[SecurityRatty] tag: ubuntu

Actns/Swif.T virus found in YouTube videos

Tue, 02 Dec 2008 07:51:00 +0000

TOOLS FOR FLASH ANALYSIS

Breaking news regarding malicious Flash popping up from YouTube is starting to break all over the Internet.
CrunchGear has a bit of a write-up on it.
Rather than sound off about what will become old news quickly, I'd like to point you to resources I use to analyze (or have the analysis done for me, to be more concise) malicious Flash or JavaScript.
I grabbed the evil .swf in question from the URL below via command-line on my trusty Ubuntu box:
wget hxxp://www.youtube.com/v/O7tB1pYSNuE&rel=1
I then fed l.swf to Adops Tools and Wepawet.
The results from each analysis are below for your review.
Note System.security.allowDomain("*").
Not good. ;-)
Adops Tools Results
Wepawet Results
Use in good faith, but always be careful grabbing the evil .swf.

del.icio.us | digg | Submit to Slashdot

Linux vendors patch XML parser

Wed, 19 Nov 2008 21:00:00 +0000

Most of the major Linux vendors have released patches for a pair of bugs in libxml2, an XML C parser and toolkit developed for the Gnome project. Both bugs could be exploited in a denial of service attack against systems that rely on the libxml2 module. Ubuntu, Mandriva, rPath and Debian are all out with patches today to remedy the problem.

Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

Mon, 27 Oct 2008 04:00:00 +0000

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just those issues affecting the commonly installed desktop operating system components.

The key findings for 1H08:

The four vendors fixed a total 585 vulnerabilities in 1H08. 26.8% affected multiple vendors and of those, only 8 were fixed on the same day – the rest had an average 35 day delay between the first available fix and the last available fix..
Microsoft had the lowest average Days of Risk for all vulnerabilities fixed at 24.22 days, with the next closest vendor at 72 days.
For desktop OS vulnerabilities, Windows Vista had the fewest vulnerabilities in 1H08 at 21. The next lowest number was Windows XP SP2 at 26.
Windows Vista customers experienced full or partial mitigation for 46% of the 26 vulnerabilities affecting Windows XP SP2 in 1H08, but also experienced one additional vulnerability in new code.

In addition to these measurements for the vendors and products, the body of the report also provides weighted analysis which provides a lesser consideration for lower severity issues. Please read the full report for details.

Tools circulate that crack Debian, Ubuntu keys

Thu, 15 May 2008 20:00:00 +0000

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday.

Tools circulate that crack Debian, Ubuntu keys

Thu, 15 May 2008 09:00:00 +0000

A vulnerability in widely used Linux distributions can be used by attackers to guess cryptographic keys, possibly leading to the theft of confidential information, security researcher HD Moore said today.

Debian OpenSSL Blunder

Thu, 15 May 2008 05:19:37 +0000

Hats off—once again—to HD Moore of Metasploit fame for exposing a serious weakness introduced into the Debian distribution of OpenSSL in September 2006. As Moore explains it, the problem began when the team addressed a different potential vulnerability having to do with uninitialized data. To fix it, they removed one line of code. Moore shows how this had "...the side effect of crippling the seeding process for the OpenSSL PRNG." (PRNG is pseudo-random number generator.) It removed substantial randomness from the seed for the PRNG, leaving the process ID, which maxes out at 32,768, as the only input. This allowed Moore to pre-generate all the possible 32768 keys and do a brute force attack. The fact that OpenSSL uses 1024 bit or larger keys didn't matter, because the randomness in them had been so greatly diminished. Moore was able to generate all the 1024 bit DSA and 2048 bit RSA keys for an SSH account in a couple hours on 31 2.33GHz Xeon cores and he has published them. The ISC also makes the point that to fix the damage caused by this problem you don't just update your software, you have to recreate certificates, get them signed again, and reencrypt. Other Debian-based distributions, such as Ubuntu, are also affected; in fact, Moore has published all the keys for the Ubuntu root file system. The ISC recommends that you monitor your logs for evidence of brute force password logins.They also point out that web site certificates generated with Debian have a huge problem because the public key is public; in such cases, they don't even have to brute-force you since Moore has done all the work already. Debian has published a tool to detect such weak keys. Engineers at the German company Cynops tested public keys at all the major certificate authorities and found none affected

Q1 2008 - Client OS Vulnerability Scorecard

Wed, 14 May 2008 19:04:00 +0000

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed:

Microsoft Windows Vista
Microsoft Windows XP SP2
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux WS (V. 4)
Ubuntu 6.06 LTS Desktop
Apple Mac OS X 10.5 (Leopard)
Apple Mac OS X 10.4 (Tiger)

For January through March of 2008, Mac OS X users experienced the highest number of vulnerabilities as well as the highest number of High severity vulnerabilities while Windows Vista users experienced the fewest and the fewest High severity vulnerabilities.

Here is the chart breaking down all of the OSes by NVD severity ratings:

Download the attached paper for full details.

Share this post :

Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator

Wed, 09 Apr 2008 21:20:05 +0000

Just a quick notes page to help others that have the same problem I did. By the way, I plan to be at Conglomeration April 18th-20th. While it's not a Hacker/Security con, it's still a fun little Sci-Fi/Fantasy convention with plenty of geeky types running around. Let me know if you're a reader of Irongeek.com and plan to be there.

Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator

Wed, 09 Apr 2008 21:20:05 +0000

Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator

Wed, 09 Apr 2008 21:20:05 +0000