Category Archives: Technical

General Technical information

A unique ‘fileless’ bot attacks news site visitors

Posted on by

Analysis of the exploit’s JAR file demonstrated that it exploits a Java vulnerability (CVE-2011-3544). Cybercriminals have been exploiting this vulnerability since November in attacks targeting both MacOS and Windows users. Exploits for this vulnerability are currently among the most effective and are included in popular exploit packs.

via A unique ‘fileless’ bot attacks news site visitors – Securelist.

After successfully injecting and launching the malicious code (dll), Java begins to send requests to third-party resources, which look like Google search requests: “search?hl=us&source=hp&q=%s&aq=f&aqi=&aql=&oq=”…

These requests include data on the browsing history taken from the user’s browser, as well as a range of additional technical information about the infected system.

Overview | fogproject.org

Posted on by

FOG is a Linux-based, free and open source computer imaging solution for Windows XP, Vista and 7 that ties together a few open-source tools with a php-based web interface. FOG doesn’t use any boot disks, or CDs; everything is done via TFTP and PXE. Also with fog many drivers are built into the kernel, so you don’t really need to worry about drivers (unless there isn’t a linux kernel driver for it). FOG also supports putting an image that came from a computer with a 80GB partition onto a machine with a 40GB hard drive as long as the data is less than 40GB.

via Overview | fogproject.org.

FOG is centralized. Most of tasks done on FOG don’t require the user to visit the client PC. For example if you imaging a computer all you need to do is start the task. After the task is started WOL will turn the computer on if it is off, PXE will load the OS, DHCP will give it an IP address, FOG will tell the server it is in progess, and PartImage will image your computer. Then when imaging is done FOG will tell PXE not to boot the machine to the fog image and your computer boots up. After the computer is booted, if the FOG service is installed, FOG will change the computer’s hostname and that computer is ready to use!

Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately

Posted on by

Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, Qualys CTO Wolfgang Kandek opined.

via Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately | SecurityWeek.Com.

RDP will always be a vector into a machine if running.  The simplest solution would  be to figure out a way so that you never have to run rdp.

Study Confirms The Government Produces The Buggiest Software

Posted on by

The problem boils down to an oversight in the regulations for government software set by the National Institute of Standards and Technology, says Wysopal. NIST’s rules outline security standards for network security–systems like firewalls and intrusion detection systems–as well as endpoint security like antivirus programs. But only the latest round of its regulations included standards for coding secure applications, and even those didn’t extend to most of the government’s web applications.

via Study Confirms The Government Produces The Buggiest Software – Forbes

“We’re zeroing in on the application layer, but that’s something that’s been pretty much ignored in the government space,” says Wysopal. “They don’t take a risk-based approach. They take a compliance-based approach. If it’s not in the regulations, it doesn’t get done.”

IT staff can now manage iPads, iPhones, iPod touches with Configurator tool

Posted on by

According to Apple’s description of the application, IT staff can create and restore from a backup of preconfigured settings and app data, as well as create and install configuration profiles, among a number of other setup options. Admins can also supervise devices and organize those into custom groups, restrict which computers they can sync with, and add common configurations automatically. Admins can even apply custom text, wallpaper, or pictures to the iOS devices’ lock screens (keep an eye on your snarky IT staff if your work-issued iPhone’s lock screen image mysteriously changes to Nyancat).

via IT staff can now manage iPads, iPhones, iPod touches with Configurator tool.

Facebook Becomes Location Backbone That Lets Apps Import Checkins From Each Other

Posted on by

Facebook has confirmed with me that its new location APIs let any third-party app import and display the checkins as well as location-tagged posts published to Facebook by other apps. This turns Facebook into a location backbone that can power serendipitous meetups and other geo-functionality no matter which apps you and your friends use.

via Facebook Becomes Location Backbone That Lets Apps Import Checkins From Each Other | TechCrunch.

US man convicted for helping thousands steal Internet service

Posted on by

The products included a packet sniffer, called Coax Thief, that intercepted Internet traffic so that the users could obtain the media access control addresses and configuration files of surrounding modems. TCNISO and Harris offered customer support, primarily through forums on the TCNISO website, to assist customers in their cable modem hacking activities, the DOJ said.

via US man convicted for helping thousands steal Internet service – U.S. Department of Justice, Ryan Harris, legal, Lanny Breuer, Internet service providers, internet, Criminal – Software – Techworld.