Kompromitovaná stránka McAffee.com


Ako vidieť ani antivírové či bezpečnostné firmy sa moc nesnažia venovať vlastnej bezpečnosti.

20.3.2011 sway1990, člen skupiny InSecurity.Ro, hackol opatovne stránku ESET.ro (rumunský reseller ESETu)
Podľa oficiálnych informácií neunikli žiadne dôležité údaje a eset.ro urýchlene vykonal opravy.
(vyjadrenie ESETu: It was an SQL injection on the page where we keep our reseller map. The problem was fixed in the same day. There where no changes in the page or other damage to our image.)

Povedzme že išlo o relatívne slabú chybu a operatívne riešenie (do 12 hodín)

Na druhej strane je McAfee. Skupina YGN Ethical Hackers našla a oznámila už 10.2.2011 do McAfee chyby na ich stránke mcafee.com. Išlo o Cross site script diery (XSS vulnerability), neskrývanie interných url a viditeľnosť zdrojových súborov.

McAfee vydalo vyjadrenie 12.2.2011 v nasledovnom znení:
“We are working to resolve the issue as quickly as possible.”

Nuž a po overení 27.3.2011 – problém stále pretrváva. (Ako vidieť v nižšie vloženom emaili od YGN)

Problém oproti ESETu je podstatne väčší. ESET  a ich lokálny resseleri nie sú prepojený z ničím (majú/mali by mať) lokálne servery na update a aj vlastnú databázu užívateľov.

Na druhej strane McAfee robí overovania aj pre zákazníkov a dáva im overenie bezpečnosti aj pre web (Verified by McAfee Secure) a ich databázy sú priamo prepojené s webstránkou.

Taktiež McAfee poskytuje firmám Security & Risk Management a analýzy. Takže by malo spĺňať isté normy.

Pokiaľ by ste daný problém chceli pozrieť podrobnejšie,  pekne ho spracoval Pablo Ximenes z Security Research Teamu na Univerzite v Ceará (Brazília)

Popis problému na McAfee.com:

From: YGN Ethical Hacker Group 
Date: Mon, 28 Mar 2011 00:02:47 +0800
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
-> Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in')
-> Information Disclosure > Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
-> Information Disclosure > Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied "we are working to resolve the issue as
quickly as possible"
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110...
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-deface...
host-extract: http://code.google.com/p/host-extract/
Demo: http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn: http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-fro...
#yehg [2011-03-27]
Reklamy
This entry was posted in Nezaradené. Bookmark the permalink.

Pridaj komentár

Zadajte svoje údaje, alebo kliknite na ikonu pre prihlásenie:

WordPress.com Logo

Na komentovanie používate váš WordPress.com účet. Odhlásiť sa / Zmeniť )

Twitter picture

Na komentovanie používate váš Twitter účet. Odhlásiť sa / Zmeniť )

Facebook photo

Na komentovanie používate váš Facebook účet. Odhlásiť sa / Zmeniť )

Google+ photo

Na komentovanie používate váš Google+ účet. Odhlásiť sa / Zmeniť )

Connecting to %s