Vulnerabilities


Windows Exploitation Part 2

 In part two of his lecture on exploiting Microsoft Windows, Dino Dai Zovi discusses specific techniques for attacking Windows machines.

MS Confirms Windows 7 DoS Flaw

On the heels of last week’s release of exploit code for a crippling denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2, Microsoft has issued a security advisory to confirm the issue and offer pre-patch mitigations.The flaw, in the Microsoft Server Message Block (SMB) Protocol which affects SMBv1 and SMBv2, could cause a system to stop functioning or become unreliable, Microsoft said, describing the published exploit code as “detailed.”

SSL Flaw Opens Up Twitter MiTM Attack

The vulnerability in the design of the SSL/TLS protocol revealed earlier this month can apparently be used to carry out attacks in practice. On his blog, student Anil Kurmus reports that he was able to steal a Twitter password by using a man-in-the-middle attack. Until now it had been assumed that the problem was largely theoretical and would be made manifest only in very limited scenarios.


DNSSEC Usage Expands

According to research released by Infoblox and The Measurement Factory, there has been a dramatic increase in the percentage of external name servers that are open to recursion. The study put the latest figure at 79.6 percent, a 27 percent increase from 2007. The number of DNSSEC signed zones increased by roughly 300 percent – indicating that DNSSEC is gaining momentum. However, in raw numbers the amount of DNSSEC signed zones is
miniscule next to the total number of zones out there. Read the full article. [eWEEK]

Security researchers have released a paper detailing successful man-in-the-middle attacks against several smartphones. The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere. Read the full article. [ZDNet]

Cyber-criminals have started preying on Verizon
Wireless customers, sending out spam e-mail messages that say their
accounts are over the limit and offering them a “balance checker”
program to review their payments. The e-mail messages, which
look like they come from Verizon Wireless, are fakes; the balance
checker is actually a malicious Trojan horse program. Read the full article. [Computerworld]

The WordPress developers have released security update 2.8.6 to fix two vulnerabilities. WordPress users are advised to install the update as soon as possible if untrusted authors can add content and upload images. At least one of the bugs allows attackers to inject and execute arbitrary PHP code on the server. There appears to be issues, however, with Apache web servers in the new update. Read the full article [The H Security]

Scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user’s browser and running it remotely. Many of the latest Web applications split their executable code between the server and the client. The problem is detecting whether the code running on the user’s home PC has been compromised in some way. The new Microsoft solution, known as Ripley, was announced on Tuesday at the Association for Computing Machinery’s Computer and Communications Security Conference in Chicago. Read the full article. [MIT Technology Review]

Hackers can exploit
a flaw in Adobe’s Flash to compromise nearly every Web site that allows
users to upload content, including Google’s Gmail, then launch silent
attacks on visitors to those sites, security researchers said today. Adobe
did not dispute the researchers’ claims, but said that Web designers
and administrators have a responsibility to craft their applications
and sites to prevent such attacks. Read the full article. [Computerworld] Read the research. [Foreground Security]

WASHINGTON–There has been a big push in recent years in the security community toward metrics, and measurements of all types have become a hot topic in certain corners of the industry. But measurement for measurement’s sake is useless-and perhaps even counterproductive–if the security team in an organization doesn’t define its goals and parameters ahead of time, experts say.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.