Vulnerability Analysis Blog

Ping sweeping in IPv6

Fri, 12 Sep 2008 15:06:00 -0500

Hello, its Ryan. We've noticed a misconception about IPv6 that is popular on the internet: that IPv6 addresses are hard to ping sweep because there are so many possible addresses. Ping sweeping can lead to port scanning, so this misconception is viewed as a security feature. In this post, I'll prove that, while it won't work across the internet, ping sweeping on the local network is easier in IPv6 than in IPv4.

Carpet Bombing and Directory Poisoning

Thu, 04 Sep 2008 15:50:08 -0500

Hey, it's Will. Earlier this year, details about "carpet bombing" attacks were released. Apple addressed the issue by prompting users before downloading files, but recent news indicates that Google Chrome, which is based on Apple's WebKit code, is also vulnerable to the same type of attack. However, some people seem to be missing an aspect of the attack that affects all web browsers.

Safely Using Package Managers

Thu, 10 Jul 2008 09:48:04 -0500

Hi, it's Ryan. Package managers partially automate the process of installing and removing software packages. Most package managers use cryptographic signatures to verify the integrity of packages. In the article Attacks on Package Managers, the authors describe how an attacker can abuse package managers that use digital signatures.

ActiveX Vulnerability Discovery at the CERT/CC

Thu, 03 Jul 2008 09:55:01 -0500

Hi, it's Will. Anybody who has been keeping an eye on the US-CERT Vulnerability Notes has probably noticed that I've published a lot of ActiveX vulnerabilities. So it should be no surprise to learn that we have been testing ActiveX controls and discovering vulnerabilities in the process.

Signed Java Applet Security: Worse than ActiveX?

Tue, 03 Jun 2008 14:38:12 -0500

Hi, it's Will again. ActiveX vulnerabilities seem to be getting a lot of attention lately. However, Java applets are also a concern.

Is Your Adobe Flash Player Updated?

Thu, 29 May 2008 18:42:15 -0500

Hey, it's Will. As you may already be aware, there is active exploitation of a vulnerability in Adobe Flash. So, it's a good idea to make sure that you have the latest version of Flash Player, which, at the time of this writing, is 9.0.124.0. Even if you think that you are up to date, can you be sure?

Who has my cookies?

Thu, 15 May 2008 15:21:16 -0500

Hi, Ryan Giobbi from the Vulnerability Analysis team making this post. The CERT/CC has been tracking cross-site scripting vulnerabilities for a long time, and the actual vulnerabilities haven't changed much over the years. However, some technology that was developed to make life easier can actually be exploited to expand the impact of a cross-site scripting attack.

The Dangers of Windows AutoRun

Thu, 24 Apr 2008 19:12:00 -0500

Hi, this is Will Dormann of the CERT/CC Vulnerability Analysis team. A few months ago, reports of infected digital picture frames hit the media. I was curious about how the malicious code was being executed, so I began investigating the Microsoft AutoRun and AutoPlay features.

Vulnerability Analysis at the CERT/CC

Thu, 17 Apr 2008 11:51:00 -0500

Hi, this is Art Manion, the Vulnerability Analysis team lead at the CERT Coordination Center (CERT/CC). For our first blog entry, I'd like to briefly explain our efforts to reduce software vulnerabilities.