Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - December 28, 2012

by Carol~ Dec 28, 2012 3:02AM PST
Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

There's nothing like a zero-day to ruin the holiday break, but that's just what may be in store for engineers at Nvidia after a researcher discovered a new vulnerability in the Nvidia Display Driver Service. The flaw could hand over administrator privileges on Windows machines to an attacker.

Peter Winter-Smith, formerly with the NGS Software of the U.K., posted details of the vulnerability and exploit to Pastebin. In it, he explains that the service is vulnerable to a stack buffer overflow that bypasses data execution prevention (DEP) and address space layout randomization (ASLR) running in the Windows operating system since Windows Vista.

"The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability," Winter-Smith wrote on Pastebin. "The buffer overflow occurs as a result of a bad memmove operation."

Continued : https://threatpost.com/en_us/blogs/nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712

Also:
Flaw in Nvidia Driver Allows for Remote Injection of Unwanted Super-User
Researcher Unwraps Dangerous NVIDIA Driver Exploit on Christmas Day

Discussion is locked

7 Posts
- Collapse + Expand Details
- Collapse -
Caching Plugin Poses Serious Security Threat for Large..
by Carol~ Dec 28, 2012 3:12AM PST
.. WordPress Sites

From Bitdefender's "HOTforSecurity" Blog:

A severe bug that allows access to users' password hashes has been discovered in a third-party plugin for the highly popular WordPress content management system. The flaw resides in the W3 Total Cache plugin, an extension that helps high-traffic increase their performance by caching static pages, among others.

According to SecLists poster Jason Donenfield, the W3 Total Cache folder allows directory listings in its default configuration. This allows anyone to take a peek at the the contents of the /wp-content/w3tc folder and look for anything they may find interesting - in this case, cache files that hold usernames and their corresponding hashed passwords.

"Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable. Again, it seems odd that 'deny from all' isn't added to the .htaccess file. Maybe it's documented somewhere that you should secure your directories, or maybe it isn't; I'm not sure," wrote Donenfield.

Continued : http://www.hotforsecurity.com/blog/caching-plugin-poses-serious-security-threat-for-large-wordpress-sites-4920.html

Also:
WordPress W3 Total Cache Misconfiguration Leaves Some Blogs Vulnerable
New WordPress vuln emerges
- Collapse -
Whom Do I Trust? Me, That's Who...
by Carol~ Dec 28, 2012 4:10AM PST

From the FireEye Malware Intelligence Lab Blog:

Malware using digital signatures to dupe endpoints has been on the rise. We saw this tactic pick up momentum with the rise of attacks like Stuxnet, Duqu, and Flame (to name a few). As the problem continues to grow, it affects both enterprises and the companies whose digital signatures are hijacked and used for evil. This is especially a problem when the trusted signer is a well-known organization, increasing the likelihood that files bearing there signature will be trusted. We've all seen the headlines...

It happened with Microsoft. And Adobe. And the list goes on...

Spear phishing email attacks, which remain the leading point of entry for advanced malware in enterprises, are more frequently carrying attachments that are digitally signed. This is bad news for enterprises with heavy reliance on anti-virus or security solutions that trust (whitelist) files entering the network because they are digitally signed. Even in the case of files with invalid digital signatures, the threat can persist because some solutions won't even bother to check if the certificate has been revoked.

We are also seeing more malware that includes clean files that are digitally signed. These can be chunks of code ripped off from other programs or clean auxiliary files belonging to other products or the OS itself, all signed with valid digital signatures.

So now not only are we concerned with malicious files themselves being digitally signed, we also now have to contend with clean digitally signed files being used for evil purposes.

Continued: http://blog.fireeye.com/research/2012/12/who-do-i-trust-me-thats-whom.html

- Collapse -
Video: Flaw in Facebook Allowed Attackers to Record Video of
by Carol~ Dec 28, 2012 4:10AM PST
... User and Post It on the Timeline

XYSEC Labs security researchers Subho Halder and Aditya Gupta have identified a Cross Site Request Forgery (CSRF) vulnerability in Facebook.

To demonstrate how an attacker could exploit this security hole, the experts made a proof-of-concept video. They showed that a cybercriminal could record a video of the targeted user via his/her own webcam and seamlessly post in on their Facebook timeline.

"This is an classic example of a Cross Site Request Forgery(CSRF/XSRF), a kind of security attacks in which the actual source from which the request is being made, is not being properly verified. So, in our case, Facebook wasn't able to judge whether an attacker is making the request of posting the video as a status, or it was Facebook itself," Gupta told Softpedia.

He explained that for this type of attack to work, the victims need to be logged in to their accounts.

Posting a video recorded with the user's webcam is just one example, which requires some degree of interaction from the victim, but the CSRF vulnerability could be leveraged in other ways as well.

