Archiwa tagu: security

Metoda gumowej kaczuszki

Metoda gumowej kaczuszki[1][2] – nieformalny sposób debugowania kodu. Metoda polega na tym, że programista, próbując znaleźć błędy w kodzie (inspekcja kodu), trzyma w pobliżu gumową kaczuszkę lub inny przedmiot nieożywiony. Linia po linii, programista tłumaczy kaczuszce lub innemu obiektowi przewidywane funkcje każdego segmentu kodu – podczas sprawdzania powinny wyjść na jaw błędy stworzonej aplikacji.

Metoda jest wersją metody „myślenia na głos”[3], procedury uznanej za skuteczny sposób na przyspieszenie rozwiązywania problemów.”

https://pl.wikipedia.org/wiki/Metoda_gumowej_kaczuszki

Zdalne wykonanie kodu na sekwencerach DNA…

… jako medium wykorzystano odpowiednio zsyntetyzowany kod DNA…

Warty uwagi artykuł naukowców  z University of Washington:

Abstract: “The rapid improvement in DNA sequencing has sparked a big data revolution in genomic sciences, which has in turn led to a proliferation of bioinformatics tools. To date, these tools have encountered little adversarial pressure. This paper evaluates the robustness of such tools if (or when) adversarial attacks manifest. We demonstrate, for the first time, the synthesis of DNA which — when sequenced and processed— gives an attacker arbitrary remote code execution. To study the feasibility of creating and synthesizing a DNA-based exploit, we performed our attack on a modified downstream sequencing utility with a deliberately introduced
vulnerability. After sequencing, we observed information leakage in our data due to sample bleeding. While this phenomena is known to the sequencing community, we provide the first discussion of how this leakage channel could be used adversarially to inject data or reveal sensitive information. We then evaluate the general security hygiene of common DNA processing programs, and unfortunately, find concrete evidence of poor security practices used throughout the field. Informed by our experiments and results, we develop a broad framework and guidelines to safeguard security and privacy in DNA synthesis, sequencing, and processing.”

Źródło: http://dnasec.cs.washington.edu/dnasec.pdf

Remote Desktop Session Hijacking

Also available in: English English

Nie wiem czym ludzie się tak podniecają… To oczywiste, że SYSTEM może dostać się do pamięci każdego procesu więc czemu takie WoW, że mając już konto SYSTEM można przełączyć się na kontekst innego zalogowanego użytkownika?

Może dlatemu, że użytkownik ten może mieć większe uprawnienia (np Admin Domeny)… Należy jednak pamiętać że:

  1. Aby użyć metody z przełączeniem się na SYSTEM trzeba być Administratorem servera na którym się to konto uzyskuje.
  2. M$ i nie tylko mówią, że należy pracować z najniższymi możliwymi uprawnieniami więc czemu ktoś przy zdrowych zmysłach miałby się logować np z uprawnieniami Enterprise Admin’a na komputer gdzie tych uprawnień nie potrzebuje i który może być skompromitowany? Czytaj: https://technet.microsoft.com/en-us/library/cc700835.aspx  i cytat: “Do not use service administrator accounts for day-to-day administrative tasks, such as account and member server management; instead, use your regular user account.” [..] “Domain Admins credentials are required to perform the following steps:[..]”

 

Ale co to jakto?

  1. znajdujemy komputer na którym mamy Admina i na który zalogował się nieopatrznie Admin domeny. Możemy sobie pomóc poleceniem: query user
  2. zmieniamy uprawnienia na SYSTEM:
    psexec -s \\localhost cmd
  3. listujemy sesje (zapamiętujemy numer naszej sesji i nazwę sesji ofiary), oczywiście lepiej żeby sesja ofiary nie była aktywna ;-P
  4. Przełączamy się na sesje ofiary:
    tscon <numer naszej sesji> /dest:<nazwa sesji ofiary>
  5. Cieszymy się 😉

A dla tych co wolą filmiki oto wersja z YouTube:

Poprawki MS 10/2016

Also available in: English English

ku potomności MS wypuszcza od tej pory ‘update boundle’ … koniec z pojedynczymi poprawkami (?)

