Naked Security

Naked Security » Java http://nakedsecurity.sophos.com Computer Security · News · Opinion · Advice · Research Sun, 19 May 2013 08:03:34 +0000 en hourly 1 http://wordpress.com/ http://s2.wp.com/i/buttonw-com.png Naked Security » Java http://nakedsecurity.sophos.com A closer look at the malicious Redkit exploit kit http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Thu, 09 May 2013 11:03:49 +0000 Fraser Howard http://nakedsecurity.sophos.com/?p=225752 ]]> http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 5 A closer look at the malicious Redkit exploit kit fraserhoward Red eye. Image from Shutterstock Obfuscated payload URL passed into Java Java code to decode payload URL Security bypass in Redkit Reversed AES/CBC/NoPadding string Start of encrypted, downloaded file Decryption key and iv parameter within the Java code Java code to check for marker in decoded file Logic to save and execute one or two payload executables Decoded payload showing marker separating the two malicious executables Summary of Redkit exploitation process Lifting the lid on the Redkit exploit kit http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Fri, 03 May 2013 15:07:07 +0000 Fraser Howard http://nakedsecurity.sophos.com/?p=225459 ]]> http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 6 fraserhoward redkit115 Injected iframe used to redirect victims to Redkit Redkit landing page More recent Redkit landing pages, using JNLP Snippet of code from PHP shell used by Redkit Overview of how Redkit works Breakdown of Redkit compromised web servers by host country Breakdown of ISPs hosting the Redkit compromised web servers Web server breakdown for Redkit compromised servers Monday review - the hot 20 stories of the week http://nakedsecurity.sophos.com/2013/04/29/monday-review-the-hot-20-stories-of-the-week-3/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/29/monday-review-the-hot-20-stories-of-the-week-3/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Mon, 29 Apr 2013 09:16:46 +0000 Anna Brading http://nakedsecurity.sophos.com/?p=225056 ]]> http://nakedsecurity.sophos.com/2013/04/29/monday-review-the-hot-20-stories-of-the-week-3/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 0 Monday review annabrading Yet another unpatched security hole found in Java http://nakedsecurity.sophos.com/2013/04/23/unpatched-security-hole-java/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/23/unpatched-security-hole-java/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Tue, 23 Apr 2013 13:36:56 +0000 Graham Cluley http://nakedsecurity.sophos.com/?p=224744 ]]> http://nakedsecurity.sophos.com/2013/04/23/unpatched-security-hole-java/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 7 Yet another unpatched security hole found in Java gcluley Adam Gowdiak Spilt coffee SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST] http://nakedsecurity.sophos.com/2013/04/23/sscc-107-hostgator-safari-pwning-planes-facebook-home-podcast/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/23/sscc-107-hostgator-safari-pwning-planes-facebook-home-podcast/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Tue, 23 Apr 2013 10:38:21 +0000 Paul Ducklin http://nakedsecurity.sophos.com/?p=224716 ]]> http://nakedsecurity.sophos.com/2013/04/23/sscc-107-hostgator-safari-pwning-planes-facebook-home-podcast/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 2 img-107-250 pducklin Apple updates Safari, gives better control over Java applets http://nakedsecurity.sophos.com/2013/04/18/apple-updates-safari-gives-better-control-over-java-applets/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/18/apple-updates-safari-gives-better-control-over-java-applets/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Thu, 18 Apr 2013 19:57:02 +0000 Paul Ducklin http://nakedsecurity.sophos.com/?p=224455 ]]> http://nakedsecurity.sophos.com/2013/04/18/apple-updates-safari-gives-better-control-over-java-applets/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 1 safari-250 pducklin Oracle and Apple ship critical Java updates - get yours today! http://nakedsecurity.sophos.com/2013/04/17/oracle-and-apple-ship-critical-java-updates-get-yours-today/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/17/oracle-and-apple-ship-critical-java-updates-get-yours-today/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Wed, 17 Apr 2013 08:59:33 +0000 Paul Ducklin http://nakedsecurity.sophos.com/?p=224297 ]]> http://nakedsecurity.sophos.com/2013/04/17/oracle-and-apple-ship-critical-java-updates-get-yours-today/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 12 java-now-250 pducklin Click on the image to go to Oracle's official April 2013 Critical Patch Advisory... Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too http://nakedsecurity.sophos.com/2013/03/15/apple-ships-os-x-10-8-3-11-remote-code-execution-vulns-patched-snow-leopard-and-lion-get-fixes-too/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/03/15/apple-ships-os-x-10-8-3-11-remote-code-execution-vulns-patched-snow-leopard-and-lion-get-fixes-too/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Fri, 15 Mar 2013 11:21:00 +0000 Paul Ducklin http://nakedsecurity.sophos.com/?p=220722 ]]> http://nakedsecurity.sophos.com/2013/03/15/apple-ships-os-x-10-8-3-11-remote-code-execution-vulns-patched-snow-leopard-and-lion-get-fixes-too/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 7 pducklin PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again http://nakedsecurity.sophos.com/2013/03/08/pwn2own-results-day-two-adobe-reader-and-flash-owned-java-felled-yet-again/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/03/08/pwn2own-results-day-two-adobe-reader-and-flash-owned-java-felled-yet-again/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Fri, 08 Mar 2013 13:04:18 +0000 Paul Ducklin http://nakedsecurity.sophos.com/?p=219556 ]]> http://nakedsecurity.sophos.com/2013/03/08/pwn2own-results-day-two-adobe-reader-and-flash-owned-java-felled-yet-again/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 6 pducklin PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned http://nakedsecurity.sophos.com/2013/03/07/pwn2own-results-java-chrome-ie-10-and-firefox-owned-on-day-one/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/03/07/pwn2own-results-java-chrome-ie-10-and-firefox-owned-on-day-one/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Thu, 07 Mar 2013 16:51:25 +0000 Paul Ducklin http://nakedsecurity.sophos.com/?p=219454 ]]> http://nakedsecurity.sophos.com/2013/03/07/pwn2own-results-java-chrome-ie-10-and-firefox-owned-on-day-one/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 14 pducklin pwned-icons-176