Cisco IOS XE Software CVE-2016-6438 Remote Security Bypass Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco Wide Area Application Services CVE-2016-6437 Remote Denial of Service Vulnerability
 

(credit: Hefin Richards)

There has been yet another major data breach, this time exposing names, IP addresses, birth dates, e-mail addresses, vehicle data, and occupations of at least 58 million subscribers, researchers said.

The trove was mined from a poorly secured database and then published and later removed at least three times over the past week, according to this analysis from security firm Risk Based Security. Based on conversations with a Twitter user who first published links to the leaked data, the researchers believe the data was stored on servers belonging to Modern Business Solutions, a company that provides data storage and database hosting services.

Shortly after researchers contacted Modern Business Solutions, the leaky database was secured, but the researchers said they never received a response from anyone at the firm, which claims to be located in Austin, Texas. Officials with Modern Business Solutions didn't respond to several messages Ars left seeking comment and additional details.

Read 3 remaining paragraphs | Comments

 
POI CVE-2014-9527 Denial-Of-Service Vulnerability
 
Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability
 
Multiple Vulnerabilities in Plone CMS
 

WiFi networks areeverywhere! When we plan to visit a place or reserve ahotel for our holidays, we always check first if free WiFi is available (be honest, you do!). Oncewe connected our beloved devices to an external wireless network, they will keep trying to connect toit forever or until you clean the list of known networks. As a small test, I checked on a friend" />

You can see that the default behaviour is to remember all the networks. Your devices may not only connect to dangerous networks but also disclose interesting information about yourself. A long time ago, I wrote a script to collect SSIDs broadcasted from wireless devices present in the neighbourhood[1]. The amount of details you can learn about people close to you is just crazy: where they work, where they went on holidays, if they go to the hospital, etc...

October is the month of security awareness and its good to remind you why unknown wireless networks remain dangerous. Last week, I made a demo during a corporate event about the cyber security landscape and was authorized to deploy a rogue wireless access point for security awareness purposes. The setup was simple:

  • A Pineapple[2]
  • One laptop running Dofler[2]

Dofler is a dashboard of fail or a wall of sheep used, mainly in security conference (Im using it at BruCON) to raise the attendees" />

As you can imagine, many people felt into the trap and their smartphone connected to my rogue AP. An interesting finding: a smart watch connected to the honeypot butthe paired smartphone had wireless disabled! The demo was not too invasive, no SSL MitM was performed and I collected only some pictures live from the network flows. No impact for the users, except maybe for the one who was discovered playing Minecraft during the presentations.

However, things may go wrong andmore evilactions may be performed againstthe victims.Yesterday, we received a message from one of our readers, Siddhu Yetheendra[4],who implemented the same kind of attack as the one implemented by Mubix[5] a few weeks ago. Based on USB-sized computer devices, he found a way to steal users credentials from a locked Windows computer. The principle remains the same but via a rogue wireless access point, the responder[6] tool is poisoning the network and collect credentials hashes (NTLM responses). If many computers are vulnerable to this attack, they are hopefully limitations. The victim computer:

  • must be a corporate device joined to a Windows domain
  • must be running Windows 7+
  • must have the option Connect automatically enabled

Note that the vulnerability has been fixed by Microsoft (MS16-112[7]).

Basically, only open networks will work because computers will always try to reconnect to known networks transparently. Corporate wireless networks are not affected. But the risk comes, as always, from the end user. How to prevent him/herconnecting to the local Starbucksnetwork while drinking his/her morning coffee?

To mitigate this attack, the classic advices are: Patch your systems (MS16-112 has been released in September), do not use the connect automatically feature and do not use wireless networks in public areas. Stay safe!

[1]https://blog.rootshell.be/2012/01/12/show-me-your-ssids-ill-tell-who-you-are/
[2] https://www.wifipineapple.com/
[3] https://github.com/SteveMcGrath/DoFler
[4]https://zone13.io/post/Snagging-credentials-over-WiFi-Part1/
[5]https://room362.com/post/2016/snagging-creds-from-locked-machines/
[6]https://github.com/SpiderLabs/Responder
[7]https://technet.microsoft.com/en-us/library/security/ms16-112.aspx?f=255MSPPError=-2147217396

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status