Security Watch

Hacker Recruitment or Background Research?

The U.S. government looks for a few good hackers at the DefCon security conference.

• By Russ Cooper
• 09/19/2005

Of course, it could just be that the government has settled on a shrewd way to bulk up its files on potential security threats. Having a target fill out background information on himself under the mistaken impression that he's applying for a job is an easier way to collect information than starting an investigation from scratch.

Hacking/Denial of Service
Microsoft Windows PnP: Microsoft has released a second security advisory stating that systems running Windows XP SP1 with Simple File Sharing enabled may be at increased risk. This would apply to those home users who do not connect to a domain controller, have not upgraded to Service Pack 2, and who have enabled "Simple File Sharing," which is likely to be a fairly small group of users.

Linksys WRT54GS firmware contains a vulnerability that could allow a remote attacker to bypass authentication via the wireless interface and access the network. While this issue isn't that serious, the proliferation of these wireless routers may cause the issue to attract media attention.

Even so, it is well worth noting that the update requires that the existing configuration be flushed or wiped clean. This means that existing protections which may be implemented have to be removed until they are reinstated. It may be possible for a network to be attacked during this small window of exposure.

If such devices are being issued to employees by a corporation, serious consideration should be made to providing employees with a replacement instead of having them perform the update. Corporate IT could then take the older routers and update them within the confines of a protected LAN.

Another problem is that the vulnerable version is sitting on firmware for routers yet to be sold -- possibly that have not even shipped yet to resellers. This means that individuals may continue to receive these vulnerable routers for months when they think they are purchasing the latest/greatest new router. It may well be time to consider putting something akin to a "Best Before" date on the outside of the box containing such hardware so buyers can be aware of the fact the router may not be secure upon initial installation. While it is true that many of these devices do an automatic upgrade/update when they are first plugged in, should a worm be running on the Internet that exploits such a vulnerability, it may be too late for an update. With a "Best Before" date on the box, the consumer could download up-to-date software via their PC and, for example, use a non-network method to update the hardware (i.e., USB/Serial.) Of course, manufacturers are going to complain that this would be a logistical nightmare, but if users start finding themselves owned because they installed a new security device, well, the results would be very counter-productive.

Microsoft IE msdds.dll: Still watching the "widespread malicious use of this vulnerability is imminent" comments. No malicious activity noted, but there's major confusion on products impacted.

According to ZoneH.org, some 306 sites belonging to Stanford University were hacked by a group of Brazilian Web site defacers called "Unknown Core." The flaw used to cause the defacements was allegedly in the XML-RPC library, which is part of many PHP applications.