M32 Security » attack

German Researchers Find “Massive” Flaws In Cloud Security

Kyle — Wed, 26 Oct 2011 18:53:23 +0000

Image via Wikipedia

NetworkWorld has a very interesting writeup about a report that six German Information Security researchers published outlining very massive and highly exploitable flaws in Cloud Computing services; specifically Amazon’s EC2 and S3 as well as Eucalyptus Cloud Computing Software. Old concepts like XSS and what is referred to as XML Signature Wrapping attacks on the SOAP interfaces of the aforementioned cloud services. Very troubling and a large blow to the legitimacy of security in the cloud.

The full PDF of the German researchers’ findings can be found here.

NetworkWorld Article

Researchers Demo Cloud Security Issue With Amazon AWS Attack (pcworld.com)
Researchers demo cloud security issue with Amazon AWS hijacking attack (infoworld.com)
Cloud computing: Gaps in the ‘cloud’ (physorg.com)
Researchers demo cloud security issue with Amazon AWS attack (networkworld.com)

Tags: amazon, attack, aws, computing, ec2, EucalyptusEucalyptus (computing), exploit, information security, network, s3, Security, soap, tw, XML, XSS

Virus targets US Predator and Reaper drones

Kyle — Fri, 07 Oct 2011 21:29:53 +0000

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. The name of the virus is yet to be known, as details are still emerging about how the malicious code got into the systems in the first place. Could this be a belligerent enemy to US forces attacking their main weapon in use for remote regions? Ars Technica has the story after the jump.

Computer virus hits US Predator and Reaper drone fleet.

Tags: attack, Breaches, code, computer virus, cybersecurity, drone, keystroke, malicious code, malware, MQ-9 ReaperMQ-9 Reaper, nist, predator, reaper drones, War on TerrorismWar on Terrorism

Critical Microsoft Vista/2008/Windows 7 Zero-day Remote BSOD Found

Kyle — Wed, 09 Sep 2009 00:24:06 +0000

Remember back in the days of Windows 95 when someone could use the OOB attack to remotely BSOD a PC? Well now you can relive your youth with a classic throwback from Microsoft! Windows Vista, 2008, and 2007 of all variants all have a similar vulnerability that allows a remote attacker take your machine down with a simple ampersand. Leave it up to Microsoft to do it all again more than a decade later.

The SMB 2.0 driver in x86 and x64 versions of Windows Vista, Server 2008, and Windows 7 are all one in the same. When sent the “&” character in the “Process ID High” SMB header, the process pagefaults and brings us the beloved Blue Screen of Death we’ve all come to know and love.

Credit goes to Laurent Gaffié and you can find the Proof-of-Concept on his blog.

Tags: ampersand, attack, attacker, blue screen of death, BSOD, Laurent Gaffié, microsoft, microsoft vista, microsoft windows vista, OOB, process id, proof of concept, SMB, throwback, versions of windows vista, vulnerability, zero day

Microsoft DirectShow ActiveX Buffer Overflow exploit in the wild

Kyle — Mon, 06 Jul 2009 17:50:48 +0000

Be sure to check for patches and network security appliance definitions/signatures today, Microsoft has been reminded again of why people hate ActiveX; Secunia is reporting a nasty new DirectShow Buffer Overflow attack is in the wild. This one is very dangerous, as it exploits the built-in DirectShow control in Internet Explorer (msvidctl.dll) by using specially-crafted image content to create a boundary error and subsequently cause a stack-based buffer overflow allowing the attacker to execute arbitrary code on the compromised machine.

The worst part? It’s already being actively used by bad people. Although Secunia’s site currently shows Windows XP as the only OS vulnerable, I wouldn’t be surprised to see more versions of Windows tacked on in the near future.

More information can be found here.

Tags: ActiveX, activex buffer overflow, Advisory, attack, based buffer overflow, boundary, Buffer, buffer overflow attack, code, DirectShow, dll, image content, internet explorer, microsoft, microsoft directshow, msvidctl, network security appliance, Overflow, secunia, stack overflow

SHA-1 hash collision predicted within the year

Kyle — Wed, 17 Jun 2009 03:02:41 +0000

Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:

A new attack can, at least in theory, find collisions in 2⁵² hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.

This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.

T-Mobile USA confirms massive data breach

Kyle — Thu, 11 Jun 2009 02:02:57 +0000

The network security guys at T-Mobile USA probably breached their underpants after some black hat or group of black hats named “Pwnmobile” posted on seclists.org a sizeable list of internal hostnames, OSes, partial descriptions, internal IP addresses, and facilities relating to the back-end of T-Mobile’s customer management and services network.

At first, T-Mobile tried to say it was just a list pulled from a corporate document; but now the company is admitting that it was, in fact a major security breach according to a USA Today Blog and are not disclosing how much data was taken. Odds are, if whoever managed to get this far, a very sizeable amount of data was captured. The person who made the posting mentioned that they had tried to sell the information to competitors, but they were not taken seriously.

On a slightly related note, the posting related the T-Mobile hack with Check Point. Does this mean a perimeter Check Point firewall was either hacked or exploited to gain access to this network? Only further elaboration from Pwnmobile, T-Mobile, or an insider can say. There have been several recently published high-visibility Check Point exploits and perhaps they were used in the hack.

Tags: attack, black hat, breach, check point, check point firewall, checkpoint, corporate document, cybersecurity, exploit, GSM, high visibility, internal ip addresses, massive data, mobile hack, network, network security, partial descriptions, Pwnmobile, Security, t-mobile, usa today, user data

BBC: US ramps up cybersecurity focus

Kyle — Thu, 23 Apr 2009 23:17:17 +0000

Interesting article about how the US is planning on handling the aging security infrastructure in the US. The issue has become more pressing lately because of high-profile breaches that have garnered peoples’ attention towards how safe not only the government is; but their personal data on government computers as well. More here:

BBC NEWS | Technology | US ramps up cybersecurity focus.

Tags: attack, bbc, bbc news, breach, Breaches, cybersecurity, espionage, exploit, focus, government computers, intrusion, network, news technology, obama, personal data, ramps, Security, security infrastructure, white house