Ruby 1.8.6 (Webrick Httpd 1.3.1) is vulnerable to a directory traversal flaw. The Ruby on Rails web server, Webrick Httpd 1.3.1, is vulnerable to directory traversal on systems that accept the backslash as a path separator and on case insensitive systems. Patches for the 1.8 and 1.9 code branches are available.
As a follow up to yesterday’s post about the Windows management tool, several people have asked me about what Windows tools I use most often. I, like many technical folks, carry a simple USB key in my pocket and it is packed with the core critical tools I use whenever I run into a support-type issue.
This led me to ask – what’s on your key?
Mine has some pretty interesting stuff. Here is a sample of the contents focused on Windows tools.
I keep an installs directory with some of the basic tools that I need, like to use and would want people to use. It has stuff like:
Cain and Able – you never know when you may need to recover or crack a basic password
Comodo Firewall – I try to never leave a home system without a firewall installed and configured, this one is free, easy to manage and with a quick 5 minute lesson – even basic Windows users can keep it going safely…
Filezilla – a pretty great Win32 FTP GUI
FoxitReader – a quick replacement for the bloated Adobe PDF reader
Genius – an old swiss army knife tool for Win32 that has a ton of Internet and network clients, plus some basic power tools for users
and of course the ubiquitous FireFox, WinZip, freeware Anti-virus and SpyBot Search & Destroy installers!
I also keep some basic tools for troubleshooting, security and analysis:
BinText – a GUI “strings” for Win32
Filealyze – a file analyzer, great for looking at unknown pieces of software and doing potential malware analysis on the fly
FPipe – Foundstone’s port redirector
Scanline – a quick and dirty command line port scanner for Win32 from Foundstone
Various Windows resource kit elements – kill, netdom, sysinternals tools, shutdown, etc.
Of course, netcat, the do it all with sockets tool 😉
winvi – easy to use text editor
whosip and whoiscl – two whois emulators for Windows
a tools simply called Startup – a really easy to use GUI for managing what is starting up each time the system starts and the various users login
Those are really the essentials… I carry a bunch of normal stuff around too, but the basics are here for those quick fix scenarios that invariably start with something like “My computer is acting kinda funny ever since I …”
So, I have shown you some of mine. Now you do the same, let us know what’s on your key that you carry in your own pocket. Use the comment system to tell us all about your own set of indispensable tools!
Checkpoint VPN-1 UTM Edge is vulnerable to cross site scripting. This particular XSS vulnerability allows for reflective cross site scripting pre authentication. This could allow attackers to embed the login form in an html form for deceptive and malicious purposes. The latest firmware version, 7.5.48, reportedly does not contain this vulnerability.
There are multiple vulnerabilities in Java. This includes Java Web Start, the JRE and SDK. These vulnerabilities could lead to a Denial of Service or system compromise. All of the more recent versions of Java are vulnerable, so if you haven’t updated your Java install in a few weeks, now would be the time to do so.
Lighttpd, a popular light open source web server, is vulnerable to CGI source exposure and potential denial of service. Version 1.4.18-r2 is affected and a newer version is available.
A few days ago I stumbled onto a pretty decent Windows maintenance tool I wanted to share. It is called Advanced WindowsCare Personal and is available from snapfiles.com here.
Overall, this is a pretty great tool. It is very easy to use and does a lot of tuning and preventative maintenance for Windows systems – especially home and end-user systems that might not have a corporate IT person to take care of them. It does a good bit of clean up around the system, helps to protect it against spyware and some malware. While not a full anti-malware solution, it does make some basic registry changes to help prevent installation of the most common spyware and other bad stuff.
It did a very nice job of helping me tune a Windows system that I was messing with and in running basic management functions and maintenance tasks. I am not sure I would upgrade to the “Pro” version, but for a free utility, this one is pretty good.
If you still have Windows systems to manage, especially for family members and the like, this may be worth the time to install for them and spend 15 minutes teaching them to use it. Likely, they can repair most of their own problems using the tool, instead of calling you over to Aunt Millie’s for tech support. 😉
The day for the Ohio primary is here. With a ton of media attention focused on our state, a new voting process in place and the removal of the touch-screen systems our primary is certain to have its ups and downs today.
When we reviewed the security of the Ohio voting system, we did find some serious issues. However, the optical scanning systems from our review were less prone to problems under normal voting use than the touch screens. Therefore, we agree that the optical scanners are a more secure choice, especially in the way that our Secretary of State has outlined their use.
