Oct 282014
 

In a previous article, we have described the Shellshock vulnerability and in this article we show how to exploit this vulnerability using the BeEF Framework. However, here’s a quick and dirty way to check if you’re vulnerable or not: Type this command:env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” Note: If you see “vulnerable this is test” it means you haven’t patched it. If you see “this is a test”, Read More…

Oct 202014
 

What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The attack occurs when an attacker is able to downgrade the client to use SSLv3. By simulating a failure during the negotiation process, an attacker can force a browser and a server to renegotiate using an older protocol, right back down to SSLv3. Attacker aims to capture the session cookie within a HTTPS tunnel through MITM. Read More…

Oct 062014
 

Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of ways. How do we defend against this? Below we discuss steps that will help your organization identify vulnerable components and initiate mitigation activities. Steps to identify, test and mitigate vulnerable systems   Make an inventory of all UNIX-like systems When we say UNIX-like, we mean systems like FreeBSD, OpenBSD, Solaris, HP-UX, AIX, Linux and Mac Read More…

Sep 262014
 

Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability has been assigned the CVE identifier CVE-2014-6271. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. The issue affects all UNIX and UNIX-like systems such as Linux and Mac OS X. What is Bash? Bash or the Bourne Again Shell, is a UNIX shell, which is perhaps Read More…

Sep 222014
 

During a recent engagement, we were asked to test the security level of an application white-listing solution deployed on the Windows XP ATMs of one of the largest ATM manufacturers in the world. The reason such solutions are in vogue is that Windows XP is no longer supported by Microsoft and no security patches are being released. In order to counter the threat from malware attacking such unpatched ATMs, a number of application white-listing solutions Read More…

Sep 142014
 

Recently, on one of the security mailing lists a query was posted as to what metrics should be produced from a Data Leakage Prevention Solution, an Intrusion Prevention System, and from the Firewalls being managed by the security team. Here’s the response I sent in which is being shared for a larger audience: Basically, what management wants to know is how effective the security solutions are working in your environment. So something along the lines of the following Read More…

Jul 032014
 

Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, let’s understand some basic points. What does Authorization mean? In general, authorization relates to the set of activities which a user can perform once logged on to a particular system. This is typically divided into the following two categories: Horizontal Privilege – Basically all user having same the same rights – for example, all Facebook Read More…