In the most recent Hacker Intelligence Initiative Report – “PHP SuperGlobals: Supersized Trouble“, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
In addition to local and global scope variables, PHP has several predefined variables that are called SuperGlobals. These variables are available to the PHP script in both scopes, with no need for explicit declaration. 4 SuperGlobals were introduced to PHP in version 4.1.0.
The PHP SuperGlobal parameters are gaining popularity within the hacking community because they incorporate multiple security problems into an advanced web threat that can break application logic, compromise servers, and result in fraudulent transactions and data theft.
In one month, Imperva’s research team noted an average of 144 attacks per application that contained attack vectors related to SuperGlobal parameters. Furthermore, researchers witnessed attack campaigns lasting more than five months with request burst floods of up to 90 hits per minute on a single application.
The effects of these attacks can be great as the PHP platform is by far the most popular web application development platform, powering more than 80 percent of all websites, including Facebook and Wikipedia. Clearly, it is time for the security community to devote more attention to this issue.
The report also finds that hackers are increasingly capable of packaging higher levels of sophistication into simpler scripts, and identifies PHP SuperGlobals as a prime target that yields a high return on investment.
“Exploits Against PHP Applications Can Affect the General Security and Health of the World Wide Web”.
A French security company known for its Mac OS X antivirus software today released the first malware-scanning app for the iPhone and iPad and iPod Touch.
Intego’s VirusBarrier for iOS has been approved by Apple, and debuted on the App Store Tuesday for $2.99.
Because iOS prevents the program from accessing the file system or conducting automatic or scheduled scans — as do virtually all Mac and Windows antivirus software — VirusBarrier must be manually engaged, and then scans only file attachments and files on remote servers, said Peter James, a spokesman for Intego.
The scanning engine and signatures — the digital “fingerprints” used to detect malware — in VirusBarrier for iOS are identical to those used by Intego’s Mac OS X product line.
VirusBarrier for iOS lets iPhone and iPad users run on-demand scans of email attachments before those files are opened or forwarded.
When an email attachment is received by the iPhone, iPad or iPod Touch, the user can intercede by calling on VirusBarrier, which then scans the file for possible infection before the file is opened or forwarded to others.
VirusBarrier for iOS can be downloaded to an iPhone, iPad or iPod Touch from Apple’s App Store. It requires iOS 4.0 or later.
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system.
Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks – from small to very large heterogeneous networks.
What you can do with PacketFence :
- Block iPods wireless access
- Forbid rogue access points
- Perform compliance checks
- Eliminate Peer-to-Peer traffic
- Provide guest access
- Simplify VLAN management
SkipFish is a fully automated, active web application security reconnaissance tool.
- High Speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
- Ease of Use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-Edge Security Logic: High quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.
More Info: SkipFish – Project Home
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
Version 3.3 is the latest stable release of the Metasploit Framework and the recommended starting point for new users. Using the online update system, this version can be synchronized with the development tree to obtain the latest exploits and payloads.
Metasploit now has 445 exploit modules and 216 auxiliary modules.
Download: Metasploit 3.3
More Info: Metasploit 3.3 Release Notes