Privacy, Security Archive

Cambridge Researcher Breaks Open/NetBSD Systrace

Submitted by Joe User 2007-08-09 Privacy, Security 12 Comments

University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release.

Vista Vulnerability Report ‘Debunked’

Submitted by shykid 2007-06-29 Privacy, Security 40 Comments

On Full Disclosure, there's a negative analysis of Jeff Jones' six-month vulnerability report. "Conclusions that are drawn are built on a lack of understanding by the Microsoft researcher. I highly encourage him to go back and take another look, and pare down the results to essential information that is absolutely critical to the conclusions, rather than just 'Other OS's have more bugs, see, look at my graphs'."

Windows Vista: 6 Month Vulnerability Report

Submitted by anonymous 2007-06-25 Privacy, Security 48 Comments

"I was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista - 90 Day Vulnerability Report. It was about the earliest span of time I thought might give us some indicators, and the indicators did look good. Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain."

RSBAC 1.3 Series Released

Submitted by jillyjilly 2007-06-06 Privacy, Security 2 Comments

RSBAC, a European security solution similar to SELinux, has released the latest stable 1.3 series. The new 1.3 release incorporates file descriptor caching, bringing the level of performance on par with other solutions. Their servers are also running mod_rsbac, an Apache module replacing SuExec without loss of performance due to forking, and with a higher level of privilege separation.

Insecure Passwords on Gaim/Pidgin

Eugenia Loli 2007-05-23 Privacy, Security 106 Comments

Today, while I was trying to create a SIP Presence account for VoIPBuster, Pidgin kept crashing. I had to find its settings in my personal folder in order to manually edit the accounts.xml file and remove the entry (so Pidgin could start up again normally instead of keep crashing on load). When I opened the accounts.xml file with a plain text editor, all the passwords of all my accounts were listed out in the open in plain text. This is not a new issue, it was discussed many times before, but it can still be a surprise for most users.

Contest Winner: Vista More Secure than Mac OS X

Eugenia Loli 2007-05-01 Privacy, Security 120 Comments

Dino Dai Zovi, the New York-based security researcher who took home USD b10000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week's worth of controversy about the security of Apple's operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system - Windows Vista or Mac OS X - is the sturdiest when it comes to security.

Lessons Learned From the Animated Cursor Security Bug

Submitted by jayson.knight 2007-04-29 Privacy, Security 17 Comments

"A core tenet of the SDL is to take and incorporate lessons learned when we issue a security update, and there is a great deal to learn from the recent animated cursor bug, MS07-017, so I want to spend a few minutes to go over some of the things we have learned from this bug."

Microsoft: All OSes Should Use Vista’s UAC Security

Submitted by applesource 2007-04-28 Privacy, Security 132 Comments

Microsoft Australia has defended the company's User Account Control (UAC) system as being "misunderstood" and said it should be the type of technology that all operating systems aspire towards.

Put Your OpenSSH Server in SSHjail

Submitted by FreeRhino 2007-04-25 Privacy, Security 9 Comments

"Jailing is a mechanism to virtually change a system's root directory. By employing this method, administrators can isolate services so that they cannot access the real filesystem structure. You should run unsecured and sensitive network services in a chroot jail, because if a hacker can break into a vulnerable service he could exploit your whole system. If a service is jailed, the intruder will be able to see only what you want him to see - that is, nothing useful. Some of the most frequent targets of attack, which therefore should be jailed, are BIND, Apache, FTP, and SSH. SSHjail is a patch for the OpenSSH daemon. It modifies two OpenSSH files (session.c and version.h) and allows you to jail your SSH service without any need for SSH reconfiguration."

2006 Operating System Vulnerability Summary

Submitted by Robert Escue 2007-03-30 Privacy, Security 17 Comments

In this article, Matthew uses nmap and nessus against actual installs of various operating systems as part of his research. A variety of operating sytems were tested including Windows XP, Server 2003, Vista Ultimate, MacOS, FreeBSD, Solaris, Fedora Core, and Slackware. "As far as 'straight-out-of-box' conditions go, both Windows and OS X are ripe with remotely accessible vulnerabilities. Even before enabling the servers, Windows based machines contain numerous exploitable holes allowing attackers to not only access the system but also execute arbitrary code. Both OS X and Windows were susceptible to additional vulnerabilities after enabling the built-in services. Once patched, however, both companies support a product that is secure, at least from the outside. The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each system generally maintained its integrity against remote attacks."

