Recently in Hacks Category

The SANS Internet Storm Center diary has an entry a telnet authentication bypass vulnerability in Solaris 10 and 11. They don't mention any useful details, but if you're the type who prefers to see for yourself, you might check out a place that likes to fully disclose this type of thing.

I found we only have one Solaris 10 server running telnet. Its one of the Unix administrator's desktops. You can only access root from the console, but I was able to get in using the 'adm' account. Good times, good times.

I hear that a government agency (which I wont name) is blocking all email file attachments with a .doc extension as a result of the announced zero day attack. The email that I saw adviced employees to stick to TXT files and PDF files.

Every company has its own level of risk aversion but I think this is kind of ridiculous. Word documents are essential to business. I've asked before in this blog, you people with untrustworthy antivirus who block by file type what are you going to do when viruses come in flavors other than easily blockable things like EXE and PIF. Well, we found soon that viruses come in image files. Viruses come in office files. I guess the answer for this agency will eventually be to enforce text only email.

The Federal agency will be blocking .doc files until a fix is available or they feel the threat level has changed. I did hear that renaming the extension before mailing does circumvent this filter. So they aren't blocking using the file header, only by extension. If someone were truely targeting them specifically, and currently this attack is only used against one or two companies, the attacker might know enough to rename the file with instructions for the recipient to rename the .cod file back to .doc.

I'm a bit surprised that they are advising that PDF files are an acceptable alternative. Adobe Reader and Professional have all kinds of remote execution vulnerabilities. Adobe recommends that you upgrade to version 8 which was released this week.

Fantasy site Second Life was hacked according to Dark Reading. The second life website doesn't provide any information other than that it was a zero day attack on unnamed web software. More info is available in their blog.

My rainbow tables for alphanumeric plus 32 symbols and a space are not working right with Sam Inside. I'm not sure if the problem is with SAMInside or with the files. My original file source is not available right now, so I cant download a new copy and compare hashes. I feel like my powers have been diminished, like superman with kryptonite.

Six Apart's free support bulletin board for Movable Type has been offline for maintenance since this past weekend. I just saw why on Bugtraq. Looks like there is another SQL injection exploit in Invision Power Board that will grant an attacker admin access. This is a vulnerability in versions prior to 2.1.7. Hopefully they'll get patched and back online soon.

Back in May, I wrote when that forum was exploited and modified to serve up WMF exploits. At that time I let the SANS ISC know about it. So it was pretty funny in June when a Circuit City IPB forum was hacked and it made the tech news. According to MSN search there are still a lot of boards running Invision Power Board 2.1.6. A lot of them are hobby websites that likely learn the hard way about keeping up with security patches.