Security Log 002
Microsoft published a workaround to protect affected servers that does not require a restart. The workaround is registry-based and is compatible with the security update.
Past decades were quite stable in the term of programming languages used to create malware. Use of C, C++ and Assembly language were dominant. It makes perfect sense - these languages allow you to do everything you want, they are compiled languages and generate binaries for a targeted operating system, that can be just executed by the victim (with no software dependencies).
Nowadays there is a rise of malware written in Python. It is not even a problem that python is not a compiled language anymore - there are projects that can generate a binary from a python script, that does not require a python interpreter installed on a victim’s computer. The resulted binary is larger and can grow to dozens of megabytes. This is a large step from C-written malware that resulted in hundreds of kilobytes binary. In the linked article you can also find analysis of some known and decompiled malware (including ransomware).
> A story of a development tool left on a production server
A jeweler’s eshop was brought offline due to publicly accessible file eval-stdin.php that originates from the PHPUnit package. This file is to be used to run tests in separate PHP processes - it takes the php://input and eval() it. But it is not a security issue, because this entire package is meant to be installed on a development machine only. But the vendor of the mentioned eshop made PHPUnit’s files to be present on a production server and publicly accessible via a web server.
> The impact of the Heartbleed vulnerability to the OpenSSL project
Back in 2014, the Heartbleed vulnerability (CVE-2014-0160) in the OpenSSL library was discovered. It allowed an attacker to steal secret keys from X.509 certificates and thus eavedrop entire otherwise encrypted communication. Research done at Northern Kentucky University shows what changed in the following years. Research shows improvement in code quality and a decrease in code complexity.
In a three years window after the Heartbleed disclosure brought a rapid increase of reported vulnerabilities - but only five of 91 reported issues were in the post-Heartbleed code. The research includes a lot of other information including graph visualizations for easier understanding.
Outside of the security world…
> RFC6598: IANA-Reserved IPv4 Prefix for Shared Address Space
Since April 2012 the IP range 100.64.0.0/10 is reserved by IANA as a shared address space. It is not intended to be used as a private address (defined in RFC 1918), but as addresses in a networks of service providers, that are able to do an address translation across router interfaces when addresses are identical on two different sides.
An example of this limited usage can be a large international provider for which 10.0.0.0/8 is not enough. This ISP can now assign 10.0.0.0/8 for each country, and interconnect each country with this subnet.