Meine Blog-Liste

  • end of life - Good morning, as you may have already found out, the posts on this blog have been getting less and less. This is caused by the fact that my two honeypots h...
    vor 2 Jahren

Sonntag, 21. September 2014

This week in security Week 38

Regarding security related news it was an endless week (again), the following are just some of the topics this week

My recent news of the week:

FreeBSD has finally closed a bug which was found within the TCP stack. The original bug was found back in 2004 CVE-2004-0230. The bug basically could led to a Denial-of-Service attack by injecting TCP-RST packages into the stream. RST packages are normally send as response to a none TCP connection, for example when the port rejects the connection. The issue is related to large windows sizes and log active connections, such as BGP. FreeBSD is the used OS underneath Cisco, Juniper and MacOS (for eample).

APT the package management sytsem within Debian and Ubuntu closed a bug regarding the package verification. So basically, the reinstallation of a package does not verify the package again. So if an attacker would be able to infect the package within the cache/tmp directory these package could just be installed.

As reported by some teams, during the last week was a huge income of chargen related attacks. Chargen is an Linux tool which listens on port 19 to tcp and udp packages. Chargen  replies to an request by sending between 0 and 512 random characters to a specified port. A manipulated udp packages could force chargen to send the data as udp package to any service on every server and could be part of a ddos attack. So i would recommend to blog all inbound udp traffic coming from port 19 on a central firewall.

 Spiderlabs the creator of the OWASP mod_security rules, reported about a new attack on their honeypots. In this case, the well known PHP CGI vulnerability is used to upload and install malware.

There was a really good post on the RedHat security blog about the TLS Landscape now a days. In my opinion the key outcome of the post is that we really need to increase the SSL/TLS usage today. Currently only 40% of all web-servers support TLS by default. ;Maybe the Google idea, ranking with TLS higher than others will help in this case too.

In the USA the do-it-ouself centers of Home Depot had an issue, and 56.000.000 credit card information's are lost. According to new information's, many employees informed the management already years ago that this information's aren't secured in the way it should.

My Tool of the week:

When using a Linux server, many things can happen. Today, i guess we agree, rootkits, injections and bugs can interfere with a system and change thinks. So my tool this week is AIDE. The Advanced Intrusion Detection Environment creates a database on all files within  the system and sends the log information to a special email address. So every change can be tracked.