Friday, January 20, 2012

Vulnerability in X Server Allows the Unlocking of Computer

A very interesting, and potentially very harmful, vulnerability has been discovered in X.orgs's X Server that allows users to gain access to a locked computer. By pressing the Ctrl key, Alt key and * key simultaneously one can disable a user's screensaver and unlock the computer, a glitch discovered by French blogger "Gu1". The technique has already been verified to work on versions 1.11 and higher of X.org's X Server.

According to Gu1, the vulnerability is caused by something known as the "AllowClosedownGrabs" debug option. If this debug option is activated, pressing that key combination will cause any processes that calculate mouse or keyboard inputs to shut down. In the case of the key inputs above, the computer's screensaver, which usually prevents a locked computer from being accessed, is disabled.

Gu1 also says that this debug option had existed up until 2008, though at that time it was disabled by default and well-documented. It has also been mentioned that the developers explicitly pointed out the potential security problems that may arise when this is used in combination with screensavers. In addition to that, developers were able to use an API to disallow the function for their processes.

The function was re-introduced last year though was enabled by default and was not clearly documented and not easily configurable according to Gu1. Developer at X.org Peter Hutterer stated, "This was caused by a miscommunication within the development team." After the function was re-introduced, developers failed in removing the keyboard combination from the default keymap.

Gu1 also mentioned that any Linux distributions that use version X Server v1.11 are vulnerable and added that he was able to reproduce the problem with Debian and GNOME 3 and even with Arch Linux and GNOME 3 and Slock and Slimlock. It is also reported that KDE can also be unlocked this way.

Source: The H - X.org server allows anyone to unlock computer

Power Point Projectors
Most business class projectors will do a good job displaying your PowerPoint presentation. If you have a small presentation group, a 2000 lumen LCD projector will be able to produce a nice and clear picture. For larger audiences you should consider a 5000 lumen LCD projector.

Friday, January 6, 2012

New Denial of Service Attack Takes Its Time on Your Server

DeniedOn Thursday a researcher published a proof-of-concept code that takes a new look on the slow HTTP Denial-of-Service (DoS) attack by simply dragging out the whole process of reading the server's response and, eventually, overwhelming it. Senior Software Engineer at Qualys Sergey Shekyan also added this modified Denial-of-Service attack, which he dubs a Slow Read attack, to his Slowhttptest tool.

As far as the attack goes, Slow Read basically sends a legitimate HTTP request and then takes an excruciatingly long time reading the response. By doing so, the Slow Read attack keeps as many open connections as possible and eventually causes a Denial-of-Service attack.

The Slowhttptest attack tool developed by Shekyan was inspired by related open-source tools Slowloris and OWASP's Slow HTTP Post. Slowloris keeps connections open by sending partial HTTP requests and then sends headers at regular intervals in order to prevent the sockets from closing.

OWASP's Slow HTTP Post Distributed Denial-of-Service (DDoS) tool simulates an attack using POST headers that have a legitimate content-length field. This allows a web server to know just how much data is arriving. Once the headers are delivered, the POST message body is transmitted slowly and gridlocks the connection, as well as the server resources.

Slow HTTP attacks are becoming increasingly more popular, especially among hackers, as a way to quietly insert a Denial-of-Service attack due to the fact that these hacks are relatively simple to perform, require minimal computing resources and are often hard to detect until it is too late.

Source: InformationWeek - New Denial of Service Attack Cripples Servers Slowly

Rack-Mount Server rentals are ideal if your company needs an extra storage unit for company information while you are testing various types of storage solutions.

Whether you need a short-term rental or a long-term lease, we have the right kind of server for your needs.