The big news hit earlier this week, the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 30 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used in IE 6 according to Microsoft.
A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a packet will cause the JUNOS kernel to core (crash).
In November, Microsoft’s forensics tool called COFEE (Computer Online Forensic Evidence Extractor) was leaked on torrents for download. The news coverage was much hype about nothing, as many free tools already out there exceed COFEE in features and functionality.
A Romanian hacker has on December 6th identified input validation deficiencies in URL parameter handling leading to security vulnerabilities on a section of the official site of the Pentagon, http://pentagon.afis.osd.mil, the headquarters of the U.S. Department of Defense. The hacker who identifies himself as Ne0h has posted images of the vulnerabilities, which are still active at the time of this blog post, on his blog.
The forensics tool provided to law enforcement officials created by Microsoft called COFEE (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement. Let’s see if the big deal is warranted.
In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform
syscheck functions on remote hosts, more general features are hard (if not impossible) to write into a script. This post will demonstrate an alternative for adding additional features to the OSSEC standard build.
This morning a security researcher identified that he was able to carry out a successful SQL Injection attack against donate.barackobama.com, the official campaign donation site of current President Barack Obama, and gain access to credentials such as user names and passwords for persons who have donated to the Obama campaign, as well as administrative user credentials. On his blog he goes on to postulate the further attack possibilities with admin access such as web site defacement, uploading phpshells, and so forth. The problem is that the researcher Unu didn’t find an SQL injection site on donate.barackobama.com, he found one on a calendar application at Roosevelt University. In the process of finding out how that would be possible, a real web site vulnerability on the Obama web site reveals itself.
I attended SC World Congress in New York this week and a keynote from Cisco caught my attention: Securing the Cloud: Building the Borderless Network. I became fixated on the words used over and over by Joel McFarland. Borderless this, borderless that, borderless everything. This campaign started to bother me as this was a security [...]