Solutionary Threat Report - Oct. 2010

Padding Oracle Exploit Tool

Solutionary observed an increase in Padding Oracle Exploit Tool (POET) scanning activity during the month of October 2010. POET is software designed to attack encryption mechanisms implemented in a wide variety of Web-content frameworks including ASP.NET, JavaServer Faces (JSF) and Ruby on Rails.

Essentially, the tool can potentially be used to crack encryption protected cookies. Attacks of this nature may simply manifest themselves as brief periods of abnormally high activity observed on a target Web server. While vendors have released patches, and Vulnerability Scan and IDS signatures have been deployed, it is with this attack’s simplicity being considered, that Solutionary strongly advises proper patch management be implemented for any systems potentially affected. Additionally, Solutionary advises caution when considering response to potentially anomalous volumes of Web activity.

Java-based attacks on the rise

While much attention has been paid towards Adobe reader vulnerabilities over the past few months, Microsoft report detailing a comparatively significant rise in exploit in Java-borne exploit/malware-propagation attempts. Further research indicates that this may be an increased usage of malware toolkits that aim to combine various attack methods such as Search Engine Optimization (SEO), Cross-site-scripting and/or SQL Injection. These could potentially infect a user’s system via means known as ‘Drive-by-Download’. The significance of this potential threat increases with the popularity and increasingly ubiquitous use of platforms that implement such technologies as afforded by Java, etc.

Solutionary recommends caution and careful planning when considering the implementation of technologies such as smart-phones, server-virtualization, and cloud-computing.