SELinux and Solaris Trusted Extensions

Submitted by diegocg 2007-03-29 Privacy, Security 7 Comments

OSNews reported recently about an article from Sun comparing the Solaris 10 security extensions to RHEL 5's SELinux implementation. James Morris, a SELinux developer, talks about that article. He also links to another article about the same topic.

Surprise, Microsoft Listed as Most Secure OS

Submitted by brewin 2007-03-22 Privacy, Security 109 Comments

Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors. The information was a part of Symantec's 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.

Monthly OS Security Score Card: Another View

Submitted by vicious1 2007-03-19 Privacy, Security 43 Comments

"In response to Jeff Jones' Monthly Security Scorecard I did some research on Secunia and made some statistics to answer his. Jeff's Scorecard is quite minimal in my opinion and as pointed out by some of the comments, is missing some interesting facts. These facts include the outstanding advisories, for example, and of course the amont of software installed. Since Linux installs a lot more software the numbers are a bit skewed; however, even if I only take the numbers from Secunia with regard to advisories, vulnerabilites fixed, etc., things still look quite different then on Jeff's charts."

Operating System Vulnerability Scorecard

Submitted by Shawna McAlearney 2007-03-16 Privacy, Security 52 Comments

"Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.

IE, Firefox Share Vulnerability

Submitted by flanque 2007-02-27 Privacy, Security 21 Comments

Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. In this regard, the vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 but also Firefox 1.5.0.9. Microsoft has stressed the fact that IE7 on Windows Vista is not affected in any manner.

Linux vs. Vista: How Does Security Stack Up?

Submitted by hamster 2007-02-16 Privacy, Security 86 Comments

For consumers looking to boost their computers' security, is Vista the way to go? Or can Linux provide greater protection from hacker attacks? In the face of viruses, worms or other breaches, the answer is obvious. "We don't need a survey or study to determine the answer. The answer is universal with those that actually manage these systems," said John Cherry of the OSDL Desktop Linux Working Group.

Vista: Significant Security Improvement?

Submitted by anonymous 2007-02-15 Privacy, Security 6 Comments

In the new issue of the free (IN)SECURE Magazine read an article on Vista's security features, an interview with Ed Gibson (the Chief Security Advisor for Microsoft UK), a look at the new format and new protection/security policy in Office 2007, and an interview with Joanna Rutkowska, the security researcher in the news lately for discussing the 'very severe hole' in the design of UAC.

OpenSSL Gets Hard-Fought Revalidation

Submitted by Dolores Parker 2007-02-09 Privacy, Security 8 Comments

"After a long and arduous journey that included a suspended validation last year, the Open Source Software Institute has announced that OpenSSL has regained its FIPS 140-2 validation and is now available for download. The validation process, which normally lasts a few months, took an astounding five years to complete, and those involved with the projects say they are already devising ways to avoid such long delays in future validations."

LinuxBIOS Creator: EFI Is a Security Threat

Submitted by Floris Lambrechts 2007-02-08 Privacy, Security 35 Comments

More than one million devices have already shipped with LinuxBIOS, and the growth is continuing. In his interview for the upcoming FOSDEM 2007 conference, LinuxBIOS creator Ronald Minnich talks about vendor support, the One Laptop Per Child BIOS, and his reluctance towards EFI.

Thoughts on PatchGuard

Submitted by PlatformAgnostic 2007-01-30 Privacy, Security 7 Comments

Ken Johnson, a Windows kernel mode and debugging guru, analyzes the Windows x64 Kernel Patch prevention system on his blog. From his perspective, PatchGuard is neither a security scheme nor a DRM measure due to the limited scope of the structures it protects. Instead, it is a tool to prevent vendors from destroying system security and stability. Johnson also forecasts a hypervisor-based PatchGuard mechanism for future revisions to this technology. Check out other posts on Nynaeve for a wealth of technical details on Windows mechanisms of interest to reverse-engineers.