Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 16th 2018 - SANS Internet Storm Center SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 16th 2018


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Ruby CryptoMiner; Meltdown Patch Performans Impact in AWS; Shiboleth 2 SAML Attribute Truncation

previous
next
SANS Daily Network Security Podcast (Stormcast) for Tuesday, January 16th 2018
00:00

My Next Class

Intrusion Detection In-DepthWashingtonDec 13th - Dec 18th 2018

… more classes

Systems Infected Via CryptoMiner Written in Ruby
https://research.checkpoint.com/rubyminer-cryptominer-affects-30-ww-networks/

Solarwinds Measures Spectre/Meltdown Patch Performance Impact
https://blog.appoptics.com/visualizing-meltdown-aws/

Seagate Patches Critical CSRF Vulnerability in its Personal Cloud Drives
https://blogs.securiteam.com/index.php/archives/3548

Shibboleth SAML Attribute Truncation
https://shibboleth.net/community/advisories/secadv_20180112.txt

Discussion

The Shibboleth vulnerability is quite interesting. In their example, the SAML signature covers the entire and they've made modifications to it (the changes to the uid) that should cause the signature to fail validation. This vulnerability speaks to larger architectural issues with Shibboleth. Obviously the signature validation is happening on a DIFFERENT document (the inline DTD defs are resolved and replaced) than the attribute extraction code works on (the inline DTD variables are not replaced). This is a HUGE no no and leads to the confused deputy issues that caused the vulnerability. I would bet other SP SAML parsing code is making similar mistakes.
Posted by Anonymous on Tue Jan 16 2018, 16:54

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Top of page
Intrusion Detection In-DepthWashingtonDec 13th - Dec 18th 2018
Defending Web Applications Security EssentialsMunichMar 18th - Mar 23rd 2019
Intrusion Detection In-DepthMadridMar 25th - Mar 30th 2019
Defending Web Applications Security EssentialsSan DiegoMay 9th - May 14th 2019
Intrusion Detection In-DepthSan AntonioMay 28th - Jun 2nd 2019