NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

4.15.2004

 
Multiple Unix/Linux Compromises on Stanford's Campus

 
Microsoft Windows Utility Manager Vulnerability: A local elevation of privileges vulnerability exists on the Windows Utility Manager that allows to any user to take complete control over the operating system. All products in the Windows 2000 operating system family are affected. PoC

Data Thief is a “proof-of-concept” tool used to demonstrate to web administrators and developers how easy it is to steal data from a web application that is vulnerable to SQL Injection. Data Thief is designed to retrieve the data from a Microsoft SQL Server back-end behind a web application with a SQL Injection vulnerability. Once a SQL Injection vulnerability is identified, Data Thief does all the work of listing the linked severs, laying out the database schema, and actually selecting the data from a table in the application.

 
WSU Students Break Wi-Fi - National Record: 82 miles @ 2.4 GHz using DSSS
FCC Wireless Regulations for Operation within the .9, 2.4 and 5GHz Spectra

 
O'Reilly Open Source Convention, July in Portland OR will feature a session on "Using and Extending Open Source Attack & Penetration Tools"



4.14.2004

 
The Fifth Hope

 
DefCon 12 Wardriving Contest Announced

 
Yet Another Issue Fixed by M$04-011: DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding: Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) protocol is used to negotiate which M$ Windows authentication mechanism should be adopted upon connection.

When a carefully crafted SPNEGO NegTokenInit request is sent, a null pointer reference error might occur in LSASRV.DLL, resulting in LSASS.EXE crash. This will make all the operations related to system authentication (such as remote access to SMB share, or interactive local login) unavailable. For Windows 2003, it will result in automatic shutting off or bluescreen.

Although I have not found a POC, it is believed to be exploitable to run arbitrary code. Windows 2003 is the most secure version of windows to date?!?

 
Asleap at the Wheel? Asleap is a Cisco LEAP cracking tool that works by A: Deauth'ing users B: Capturing the reauthentication session and then cracking the credentials. LEAPcracker is another tool for pursuing similar vectors

 
April's M$ update includes MS04-011 through MS04-0014. Jouko Pynnonen found the bug in the Help Support Center on XP and 2003. An interesting aspect is that exploitation succeeds even with Windows 2003's Enhanced Security Configuration enabled. So much for progress.

Here is an excerpt from Jouko's original advisory "By using quote symbols in the URL an attacker can pass arbitrary command line arguments to HelpCtr.exe, the program handling HCP URLs. Certain arguments allow the attacker to open any of the HSC's HTML files instead of just the "public" ones. This allows an attacker to inject JavaScript code which will be run in the context of these HTML files. In this way the attacker can run scripts in the My Computer Zone, which can e.g. download an start an attacker-supplied EXE program."

 
Earn $$$ Working from Home!!!
Call 1-800-1-15-1337



4.13.2004

 
April's M$ Update Four Patches Supplant Twenty Existing and New Vulnerabilities (Most of Which Allow for the Execution of Arbitrary Code) Including Another RPC Patch.

Vipul's Razor: Distributed Heuristic Spam Filtering

Nifty Summaries of Various Cryptosystems

FX's WAP /Cell Presentation from Last Year @ Black Hat

A Technical Comparison of TTLS and PEAP

 
Cisco != Security
SecurityFocus BID 10076 When will they learn? Hard coded username passwords in a network management product. How 1980's. Tim mentioned this in class last Thursday. This is why you should trust Jon Stewart of the Daily Show more than John Stewart of Cisco for your network security needs.



4.11.2004

 
Off-topic - Playstation2 on Linux. Anyone ever played with its (wireless) networking? Good sites/cites requested





This page is powered by Blogger.


Site Meter Locations of visitors to this page