Tag Archives: vulnerability

Another Internet Explorer vulnerability grants full access to hard drive

The Register has an article on another vulnerability in Internet Explorer and Windows which allows the attacker complete access to the hard drive.

If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies – even empty hashes of passwords.

This is not the first time these vulnerabilities have surfaced (and it won’t be the last), but Microsoft cannot completely fix the issues because they use core functions of Windows.

The hole is difficult to close because the attack exploits an array of features IE users have come to rely on to make web application work seamlessly. Simply removing the features could neuter functions such as online file sharing and active scripting, underscoring the age-old tradeoff between a system’s functionality and its security.

Design flaw in OpenSSH, fixed in 5.2

A design flaw in OpenSSH has been found. With a one in 262,144 chance of success, a man-in-the-middle attack could render data in plaintext. The issue is not caused by a coding error, but rather the RFC standard.

By re-transmitting the blocks to the server, an attacker can work out the first four bytes of corresponding plaintext. The attacker can do this by counting how many bytes the attacker sends until the server generates an error message and tears down the connection, then working backwards to deduce what was in the OpenSSH encryption field before encryption.

A work around is included in version 5.2, which is not yet in Debian stable. Other distros would also be affected.