Tag Archives: exploit

Worth peeking at your VPN Configs: US-CERT Vulnerability Note VU#261869

by

0

This was getting some discussion on teh twitter today, but the list of affected VPN vendors was substantial enough, you might want peek at your own configs. The hyperbole might not yet be warranted, but it might be worth a peek under your hood.

The description of the vuln implies potentially that some VPN vendors’ default settings might make attacks more viable. taken from  US-CERT Vulnerability Note VU#261869:

Vulnerability Note VU#261869

Clientless SSL VPN products break web browser domain-based security models

Overview

Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks.

Later in the bulletin, a mention of the potential exploit method:

By convincing a user to view a specially crafted web page, a remote attacker may be able to obtain VPN session tokens and read or modify content (including cookies, script, or HTML content) from any site accessed through the clientless SSL VPN. This effectively eliminates same origin policy restrictions in all browsers. For example, the attacker may be able to capture keystrokes while a user is interacting with a web page. Because all content runs at the privilege level of the web VPN domain, mechanisms to provide domain-based content restrictions, such as Internet Explorer security zones and the Firefox add-on NoScript, may be bypassed. For additional information about impacts, please see CERT Advisory CA-2000-02.

There’s a broad variety of affected software- and appliance-based VPNs in the CERT list, it’s certainly worth a call to your vendor to be certain you’re using the safest possible configs for your VPN’s environment. Read full bulletin here.

New Malware Re-Writes Online Bank Statements to Cover Fraud

by

0

Pretty unnerving trick, if this is efficient. I wonder if this will prompt banks to render balance amounts via Captcha-type technology to circumvent this. Even though the flaw is client-side. It will be interesting to watch how prevalent this sort of exploits become.

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

“The Trojan is hooked into your browser and dynamically modifies the text in the html,” Ben-Itzhak says. “It’s a very sophisticated technique.”

Read  on, via Threat Level

Microsoft issues record 31 patches for bugs in Windows, IE, Office apps

by

0

Microsoft Corp. last week issued 10 security updates that patched a record 31 vulnerabilities — 18 marked “critical” — in Windows, Internet Explorer, Excel, Word and other applications.

The bugs are the largest number that Microsoft has patched in a single month since the company began its regular update program in 2003. The previous record of patches for 28 flaws was set last December.

“This is a very broad bunch,” said Wolfgang Kandek, chief technology officer at security company Qualys Inc.

“You've got work [to do] everywhere — servers and workstations, and even Macs if you have them. It's not getting any better. The number of vulnerabilities [Microsoft discloses] continues to grow,” he added.

Of the 10 bulletins, six patched some part of the Windows operating system, three patched an application or component in the Office suite, and one fixed several flaws in IE.

Eighteen of the 31 bugs carried Microsoft's most serious label in its four-step ranking, while 11 were tagged as “important,” the next-lowest level, and two were judged “moderate.”

Andrew Storms, director of security operations at nCircle Network Security Inc., suggested that users first patch the IE bugs.

“IE's, by far, take the cake,” Storms said. “There are eight [common vulnerabilities and exposures], and there's no doubt that it will be exploited.”

via Microsoft issues record 31 patches for bugs in Windows, IE, Office apps.

Trojan attacks Microsoft’s emergency patch vuln

by

0

If you didn’t update Friday…do it today!

A day after Microsoft released an emergency patch for a critical flaw that could allow self-replicating attacks, researchers have identified a nasty trojan that attempts to exploit the vulnerability.

Variants of the data-stealing trojan known by names including Gimmiv.A and Spy-Agent.da have morphed over the past few weeks to exploit a major weakness in virtually all versions of the Windows operating system. If successful, the exploit could transform the malware into a virulent worm that allows a single infected machine to contaminate any other vulnerable machine over a local network without requiring any interaction on the part of the end users.

At the moment, the part of the trojan that exploits the weakness in the Windows server service isn’t especially reliable, researchers said. It generally succeeds only when code custom-built for a specific version and language of the OS encounters its intended target. But the limited success has prompted security experts to take seriously Microsoft’s warning that the vulnerability is wormable.

“This could actually be one of the bigger monsters of the last couple years,” Alex Eckelberry, president of security provider Sunbelt Software, said of the flaw. “Researchers are going to be burning the midnight oil over the next couple days to understand what the real issues are.”

Trojan attacks Microsoft’s emergency patch vuln [The Register]

Techworld.com – Apple finally deals with DNS bug

by

0

Apple has finally released a security update for its Mac OS X operating system. The patch fixies a critical Internet security flaw that the company had failed to properly fix in late July.

The Mac OS X v. 10.5.5 security update has, fixed security bugs in Apple’s software as well as several open-source components that ship with the operating system. In all, more than 25 bugs have been patched.

But the Internet flaw, which has to do with the Domain Name System (DNS), is the most widely publicised issue.

Apple, like many other operating-system vendors, was forced to patch its DNS software after security researcher Dan Kaminsky discovered a fundamental bug in the way this type of software is built.

On 31 July, Apple had attempted to patch the flaw in Mac OS X, but security experts quickly discovered that while Apple’s bug fix worked on the server side, it did not fix the issue on the client software.

With yesterday’s patch, Apple has fixed a flaw in the Mac OS X Libresolv DNS software that could have allowed attackers to trick victims into visiting malicious Web sites using what’s known as a cache poisoning attack, said Andrew Storms, director of security operations with security vendor nCircle.

Libresolv is maintained by the Internet Systems Consortium (ISC). Although ISC had patched Libresolv by the time of Apple’s last security update, the company did not include this bug fix in its July security update, Storms said.

[ via Techworld.com ]