News in brief: D-Link vulnerabilities; SHA-1 woe; MySQL hacks

Your daily round-up of some of the other stories in the news

Update your D-Link switches

D-Link have released a support announcement explaining that the firmware used in its DGS-1510 Websmart Switch Series has been “found to have security vulnerabilities” and the company is urging users to install the latest firmware update.

All firmware prior to version 1.31.B003 are affected. The firmware is used in all revisions of its DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, DGS-1510-20 switches.

The vulnerabilities have been given the CVE number CVE-2017-6206 although almost no details have been disclosed. Firmware and release notes are available from the support announcement.

SHA-1 collision breaks WebKit repository

The first real world consequences of last week’s SHA-1 collision have started to emerge.

Whilst creating a test to see if the collision made WebKit software (the Safari browser’s HTML rendering engine) vulnerable to cache poisoning the WebKit team ground their subversion source control repository to a halt with this ominous message:

0svn: E200014: Checksum mismatch for […] shattered-2.pdf’

The team have since worked around the problem.

Meanwhile Linus Torvalds has taken to Google Plus (yes, I head no idea people used Google Plus either) to reassure users of his own source control software, git, that the sky is not falling in.

The Linux founder wrote that SHA-1 issues in git should be “pretty easy to mitigate against” and that there’s “a reasonably straightforward transition to some other hash”.

If you haven’t read Paul Ducklin’s excellent, detailed, plain English explanation of the SHA-1 collision do yourself a favour and read it now.

MySQL databases held to ransom

The recent attacks that have seen MongoDB and Hadoop databases held to ransom seem to have evolved to include a new target: MySQL.

A 30 hour attack against installations of the popular database software was picked up by GuardiCore:

Similarly to the MongoDB attacks, owners are instructed to pay a 0.2 Bitcoin ransom (approx. $200) to regain access to their content … The attack starts with ‘root’ password brute-forcing. Once logged-in, it fetches a list of the existing MySQL databases and their tables and creates a new table called ‘WARNING’ that includes a contact email address, a bitcoin address and a payment demand.

MySQL database operators are reminded to make sure that their databases are properly hardened, protected by strong passwords and, as the as the MySQL reference manual itself states: “may also wish to restrict MySQL so that it is available only locally on the MySQL server host, or to a limited set of other hosts”. Amen to that.

Catch up with all of today’s stories on Naked Security


Source: Naked Security – Sophos @ February 27, 2017 at 12:09PM

0
Share