First of all, congratulations to Jack Daniel, who at the recent RSA conference was named to the security bloggers hall of fame, joining Bruce Schneier and Brian Krebs. And of course, I'll add the self-serving congratulations to the Security Weekly team for winning the security bloggers Best Podcast Award. So congratulations to Paul, Larry, John, Carlos, Jack, Mike the Intern Perez (who does a TON of behind the scenes stuff to make it all work), Allison, all the guests and of course, to all the listeners and those who voted.
Ok, enough of the self-ball washing. On to the stories of the week. First, we get Joe McCray talking about his own home security labs, comparing electric bills and still dropping f-bombs at his "friends". Paul and Larry were pretty well impressed with Nir Goldshlager's explanation of hacking Facebook OAuth and being able to access anyone's profile. If you had this access, whose profile would you go after?
There's an SSHD rootkit in the wild, hitting most RPM based Linux distributions. One issue here is the researchers still aren't sure how attackers are getting in and whether they're using a back door. Paul likens this to a recent site test that we did where a site had been defaced. We tried all kinds of tests, pokes and prods and we couldn't find a single vulnerability that would let someone easily deface it with a minimal amount of work. Until we stumbled across some mass site defacing scripts, reversed engineered them and realized the attackers were simply using a sort of back door. Using a symlink attack on a shared hosting server, attackers can find a single vulnerable site and then simply get server access to the configuration files for all other sites on that box. Here we were trying to find the vulnerability on the front end when it turned out the problem was a back door wide open to the world.
ContentFirst of all, congratulations to Jack Daniel, who at the recent RSA conference was named to the security bloggers hall of fame, joining Bruce Schneier and Brian Krebs. And of course, I'll add the self-serving congratulations to the Security Weekly team for winning the security bloggers Best Podcast Award. So congratulations to Paul, Larry, John, Carlos, Jack, Mike the Intern Perez (who does a TON of behind the scenes stuff to make it all work), Allison, all the guests and of course, to all the listeners and those who voted.
Ok, enough of the self-ball washing. On to the stories of the week. First, we get Joe McCray talking about his own home security labs, comparing electric bills and still dropping f-bombs at his "friends". Paul and Larry were pretty well impressed with Nir Goldshlager's explanation of hacking Facebook OAuth and being able to access anyone's profile. If you had this access, whose profile would you go after?
There's an SSHD rootkit in the wild, hitting most RPM based Linux distributions. One issue here is the researchers still aren't sure how attackers are getting in and whether they're using a back door. Paul likens this to a recent site test that we did where a site had been defaced. We tried all kinds of tests, pokes and prods and we couldn't find a single vulnerability that would let someone easily deface it with a minimal amount of work. Until we stumbled across some mass site defacing scripts, reversed engineered them and realized the attackers were simply using a sort of back door. Using a symlink attack on a shared hosting server, attackers can find a single vulnerable site and then simply get server access to the configuration files for all other sites on that box. Here we were trying to find the vulnerability on the front end when it turned out the problem was a back door wide open to the world.
Drunken Security News – Episode 322
First of all, congratulations to Jack Daniel, who at the recent RSA conference was named to the security bloggers hall of fame, joining Bruce Schneier and Brian Krebs. And of course, I'll add the self-serving congratulations to the Security Weekly team for winning the security bloggers Best Podcast Award. So congratulations to Paul, Larry, John, Carlos, Jack, Mike the Intern Perez (who does a TON of behind the scenes stuff to make it all work), Allison, all the guests and of course, to all the listeners and those who voted.
Ok, enough of the self-ball washing. On to the stories of the week. First, we get Joe McCray talking about his own home security labs, comparing electric bills and still dropping f-bombs at his "friends". Paul and Larry were pretty well impressed with Nir Goldshlager's explanation of hacking Facebook OAuth and being able to access anyone's profile. If you had this access, whose profile would you go after?
There's an SSHD rootkit in the wild, hitting most RPM based Linux distributions. One issue here is the researchers still aren't sure how attackers are getting in and whether they're using a back door. Paul likens this to a recent site test that we did where a site had been defaced. We tried all kinds of tests, pokes and prods and we couldn't find a single vulnerability that would let someone easily deface it with a minimal amount of work. Until we stumbled across some mass site defacing scripts, reversed engineered them and realized the attackers were simply using a sort of back door. Using a symlink attack on a shared hosting server, attackers can find a single vulnerable site and then simply get server access to the configuration files for all other sites on that box. Here we were trying to find the vulnerability on the front end when it turned out the problem was a back door wide open to the world.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news