China Chip Hack Shines Spotlight on Hardware and Supply-Chain Risk

Recent revelations in the press regarding hardware implants and supply-chain compromise are troubling and should be seen as an opportunity to assess our current threat model and security approach. This recently revealed situation is the hardware analogue to the software supply chain compromises w...

The Facebook Hack Is an Internet-Wide Failure

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse...

When It Comes To IoT Security, Liability Is Muddled

BOSTON—From hacked connected cars to power grids, the implications of IoT security issues seem to be getting graver – yet when it comes to pointing fingers for security troubles, many times victims don’t even know where to start. IoT experts said at the Security of Things Forum today said that a...

26 Million Veterans data breached by eight state sponsored organizations

Since 2010, foreign state sponsored organizations have repeatedly compromised an unencrypted database maintained by the Veterans Affairs Department that contains personally identifiable information on roughly 26 million veterans. Including at least eight foreign-sponsored organizations, mostly...

Nmap NSE 6.01: smb-enum-shares

Attempts to list shares using the 'srvsvc.NetShareEnumAll' MSRPC function and retrieve more information about them using 'srvsvc.NetShareGetInfo'. If access to those functions is denied, a list of common share names are checked. Finding open shares is useful to a penetration tester because there...

Nmap NSE 6.01: smb-server-stats

Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP ports 445 or 139. An administrator account is required to pull these statistics on most versions of Windows, and Vista and above require UAC to be turned down. Some of the numbers returned here don't feel right to me, but...

Nmap NSE net: smb-os-discovery

Attempts to determine the operating system, computer name, domain, and current time over the SMB protocol ports 445 or 139. This is done by starting a session with the anonymous account or with a proper user account, if one is given; it likely doesn't make a difference; in response to a session...

Nmap NSE net: smb-check-vulns

Checks for vulnerabilities: MS08-067, a Windows RPC vulnerability Conficker, an infection by the Conficker worm Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000 SMBv2 exploit CVE-2009-3103, Microsoft Security Advisory 975497 MS06-025, a Windows Ras RPC...

Nmap NSE net: smb-enum-users

Attempts to enumerate the users on a remote Windows system, with as much information as possible, through two different techniques both over MSRPC, which uses port 445 or 139; see 'smb.lua'. The goal of this script is to discover all user accounts that exist on a remote system. This can be helpfu...

Nmap NSE net: smb-flood

Exhausts a remote SMB server's connection limit by by opening as many connections as we can. Most implementations of SMB have a hard global limit of 11 connections for user accounts and 10 connections for anonymous. Once that limit is reached, further connections are denied. This script exploits...

Nmap NSE net: smb-system-info

Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000...

Lessons Learned From the Gawker Hack

Everyone sounded the alarms at the Gawker Media attack, which included a security breach of websites such as Gizmodo, Lifehacker, Kotaku, io9, and others. The numbers were impressive: 1.3 million user accounts exposed, 405 megabytes of source code lost, and perhaps more important to some, the...

CNN iReport: ToorCon Hacker Conference

At the ToorCon San Diego conference, a CNN iReporter talks with security professionals about basic security issues and then see Marty Morrow escape from handcuffs without a key!...

BBC paid 'a few thousand dollars' for botnet

In a statement on Monday, the BBC said that its decision to purchase and use a botnet to espose the malware epidemic had been “in the public interest”. “It was not our intention to break the law,” the BBC told ZDNet UK on Monday. “There is a powerful public interest in demonstrating the ease with...

CVE-2007-5422

Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module BSM in Sun Solaris 10, when configured for auditing of networking nt events, allows local users to cause a denial of service panic via unspecified vectors...

CVE-2007-5422

CVE-2007-5422 affects Sun Solaris 10, specifically the Solaris Auditing feature within the Basic Security Module (BSM). When configured to audit networking (nt) events, a local attacker can trigger a denial-of-service (panic) via unspecified vectors. The available sources describe the affected co...

CVE-2001-1414

The Basic Security Module BSM for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root...

CVE-2004-1358

The patches 1 114332-08 and 2 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module BSM, which allows attackers to avoid having their activity logged...

CVE-2004-2306

Sun Solaris 7 through 9, when Basic Security Module BSM is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the auditwarn script, which might allow attackers to escape detection...

CVE-2004-0654

Unknown vulnerability in the Basic Security Module BSM, when configured to audit either the Administrative ad or the System-Wide Administration as audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service kernel panic...