on the DL - [Larry] - Compromise a system and now create an account (or use ASPNET) for maintaining access. Hopefully a good admin will note that, if you make the user an admin in the admin group. So, how do you keep it under wraps? This issue with SAM allows for a user to be modified so that it looks like a regular user, but with admin privileges. Microsoft says that there is no investigation needed, as other vulnerabilities are required to compromise the system first.
- How do astronauts wipe? - [Larry] - Apparently not very well. NASA has been found to be disposing of a couple of machines that had not been properly sanitized. In addition to un-wiped hard drives, several machines were found to be marked externally with identifying information and ip addresses…