attack

Critical Microsoft Vista/2008/Windows 7 Zero-day Remote BSOD Found

On 09.08.09, In Corporate, Security, Software, By Kyle

Remember back in the days of Windows 95 when someone could use the OOB attack to remotely BSOD a PC? Well now you can relive your youth with a classic throwback from Microsoft! Windows Vista, 2008, and 2007 of all variants all have a similar vulnerability that allows a remote attacker take your machine down with a simple ampersand. Leave it up to Microsoft to do it all again more than a decade later.

The SMB 2.0 driver in x86 and x64 versions of Windows Vista, Server 2008, and Windows 7 are all one in the same. When sent the “&” character in the “Process ID High” SMB header, the process pagefaults and brings us the beloved Blue Screen of Death we’ve all come to know and love.

Credit goes to Laurent Gaffié and you can find the Proof-of-Concept on his blog.

Share

Tagged with: ampersand • attack • attacker • blue screen of death • BSOD • Laurent Gaffié • microsoft • microsoft vista • microsoft windows vista • OOB • process id • proof of concept • SMB • throwback • versions of windows vista • vulnerability • zero day

Microsoft DirectShow ActiveX Buffer Overflow exploit in the wild

On 07.06.09, In Software, By Kyle

Be sure to check for patches and network security appliance definitions/signatures today, Microsoft has been reminded again of why people hate ActiveX; Secunia is reporting a nasty new DirectShow Buffer Overflow attack is in the wild. This one is very dangerous, as it exploits the built-in DirectShow control in Internet Explorer (msvidctl.dll) by using specially-crafted image content to create a boundary error and subsequently cause a stack-based buffer overflow allowing the attacker to execute arbitrary code on the compromised machine.

The worst part? It’s already being actively used by bad people. Although Secunia’s site currently shows Windows XP as the only OS vulnerable, I wouldn’t be surprised to see more versions of Windows tacked on in the near future.

More information can be found here.

Share

Tagged with: ActiveX • activex buffer overflow • Advisory • attack • based buffer overflow • boundary • Buffer • buffer overflow attack • code • DirectShow • dll • image content • internet explorer • microsoft • microsoft directshow • msvidctl • network security appliance • Overflow • secunia • stack overflow

SHA-1 hash collision predicted within the year

On 06.16.09, In Cryptography, Security, By Kyle

Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:

A new attack can, at least in theory, find collisions in 2⁵² hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.

This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.

T-Mobile USA confirms massive data breach

On 06.10.09, In Breaches, Corporate, Customer, Firewalls, Security, By Kyle

The network security guys at T-Mobile USA probably breached their underpants after some black hat or group of black hats named “Pwnmobile” posted on seclists.org a sizeable list of internal hostnames, OSes, partial descriptions, internal IP addresses, and facilities relating to the back-end of T-Mobile’s customer management and services network.

At first, T-Mobile tried to say it was just a list pulled from a corporate document; but now the company is admitting that it was, in fact a major security breach according to a USA Today Blog and are not disclosing how much data was taken. Odds are, if whoever managed to get this far, a very sizeable amount of data was captured. The person who made the posting mentioned that they had tried to sell the information to competitors, but they were not taken seriously.

On a slightly related note, the posting related the T-Mobile hack with Check Point. Does this mean a perimeter Check Point firewall was either hacked or exploited to gain access to this network? Only further elaboration from Pwnmobile, T-Mobile, or an insider can say. There have been several recently published high-visibility Check Point exploits and perhaps they were used in the hack.

Share

Tagged with: attack • black hats • breach • check point • check point firewall • checkpoint • corporate document • cybersecurity • exploit • GSM • high visibility • internal ip addresses • massive data • mobile hack • network • network security • partial descriptions • Pwnmobile • Security • t-mobile • usa today • user data

BBC: US ramps up cybersecurity focus

On 04.23.09, In Security, By Kyle

Interesting article about how the US is planning on handling the aging security infrastructure in the US. The issue has become more pressing lately because of high-profile breaches that have garnered peoples’ attention towards how safe not only the government is; but their personal data on government computers as well. More here:

BBC NEWS | Technology | US ramps up cybersecurity focus.