Netsec, comsec, infosec and IA news, research and trends
7.31.2009
"The Cloud" and virtualisation took a beating as an entire track at Blackhat was dedicated to security issues in the cloud. Most specifically, Sensepost demonstrated using SF.com services beyond usual allowances and bypassing the govenor using e-mail. Additionally, Sensepost demonstrated how it is possible to take over an image created by another user of Amazon's EC2. Immunity's Kostya Kortchinski demonstrated how he broke out of a VMWare guest session and created a bridge from the host to another VM session. he also mentioned that VMWARE silently patched the previous vulnerabilities silently last March. Keep an eye on Sensepost.com and Immunitysec.com. Hopefully they will both post their presentations, as they have done so in the past. posted by Rauc
Friday, July 31, 2009
MYSQLoit was demonstrated at Blackhat on Thursday by s1ckl3. The tool will pop a shell using SQL injection vulnerabilities. S1ckl3 says that he will release the tool to the public in two weeks. At this point it seems the tool is only successful at attacking Windows based systems. posted by Rauc
Friday, July 31, 2009
NIST to Allow Vendors to Self-Certify IPv6 Products - Great. IPv6 is a metavulnerability... virtually every operating system (including Cisco IOS) has had exploitable flaws in its IPv6 stack (kernel code, typically written in C, with a large number of variable data structures is just asking for it). Now, Crisco is going to be allowed to self-certify which will ensure that the certification means nothing. The person who is now their Chief Security Officer once said to me that they did not think that the fact that their hardware only supported SSLv1, and was therefore vulnerable to authentication interception, was a big deal because they had not had a lot of clients requesting SSLv2. Nice. Think twice.
Microsoft Scrambling to Close Stubborn Security Hole - Poking around MSVIDCTL.DLL - "The bug is actually much 'deeper' than most people realize," Flake wrote. "MS might have accidentally introduced security vulnerabilities into third party products." Shortly after he published that blog post he received a 3 a.m. phone call from Microsoft asking him please not to comment further. posted by GeeWhiz
Friday, July 24, 2009
"Any unauthenticated attacker that can connect to the management web interface can get easily root on the device [...]" posted by Autonomous Coward
Thursday, July 23, 2009
"As-if Infinitely Ranged Integer Model" - by David Keaton, Thomas Plum, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson - "Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation. Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations." posted by GeeWhiz
Wednesday, July 22, 2009
7.17.2009
The Curse of Cheddar Bay - RHEL5 2.6.18 local kernel exploit in /dev/net/tun - "A vulnerability which, when viewed at the source level, is unexploitable! But which, thanks to gcc optimizations, becomes exploitable. Also, bypass of mmap_min_addr via SELinux vulnerability! (where having SELinux enabled actually increases your risk against a large class of kernel vulnerabilities)" [from DailyDave] posted by GeeWhiz
Friday, July 17, 2009
Jobs - Looking for A) Code reviewers B) People with Novell and SGI IRIX skills - Email if interested posted by GeeWhiz
Friday, July 17, 2009
datalossdb.org - The Open Security Foundation's DataLossDB gathers information about events involving the loss, theft, or exposure of personally identifiable information (PII). DataLossDB's dataset, in current and previous forms, has been used in research by numerous educational, governmental, and commercial entities, which often have been able to provide statistical analysis with graphical presentations. The Open Security Foundation and their volunteers feel that there is a distinct need for tools that provide unbiased, high quality data regarding data loss. posted by GeeWhiz
Wednesday, July 15, 2009
Security Maxims - Galileo’s Maxim: The more important the assets being guarded, or the more vulnerable the security program, the less willing its security managers will be to hear about vulnerabilities.
ITN260 Network Security Basics – Face-to-Face Course #48924 Section #N01C Tuesdays 6-9:30pm - Online Course#48926 Section# O02C - This course lays the foundation for further study in the network security program. Content domains include cryptography, communications security, infrastructure security, operating system security, wireless security, intrusion detection, malicious software, common attacks, and countermeasures. This course, among others, has helped hundreds of students to comply with DOD 8570.01m. Prerequisite: ITN 101 or sufficient networking experience.
ITN 262 Network Communication, Security, and Authentication - Wednesdays 6-9:30pm Course#48940 Section#N01C Students in ITN 262 learn how to analyze network traffic, reveal malicious attacks, configure intrusion detection systems, andwrite signatures to both detect and react to the latest threats. Prerequisite: ITN 260 Network Security Basics
ITN 267 Legal Topics in Network Security (Cyberlaw) – Online - Course Course#48944 Section#O01C – Find out how to protect your organization’s legal interests when managing security. In this course, students learn about the numerous laws affecting intellectual property, computer crime, privacy, and technology. This course thoroughly covers the Law, Investigations and Ethics domain of the CISSP certification. Coreq: ITN 260
(NEW!) ITN 293 VMware Virtual Infrastructure: Install and Configure – Course# 72645 Section# N01C – Thursdays from 6pm to 9:30pm - Explore virtual network design and implementation, storage area networks, virtual switching, virtual system management, engineering for high availability, and virtualization security. This special academic partnership with VMware allows students to earn the VMware Certified Professional (VCP) credential for about 15% of what it would normally cost! Prerequisites: ITN 171 and ITN 260
(NEW!) ITN 293 Information Storage and Management – Course 72646 Section# N01C Mondays from 6pm to 9:30pm. Focuses on advanced storage systems, protocols, and architectures, including Storage Area Networks (SAN), Network-Attached Storage (NAS), Fibre Channel Networks, Internet Protocol SANs (IPSAN), iSCSI, and Content-Addressable Storage (CAS). Prepares students for the EMC Proven Professional Associate Certification exam.
Due to a change in the Red Hat Academy program, qualifying students now get to take the RHCT ($399) and RHCE (4799) exams for FREE! For further information about the academy, please email rguess@tcc.edu or rking@tcc.edu.
ITN 171 Unix I - Online 4 credits – Course #48922 Section #O01C Provides an introduction to UNIX-like operating systems (using Linux). Teaches login procedures, file creation, UNIX file structure, input/output control, and the UNIX shells.
ITN 170 Linux System Administration - Course#48920 Section#N01C Tuesdays 6:00pm – 9:30pm 4Cr Focuses on the installation, configuration and administration of the Linux operating system. Emphasis is placed upon use of Linux as a network client and workstation. Leads to Red Hat Certified Technician (RHCT) Certification Exam. Prerequisite: ITN 171
ITN 270 Advanced Linux Network Administration – Next Spring 2010 - Focuses on the configuration and administration of the Linux operating system as a network server. Emphasis is placed upon the configuration of common network services and security. Leads to Red Hat Certified Engineer (RHCE) Certification Exam. Prerequisite: ITN170
