Week 45 In Review

Events Related

• SkyDogCon 2011 Videos – irongeek.com
  Here are the videos from SkyDogCon. Thanks to all of the SkyDogCon crew, especially SeeBlind for running the cameras.

Tools

• UPDATE: SQLNinja 0.2.6! – sourceforge.net/projects/sqlninja/files
  Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell also in very hostile conditions. Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
• UPDATE: ZAProxy v1.3.4! – code.google.com/p/zaproxy/downloads/list
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
• UPDATE: w3af 1.1! – sourceforge.net/projects/w3af/files/
  w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
• UPDATE: BeEF v0.2.4.11-alpha! – code.google.com/p/beef/downloads/list
  BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.

Techniques

• Stuff I Learned Scripting
  I’m not here to sell you on scripting, or on any particular scripting language. This story about neat stuff I’ve learned while scripting, tid-bits that I wouldn’t have learned otherwise that I hope you find useful as well.
• Stuff I Learned Scripting – Evaluating A Remote SSL Certificate – isc.sans.edu
• Stuff I Learned Scripting – Parsing XML in a One-Liner – isc.sans.edu
• Beat SMEP On Linux With Return-Oriented Programming – falken.tuxfamily.org
  In this post, I will show you how easy it is to use Return-Oriented Programming in the Linux kernel and how it can bypass protections such as SMEP, available in the next generation of Intel processor.

Vendor/Software Patches

• Critical Flash Update Plugs 12 Security Holes – krebsonsecurity.com
  Adobe has issued a critical software update for its Flash Player software that fixes at least a dozen security vulnerabilities in the widely-used program. Updates are available for Windows, Mac, Linux,  Solaris and Android versions of Flash and Adobe Air.

Vulnerabilities

• Microsoft Security Bulletins
• Assessing The Exploitability Of MS11-083 – blogs.technet.com
• Vulnerability in MHTML Could Allow Information Disclosure (2544893) – technet.microsoft.com
• Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) – technet.microsoft.com
• Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – technet.microsoft.com
• Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – technet.microsoft.com
• Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – technet.microsoft.com
• Microsoft Patches Critical Windows Bug, But Not Duqu Flaw – news.cnet.com
• Mac OS X has its own sandbox security hole – arstechnica.com
  Move over, iOS: CoreLabs Research has posted a public notification of a potential security vulnerability in Mac OS X’s sandboxing mechanisms. According to CoreLabs, it’s possible for sandboxed apps to trigger external processes that aren’t sandboxed and possibly gain privileges not granted by a particular sandboxing profile.

Other News

• Brazilian DNS Poisoning Attack
  In the past few days several Brazilian ISPs have fallen victim to a series of DNS cache poisoning attacks. These attacks see users being redirected to install malware before connecting to popular sites. Some incidents have also featured attacks on network devices, where routers or modems are compromised remotely.
• Massive DNS Poisoning Attacks In Brazil – securelist.com
• DNS cache poisonings foist malware attacks on Brazil – theregister.co.uk
• Mysterious iOS Bug
  Apple’s iPhones and iPads have remained malware-free thanks mostly to the company’s puritanical attitude toward its App Store: Nothing even vaguely sinful gets in, and nothing from outside the App Store gets downloaded to an iOS gadget. Now serial Mac hacker Charlie Miller has found a way to sneak a fully-evil app onto your phone or tablet, right under Apple’s nose.
• iPhone Security Bug Lets Innocent-Looking Apps Go Bad – forbes.com
• New iOS Bug Lets Apps Run – threatpost.com
• FBI Takes Out $14M  DNS Malware Operation – networkworld.com
  US law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware  in more than four million computers in over 100 countries while generating $14 million in illegitimate income.
• Hackers Use MIT Server To Hack 10,000 Sites – dailytech.com
  Most content-heavy sites on the web today are driven by a mix of PHP and SQL.  Unfortunately, exploits abound from popular PHP database manager frontends like PHPMyAdmin. Thus, “hacking” many websites has been reduced from an art down to a “brute force” search for applicable SQL vulnerabilities.
• Cinzec Licenses Patent Technology To NT OBJECTives – marketwatch.com
  Cenzic Inc., the leading provider of Web application security assessment and risk management solutions, today announced a patent license agreement with NT OBJECTives. Specifically, NT OBJECTives has agreed to pay Cenzic an undisclosed amount in exchange for certain rights to Cenzic’s United States Patent numbers 7,185,232 and 7,620,851.