Critical and Security Updates
Update for Windows 7 (KB3177467)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3177467)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
October, 2016 Security Only Update for .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3188730)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Only Update for .NET Framework 3.5.1 on Windows 7 SP1 (KB3188730)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security and Quality Rollup for .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3188740)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security and Quality Rollup for .NET Framework 3.5.1 on Windows 7 SP1 (KB3188740)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3185330)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Monthly Quality Rollup for Windows 7 (KB3185330)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Microsoft SharePoint Server 2010 (KB3118377)
A security vulnerability exists in Microsoft SharePoint Server 2010 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Office 2010 (KB3118317) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Word 2010 (KB3118312) 64-Bit Edition
A security vulnerability exists in Microsoft Word 2010 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Silverlight (KB3193713)
This security update to Silverlight includes fixes outlined in KB 3193713. This update is backward compatible with web applications built using previous versions of Silverlight.
Security Update for Microsoft SharePoint Server 2010 (KB3118377) farm-deployment
A security vulnerability exists in Microsoft SharePoint Server 2010 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Lync 2010 X86 (KB3188397)
A security issue has been identified in a Microsoft Lync software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Lync 2010 X64 (KB3188397)
A security issue has been identified in a Microsoft Lync software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Microsoft Office 2010 (KB3118311) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2010 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Web Applications (KB3118384)
A security vulnerability exists in Microsoft Web Applications that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Lync 2010 Attendee – Administrator level installation (KB3188400)
A security issue has been identified in a Microsoft Lync software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Microsoft Office 2010 (KB3118311) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Office 2010 (KB3118317) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2010 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Word 2010 (KB3118312) 32-Bit Edition
A security vulnerability exists in Microsoft Word 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Web Applications (KB3118384) farm-deployment
A security vulnerability exists in Microsoft Web Applications that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
October, 2016 Security Only Quality Update for Windows 7 (KB3192391)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3192391)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Other Updates
Windows Malicious Software Removal Tool – June 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Windows Malicious Software Removal Tool x64 – June 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Update for Windows 7 (KB3063109)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3063109)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Microsoft Silverlight (KB3193713)
Microsoft Silverlight is a Web browser plug-in for Windows and Mac OS X that enables users to experience high quality media and to access rich Internet applications (both in and out of browser) within the browsers’ security model. For video and audio, Silverlight supports various media formats including Windows Media and H.264 up to HD quality. A comprehensive platform for creating rich user experiences, Silverlight includes the .NET framework, is supported by the Visual Studio and Expression tools, and integrates with Microsoft and other internet and server technologies.
Windows Malicious Software Removal Tool x64 – October 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Update for Windows 7 (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Windows Malicious Software Removal Tool – October 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Update for Windows 7 for x64-based Systems (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3181988)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 (KB3181988)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3184143)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 (KB3184143)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Więcej: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/

Windows XP – co począć ?

Myślałem, że już nigdy nie napisze o Windows XP… a jednak… trafiłem na siec gdzie ich jest całkiem sporo i o dziwo trzymają się… (może to zasługa łącznie kilkunastu osób które je ogarnia)…

Tym ktorzy nie przeczytali polecam: https://www.microsoft.com/en-us/WindowsForBusiness/end-of-xp-support

Wiadomo ze nie kazdy moze poleciec do sklepu i kupic kilkadziesiat licencji od razu wiec co robic by jakos przetwac

  1. Ograniczyc uprawnienia osob korzystajacych z Systemów do absolutnego minimum
  2. Uruchomic systemy Firewall na maszynach zarowno dla połaczeń przychodzacych jak i wychodzacych
  3. Przenieść komputery do odzielnej podsieci gdzie ruch bedzie sciśle monitorowany
  4. Zainstalować wszystkie dostepne aktualizacje dla systemu operacyjnego i komponentów
  5. Odinstalować nieużywane komponenty systemu operacyjnego i zbedne oprogramowanie
  6. Ograniczyc lacznosc z Internetem do absolutnego minimum
  7. Uzywac alternatywnej – aktualnej przegladarki
  8. Ograniczyc uzycie i czyscic po kazdym zamknieciu cache przegladarek internetowych
  9. Jesli to mozliwe odlaczyc komputer od sieci.
  10. Zapewnic wysoki poziom ochrony antywirusowej dla urzadzen przenosnych lub rozwazyc ich wylaczenie.
  11. Zweryfikować czy używane mechanizmy backupu zapewniaja odzyskanie systemu i jego aktywacje bez połączenia z serwerami Microsoft
  12. Wdrożyc i skonfigurować  dodatkowe mechanizmy zabezpieczeń jak np  Enhanced Mitigation Experience Toolkit
  13. Zastosować mechanizmy application whitelisting
  14. Wszędzie gdzie to mozliwe użyc polityk domenowych do wprowadzenia ograniczeń
  15. Przeprowadzić dodatkowe szkolenia dla użytkowników tych systemów (jak postępować w przypadku wykrycia wirusa, używanie nośników nieznanego pochodzenia itp)