Slingshot Orbit of Technology

Regarding IE 2012 Year End Vulnerability there is ‘Fix it’ available however there is no patch in Microsoft’s January Security Updates.  This could lead to an out-of-cycle patch and the current guidance is:

• For Windows 7, update to version 9 of Internet Explorer.
• Individuals using XP; install an additional browser such as Mozilla Firefox or Google Chrome
• Corporate or others required to use XP with IE 8 should apply Microsoft’s ‘Fix it’ for Internet Explorer 6, 7, and 8

Oh yes, Inception is a tool for breaking into computers with full-disk encryption; assuming you have physical access via screen-lock or a suspended state. There is a reason your told to shutdown your computer when it’s not in your possession!

One needs a FireWire interface on-board or simply, plug a FireWire card into an open slot. As the names eludes, this attack breaks into the dreams of sleeping computers – directly accessing their memory and conning secrets.

This can not be easily remedied with a simple driver update because FireWire requires direct memory access for high-speed transfers.

Inception’s main mode works as follows: By presenting a Serial Bus Protocol 2 (SBP-2) unit directory to the victim machine over the IEEE1394 FireWire interface, the victim operating system thinks that a SBP-2 device has connected to the FireWire port. Since SBP-2 devices utilize Direct Memory Access (DMA) for fast, large bulk data transfers (e.g., FireWire hard drives and digital camcorders), the victim lowers its shields and enables DMA for the device. The tool now has full read/write access to the lower 4GB of RAM on the victim. Once DMA is granted, the tool proceeds to search through available memory pages for signatures at certain offsets in the operating system’s password authentication modules. Once found, the tool short circuits the code that is triggered if an incorrect password is entered.

An analogy for this operation is planting an idea into the memory of the machine; the idea that every password is correct. In other words, the nerdy equivalent of a memory inception.

After running the tool you should be able to log into the victim machine using any password.

Zero day attack on Internet Explorer 0-day (CEV-2012-4792)! How quick did you respond to the interruption this holiday vacation?  IE 8, 7, and 6 makes up one-third of all desktop browser market. For consumers with XP OS, IE 9 and 10 are not supported; best to start using an additional browser such as Mozilla Firefox or Google Chrome.

Microsoft Security Advisory (2794220) explains:

The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

For corporations needing IE on XP and who are unable to upgrade, Microsoft has a Fit It tool available (KB2794220).  Remember that a ‘Fix It’ is not a patch, rather an easy method to apply workaround configuration changes. Also note that you should remove the ‘Fit It’ once the final patch is applied.

It seems that one of the reasons for lunching the attacks during the holiday period was because of the belief  that IT/Security Administrators would be slower to respond. Where you or your team?