Week 11 In Review – 2015

Resources

• A Primer on IoT Security Research – community.rapid7.com
  In this blog post Mstanislav’d like to give a high-level sense of what IoT security research often entails. TThis post is intended for the casual security researcher, or even IoT vendor, who wants to know what this research looks like, and where to get started.
• ElasticSearch CVE-2015-1427 RCE Exploit – carnal0wnage.attackresearch.com
  Since the exploit is already out, here. To fix disable groovy scripting in config/elasticsearch.yml and upgrade to 1.4.3+.
• BSides Tampa 2015 Videos – irongeek.com
  These are the videos from the BSides Tampa conference. You can watch and download the videos from here.

Tools

• MASCHE – github.com
  MASCHE stands for Memory Analysis Suite for Checking the Harmony of Endpoints. It is being developed as a project for the Mozilla Winter of Security program. It works on Linux, Mac OS and Windows.

Techniques

• Metasploit Meterpreter and NAT – blog.sucuri.net
  In WordPress, typical trojans are plugins and themes (usually pirated) which may have backdoors, or send out spam, create doorways, inject hidden links or malware. The trojan model is easy to understand: package malware inside something useful and have webmasters install it themselves.

Vendor/Software patches

• Adobe Flash Update Plugs 11 Security Holes – krebsonsecurity.com
  Adobe has released an update for its Flash Player software that fixes at least 11 separate, critical security vulnerabilities in the program. If you have Flash installed, please take a moment to ensure your systems are updated.

Vulnerabilities

• Exploiting the DRAM rowhammer bug to gain kernel privileges – googleprojectzero.blogspot.ca
  We don’t know for sure how many machines are vulnerable to this attack, or how many existing vulnerable machines are fixable. The exploit uses the x86 CLFLUSH instruction to generate many accesses to the underlying DRAM, but other techniques might work on non-x86 systems too.
  • Some notes on DRAM (#rowhammer) -blog.erratasec.com
    Graham thought he’d write some quick notes about DRAM. The TL;DR version is this: you probably don’t need to worry about this, but they (the designers of security and of computer hardware/software) do.
• MSRT March: Superfish cleanup -blogs.technet.com
  The Alinaos trojan family targets point-of-sale terminals to steal credit card information. This blog will discuss the security risk presented by Superfish, an ad-injecting application that we detect as CompromisedCert.
• Another round of image bugs: PNG and JPEG XR -lcamtuf.blogspot.com
  Today’s release of MS15-024 and MS15-029 addresses two more image-related memory disclosure vulnerabilities in Internet Explorer – this time, affecting the little-known JPEG XR format supported by this browser, plus the far more familiar PNG.
• Epic Google snafu leaks hidden whois data for 280,000 domains -arstechnica.com
  Google Apps has leaked hidden names, phone numbers, and more since mid-2013. Google leaked the complete hidden whois data attached to more than 282,000 domains registered through the company’s Google Apps for Work service, a breach that could bite good and bad guys alike.