Events Related

  • Training At CanSecWest 2011: Analysis of Malicious Documents – esec-lab.sogeti.com
    Jean-Baptiste and Guillaume will give a course about malicious document analysis during the next CanSecWest Dojo session at Vancouver (March 7th/8th). The course deals with two major cases: PDF and Microsoft Office documents. Nowadays those two file formats have become a common vector to exploit end-user systems. Their respective vendor implementations, namely Adobe Reader and MS Office, are regularly prone to multiple vulnerabilities and antivirus software are merely overtaken by the complexity of these formats. Indeed, they are complex formats.
  • Security BSides London – blip.tv/bsideslondon
    Fresh archive of BSides presentations released earlier today.

Resources

  • WLAN Security Megaprimer Course DVD! – securitytube.net
  • AIDE 2011 Conference Videos – irongeek.com
    These are the presentations from the AIDE 2011 conference at Marshall University. We had some issues early on with the schedule not matching the talks, so descriptions are incomplete. The descriptions I do have are largely Ligatted from the AIDE website.
  • TED Defending the Net – f-secure.com
    Attending TED was amazing. Speaking at TED was nerve-wrecking…especially as I had several risky live demos in my 18-minute talk. However, all went well.
  • Shoulder surfing defence for recall based graphical passwords – cups.cs.cmu.edu
    The presenter was Haryani Zakaria of Newcastle University. She began with an introduction to the graphical system they used, called ”Draw-A-Secret.” This graphical password system consists of a user drawing a pattern on a screen. The authors were concerned about shoulder surfing attacks on this scheme.
  • Security Recommendations to prevent Cyber Intrusions – us-cert.gov
    US-CERT is providing this Technical Security Alert in response to recent, well-publicized intrusions into several government and private sector computer networks. Network administrators and technical managers should not only follow the recommended security controls information systems outlined in NIST 800-53 but also consider the following measures. These measures include both tactical and strategic mitigations and are intended to enhance existing security programs.

Tools

  • exploitedbee.py – dandies.org/releases/files/exploitedbee.py
    Pyhton tool for searching exploits in the Backtrack database.
  • AnalyzeMFT2.0 released – integriogaphy.wordpress.com
    Matt Sabourin created an object-oriented version of analyzeMFT.py. Most of the MFT analysis code and other logic was retained from the original version (along with the comments). The OO version is structured for importing the module directly into the python  interpreter to allow for manual interaction with the MFT.

Techniques

  • DSSS/ Damn Small SQLi Scanner – github.com/stamparm/DSSS
    Damn Small SQLi Scanner (DSSS) has been made as a PoC where I wanted to show that commercial (SQLi) scanners can be beaten under 100 lines of code.
  • USRP 101: Unlocking Wireless PC Locks – intrepidusgroups.com
    Have you ever seen one of these “USB Proximity PC Locks” before and thought “There’s NO way that piece of junk is secure”… turns out, you were right.
  • When Databases Attack: Hacking With The OSQL Utility – netspi.com
    The OSQL Utility is a command-line client for SQL Server that has shipped with every version since SQL Server 2000 was released. Many database administrators like it because it’s lightweight, makes scheduling TSQL jobs easy, and can be used for batch processing.
  • MinsharE: Deugging Via Code Injection With Python – dvlabs.tippingpoint.com
    Now, this is obviously heap corruption as the backtrace shows us that a heap chunk’s metadata was probably corrupted due to some prior operation and is being used in a free or coalesce. What we are seeing are the effects of the corruption… and unfortunately this doesn’t give us too much information that will help us locate the root cause of the bug.
  • Puttering Around With Blackberry Forensics part 1 – chirashi.enconsult.net
    I’m guilty of sitting on source code which I should have released a long time ago.  I make excuses to myself that I didn’t release any of it because I was waiting for someone to come along and prove to me that there was a better way of doing things.  I guess the bottom line was that I was just lazy and procrastinating.
  • Universal way to bypass group Policy by Limited User – dsecrg.blogspot.com
    One of the main parts of Group Policy is represented by Software Restriction Policy (SRP). Administrator can set a little list of software which can be run by limited user with SRP.
    Therefore, SRP can level up security of whole system by restricting user’s rights.

Vendor/Software Patches

  • Oracle Patch Update For July
    As expected, Oracle has released 78 security patches as part of its July Critical Patch Update. There is a total of 13 fixes for the Oracle Database server, two of which could be remotely exploited by an attacker without authentication.
  • Wireshark 161 and 148 Released – wireshark.org
    Wireshark 1.6.1 and 1.4.8 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

Other News

  • CTO Neil Daswani On The Android App Info Leak
    Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
  • NIST proposes New Privacy Controls for Federal Information Systems and Organization – nist.gov
    With increasing dependency on information systems and advances in cloud computing, the smart grid and mobile computing, maintaining the confidentiality and integrity of citizens’ personally identifiable information is a growing challenge. A new draft document from the National Institute of Standards and Technology (NIST) addresses that challenge by adding privacy controls to the catalog of security controls used to protect federal information and information systems.
  • Attack On Pacific Northwest National Lab Began With Public Web Servers – darkreading.com
    The cyberattack discovered at Pacific Northwest National Laboratory (PNNL) during the Fourth of July holiday weekend used a combination of a Web server vulnerability and a payload that delivered a zero-day Adobe Flash attack, according to officials at the Department of Energy-contracted facility.
  • Apple Laptops Can be Bricked, Firmware Hacked – threatpost.com
    Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple’s iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries could also be used for more malicious purposes down the road.
  • Dave Aitel Discusses Hacking groups’ Agendas – threatpost.com
    It has come to this: CNN is now running segments on the attacks attributed to LulzSec, Anonymous and other groups and the FBI raids on suspected members of those crews. The network had Dave Aitel of Immunity Inc. on this morning to discuss the effects of the recent arrests and what the groups’ agendas might be.
  • Advanced Threats Are Not all the APT – threatpost.com
    We have heard variations on the argument that within the context of information security, the “advanced persistent threat” (APT) is not really all that advanced or new, that it is being made too big a deal of (or FUD) and that it is no more than marketing hype though more of an effort needs to be put into protecting against it.
  • Researchers Find Browser History Sniffing Still Ongoing – threatpost.com
    The practice of history sniffing, which has been seen as out-of-bounds and a serious privacy violation for the better part of a decade now, is still ongoing by some ad networks, researchers have found. A study completed recently by researchers at Stanford University’s Center for Internet and Society found that at least one ad network apparently is still using the technique to gather information about what links users have clicked on and which sites they’ve visited.
  • A Great Password Study – marcoramilli.blogspot.com
    I am assuming that everybody knows LulzSec releases. Starting from this data Troy Hunt made a great work analyzing all the disclosed passwords. Some of the most interesting findings are the following ones.