Bölüm Notları – Bölüm 11

Mac OS X leaking passwords of FileVault users

Users of older Mac OS X versions who upgraded to the current Mac OS X 10.7.3, “Lion” and opted to stick with the older version of the FileVault encryption system, may have a problem. It appears that Apple developers enabled a debug option in 10.7.3 which makes the user’s password appear, in clear text in a log file, whenever the user mounts the encrypted folder. The problem was identified by security expert David I. Emery who reported the issue on a security mailing list.
The problem appears to only affects users who upgraded from Snow Leopard to Lion and did not activate the new FileVault encryption on Lion which switches to encrypting the whole hard disk rather than just the user’s home directory. New users and new installations of Mac OS X Lion are not believed to be exposed to this risk.
The log file that the clear text password is written to is maintained for several weeks and is only accessible by administrators. But the data in the log can be accessed if the system is in FireWire disk mode, working as a hard drive to another computer, or if a user uses the super-user shell from the recovery partition. Emery says that unencrypted Time Machine backups may also contain the unprotected passwords in backed-up log files; however, Time Machine does not backup the log file, secure.log, so it is unclear why Emery suggests this.

iOS 5.1.1 closes iPhone holes
Apple has released an iOS 5.1.1 update which closes four security holes in the iPhone and iPad operating system. Among the flaws is a WebKit problem which could allow a maliciously crafted web site to crash applications or execute arbitrary code to take control of the device.
The memory corruption flaw, discovered by the Google Chrome Security Team, affects iPhone 3GS, iPhone 4 and 4s, third generation and later iPod Touch and the iPad and iPad 2. Another pair of flaws, one of which was used in Google’s Pwnium contest by discoverer Sergey Glazunov, allowed the staging of a cross-site scripting attack. The final flaw was a URL spoofing problem which allowed illegitimate domains to visually appear in the address bar as legitimate sites.

VMware address critical issues in Workstation, Player, ESXi and ESX
VMware has published a security advisory that addresses critical security flaws in the company’s Workstation, Player, Fusion, ESXi and ESX products. There are five flaws detailed in the advisory.

Opera 11.64 closes critical code execution hole
Version 11.64 of the Opera web browser has been released, closing a critical hole that could have been exploited by attackers to inject malicious code into a victim’s system.

Apple closes numerous holes in Mac OS X and Safari
As numerous critical holes are being closed in the update, users should not ignore this dialog
With the 10.7.4 Mac OS X Lion update and security update 2012-002 for 10.6, Apple has closed numerous critical vulnerabilities in Mac OS X and its components. The most prominent fix in this update sees the Apple developers have stopping Lion from storing plain text passwords. Due to a mistake in the previous update, Lion stored the passwords of users who mounted their home/user directory from a network volume (NFS, AFP or SMB) in the system log unencrypted and readable by anyone with admin or physical access.

PHP team makes another attempt to close critical CGI hole
The PHP development team has made another attempt to fix the critical vulnerability in the interaction with CGI. In CGI mode, PHP interprets certain URL parameters as command line parameters. This can, for example, cause affected servers to return the source code of a page if the ?-s character string is attached to the end of a URL (e.g. http://www.h-online.com/?-s). Code can also be executed this way.
The details of the vulnerability were made public when the developers accidentally marked the relevant entry in the bug tracking system as “public”. The vulnerability is being actively exploited for attacks. Originally, the problem was supposed to be fixed in versions 5.3.12 and 5.4.2, which were released last week. However, it was soon found that the updates provided an incomplete solution and that further ways of exploiting the hole appeared to exist. Security experts also say that the rewrite rule that was initially published as a workaround could easily be bypassed.

Teens arrested in connection with attack on UK Police Agency
Two Norwegian teenagers, aged 18 and 19, have been arrested in connection with the distributed denial-of-service (DDoS) attack on the web site for the UK’s Serious Organised Crime Agency (SOCA) earlier this month. According to a report from the BBC, the teens, who have not been named, were charged at the end of last week after a series of attacks on SOCA and other web sites including the Germany Bild newspaper and the Norwegian Lottery.

Version 5 of OpenVAS vulnerability scanning and management tool arrives
The OpenVAS project development team has announced the release of version 5 of its open source vulnerability assessment system. According to its developers, the major update focuses on simplifying daily use of the vulnerability scanning and management tool, and brings 20 new features, including “asset management” which adds a second view of scan results. This allows users to review these results for any selection of IP devices on a network.

Vmware’in sızan kaynak kodları ile ilgili acıklama geldi.


Bitlocker ile sifrelenmis disk bolumlerine Linux ve MAC OS X sistemlerden erismek icin kullanabilecek açık kaynak kodlu bir yazılım duyuruldu.

Library and tools to support the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.

Twitter’ın hacklenerek 55.000 kualnıcısının bilgilerinin sızması ile ilgili olarak Twitter bir açıklama yaptı.

Biz guvenlik uzmanlarina konusacak yeni bir konu cikti.Facebook dosya paylasim ozelligi sunmaya basladi. http://mcaf.ee/5zsqe #in

Users won’t be able to pass along music or .exe files — but infected PDFs and other forms of pirated content are permissible
Facebook’s new file-sharing feature enables members of Facebook Groups to upload and download files as large as 25MB, with only two file-type restrictions: no music files (such as MP3s) and no executables (files ending with “.exe”).

1999’dan bu yana 50000’inci CVE yayınlanmış.

The CVE Web site now contains 50,062 unique information security issues with publicly known names. CVE, which began in 1999 with just 321 common names on the CVE List, is considered the international standard for public software vulnerability names. Information security professionals and product vendors from around the world use CVE Identifiers (CVE-IDs) as a standard method for identifying vulnerabilities, and for cross-linking among products, services, and other repositories that use the identifiers.
What is CVE?( Common Vulnerabilities and Exposures)

CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this “common enumeration.”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.