Events Related:
- RECON 2010: The best conference ever in the worst hotel ever – ncircle.com
It was held in Montreal from July 9th to the 11th at a supposedly posh hotel where the air-conditioning wasn’t working at all building-wide during a heat wave. - SOUPS Keynote & Slides – emergentchaos.com
In “Engineers Are People, Too” Adam Shostack will address an often invisible link in the chain between research on usable security and privacy and delivering that usability: the engineer. - Photos: The Next HOPE (Hackers On Planet Earth) – laughingsquid.com
Pictures from the the Hotel Pennsylvania event. - Assange is a no-show
A Wikileaks editor, deciding not to risk a confrontation with federal agents, skipped a high-profile speaking engagement at a hacker conference here on Saturday.- HOPE: scheduled keynote by Julian Assange of Wikileaks – boingboing.net
- Wikileaks editor skips NYC hacker event – cnet.com
Resources:
- Python tools for penetration testers – dirk-loss.de
If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. - See 20 Minute Video Presentation on How to Choose an IPS – icsalabs.com
Considering which network IPS is the best fit for your enterprise or SMB?
Tools:
- Belch v1.0 – Burp external channel manipulator – invalid-packet.blogspot.com
Belch is a plug-in for burp suite designed to aid protocol analysis and manipulation, it is fairly simple. - ScanPW – pke.nu/scan
ScanPW it’s a free web application that let’s you, in a fast and secure way, analize a webpage source code. - Metasploit Framework 3.4.1 Released! – metasploit.com
This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month. - Facetime on Iphone 4: Vanilla unencrypted STUN and SIP – roychowdhury.org
No hacking needed – just an on the wire black box inspection – its just plain SIP and STUN for firewall discovery. - Kismet – kismetwireless.net
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. - Crypto tool predicts password cracking time – h-online.com
Instead of indicating password quality via coloured bars, the Windows crypto tool Thor’s Godly Privacy (TGP) informs users about the estimated time required for a successful brute-force attack on the chosen password. - PEScrambler – code.google.com/p/pescrambler/
PEScrambler is a tool to obfuscate win32 binaries automatically. It can relocate portions of code and protect them with anti-disassembly code. - SIFT Workstation out now
A new version of SIFT Workstation is out, here the new features: VMware Appliance, ready to tackle forensics, and cross compatibility between Linux and Windows among others.- SANS Investigative Forensic Toolkit – marcoramilli.blogspot.com
- SANS Investigative Forensic Toolkit (SIFT) Workstation: Version 2.0* – sans.org
- skipfish v 1.51 – code.google.com/p/skipfish
A fully automated, active web application security reconnaissance tool. - NMAP 5.35DC1 released – nmap.org
Nmap and Zenmap (the graphical front end) are available in several versions and formats. - Binary Auditor – binary-auditing.com
Educate yourself in the field of Binary Auditing and Reverse Code Engineering for FREE!
Techniques:
- Metasploit Basics Series
- Metasploit Basics – Part 3: Pivoting and Interfaces – digitalbond.com
- Metasploit Basics – Part 4: Exploit and Attack Example – digitalbond.com
- Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings – cert.org
Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device. - Metasploit New GUI – darkoperator.com
A new GUI for Metasploit was added yesterday by ScriptJunkie to the Metasploit SVN Repository, this is the first version of a development version as part of the Framework that is going to be improved and worked one as time progress. - Malware Persistence without the Windows Registry – mandiant.com
The malware needs to be installed persistently, meaning that it will remain active in the event of a reboot. - Mitigating .LNK Exploitation With Ariad – didierstevens.com
When you load the CD-ROM with the PoC (I use an ISO file inside a VM) and take a look at DbgView’s output, you’ll notice that payload gets executed.
Vulnerabilities:
- Firefox Add-On Exploited
It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location.- Mozilla Sniffer – mozilla.com
- Firefox security test add-on was backdoored – netcraft.com
- Rootkit.TmpHider – anti-virus.by
Modules of current malware were first time detected by “VirusBlokAda” company specialists on the 17th of June, 2010 and were added to the anti-virus bases as Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2. - USB Shortcuts Introduce New Can Of Worms To Windows Systems
Researchers have discovered a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.- Experts Warn of New Windows Shortcut Flaw – krebsonsecurity.com
- Zero-Day vulnerability allows USB malware to run automatically, Sophos reports – sophos.com
- Windows zero-day attack works on all Windows systems – sophos.com
- Trojan.Sasfis: A Closer Look – symantec.com
In our recent article on Trojan.Sasfis we focused on the spam angle of the attack and in this piece we will take a deeper look at this somewhat persistent threat which our global sensors indicate is recently on the rise. - Researchers: Authentication crack could affect millions – computerworld.com
A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference. - Malware exploiting x86 machine code redundancy – sophos.com
By definition an emulator will never be exactly like ‘the real thing’, and malware authors continually try to exploit this fact in order to evade detection.
Vendor/Software Patches:
- Microsoft’s New Patch Tuesday
As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office.- July 2010 Security Bulletin Release – technet.com
- Microsoft Security Bulletin MS10-042 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-043 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-044 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-045 – Important – microsoft.com
- MS10-042: Vulnerability in Help and Support Center – technet.com
- MS10-045: Microsoft Office Outlook Remote Code Execution vulnerability – technet.com
- Microsoft Patch Tuesday – July 2010 – symantec.com
- Express patch for Windows Help Center – h-online.com
- Winamp 5.58 eliminates critical FLV vulnerabilities – h-online.com
According to French security services provider VUPEN, the problem is related to integer and buffer overflow issues within the VP6 decoder “vp6.w5s” used by Winamp when opening a specially crafted Flash Video (FLV) file.
Other News:
- FBI Raids ‘Electronik Tribulation Army’ Over Witness Intimidation – wired.com
Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. - GFI Software acquires Sunbelt Software – sunbeltblog.blogspot.com
Today, it was announced that Sunbelt Software has been acquired by GFI Software. - Developers just don’t go to security conferences – swreflections.blogspot.com
Developers and managers need to choose carefully where to spend their company’s money and time – or their own. - Secunia Half Year Report for 2010 shows interesting trends – sans.edu
Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed. - Talk on Chinese Cyber Army Pulled From Black Hat – threatpost.com
A talk on China’s state-sponsored offensive security efforts scheduled for the Black Hat conference later this month has been pulled from the conference after concerns were raised by some people within the Chinese and Taiwanese government about the talk’s content. - “Millions” Of Home Routers Vulnerable To Web Hack – forbes.com
The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. - Mozilla Bumps Bug Bounty to $3,000 – threatpost.com
In an effort to enlist more help finding bugs in its most popular software, such as Firefox, Thunderbird and Firefox Mobile, Mozilla is jacking up the bounty it pays to researchers who report security flaws to $3,000 - MS Windows Token Kidnapping Problems Resurface – threatpost.com
Cesar Cerrudo, founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008 and after waiting in vain for a patch, he released the details during the Month of Kernel Bugs project. - DNS root zone finally signed, but security battle not over – arstechnica.com
This is an important step in the deployment of DNSSEC, the mechanism that will finally secure the DNS against manipulation by malicious third parties.
[…] Week 28 in Review – 2010 | Infosec Events […]