MAAS History
Archives

Entries by drStrangeP0rk (171)

Monday
Aug032009

Poof of Concept Firmware Keyboard Hack Demostrated at Black Hat

K. Chen gave a talk which demonstrated a proof of concept attack using HIDFirmwareUpdaterTool to insert code into the firmware of Apple keyboards allowing an attacker to record keystrokes. The attack does require physical access to the machine. It is important to remember that all input devices that have firmware can be attacked and it is possible to record information from the device. This is true of wired and wireless devices, a trip to the local Radio Shack and some basic skills a keystroke recorder/interceptor can be constructed. 

The best defense is to restrict physical access to your devices, organizations should control physical access to their offices always. 

Friday
Jul242009

Flash Vulnerability Can be Contained in Web Page, Air Application or PDF File

Adobe Flash Player has a vulnerability which an attacker is able to use a specially crafted Flash (.SWF) content and gain access to a users system. The exploit allows an attacker to execute code and gain that users access privileges. Several sites have been compromised and it is possible to be delivered by a drive by download attack. This affects specifically Flash, it is important to remember that viewing this type of content in a Web Browser or other applications such as Acrobat it is possible that the system can be compromised and Trojan type software can be installed. It is recommended by Adobe to delete the following two files from the Acrobat Reader application from the terminal.

 

  • "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle"
  • "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework"

 

Make sure that you use the quotes to allow for spaces and special characters. Users should also set their Flash Preferences to limit content and control privacy settings. If you are using Firefox for Web Browsing make sure to use the No-Script plug-in.

Another alternative for PDF file viewing is to make sure that Preview.app is the default application for PDF files.

Sunday
Jul192009

Firefox 3.5.1 Update Addresses Tracing Clean Up

The reported crash is triggered by the an escape function at the site http://www.aport.ru/. The combination of tracing optimization and the failure in the processes of "deep bail" clean up is fixed in update3.5.1. After the update users should reset the value of javascript.options.jit.content to true. 

Tuesday
Jul142009

Critical JavaScript Vulnerability in Firefox 3.5

There is a critical vulnerability in the JIT compiler in Firefox 3.5. It is possiable that an attacker by directing a user to a maliciously crafted site will be able to execute code or trigger a uncontrolled system crash. Users should be using NoScript for all web surfing in Firefox. In addition users can disable JavaScript, Run in SafeMode or disable JIT in the JavaScript engine.

  1. In the location bar enter about:config
  2. Filter to jit
  3. Set the value of javascript.options.jit.content to false.

 

Disabling javascript.options.jit.content will slowdown performance and is temporary. Once the fix is released and installed users should set this value back to true. 

Thursday
Jul092009

Safari 4.0.2 Update Addresses WebKit Issues

WebKit when handling parent objects has a vulnerability which can allow for a maliciously crafted site to conduct a XSS attack. The improvement is in the way the WebKit handles parent objects. Simple Class Dump from Safari 4.0.1In addition numeric character references crafted in a malicious way can corrupt memory leading to unexpected application termination and/or arbitrary code execution.