Slashdot Mirror
Domain: immunitysec.com
Stories and comments across the archive that link to immunitysec.com.
Comments · 57
-
More
-
Recent incidents that I know of
irssi
fragroute, dsniff, fragrouter
BitchX
This message says Recently there have been a spat of well publicized attacks against what I would consider to be the backbone of the open source movement - it's source code distribution system. Hackers have been penetrating people who download, say, OpenSSH and then compile it to use on their systems by trojaning OpenSSH itself. This strikes at the very HEART of Open Source by making the act of installing the software a weakness. Because Open Source has no one distribution point, there are many places for someone to verify if they want to install software securely. Because there are no vendors, the sites people download software from are usually not provided with a dedicated security staff.
This is serious, guys and gals. Use the source, Luke - but what if I can't trust the source any more? Open Source has to find a method to get around this problem; see this post.
-
A Recent Microsoft Bug - swept under the carpet?
How many bugs for Windows have been swept under the rug?
It amazes me. Really. Authors bandy about Slapper and its varients as a new kind of Linux boogyman (despite the existance of previous Unix and Linux worms) - proof that the argument for Linux, and perhapse even Unix, security is falling apart. Yet there is no talk of actual numbers in the wild. No talk about how long the actual window of vulnerability from discovery to patch existed.
Meanwhile... my organization's main VPN service (running a Microsoft PPTP server... unfortunately) has been vulnerable to a DoS, and possibly a remote compromise since at LEAST Sep 26. Exploit code that demonstrates this vulnerability was released shortly after (I believe Oct 1). Yet there has yet to be any word from Microsoft acknowleging the issue, much less any forthcoming fix/patch.
Microsoft PPTP servers - Win2k, WinXP, AND WinNT 4.0 sp6a (I have personally tested Win2K and WinNT varients) are all susceptible to this exploit as demonstrated by this code - and have been for over 2 weeks.
Sure. Sticking a Sun box, or Linux, or even OpenBSD in your server room doesn't give you instant security. Unix is not a fire-and-forget solution. But these folks have been in the trenches, successfully dealing with the technical issues of security for the last couple decades.
Microsoft still seems to see security as a marketing problem. -
HashDB - stop getting trojaned source
Check it out here. -dave
-
SPIKE Proxy, your GPL alternativeGrab SPIKE Proxy (written in Python) from here and if it doesn't do exactly what you want (it doesn't do anything totally automated at this point, since it is primarally a security tool) then quickly modify it to do what you want.
The advantage to using an open source tool for doing this, rather than something sold by Rational, is that if you don't have a completely "normal" application, you can modify SPIKE Proxy in a few seconds to support whatever weird syntax you use. And by sending me patches and making SPIKE Proxy better (keep in mind this is the second python script I ever wrote) you help the whole community.
-
As opposed to...Bugs that just plain arn't fixed and have no announcement from Microsoft and yet are almost a month old, such as the SQL Server 2000 remote root :
This vulnerability, a stack overflow in the initial packet to TCP/1433 allows an attacker access to the target system as LOCAL/SYSTEM ("root").
-
Not to mention remote root on SQL ServerRunning a fully patched SQL Server or Exchange 2000 (a full time job in itself), check out: http://www.immunitysec.com/vulnerabilities/
-dave