Made any new friends lately?
Earlier this week, we were testing the security aspects of an application that integrates with LinkedIn. Given that I do not own a LinkedIn account, I had to create one temporarily, to be able to test. I used a throw-away email address, and did not add any personal data, but I happened to connect to LinkedIn from the business where we were performing the work.
When I connected back, two days later, from home, to delete the temporary account, I was surprised that LinkedIn suggested "people you could know". And lo and behold, I actually knew some of them. They were employees of the company where we had conducted the test.
The only conceivable link, as far as we could determine, is the IP address. Those other users, company employees, might have logged in to LinkedIn before from at work, and this seems to be a data point that LinkedIn remembers, and uses, in determining "connections" between members.
Nothing much wrong with that - LinkedIn is mostly transparent in their declaration of what data mining they do, the privacy policy clearly states "We collect information from the devices and networks that you use to access LinkedIn. This information helps us improve and secure our Services". Of course the IP address is a data point that is visible to them, and it makes $$$ sense to store and use it. But, call me naïve, seeing it used so blatantly still caught me by surprise.
Lesson learned: If you create a LinkedIn account, don't do so from the public WiFi at the pub or brothel or bank branch that you frequent -- you might end up with friend suggestions that link you to unsavory characters ;).
Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
The latest release of Metasploit released today includes a module to ease exploitation of CVE-2014-0195. This vulnerability in the DTLS implementation of OpenSSL was patch last week and didn't get the attention the MitM vulnerability got that was patched at the same time. It is absolutely critical that you patch and/or firewall your DTLS services. This is complicated buy the fact that many of them are part of embeded devices like routers and switches (SNMPv3) or VoIP systems. Your web servers are NOT affected by this.
The Metasploit module in its current form does NOT allow for code execution, but instead will just crash the service. The vulnerablity could however be used to execute code on the target device.
Here again a quick rundown of possibly affected protocols:
SNMPv3 (161/UDP), LDAP over SSL (636/UDP), DTLS-SRP (VoIP, WebRTC, various ports), OpenVPN (1194/UDP)
DTLS uses UDP over various ports. Some of the protocols listed above, e.g. DTLS-SRP, use various ports that are negotiated between the endpoints dynamically. DTLS can also use port 4433 for some applications.
[1] http://www.rapid7.com/db/modules/auxiliary/dos/ssl/dtls_fragment_overflow
BIND Security Update for CVE-2014-3859
BIND has released a security update (CVE-2014-3859) for versions 9.10.0-p2, 9.9.5-p1, 9.8.7-p1. The update is available for download here.
[1] https://kb.isc.org/article/AA-01166/74/CVE-2014-3859%3A-BIND-named-can-crash-due-to-a-defect-in-EDNS-printing-processing.html
[2] http://www.isc.org/downloads/
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago