Feeds

Vulns 'like a hacker camped in the server room' all across the net

So says Metasploit man. Unless our servers have been hacked, anyway

3 Big data security analytics techniques

Security holes in server management technology create hacking opportunities almost on par with direct physical access, claims Metasploit creator HD Moore.

The issue arises from security shortcomings involving baseboard management controllers (a type of embedded computer used to provide out-of-band monitoring for desktops and servers, technology installed on nearly all servers) and the Intelligent Platform Management Interface (IPMI) protocol.

An attacker able to compromise a baseboard management controller (BMC) should be able to compromise its parent server. Compromising a server would allow miscreants to copy data from any attached storage, make changes to the operating system, install a backdoor, capture credentials passing through the server, launch denial of service attacks, or simply wipe the hard drives, among many other things.

Attacks like this are easily possible according to Moore, Rapid7's chief research officer and creator of penetrating testing software Metasploit, because vulnerable services are accessible across the net. Research by Moore found that around 308,000 IPMI-enabled BMCs were exposed on the net.

Approximately 195,000 of these devices only support IPMI 1.5, which does not provide any form of encryption. Another 113,000 of these devices support IPMI v2.0, which suffers from serious design flaws.

For example, 53,000 IPMI 2.0 systems are vulnerable to password bypass attacks because they rely upon a weak cipher suite. Passive scans by Moore separately discovered that 35,000 Supermicro BMCs expose an exploitable Universal Plug and Play (UPnP) service.

The security shortcomings under discussion are well beyond the capability of script-kiddies and could only be abused by a skilled and experienced hacker. Even so, it would be wise for sysadmins to listen to the warning implicit in Moore's research.

A blog post by Moore provides recommendations on how enterprises and hosting providers can mitigate the security risk of having their servers pwned. A lot of this comes down to fairly basic stuff: firewalling vulnerable services, disabling the vulnerable Cipher 0 cryptosuite and using complex passwords. Supermicro system users should apply an updated firmware image.

Previous research by Moore earlier this year revealed that everything from medical systems to traffic light boxes is wide open to hackers thanks to a lack of authentication checks. Flawed use of the Universal Plug and Play (UPnP) protocol meant that anything up to 50 million of devices are insecure, Rapid 7 warned in January. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.