Information Security News
The Trials of Bradley Manning
There was no security to speak of at the SCIF (sensitive compartmented information facility) at FOB Hammer, where the “infosec” (information security) protocols were casually flouted with the full knowledge of supervisors. This was not an anomaly: 1.4 ...
Thanks to a reader for sending in this log entry from his Apache Server:
Russ quickly decoded it to:
/phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -nT
This appears to be an exploit attempt against Plesk, a popular hosting management platform. A patch for this vulnerability was released in June . We covered the vulnerability before, but continue to see exploit attempts like above. The exploit takes advantage of a configuration error, creating the script alias "phppath" that can be used to execute shell commands via php. The exploit above runs a little shell one-liner that accomplishes the following:
Please let us know if you are able to capture the body of the request!
Thanks to another reader for submitting a packet capture of a full request:
Host: <IP Address>
<?php echo "Content-Type: text/html\r\n\r\n"; echo "___2pac\n"; ?>
This payload will just print the string ___2pac, likely to detect if the vulnerability exists. No user agent is sent, which should make it easy to block these requests using standard mod_security rules.
by Sean Gallagher
Tomorrow at the Black Hat security conference in Las Vegas, the Pwnie Express will officially unleash Pwn Plug R2, the next generation in its arsenal of penetration testing and hacking hardware. Ars got an exclusive rundown in advance on the device from Dave Porcello, founder and CEO of Pwnie Express.
The new Pwn Plug looks less like a DC power supply plug—the form factor of its predecessor—and more like a small Wi-Fi access point or router. But inside, it's really a Linux-powered NSA-in-a-box, providing white hat hackers and corporate network security professionals a "drop box" system that can be remotely controlled over a covert Internet channel or a cellular data connection.
"Some people will use these for physical penetration tests," Porcello said. "They can go into a bank branch or a retail store, or even a corp office, and pretend to be a telecom technician or someone from the power company, or whatever, and drop it under someone's desk, or in a wiring closet, or behind a printer." And for other applications, such as corporate security auditing, Porcello said, "it's just as useful to send to remote sites without having to travel—a corporate security manager can just ship a box out to a retail store and have a store manager or branch manager just plug it in."
Remote Workers' Success Starts With IT Support
Allan Pratt, an InfoSec strategist and Computing Technology Industry Association (CompTIA) certification instructor, said that if employees spend a great deal of time traveling or working in public work spaces, it is best to invest in VPN. "VPNs can be ...
Posted by InfoSec News on Jul 30http://healthitsecurity.com/2013/07/29/ohsu-alerts-patients-of-google-cloud-security-concerns/
Posted by InfoSec News on Jul 30http://www.theguardian.com/technology/2013/jul/30/car-hacking-ignition-injunction
Posted by InfoSec News on Jul 30http://news.cnet.com/8301-1009_3-57596053-83/nasa-falls-short-on-its-cloud-computing-security/
Posted by InfoSec News on Jul 30http://www.v3.co.uk/v3-uk/news/2285459/nato-urges-military-to-recruit-white-hat-hacker-army-to-boost-defences
Posted by InfoSec News on Jul 30http://www.theregister.co.uk/2013/07/29/symantec_web_gateway_vulns_fixed/