This week in Infosec - 2008-08-07
From last time…
Still a lot of aftermath from the DNS vulnerability.
This week at Black Hat / Defcon, Dan releases full details… Over 100 slides. Dan discusses some creative ways this vulnerability can be exploited.
A vid of his talk should be available somewhere soon.
Awesome video of infected DNS servers… Look below the embedded video to see the HD version.
Malware
Much chatter about the changing threatscape of spammers. A newish technique in bot creation is using enticing emails/web pages to get people to watch a video.
When the user click the video to start playing, the user is asked to install a player to be able to view the video.
If they install it… Well, you get the idea.
Attack Vectors
XSS, SQL Injection…
Well, beyond what I talked about above, mostly it seems that direct attacks using XSS and SQL Injection are the new low-hanging fruit.
Automated XSS and SQL Injection tools abound.
There’s even Firefox plug-ins that automates testing for XSS and Injection…
Social Network Pwnage
Lots of stories about worms traversing social networking sites. Many using the tactic described in the Malware section above.
The threat here is that the post you see might appear to come from a friend… and hence have a higher trust.
You should not Trust anything on the Internet, especially on a social networking site.
Kaspersky Labs posted a good overview of the vector.
Automatic Updates
Some new info coming out about how most automatic update systems are flawed in that they don’t properly ‘authenticate’ the downloaded update, allowing pwnage.
Reading Room
I’m trying to stay on top of all the hotness coming out of Las Vegas this week.