Voters in Ohio today should expect some lines and a small amount of confusion and hype. But, careful review of your ballot, care marking of your selections and following the published procedures should make the process easy, reliable and interesting. Our only words of caution are to ask for another ballot if you make a mistake and refrain from marking anywhere except in the square of your chosen candidate. Again, take a few moments and review the ballot before you turn it in.
The Secretary of State has taken great measures to ensure oversight and accountability for all votes and voters around our state. The various boards of election and other officials have also taken great steps toward improving the security of the process. They are all to be commended for achieving the progress we have made thus far, in such a short amount of time.
While there is still quite a bit of work to be done around electronic voting and elections security; today is a good day to look at the work we have done so far. Together, citizens, politicians and government can work to find a useful, reliable and secure way to continue the wonderful democracy that we, as Americans, enjoy.
Do your part. Vote. Stay engaged in the debate about electronic voting and don’t be afraid to let others know what you think…
Previously undetected botnets have been found to be running under the radar. The largest one has gained the name “MayDay”. MayDay has not infected a lot of systems yet, like Storm has, but has advanced capabilities to evade detection. Notably, it’s able to send HTTP traffic through an enterprises proxy. The bot also uses peer-to-peer technology, through two channels, to stay in contact. The bot appears to be using both TCP and ICMP for data transmission.Even though this bot isn’t a large threat yet, it shows that bot development isn’t going to stop any time soon. Bot writers are getting smarter and more clever, while detection and analysis techniques are lagging behind.
Over the weekend, we saw a large increase in HoneyPoint captures of HTTP fingerprinting scans using the “Options *” technique. Even more interesting was that nearly all of these scans originated in Europe. The scans were all originated from Linux boxes and simple port probes show all of the boxes to be running OpenSSH 4.3 (some with p2). Other ports show no consistency on the originating systems.
Clearly, it could be a coincidence, but for multiple hosts to show only that correlating port, it could also be a specific exploit for OpenSSH 2.4. Additional research shows a few known issues with this version of OpenSSH. Perhaps a new bot-net is being launched by leveraging this vulnerability?
We are deploying additional SSH HoneyPoints to try and capture more data about possible exploitation of systems meeting these implementations.
Editor’s Note: The current version is OpenSSH 4.7/4.7p1 – so if you are using older versions (including 4.2/4.3) you should upgrade as soon as possible to the current revision.
Post revised to update for identified existing OpenSSH issues.Â
This morning I was checking through my usual HoneyPoint deployments and it was a normal day. As usual, the last 24 hours brought a large number of web application bug scans from hosts in China. They are the normal PHP discovery probes, some basic malware dropper probes against known web vulnerabilities and a ton of web server fingerprinting probes from various Chinese hosts.
China has now surpassed the US as the source of most global probes and attacks, a least according to Arbor. Check out the China profile here.
One of my close friends, JK, claims that there is a massive initiative underway in China to map the Internet on a global scale and to have a fairly up to date global vulnerability matrix for the world’s systems. While this could be true, and is certainly possible, with a large enough set of bot-infected hosts that dropped data back to a centralized database, it is an interesting thought.
For sure, these probes and scans exist on a global basis. Our international HoneyPoints pick up much of the same Chinese traffic as our US ones. Perhaps a quick check of some of your logs will show the same. Much discussion of pro-active blocks against Chinese address space is underway in several organizations. Perhaps this is something we should all think about?
The pdf of the slides and the audio from yesterday’s presentation on Hardware Security Testing is now available.
You can get the files from this page on the main MicroSolved site.
Thanks to the many who attended and who sent me the great feedback this morning. I am really glad everyone liked the content so much!
Check out the next virtual event scheduled for March 25th at 4 PM Eastern. The topic will be 3 Application Security “Must-Do’s”.
Here is the abstract:
This presentation will cover three specific examples of application security best practices. Developers, security team members and technical management will discover how these three key processes will help them mitigate, manage and eliminate risks at the application layer. The presenter will cover the importance of application security, detail the three key components to success and provide strategic insight into how organizations can maximize their application security while minimizing the resources required.
We look forward to your attendance. Email info@microsolved.com to sign up!
Vulnerabilities have been discovered in AIX’s X server and inet_network libc library that can lead to a number of threats. These include the execution of arbitrary code in a root context, Denial of Service, or exposure of sensitive data. The original IBM advisories are located at: