Networking

Security news roundup: Backdoor found in Cisco's IPM, Mifare Classic RFID cracked

Here's a collection of recent security vulnerabilities and alerts, which covers patches for multiple products from Adobe, a backdoor discovered in Cisco's IPM, an IFRAME exploit that showed up at Trend Micro's Web site, and news that the Mifare Classic RFID has been cracked.

Here's a collection of recent security vulnerabilities and alerts, which covers patches for multiple products from Adobe, a backdoor discovered in Cisco's IPM, an IFRAME exploit that showed up at Trend Micro's Web site, and news that the Mifare Classic RFID has been cracked.

  • Adobe releases patches for multiple products

Adobe has released multiple updates for its products, such as Adobe Reader for Unix, Form Designer and Form Client, ColdFusion, and LiveCycle Workflow. If you are using any of these products, you are strongly encouraged to update.

You can check out a short excerpt of some of the above issues over at ZDNet blogs.

  • Backdoor found on Cisco's IPM

A bizarre critical security hole has been found in version 2.6 of the CiscoWorks Internetwork Performance Monitor (IPM) for both Sun Solaris and Microsoft Windows operating systems.

The IPM monitors the availability of the network under CiscoWorks LAN Managment Solution (LMS). The vulnerability allows remote, unauthenticated users to execute arbitrary commands.

Excerpt from Cisco's Security Advisory:

IPM version 2.6 for Solaris and Windows contains a process that causes a command shell to automatically be bound to a randomly selected TCP port. Remote, unauthenticated users are able to connect to the open port and execute arbitrary commands with casuser privileges on Solaris systems and with SYSTEM privileges on Windows systems.

This vulnerability has been listed by Cisco as critical, though no explanation has been offered as to how this strange flaw came about. There are no workarounds, and all affected users are strongly urged to install it as soon as possible.

If you have a service contract with Cisco, you can access the update via the Software Center on Cisco's worldwide website.

  • Trend Micro's Web site infected

Certain pages hosted in the Trend Micro site were apparently infected by a malicious IFRAME exploit recently. The attack against Trend Micro was part of a widespread attack which infected more than 10,000 Web pages over the last week. The exploit attempted to install a dropper trojan using an embedded IFRAME link crafted via JavaScript and was discovered and cleaned up on Wednesday.

The Trend Micro blog noted that. "The redirect placed on our site didn't work properly so nobody visiting the hacked pages was at risk of infection." In addition, Raymond Genes, Trend Micro's CTO says that "users were never at risk". This is because even if the redirect was to work, Trend Micro's anti Javascript technology would have stopped users from being infected.

The incident has since been rectified. "In response to this incident, we shut down the VE (Virus Encyclopedia) for several hours, patched the systems, removed the inserted code, and brought it back to life again," stated the blog.

Additional Reading:

The vector that resulted in the Web pages being contaminated in the first place seems to be Microsoft's ASP (Active Server Pages) technology. This incident highlights a trend of malware threats targeting legitimate and well-known sites in the hopes that users will lower their guard on these sites.

  • Mifare Classic RFID cracked

Two independent groups of researchers have managed to crack the encryption scheme used in the popular Mifare Classic RFID chip algorithm.

In fact, one of the team demonstrated how they managed to sniff sufficient data to clone multiple copies of access cards based on this technology - simply by walking past the victim with a portable reader. You can see it in action via the YouTube video I embedded in my IT News Digest piece here.

This is particularly troubling as the Mifare RFID is used extensively in the office and building access control arena. The technology is also used by transit operators in various cities, such as London, Boston, and the Netherlands.

A Mifare "Plus" version of the chip has been announced, though it will probably not be available until the end of the year. In addition, readers will have to be upgraded to support the more robust encryption used in the Mifare Plus.

In the meantime, it would be prudent to add in a second factor check — such as a photo ID, if the security of your current installations rely heavily on the uniqueness of a Mifare Classic RFID-based access card.

About Paul Mah

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks

Free Newsletters, In your Inbox