now browsing by tag


Vulnerability Discussion/Videos

YouTube Logo

As noted before, like in this post, I am a huge fan of RSS feeds, but I also love instructional videos, demo videos, and other similar stuff.

I’ve been toying around the idea of doing video tutorials of attacking vulnerable distributions, like those found on VulnHub, and documenting the process that I go through. Maybe some other things, like various CTF challenges as well. I’m trying to get an idea, how people would react to seeing such videos posted here/on youtube.

If you have any opinions on this, please shoot me an email, and let me know if you think I should do some videos on vulnerability discussion topics and vulnerability videos.

VulnHub – Sokar Challenge

Source: VulnHub

Just some quick background, VulnHub provides vulnerable system images, to prep penetration testers and vulnerability researchers. Often times, the images can be presented as a challenge.

For VulnHub’s 2nd anniversary, they have a challenge called “Sokar” which, as of this writing, you have 2 more days, left to complete. You setup the image in VirtualBox or VMWare, and attempt to exploit it, in order go get the root flag.

Blog at VulnHub and you can download the Sokar image here.

4 Mega-Vulnerabilities Hiding in Plain Sight

Source: Dark Reading

Dark Reading is going back, and re-hashing some of the major vulnerabilities found in 2014. Specifically, they bring up the following: Heartbleed (CVE-2014-0160), Shellshock (CVE-2014-6271), Winshock (CVE-2014-6332), and Kerberos Checksum (CVE-2014-6324).

The article continues to go into detail about these 4 vulnerabilities, because, combined, they equate up to 90% of the internet. That is 90% of the internet, vulnerable to these bugs, for a long time — I believe the article stated nearly 15 years or more. That is huge.

It is also important that you are protected against these massive vulnerabilities. While when these vulnerabilities dropped in 2014, you can bet there was a scramble to get each one of these fixed. 556 Forensics can assist you in finding and mitigating similar threats.

SSL 3.0 – Poodle Attack

Source: OpenSSL

It may be time to retire SSL v3.0. Seems like a new bug has taken shape. More research will be going on shortly.

The POODLE Attack
To work with legacy servers, many TLS clients implement a downgrade dance: in a first
handshake attempt, offer the highest protocol version supported by the client; if this
handshake fails, retry (possibly repeatedly) with earlier protocol versions. Unlike proper
protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say,
TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers.
So if an attacker that controls the network between the client and the server interferes with
any attempted handshake offering TLS 1.0 or later, such clients will readily confine themselves to SSL 3.0.

‘Bash’ bug could let hackers attack through a light bulb

September 25, 2014: 12:54 PM ET


dangerous light bulbs

Say hello to the bash bug, a lesson in why Internet-connected devices are inherently unsafe.

Computer security researchers have discovered a flaw in the way many devices communicate over the Internet. At its most basic, it lets someone hack every device in your house, business or government building — via something as simple as your “smart” light bulb.

With this flaw, criminals can potentially break computers or steal private and government information.

The problem extends to lots of Internet-connected computers located anywhere — from shops to hospitals to schools.

It’s worse if you’re one of those tech-embracing types who buys Internet-connected “smart” appliances. But keep in mind, that includes a rapidly growing number of businesses and governments that use smart devices — like cameras — within their internal networks.

Why fear the bash bug? Because it’s so pervasive.

According to open source software company Red Hat, it affects any device that uses the operating system Linux — which includes everything from calculators to cars. But it also affects Apple (AAPL, Tech30) Macs and some Windows and IBM machines. Google (GOOG) said no Android machines are susceptible.

Share your story with CNN: Money stolen from your bank account? Identity theft?

In a public warning, Red Hat researchers classified the severity of the bug as “catastrophic.”

Not every connected device is vulnerable. But it’s difficult for the average person to figure out if, for instance, their home security camera is at risk. And it’s unlikely that companies and public institutions are updating every single computer in the back room.

The problem is new, but hackers have already been caught trying to exploit the flaw to set up botnets — hijacking vast numbers of computers. They can then use these slave armies of devices to spread malware or attack websites.

Related: 7 safety tips from hackers themselves

If this bug turns out to be anything like the Heartbleed bug discovered earlier this year, we might not see damage for months. And when we do, it could be disastrous.

In the case of Heartbleed, hackers eventually broke into a hospital network and stole 4.5 million patient records — including Social Security numbers.

Norweigian cybersecurity consultant Per Thorsheim noted that the bug will become old news — but people will still be vulnerable.

“In a few days everything will be forgotten, and the hackers will feast on [this] for years to come,” Thorsheim said.

The only solution for the bash bug? If and when a patch becomes available, update every device you have. But that’s something that’s not likely. Companies don’t often update their fleet of devices, and customers rarely pay attention for that sort of thing.

Security experts say IT departments are now running exams on computer systems to see if hackers have exploited this flaw before. The problem? They’ll have to look way back. This flaw has been around for as long as 20 years.

“We just don’t know how far this goes,” said Chris Wysopal, co-founder of app security firm Veracode.

How hackers beat the Heartbleed bug

Here’s how the bash bug works, as explained by cybersecurity expert Robert Graham.

The problem stems from a flaw in the “bash,” a type of computer program called a shell. A shell translates commands from you to a device’s operating system. Think of it as an efficient middleman.

Lots of Internet-connected devices use the bash shell to run commands, like “turn on” and “turn off.” Generally, a device that communicates using a bash shell also looks for extra information, like what browser or device you’re using.

And that’s where the problem lies. If a hacker slips bad code into this extra data, they can sneak past a device’s safeguards.

A “smart,” Internet-connected light bulb then suddenly becomes a launchpad to hack everything else behind your network firewall, Graham said. That could be your home computer, or a retailer’s payment terminals, or a government office’s sensitive database of information.

“This is the problem with the ‘Internet of Things.’ We’re putting all these things on the Internet without any expectation of actually patching them in the future,” Graham said.

The bug was discovered by Stéphane Chazelas, a French IT manager working for a software maker in Scotland.

Related: How safe are you? CNNMoney’s cybersecurity Flipboard magazine

Related: Obamacare website still isn’t totally safe

Have you had money stolen from your bank account lately? Or have you been a victim of identity theft? Share your story with CNN.