Ruby CryptoMiner; Meltdown Patch Performans Impact in AWS; Shiboleth 2 SAML Attribute Truncation

ISC StormCast for Tuesday, January 16th 2018

A daily summary of cyber security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Tuesday, January 16th 2018
Length: 5:49 minutes
Today's Headline: Ruby CryptoMiner; Meltdown Patch Performans Impact in AWS; Shiboleth 2 SAML Attribute Truncation

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

Systems Infected Via CryptoMiner Written in Ruby
https://research.checkpoint.com/rubyminer-cryptominer-affects-30-ww-networks/

Solarwinds Measures Spectre/Meltdown Patch Performance Impact
https://blog.appoptics.com/visualizing-meltdown-aws/

Seagate Patches Critical CSRF Vulnerability in its Personal Cloud Drives
https://blogs.securiteam.com/index.php/archives/3548

Shibboleth SAML Attribute Truncation
https://shibboleth.net/community/advisories/secadv_20180112.txt

Top of page

iTunes

MP3 Download

RSS Feed

Google Play

Stitcher

Podbean

Amazon Echo

YouTube

Spreaker

iOS App

Keywords: Security Network Technology Windows Linux Apple iOS Android Firewall Cyber Infosec cyber security

Prior Podcast: ISC StormCast for Monday, January 15th 2018

Next Podcast: ISC StormCast for Wednesday, January 17th 2018

Top of page

Discussion

The Shibboleth vulnerability is quite interesting. In their example, the SAML signature covers the entire and they've made modifications to it (the changes to the uid) that should cause the signature to fail validation. This vulnerability speaks to larger architectural issues with Shibboleth. Obviously the signature validation is happening on a DIFFERENT document (the inline DTD defs are resolved and replaced) than the attribute extraction code works on (the inline DTD variables are not replaced). This is a HUGE no no and leads to the confused deputy issues that caused the vulnerability. I would bet other SP SAML parsing code is making similar mistakes.

Posted by Anonymous on Tue Jan 16 2018, 16:54

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Top of page

Interested in attending one of my classes? See below for my current schedule.

Intrusion Detection In-Depth	San Antonio	Aug 6th - Aug 11th 2018
Defending Web Applications Security Essentials	Amsterdam	Sep 3rd - Sep 8th 2018
Defending Web Applications Security Essentials	Las Vegas	Sep 23rd - Sep 28th 2018