FortiOS Exploit, Linux Kernel Wi-Fi Vulns, Infosec Communities, Secure Coding – ASW #216
Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
Mike Shema
Tech Lead at Block
- 1. Crypto trading platform Mango Markets drained of more than $100 million in flash loan attackAnother cryptocurrency hack that demonstrates how systems can be abused by flaws in their workflows and assumptions -- valid input that's abusing intended functionality with untended consequences.
- 2. FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) – Horizon3.aiAn educational exploit that manipulate HTTP client request headers to bypass authentication. Check out the proof of concept at https://github.com/horizon3ai/CVE-2022-40684
- 3. [oss-security] Various Linux Kernel WLAN security issues (RCE/DOS) foundRCEs in the Linux kernel's Wi-Fi stack. More interesting from the perspective of bug density -- several memory handling flaws within the same area of code.
- 4. Microsoft disputes report on Office 365 Message encryption issue after awarding bug bountyAn example of handling bug bounty reports that touches on threat models and code vs. configuration. Read the researchers' writeup at https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation
- 5. Field Guide to the Various Communities of SecurityInfosec is broad, with many specializations and disciplines.
- 6. ‘We don’t teach developers how to write secure software’ – Linux Foundation’s David A Wheeler on reversing the CVE surge | The Daily SwigContinuing our collection of articles on educating developers on secure coding. Check out the educational resources at https://openssf.org/training/courses/ and the "Developing Secure Software" course at https://training.linuxfoundation.org/training/developing-secure-software-lfd121/
- 7. Flipping the script: when a hacking class gets hacked – Aditya’s BlogHow to create purposefully insecure environments for teaching -- and how to turn unexpected exploitation into more teaching.
- 8. Learning Linux Kernel Exploitation – Part 1 – Midas BlogThe article is a year old, but the content remains educational. Including it as a way to build up references to educational resources within the show notes.
John Kinsella
Senior Engineering Leader at AWS
- 1. squirrel: “Hacking” developers with a cat feeder
- 2. Not the onion: Let’s move to 3FA from 2FA!I sorta get the point, but I'm going to file this under whack-a-mole. Attackers will just tunnel to the authorized machines.
- 3. RedHat supports confidential compute in k8s
- 4. Corey Quinn: Confidential compute is for the tinfoil hat brigade
- 5. New npm timing attack could lead to supply chain attacksThis could be one of the more "interesting" timing attacks
- 6. Does the OWASP top 10 still matter?We know our listeners are fans of OWASP, but that top 10 thing - does it still matter?
- 7. Hyundai/Kia have a new form of security tax…Hyundai finally has a fix out for an issue identified a few months ago with lack of engine mobilizers on some of their vehicles. The fix was announced to cost $170, but dealers are marking that up, and charging labor to install. The result is the fix to a security issue that modern car makers know how to prevent costs about $700
- 8. Fully networked Ford Mustang will be more difficult to hot rodAs more and more tech controls a modern car, auto makers have to go to more effort to harden and protect that technology and connecting networks. This will annoy some - is there a way to find a balance?
- 9. Bug in Siemens PLCs lets attackers steal cryptographic keys