From Security Weekly Wiki
Revision as of 20:55, 8 March 2007 by Pauldotcom (talk | contribs)
Jump to navigationJump to search

Investigating someone's Information disclosure? How about your information?

Stories for Discussion

NOTE: Congratz to Randal Schwartz, for "nothing at all". Just who is Randall Schwartz and why are we congrats for nothing?

Stack Overflow Exploitation Explained - [PaulDotCom] - Very cool article on stack overflows. They also use a fuzzing tool called bed. Article also has some coverage on Ollydbg. Cool stuff. BTW, all of these tools are on the Backtrack CD

BackTrack 2.0 released - [Larry] - A must for your toolkit. Better ALFA USB wirless support now works with Intel macs and VMware!

fishy FiSH - [PaulDotCom] - FiSH, an IRC encryption plugin, contains some vulnerabilities, described as "stacksmashes everywhere". Reportedly these have existd for quite some time, like years. Quote: "The 90's called, they want their bugs back :-p". It can be summed up with one line of C "strcpy(contactName, word[4]);". Doh!

GPS Sniper rifle - [Larry] - Filed under who's Watching the Watchers. Not a sniper rifle for better GPS coordinates, but for injecting a GPS tracking device in life forms, without detection. Hurts less than a mosquito bite.

MOPB - Local Code Execution Exploit - [PaulDotCom] - A few interesting things here, first the exploit exists in PHP 5.2.1, the latest version. However, the included shellcode is for PHP 5.2.0 only. Finally, to prevent a remote file include, they included this line "die("REMOVE THIS LINE");". Nice, if you are a script kiddie, you may want to test your code before you execute it, but, you are a script kiddie and will probably be stopped by this.

Dancho's lowdown on botnet communication - [Larry] - A short intro to what I suspect is a longer, more in depth conversation. Keep an eye on this for more.

Pwned by Wal-Mart? - [Larry] - Wal-Mart employee fired for "pretexting". Lots of FUD on this one. Discuss the methods potentially used, and how to protect against - WiFi, SMS, GPRS, Flex, POCSAG, VOIP, etc. Wal-Mart Exmpleyee fired for monitoring text-messages (SMS) - Yikes! I think getting fired is the least of this person's worries, as sniffing GSM is illegal (thanks Bill Clinton ala DMCA) we can't even try to develop technology to sniff it. However, the GNU Radio project and USRP are interesting projects. Makes me paranoid though, anyone with some EE experience and RF knowledge could use open-source tools to sniff really any wireless technology, barring encryption. Suddenly, I don't feel so safe using EVDO anymore.

RFID Passport Cracking - [Larry] - ...Adam Laurie at it again. This time the passport was never removed from the mailing envelope.

Citrix Client Arbitrary code execution - [Larry] - With the Citrix client installed, a maliciopus web page cen get the Citrix client to execute code as the logged in user.

Your Wireless is showing - [Larry] - ...me about your secrets. Couple this with the cloak or not to cloak article, and MS patches for wireless.

Month of PHP Bugs - [Larry] - Psssst! PHP is insecure...so much so there are more bonus bugs than real bugs!

CA Virus Downgrade Vulnerability - [PaulDotCom] - Malware will typically try to kill anit-virus programs running on the infected system as its first step. This may not always go unnoticed. However, if you are able to downgrade the virus defs to install some more juicy malware, that may very well go unnoticed.

Pornographic SPAM hits all-time Low - [PaulDotCom] - What ever happened to "Sex sells"?

Nothing to See here - [PaulDotCom] - Great analysis from Richard Bejtlich on how sometimes security analysts are always looking for the "conspiracy", when it could very well just be backscatter from a DoS. Sometimes we need to be reminded of this :)

SSID Cloaking Reduces Security - [PaulDotCom] - Says wireless security expert and good friend Josh Wright. Here's the deal, KB917021 gives users a new checkbox which says "Connect even if this network is not broadcasting". This means that clients will probe for non-broadcasting networks and fall victim to KARMA and furthermore disclosing the name of the SSID that was "hidden". This sparked some debate on the wifisec mailing list about whether or not SSID broadcasting, WEP, MAC address filtering are good security measures.

mod_security bypass - [PaulDotCom] - A specially crafted POST request will go unchecked (or at least every byte after the ASCIIZ byte). Make certain you are running version 2.1.0+. NOTE to FreebSD port developers, upgrade ports!

Manipulating FTP Clients Using The PASV Command - [PaulDotCom] - Cool paper which is able to do portscanning and banner grabbing using the FTP PASV command. Includes PoC.

Other Stories of Interest