TCP/IP Security Assessment, FreeBSD Telnet 0-Day, RainbowCrack 1.3, Nokia N95 DoS, Bounty for Worm Author
TCP/IP Security Assessment
The United Kingdom’s Centre for the Protection of National Infrastructure has just released the document “Security Assessment of the Transmission Control Protocol (TCP)”.
I find the document title a little ambiguous, as a security assessment generally refers to active research where from my brief overview, is in fact more of a whitepaper giving an excellent overview of existing and well-known TCP/IP vulnerabilities (i.e. SYN flooding, Weak sequence numbers, port scanning techniques and more). It must be one of the best TCP/IP security overview whitepapers I’ve seen. Worth a read. Very nice work.
FreeBSD Telnet 0-Day
Kingcope Kingcope released a zero-day telnetd vulnerability, affecting FreeBSD 7.x. Telnetd allows environment variables to get passed to a remote session. FreeBSD made some recent changes which allowed Kingcope to set malicious environment variables using dynamic linker files (LD_PRELOAD). Interesting seeing Telnet in the news again after the 2007, Solaris 10 Telnet exploit (telnet -froot host). FreeBSD have made a fix available.
RainbowCrack 1.3 Released
RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. In short, the RainbowCrack software is a hash cracker that use time-memory tradeoff algorithm.
RainbowCrack 1.3 has been formally released. It has some nice features including multicore processor support, improved hash algorithm and overlapped computation and harddisk read.
Nokia N95 DoS
jplopezy released a proof of concept exploit that supposedly crashes the Nokia N95. The vulnerability uses JavaScript’s setAttributeNode function, which is part of JavaScript’s XML DOM suite of functions. The PoC looks like this:
script
r=document.getElementById('c');
a=r.setAttributeNode();
/script
$250,000 reward for Microsoft Worm Writer
A bounty has been set by Microsoft for information leading to the arrest of the Conficker worm author.
Conficker, also known as Downadup and Kido, has surprised many security experts with its success in propagating across the Internet. First discovered in November 2008, the worm has infected at least 11.4 million computer systems, according to a census of compromised Internet addresses carried out by SRI International.
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Damn it! The N95 is vulnerable? You know I’ve got one! Don’t you even think of trying to pwn me. That wouldn’t be pwntry, would i?! ;)