AusCERT Week in Review for 14th December 2012

Date: 14 December 2012 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=16726 Greetings, At least some of the discussion around the AusCERT office this week involved security vulnerabilities in appliances. Mohit Kumar wrote of a Samsung smart television which can potentially allow remote attackers to take complete control over the device. Now before you ask "how?" remember that smart TVs are IP connected. In addition some smart TVs feature web cams, or "presence monitors" to determine whether any humans are actually watching the device – even whether any of those humans are watching from a dangerously close distance. Presumably the latter is to avoid future litigation from humans suffering eye strain or similar injuries! The discussion then turned to different types of appliances, and it wasn’t long before medical devices were considered in the same light. What would be the impact if an IP connected hospital "nurse call system" was compromised? A little far-fetched to imagine – or is it? To change tack slightly, the Australian Defence Force Academy fell victim to an unfortunate incident in which a large quantity of personal data was stolen and posted on public web sites. The notable point in this story is the hacker’s comment that he conducted the attack "for fun", presumably for lack of anything better to do. This obviously points to a social problem; and the question begs "how can we harness this activity for good rather than evil?" Returning to this week’s theme of appliance vulnerabilities, two of our notable bulletins below refer to network devices: 1) ASB-2012.0172 - ALERT Bluecoat IntelligenceCenter & ProxySG: Multiple vulnerabilities All versions of Bluecoat’s IntelligenceCentre & Proxy SG are vulnerable to remote code execution and denial of service attacks due to a number of flaws, of which only some are fixed. If you’re using these devices, consider what you may need to do to detect and defend against these exploits. 2) ESB-2012.1180 - [Win][Linux][Mobile][OSX] Adobe Flash Player & AIR: Multiple vulnerabilities Those who know me will remember my numerous lectures on applying patches to Adobe Flash, as well as Reader and Oracle Java. A wise colleague once referred to them as "the 3 Amigos", although it’s difficult to laugh at three applications that are necessary players on desktop computers, as well as being perfect avenues for exploitation. So you know what I’m going to say next: If you haven’t already, apply Adobe’s latest Flash patch. 3) ASB-2012.0171 - [Appliance] BIG-IP: Multiple vulnerabilities A denial of service condition may result on F5’s BIG-IP appliances if an invalid DNS record is cached. Remember to upgrade to the latest BIG-IP hotfix. 4) ESB-2012.1170 - ALERT [Win] Internet Explorer: Execute arbitrary code/commands - Remote with user interaction Microsoft’s popular web browser requires an update to correct a flaw that can allow an attacker to take control of the user session. This should serve as a reminder that user accounts should not run with administrative privileges, to mitigate the potential damage that can be caused by flaws such as this. That’s all for now so please enjoy your weekend, and try not to worry too much about whether your television is controlled by hackers watching you from the other side of the globe… Kind regards, Mike.