Microsoft released a security update yesterday fixing a flaw in Window’s handling of TCP/IP that would allow malicious code to remotely executed through closed ports using special UDP packets.
Affected OSs include Vista, 7, and Server 2008. XP and Server 2003 were not affected by the flaw.
Source: https://technet.microsoft.com/en-us/security/bulletin/ms11-083
A security flaw has been found in Amazon’s Cloud service allowing hackers to potentially take control of the administrative rights of several customers hosted by Amazon.
“Using different kinds of XML signature wrapping attacks, we succeeded in completely taking over the administrative rights of cloud customers,” said RUB researcher Juraj Somorovsky in a statement. “This allowed us to create new instances in the victim’s cloud, add or delete images.”
Want to get into pen testing? Knowing the following attack vectors is a good place to start. View the source for more detailed information on each category.
As if Facebook didn’t have enough issues, a new vulnerability was recently reported. Facebook normally blocks users from uploading .exe files. However, by simply modifying the POST request, any type of file can be uploaded, including potentially malicious .exe files.
Facebook has known about this vulnerability for a month, but still hasn’t done anything about it.
Source: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html
PED (PIN Entry Device) skimming is increasingly becoming a problem in retail stores. Many PEDs are being stolen from stores, during business hours, and returned with a skimming device inside that will collect any credit card information and PINs entered into it. The thieves also need a way to transmit the data back to themselves. Bluetooth is the optimal data transmitting method for skimming.
VISA has announced that they want stores to start scanning for Bluetooth devices. However, there is a problem: A Bluetooth device can be set to non-discoverable. And no currently available scanning software can correctly detect and characterize these non-discoverable devices.
So even with VISA’s scanning policy, it is unlikely that stores would be able to find any of these PED skimming bluetooth devices.
Source: http://pen-testing.sans.org/blog/2011/10/20/the-bluetooth-dilemma
US Military drones have been infected with a keylogger that logs all keystrokes as they fly missions in Afghanistan.
Noah Shachtman writes: “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
“Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.”
Source: http://arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits-drone-fleet.ars
Mozilla recently released their guidelines for coding secure web applications. The guidelines include areas such as:
Source for more detail: https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
Windows 8 introduced a number of exploit mitigation features. Including a feature designed to help mitigate exploits leveraging return-oriented programming (ROP).
Return-oriented Programming is where an attacker leverages control of the call stack to execute certain machine instructions in subroutines of programs. This avoids the need for direct code injection.
Windows 8 adds a simple function in an attempt to mitigate these exploits. Every function associated with manipulating virtual memory, includes a check that the stack pointer falls within the range defined by the Thread Environment Block (TEB).
Source for an in depth look at the exploit: http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/
The National Intelligence Service (NIS) in South Korea has admitted to packet tapping Gmail, even through the HTTPS protocol. Packet tapping is a method of viewing a user’s transmitted data in real time. Gmail originally switched to HTTPS in 2010 after China was found packet tapping their unsecured HTTP protocol. If the claims are true, it will be the first time that someone has broken HTTPS, which was previously thought to be nearly impossible.
http://english.hani.co.kr/arti/english_edition/e_national/496473.html
As most people know, QR codes are convenient way of linking data to anyone with a QR scanner. Most of the time are harmless and are just used as advertising to send you to a product’s website.
However, it’s very easy to use QR codes maliciously. One can set up QR code that links to malicious server using metaspoit. Then when a phone scans the code, they are sent to the site which can steal host files or contacts and even install malware.
So be careful what you scan. One of the disadvantages of QR codes is that you don’t know what you are really scanning until you scan it. So never use a scanner that automatically forwards to the data without telling you where you are going and asking for confirmation.
Source with more detailed information: http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones_10.html