"There could be other attack vectors as well using this vulnerability, in which a video (from other source, not the webcam) could be posted to his timeline, without any kind of user interaction," the expert noted.

Continued: http://news.softpedia.com/news/Flaw-in-Facebook-Allowed-Attackers-to-Record-Video-of-User-and-Post-It-on-the-Timeline-Video-317462.shtml
- Collapse -
Spammers Using Fake YouTube Notifications to Peddle Drugs
by Carol~ Dec 28, 2012 4:10AM PST

Spammers are attempting to deceive unsuspecting users into clicking on fake YouTube links that lead to a counterfeit drug website, according to a report yesterday from security firm Webroot.

Dancho Danchev writes that pharmaceutical scammers are circulating emails that mimic legitimate Youtube notifications. The emails claim someone from Youtube Support has sent the user a personal message, yet once the user clicks on a link in the email, they are redirected to a dubious looking drug website, Canadian Family Pharmacy.

Danchev goes on to write that while the site was being analyzed, it had a hard time staying online and in turn, seemingly stopped any potential victims from being tricked into purchasing fake drugs.

Continued : https://threatpost.com/en_us/blogs/spammers-using-fake-youtube-notifications-peddle-drugs-122612

- Collapse -
Backdoor Disguised as Java Server Page Targets Web-hosting..
by Carol~ Dec 28, 2012 4:10AM PST
.. Servers

From TrendLabs Security Intelligence Blog:

Malware like BKDR_JAVAWAR.JG prove that web servers are viable targets by cybercriminals as they store crucial data and can easily be used to infect other systems once unwitting users visit those affected websites.

We recently spotted a Java Server page that performs backdoor routines and gains control over vulnerable server. Trend Micro detects this as BKDR_JAVAWAR.JG. This malware may arrive as either a file downloaded from certain malicious sites or as a file dropped by other malware.

For this attack to be successful, the targeted system must be a Java Servlet container (such as Apache Tomcat) or a Java-based HTTP server. Another possible attack scenario is when an attacker checks for websites powered by Apache Tomcat then attempts to access the Tomcat Web Application Manager.

Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) files packaged with the backdoor to the server. The backdoor will be automatically added in the accessible Java Server pages. To execute its routine, the attacker can access the Java Server page using the following:

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-disguised-as-java-server-page-targets-web-hosting-servers/
- Collapse -
The 5 Coolest Hacks Of 2012
by Carol~ Dec 28, 2012 4:11AM PST

Nothing was sacred -- the nation's airspace, home power meters, video conferences, and, in an ironic twist, popular cybercrime tools

It's common knowledge nowadays that pretty much any device with a network interface -- or a USB port -- is hackable. As soon as a new technology or gadget arrives, some inquisitive security researcher starts to hammer away at it in a race to find flaws in it before the bad guys do. This year was no exception.

There are hacks, and then there are cool hacks. For the sixth year in a row, Dark Reading has selected the most creative, unique, and memorable hacks of the year that captured our attention and, in some cases, scared the heck out of us.

They spoofed airplanes via weaknesses in a new FAA air traffic system, peered into the infrared port on a home smart meter, broke into a videoconference, and even turned the tables on the bad guys, poking holes in popular cybercrime tools and fooled and exposed fake antivirus scammers who unknowingly dialed the wrong number (a white hat hacker's).

So kick back with a cup of holiday cheer and join us for a nostalgic look back at some of the most extreme hacks of 2012.

Continued : http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240145249/the-5-coolest-hacks-of-2012.html

- Collapse -
Drones, phones and other 2012 privacy threats
by Carol~ Dec 28, 2012 4:11AM PST

New law enforcement and marketing tools and technologies keep privacy advocates on their toes

Verizon's attempt -- unsuccessful so far -- to secure a patent for a so-called 'snooping technology,' which in this case would let television advertisers target individual viewers based on what they're doing or saying in front of their sets, capped another challenging year for privacy advocates.

Verizon's snooping technology and TV ads

The Verizon technology, which includes a sensor/camera housed in a set-top box, would determine the activities of individual viewers -- eating, playing, cuddling, laughing, singing, fighting or gesturing -- and then trigger personal advertisements based on the activities.

Overall, the technology would serve targeted ads based on what the user is doing, who the user is, his or her surroundings, and any other suitable personal information, according to Verizon.

The U.S. Patent Office delivered a non-final" rejection of Verizon's application in November.

But analysts say that because engineers are already working on such technology, it's a cinch that some kind of similar technology will be included in TV set-top boxes in the not too distant future.

Continued : http://www.networkworld.com/news/2012/122812-drones-phones-and-other-2012-265403.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info