Infosec Weekly Round-up April 23 – 29 , 2012
Nissan security team detected a malware attack against their facilities
“We have detected an intrusion into our company’s global information systems network. On April 13, 2012, our information security team confirmed the presence of a computer virus on our network and immediately took aggressive actions to protect the company’s systems and data. This included actions to protect information related to customers, employees and other partners worldwide. “
CERT Linux Triage Tools 1.0 Released
New tool have been released by the CERT/CC over this week and aims to classify vulnerabilities on Linux applications.
“As part of the vulnerability discovery work at CERT, we have developed a GNU Debugger (GDB) extension called “exploitable” that classifies Linux application bugs by severity. Version 1.0 of the extension is available for public download here. This blog post contains an overview of the extension and how it works.”
WordPress BruteForce Script
This is a script that you can use for conducting a bruteforce attack on wordpress CMS websites
“What I am about to describe is not a new thing, but I wanted to create this simple script, to show how easily it is possible to violate famous as a cms wordpress, unfortunately like most of you know wordpress has some minor problems related to the security module login.”
Yet another Hotmail Aol and Yahoo 0day
Several vulnerabilities that affect popular email website and allow attacker to recover users login and passwords.
“Yesterday we reported a 0-Day Vulnerability in Hotmail, which allowed hackers to reset account passwords and lock out the account’s real owners. Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the browser in real time and then modify the data.When they hit a password reset on a given email account they could fiddle the requests and input in a reset they chose.”
Skype Revealing Remote and Local IP Address
New way published to get Skype client IP address, which can be critical information that can be used for attacking systems remotely.
“If you are a user of the messaging software Skype, you know that you can see the location of your contacts in the Skype interface. What you probably do not know is that there is currently a way to display a Skype user’s remote and local IP address as well.”