OpenSSL fixes land for most distros

• The following Vulnerabilities have been fixed recently
  • CVE–2011–4109 – Double-free in Policy Checks
• CVE–2011–4576 – Uninitialized SSL 3.0 Padding
  
• CVE–2011–4619 – SGC Restart DoS Attack
• CVE–2012–0884 – CMS and S/MIME Bleichenbacher attack
  
• CVE–2012–2110 – ASN1 BIO vulnerability
  

Barnes and Noble pulls magazine for article on how to hack

• Issue #154 of Linux Format magazine has been pulled off shelves at Barnes and Noble stores in the US after complaints about the cover article, ‘Learn To Hack’
• The content of the article has been posted online
• The article walks the user through using the BackTrack Linux, the Penetration Testing distribution in order to exploit a virtual machine, specifically the ‘Metaspoitable’ image, which was setup specifically to contain vulnerabilities for the user to test against and exploit
• The tutorial then walks the user through exploiting a PHP vulnerability to get a shell, and then further exploiting the Debian SSH Key weakness to gain root access to the virtual machine
• The tutorial then moves on from attacking servers to attacking desktop machine
• If you have physical access to a machine, is it trivial to boot from a live cd/usb and access the files on the disks, however if the user has encrypted their home directory (a simple option in newer versions of Ubuntu), then you need to be a bit more devious
• The tutorial walks through using the LiveCD to creating a reverse-tcp shell to allow you to access the system at a later time, once the user has mounted their encrypted /home partition, giving you access to the files
• The tutorial goes on to explain using WireShark to capture unencrypted HTTP credentials and quite a bit more
• Metasploit Testing Lab Setup Instructions
• Metasploitable VM Image

Microsoft patches widely exploited 0-day flaw in hotmail password reset system

• Researchers discovered a problem with the way hotmail handles password resets
• When you reset a hotmail password, they provide you with a token that allows you to set a new password on the account, the issue is that their code did not properly check the token, and pretty much any non-null value allowed any user to reset any other users’ password
• Microsoft was notified of the flaw on April 20th and responded with a fix within hours, but not before the flaw was widely exploited
• It can be particularly difficult to recover your account from an attack like this if the attacker changed the secret answer questions, removing your further ability to reset the password
• Flaw was discovered by Vulnerability-Lab.com

Feedback:

In this week’s feedback segment, we discuss how ScaleEngine handled the unique challenges of delivering large video files to a global audience in both the short and long term.

Round Up:

• Hall of Shame: Equipment Maker Caught Installing Backdoor Account in Control System Code
• Microsoft and Mozilla take stances against CISPA
• HDD Crisis Was Fake: Seagate and Western Digital Post Big Profits
• The Pirate Bay must be blocked by UK ISPs, court rules
  • Pirate Bay ban and surrounding media attention cause record breaking surge in traffic
• Firefox security bug (proxy-bypass) in current TBBs
• Judge: An IP-Address Doesn’t Identify a Person (or BitTorrent Pirate)
• SSL Pulse project finds only 10% of SSL websites are properly configured
• Sony putting IPTV plans on hold because of Comcast bandwidth caps
• Is Cyber Warfare all hype to drive demand in the defense industry?
• How online black markets work