Saving Private Exploit | TechSNAP | Jupiter Broadcasting

Internet Explorer, Ruby on Rails, and the Windows Nvidia drivers all have new exploits. We’ll tell you the good, the bad, and the ugly.

Plus picking the right VPS, a big batch of your questions, and Allan’s videos from EuroBSD Con.

On this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com

Use our code tech295 to get a .COM for $2.95.

Something else in mind? Use go20off5 to save 20% on your entire order!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

<a href="https://jblive.wufoo.com/forms/s7x2p7/" title="Sign up for the Jupiter Signal!">Fill out my Wufoo form!</a>

Show Notes:

Get TechSNAP on your Android:

Browser Affiliate Extension:

Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox

New IE exploits affects IE 6, 7 and 8, but not 9 and 10

Windows XP users cannot upgrade beyond IE 8 and are still stuck
A number of large organizations and many home users still use Windows XP
This exploit was used in a Watering Hole attack against the website of think tank The Council on Foreign Relations
Ever after a high profile attack in the wild, Microsoft Announced that a patch for the exploit will not be available for this weeks patch Tuesday
Microsoft has issued a temporary Fix-It Solution that can be used to mitigate the exploit until a patch can be released

Vulnerability in all versions of Ruby on Rails

A flaw in the implementation of the ‘finder’ method of the Active Record system could allow SQL injection
If users can supply a symbol keyed hash as the second parameter to the find_by_* method, they would be able to inject arbitrary SQL
The very popular Authlogic library is vulnerable in some instances, specifically when the attacker knows the HMAC key that is used to sign cookies
Authlogic stores session data in a cookie on the users’ computer, and this cookie is cryptographically signed with HMAC to ensure it cannot be tampered with. This works well when the HMAC key is secret, but many examples on github and many open source applications include a default HMAC that is often not changed, resulting in a large install base using publically known HMAC keys, allowing them to be exploited
CVE–2012–5664
Ruby on Rails recommends upgrading to the latest version in your desired branch: 3.2.10, 3.1.9 or 3.0.18
Threatpost Coverage

Zero day exploit for nVidia display drivers in windows

The nVidia driver service listens on a named pipe (\pipe\nsvr) that has a null access control list
Any user logged on to the machine or any remote user in a domain context (if the machine has file sharing enabled, and the firewall relaxed/disabled) could have access to the service
The attacker could then trigger a buffer overflow due to a bad memmove operation
The exploit could be used to escalate privileges and gain full control over the machine
The exploit is also able to bypass data execution prevention (DEP) and the address space layout randomization (ASLR) feature introduced in Windows Vista
The exploit was initially made public because the researcher felt that the risk was minimal, however after some pressure from the community and possibly the discovery of additional attack vectors, the exploit was taken down

Saving Private Exploit | TechSNAP 91