Archive for the ‘News’ Category
Posted in E-Week on August 31st, 2010 by E-Week
VMware announces a new Cloud Application Platform that leverages Spring and the company's new vFabric application services. - VMware has announced its new Cloud Application Platform,
which capitalizes on some of the company's key acquisitions and combines the
Spring Java development framework with VMware's new vFabric application
services.
The announcement comes out of VMware's VMworld conference
in San Francisco, whe...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
With the release of the ServerIron ADX 4000 ASM-4 bundle, Brocade introduces virtualization-optimized application delivery solutions for cost-conscious businesses. - Networking solutions specialist Brocade announced the availability
of application delivery hardware and software solutions specifically
designed for small and midsize businesses. The new extension to
the Brocade ServerIron ADX 4000, an entry-level chassis solution that
provides Layer 4-7 switchi...
Tags: News |
Posted in SANS on August 31st, 2010 by ISC Handler
PHP injection attacks have become increasingly popular lately. If you look at your web server logs Im pretty sure that you will find dozens of requests for PHP injection, usually by bots that are simply trying some well known (and less known) vulnerabilities.
One of our readers, Blake, managed to capture some interesting attempts to exploit various PHP injection vulnerabilities on his web site, thanks to installation of mod_security. Contrary to popular PHP injection attempts, where the attacker tries to exploit a variable to get the PHP interpreter to retrieve a remote PHP script, Blake noticed that the attacker tried to exploit a vulnerability in a PHP script through POST request. The attacker submitted a malicious PHP script (with other data) hoping that the PHP interpreter will execute it this vulnerability also exist, although not that common. Here is what the attack looked like in log files:
POST http://www.hostname.somewhere en-US) AppleWebKit/133.7 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4
Host: www.hostname.somewhere boundary=---------------------------phpsploit
Content-Length: 46266
The POST request contained, besides data needed by the main script, an (of course) obfuscated PHP script that the attacker tried to execute. The deobfuscation part is shown in the picture below where I beautified it a bit and cut the long eval string.
Now, the interesting part is that the script uses the User-Agent field as the deobfuscation key. If you carefully check the User-Agent shown in above you will see that, while it looks legitimate, it in fact isnt the combination of versions is not legitimate.
But thats not all the injected PHP script contains multiple eval() calls of which every one uses a different deobfuscation key. This allows the attacker to test only parts of the script and never reveal its true side unless the attack works the part that I was able to deobfuscate is shown below and it just tries to connect to a well known (public and legitimate) IRC server. Very clever, especially if we know that PHP will nicely eat any garbage that it cant parse so the attacker doesnt have to worry about only one eval() call working.
This attack demonstrated how important it is to use all available protection layers not only Blakes scripts where not vulnerable, but he also ran mod_security which successfully blocked this attack and he was checking his logs, something that a lot of administrators underestimate.
What do your logs look like? If you find similar attacks or something else that looks interesting, let us know through our contact form available here.
--
Bojan
INFIGO IS
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
Tags: News, sans |
Posted in E-Week on August 31st, 2010 by E-Week
An NPD Group report finds the power of social networking sites such as Facebook is impacting online gaming culture--20 percent of social networkers have played a game through a social networking site. - According to Social Network Gaming, the most recent report from the
IT market research company The NPD Group, 20 percent of the U.S.
population ages six and older reported having played a game on a social
network in the past three months. his equates to 56.8 million
U.S. consumers, which the c...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
The ESP 9250 offers the ability to print from Apple iPad, iPhone, or iPod touch devices, as well as an intelligent bar code system for optimizing printer settings. - Printing and imaging expert Eastman Kodak Company announced the
newest addition to its line of All-in-One (AiO) Inkjet Printers, the
ESP 9250, which is designed to deliver professional levels of
performance while maintaining Kodak's low-cost ink system. The printer,
aimed at consumers and SMBs (...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
AMD is phasing out the ATI brand for its graphics products including Radeon and FirePro and instead will place them under the AMD brand. - Advanced Micro Devices, four years after buying graphics chips maker ATI, reportedly is now ready to let go of the brand.
AMD will take the ATI name off its products by the
end of the year, according to news reports. Instead, the company will
put the AMD name on such graphics products as FirePro,...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
IBM has announced the closing of two acquisitions: Sterling Commerce and Storwize. The Sterling Commerce deal was for $1.4 billion; details of the Storwize deal were not disclosed. - IBM has announced the closing of two acquisitions:
Sterling Commerce and Storwize.
On Aug. 27, IBM announced the closing of its $1.4
billion acquisition of Sterling Commerce from AT amp;T. The addition of
Sterling Commerce expands IBM's ability to help clients accelerate their
interactions with...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
RSA Solution for Cloud Security and Compliance is aimed at managing security, risk and regulatory compliance of cloud infrastructures--multitenant or otherwise. - On Day One of VMworld 2010,
EMC's RSA security arm on Aug. 30 introduced a new integrated security
and compliance package designed expressly for multitenant cloud
computing.
RSA Solution for Cloud Security and Compliance is aimed at managing
security, risk and regulatory compliance of cloud
...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
Google launches Gmail Priority Inbox to help users designate some messages as more important than others. Google is joining intelligent inbox startups such as Gist, Xobni and Liaise. - Google joined the raft of startups offering tools to better organize and
prioritize e-mail messages Aug. 30 with Gmail Priority Inbox.
Priority Inbox, a new beta Gmail feature users must opt in to use, lets
users designate some messages as more important than others at a time when
users are buck...
Tags: News |
Posted in E-Week on August 31st, 2010 by E-Week
Apple's iPad will soon face competition from other manufacturers, but it now ships in 24 hours, suggesting production bottlenecks might have eased. - Apple's iPad now ships within 24 hours from the company's online store,
suggesting that the company's production capacity has caught up with consumer
demand for the bestselling device.
That narrowed ship-time extends to both the WiFi-only and 3G-enabled
versions of the tablet, which presents a ...
Tags: News |