Sophos XG firewalls hacked, hotfix ready. Texts wreck Apple iThings. Yup, business as usual in infosec world It's time to dig in to another Register security roundup. Sophos XG Firewall hacked in the wild – hotfix available Sophos has rushed out a hotfix for its XG Firewall products to close an SQL injection vulnerability – after hackers were spotted exploiting the hole in the wild. The flaw can be abused to steal the firewall's …
went into thread as the title caught my attention, and the weekly round ups are always a good source of detail and things to be aware of.
but this, just WOW, SO MUCH going on, and going bad, and this is just a week ffs
am now feeling a little bit depressed and in need of a few beers with mates .................................................
ah yea, about that
did enjoy the Black Hat hecklers part though, who in their right minds would even attempt to hold a presentation that was obviously NOT up to scratch, and remembering that the audience are as savvy as ANYONE on this planet .................
the lawsuit was settled privately, so maybe the Co - Crown Sterling - learned SOMETHING from this, even if we are not going to be privy to the actual result
Reading between the lines, I suspect this wasn't an injection attack of the obvious kind where the application carelessly concatenates untested input. I.e. not "little bobby tables". The article is a little fluffy on the subject but it takes note of a previously unknown "pre-auth" attack. I have no insider knowledge, but I think it was internal SQL engine vulnerability and not careless app-level coding. Well, it's possible either way.
That miscreant would look really conspicuous standing outside my house with a laptop. there's not another building within 20 meters, I'm at the ass-end of a village and there's nowhere to go, so he couldn't really pretend he was just looking for his way on Google Maps because there is no way Google Maps could have brought him to the side of my house.
As usual, yes, I'm sure that electromagnetic radiation can tell you a lot and you're not the first to say so, but the spy industry relies on stealth, and standing in the middle of a field with a laptop next to a house is not exactly stealthy.
Much more interesting if you're in an office environment, but then most calculations in an office are not done on a graphics card.
I'll file this in useless but technically interesting.
In other words, it's a covert channel - a means for an attacker to exfiltrate information - not a side channel. Side channels inadvertently leak sensitive data; covert channels are deliberately employed to expose it.
I don't think it's impractical for some specialized applications. The researchers say the signal penetrated a wall well and the carrier was detectable at ~15m, though they couldn't recover a usable signal at that distance. But someone who can plant a receiver in a closet next to an office, for example, might make use of this.
The same is true for plenty of other EMF channels, of course. The researcher's blog post makes the obligatory reference to TEMPEST right in the title - though TEMPEST focused on side channels, not covert channels.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
