Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 16th 2018 - SANS Internet Storm Center SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 16th 2018


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Ruby CryptoMiner; Meltdown Patch Performans Impact in AWS; Shiboleth 2 SAML Attribute Truncation

SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 16th 2018
00:00

My Next Class

Defending Web Applications Security EssentialsAmsterdamSep 3rd - Sep 8th 2018

… more classes

Systems Infected Via CryptoMiner Written in Ruby
https://research.checkpoint.com/rubyminer-cryptominer-affects-30-ww-networks/

Solarwinds Measures Spectre/Meltdown Patch Performance Impact
https://blog.appoptics.com/visualizing-meltdown-aws/

Seagate Patches Critical CSRF Vulnerability in its Personal Cloud Drives
https://blogs.securiteam.com/index.php/archives/3548

Shibboleth SAML Attribute Truncation
https://shibboleth.net/community/advisories/secadv_20180112.txt

Discussion

The Shibboleth vulnerability is quite interesting. In their example, the SAML signature covers the entire and they've made modifications to it (the changes to the uid) that should cause the signature to fail validation. This vulnerability speaks to larger architectural issues with Shibboleth. Obviously the signature validation is happening on a DIFFERENT document (the inline DTD defs are resolved and replaced) than the attribute extraction code works on (the inline DTD variables are not replaced). This is a HUGE no no and leads to the confused deputy issues that caused the vulnerability. I would bet other SP SAML parsing code is making similar mistakes.
Posted by Anonymous on Tue Jan 16 2018, 16:54

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Defending Web Applications Security EssentialsAmsterdamSep 3rd - Sep 8th 2018
Defending Web Applications Security EssentialsLas VegasSep 23rd - Sep 28th 2018
Intrusion Detection In-DepthTysonsOct 15th - Oct 20th 2018
Defending Web Applications Security EssentialsDenverOct 24th - Oct 29th 2018
Intrusion Detection In-DepthWashingtonDec 13th - Dec 18th 2018
Defending Web Applications Security EssentialsMunichMar 18th - Mar 23rd 2019