Tuesday, December 9, 2014

Reloading NTFS permissions without logging out/in of your sessions

The command below lets you log out of your Windows session and in again, without closing your application. This, among other things, allows you to access a newly shared folder without logging off/on.

(It's of course better to make sure you're not using session related functions before restarting the explorer.)

taskkill /im explorer.exe /f & start "" "c:\windows\explorer.exe"

Sunday, September 28, 2014

Shellshock, Exploiting Bash Vulnerability Through Apache CGI

You may have read about it anywhere else, yet I insist on fixing this one straight on.
The story: a Bash vulnerability has been reported as CVE-2014-6271 and later as CVE-2014-7169 (as it was uncompletely fixed). It allows arbitrary code execution when the content of a variable is parsed, that is, every now and then in shell scripts. If the content of the variable comes from user input, then this is a way for the user to execute arbitrary code, with current local rights.

One way this can be exploited is via Apache CGI (or nginx CGI). These have been provenly found to be exploited on the web, so this is no unnecessary crying wolf. CGI uses shell (Bash) to parse web request headers such as Host or User-Agent and allows arbitrary code execution with the administrative rights of the web server daemon itself. I succeeded in exploiting it for audit purposes, showing there is no need to be a lifelong-expert to proceed.

Although exploits of this vulnerability have reportedly been spotted only by use of Apache/nginx CGI, there could very well be other exploits of any server that uses Bash to parse user input, which means virtually any server undex Unix/Linux (think: Apache without CGI, cups, postfix, databases...)

The following command, launched from a server Bash shell, let's you know if the server is vulnerable to this vulnerability. Unless you did something specific in the last days, it's highly unlikely that your server will not be vulnerable.

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

So, I dearly recommend to patch Bash itself. If you cannot patch or must delay patch application, making sure no CGI scripts are exposed or CGI is disabled is a temporary workaround.

Thursday, September 18, 2014

Se déconnecter *réellement* de LinkedIn

Comme le fait remarquer Brynne Tillman, LinkedIn garde les sessions actives éternellement ou presque. Il est donc bon de se déconnecter si l'on utilise LinkedIn, ne serait-ce qu'une fois de temps à autre, ailleurs que sur un ordinateur ou un smartphone personnel.

LinkedIn met à disposition une page spécifique qui permet à utilisateur de lister toutes ses sessions actives et de les fermer si nécessaire. Faites l'essai si vous êtes un habitué des cybercafés ou que vous intervenez auprès de sociétés extérieures !

Thursday, February 20, 2014

Note about the EMR wicked problem (as seen in France)

Note for myself about the tackling of the EMR wicked problem (as seen in France)

At first sight, healthcare actors and, especially, practitionners didn't spot the actual complexity of the nation-wide EMR program (hospital ERP), that's why they didn't see the need for a competitive approach to tackling this wicked problem.

Both collaborative and authoritative approaches would have failed for such a program. The collaborative approach would have taken dozens of years. The authoritative approach would have garnered too many opposition to succeed.

As a result, the program is a succes yet the approach as been seen as overly complex and costly by many actors.