del.icio.us
blinklist
digg
Facebook
Furl
ma.gnolia
Newsvine
Pownce
reddit
StumbleUpon
Technorati
Twitter
MySQL had a bad week, we’ll run down the list of the recently disclosed vulnerabilities, the SSH server that allows an attacker full root access, and a GPU password cracking monster.
Plus a big batch of your questions, and so much more!
Thanks to:
Use our code tech295 to get a .COM for $2.95.
Something else in mind? use go20off5 to save 20% on your entire order!
$4.99 SSL certificates, just use our code 499ssl2. Expires 12-31-12!
Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains
Direct Download:HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds:HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed |
Support the Show:
|
Show Notes:
Get TechSNAP on your Android:
Browser Affiliate Extension:
- Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox
- Full Disclosure Mailing List
- CVE–2012–5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
- CVE–2012–5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
- CVE–2012–5613 MySQL (Linux) Database Privilege Elevation Zeroday Exploit – This exploit is disputed by the vendor, they claim that you are only vulnerable if you do not follow the explicit instructions in the manual
- CVE–2012–5614 MySQL Denial of Service Zeroday PoC
- CVE–2012–5615 MySQL Remote Preauth User Enumeration Zeroday – Not technically a Zeroday as this issue has existed for more than 10 years
- Threatpost Coverage
- Most all of these exploits require the attack to have a valid user account in order to successfully exploit the vulnerability
- CVE–2012–5611 is the most serious, it allows an authenticated user to execute arbitrary code
- MariaDB (a fork of MySQL) has already released a patch to address some of these issues
- Tectia SSH server, a commercial SSH implementation, and the related freeware products FreeSSHd and FreeFTPd are vulnerable to authentication bypass
- The alternative SSH servers are used by a number of companies and is especially popular as an SSH server on windows
- The free version does not appear to be well maintained, the FreeSSHd website was last updated January 2009
- Vendor Vulnerability Announcement
- CVE–2012–5975
- The exploit uses the SSH USERAUTH CHANGE REQUEST method, and allows an attacker to authenticate with a blank password by sending an additional change request
- The exploit allows a remote attacker to get a full root/administrator shell
- You can work around this vulnerability by disabled ‘old-style’ password authentication as described here
- There is already a metasploit module for the vulnerability
- A ShodanHQ search reveals at least 500 servers running vulnerable versions of Tectia SSH, but there are a far greater number of machines running the free SSH server
- A bug in the way twitter handles incoming SMS messages count allow an attacker who knows your mobile phone number to post twitter messages as you, and to alter your profile and settings
- Users who enable Twitter SMS commands are vulnerable to spoofing
- Researcher Jonathan Rudenberg found and disclosed the vulnerability to Twitter in mid-August, Twitter officials asked him not to publish until the vulnerability was corrected. Five weeks later he asked for an update on the progress and never got a response, so he published the information on Tuesday on the Full Disclosure mailing list
- The researcher also reported similar bugs to Facebook and Venmo, both of which corrected them quickly
- Twitter has fixed part of the issue, users who text to a ‘short code’ are no longer vulnerable, but users who still use ‘long code’ are still at risk
- Because of the way that SMS ‘short codes’ work, and the fact that most charge a fee for the service, it is not usually possible to spoof the source address when sending an SMS to a short code
- Twitter recommends enabling the ‘pin code’ feature, but this feature is not available to users in the USA
- Twitter has disabled the use of long codes for users who have a short code available
- If you do not use the feature, it is recommend that you ensure that the SMS Commands interface is entirely disabled for your twitter account
- Original Story
- This past week the Password^12 conference was held in Oslo, Norway
- A bunch of new research was revealed
- Jeremi Gosney demonstrated the use of Virtual OpenCL, a project out of Hebrew University which allows remote GPUs to be addressed as if they were local, simplifying the process of distributed GPU password cracking
- Virtual OpenCL is currently closed source, limited to Linux 64bit and only works over high speed LANs (cannot be used over the internet)
- Support for VCL has been added to oclHashcat, the password cracking application, by Jens Steube
- oclHashcat can now support up to 128 AMD GPUs
- Jeremi Gosney demonstrated their setup, which uses 25 AMD GPUs:
- 5x 4U servers, containing a total of
- 10x HD 7970s
- 4x HD 5970s (dual GPU)
- 3x HD 6990s (dual GPU)
- 1x HD 5870
- Connected via 4x SDR Infiniband Interconnects
- Uses 7kW of electricity
- The cluster is able to brute force SHA1 hashes at 64 Gigahashes per second
- MD5 180 G/s
- NTLM 348 G/s
- LMHash (windows xp) 20 G/s
- md5crypt 77 M/s
- sha512crypt only 364 K/s
- bcrypt (cost=5) only 71 K/s
- This means that a Windows XP password (LMHash is all uppercase, and breaks the password into two separate 7 character hashes) can be cracked in under 6 minutes (the entire key space)
- Any 8 character NTLM password (Windows XP with LMHash disabled, or any newer version of windows) can be cracked in about 5.5 hours
- Gosney was able to ultimately able to crack over 90% of all of the SHA1 hash values from the LinkedIn database leak
- Jeremy Gosney’s Slides
- Jens Steube of Hashcat, also gave a presentation on a vulnerability in SHA1 that allows hashes to be calculated 21.1% faster by taking advantage of the mathematical properties of the XOR operation
-
Is there a password manager I can use that will sync on multiple devices
-
KeePass supports syncing its database over WebDav or SCP/SFTP
-
Be sure to use HTTPS or SSH, do not upload your database over FTP or HTTP/WebDav without SSL, or someone could sniff your password database as you sync it
-
Your password database is now only as secure as the weakest device it is stored on, or the security of the server(s) it is stored on
- Swiss spy agency warns U.S., Britain about huge data leak
- Romanian researches exploits Yahoo developer console to access users’ emails, contacts and other provide profile data
- Yahoo XSS exploits going for $700
- Intel Says Company Committed to Sockets
- Raspberry Pi: Inside the Pi factory
- Cool Day Job: Elevator Algorithm Designer
- Android privledge escalation vulnerability found
- Senate committee approves strengthened email privacy, removes 180 day loophole, EFF applauds