Interesting 0-day vulnerability in Firefox when installed in a box already running Internet Explorer (i.e. all Windows machines).
Firefox installs three protocol handlers, which lack some basic input validation. It seems that IE is able to launch Firefox in such a way that arbitrary commands are passed onto the shell (with the privileges of the current user)
Read the details at Jesper’s blog.
This is cool.
The approach involves building a virtual SOHO network, which is in turn connected to a virtual Internet. Both the virtual LAN and WAN are populated with virtual machines. The suspected worm is introduced into this environment, and executed therein. The whole system is closely monitored as execution progresses in the isolated environment, and data is amassed describing what the suspected worm did as it executed. This data is then processed by the system in an attempt to automatically determine whether or not the suspect programming is performing actions indicative of a worm or internet-aware malware.
You can find the complete paper here: “An Environment for Controlled Worm Replication and Analysis“
From the International Herald Tribune:
Approval by the European Aviation Safety Agency means that, from September, passengers aboard Airbus aircraft outfitted with the OnAir system will be able to send and receive phone calls, SMS messages and e-mail messages while flying at altitudes above 3,000 meters, or 9,840 feet.
Cabin staff members will be able to turn off the system or restrict usage to text services like SMS, as they see fit.
This is a good idea. The rule against use of mobile phones while in flight has to be managed as any other risk, that is, modeling the threat, understanding the risk and mitigating it. The rate of change of technological and social environment means that these rules have to be reevaluated every so often. It certainly made no sense to keep early-80’s safety rules as if written in stone.
The provision against mobile phone usage below 3000 meters (during take off and landing) makes sense, although most people will continue to ignore it, as they do now.
This is funny and disturbing. Were they trying to make a point?
Taken in a Barcelona square named after George Orwell. The sign, in catalonian, says: “Area under surveillance”
Seen at this blog.
I’ve just discovered a new security-oriented LiveCD distro called WiFiSLAX, which is basically a remastered Backtrack geared towards 802.11 wireless audits and pentest. It is oriented to Spanish-speakers, and includes support for most wireless card drivers and the latest 802.11 pentest tools.
In the website there is information regarding the supported drivers list, included applications, and bluetooth-related stuff, some videos demonstrating its use, as well as a PDF presentation which explains all features and which tools you will find there. All in Spanish, by the way.
Download the ISO image from here.
I’ve just found this while browsing public del.icio.us links tagged with “security” (you’d be surprised at how much interesting stuff can be found there).
This is such a great idea. Harnessing the power of humans solving CAPTCHAs so perform accurate OCRs of print books. Stop the web-SPAM problem and help digitize books!
“About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that’s not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day.”
[…]
“reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.
But if a computer can’t read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here’s how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.”
They have plugins for all major blog/board systems, and I plan to give the Wordpress plugin a try!
The trouble between the Estonian government and Estonia’s ethnic Russians has taken a new dimension in the online world.
Cyber-warfare on an unprecedented scale has hammered Estonian web sites for the last two weeks in the aftermath of the government’s controversial decision to relocate a Soviet-era war monument from the center of Tallinn to the suburbs. Two days of rioting by ethnic Russians, who saw this as an attack on their heritage and on minority rights, quickly transitioned from the real to the virtual world, as government web sites came under DDoS attacks so severe that many agencies shut off access to IP addresses outside Estonia for several days.
Since it seems clear that the attacks come from Russia (some attacks coming allegedly from Russia’s president Putin office), Estonia is raising the issue with NATO. After all, when a NATO-member finds itself under attack, it is the function of NATO to get involved, considering the whole alliance under attack.
According to The Guardian, “NATO has dispatched some of its top cyber-terrorism experts to Tallinn to investigate and to help the Estonians beef up their electronic defences“.
Updated (May-18): The Arbor Networks blog (”Security to the Core”) has some information about the targets of the attacks and other quantitative data.
The Web Application Security Consortium (WASC) has released an interesting paper with the results of the Distributed Open Proxy Honeypot Project.
The idea of the Distributed Open Proxy Honeypot Project is to place monitored “open proxies” around the world, which are normally used by hackers to mask their origin when performing attacks, scans, etc. According to the authors:
During this timeframe, we had 7 internationally placed honeypot sensors deployed and sending their data back to our central logging host. What did we see? Here are some brief highlights
- SQL Injection Attacks
- Brute Force Attacks
- OS Command Injection
- Web Defacement Attempts
- Google-Abuses (Google-Hacking and Proxying for BannerAd/Click Fraud)
- Information Leakage
You can download the report here.
RSnake comments (at Dark Reading) about the perils of home-grown forensics, and how, if you’re not careful, you can end up making a mess of it.
“It’s best to treat a hack event like a fire. Stop, drop, and roll. Once you’ve done that, hopefully you’ll have come to your senses enough to know you need to hire a professional.”
Read it here. It’s good advice.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
