Friday, November 5, 2010

Internet Explorer CSS Tag Parsing Code Execution Vulnerability

Yet another IE Code Execution Vulnerability:

Description:

Internet Explorer, Microsoft's flagship browser, is susceptible to a memory corruption vulnerability. The code responsible for parsing cascading stylesheet (CSS) tags can be made to overwrite a pointer to a virtual function, potentially resulting in code execution.
The beta version of Internet Explorer 9 is not susceptible, but other versions are. An attacker must entice a target to view a malicious site in order to exploit this vulnerability, which can be used to execute arbitrary code on the target's machine. No updates are currently available for this vulnerability, which is being actively exploited in the wild.

Status: vendor confirmed, updates not available

References:


Again, why are you still using IE?  Really, why?

-Bob

Posted by JustBob at 9:48 AM 0 comments

Labels: ,

Thursday, July 29, 2010

Amazon S3 IP Blocks

Today I need to help a customer that uses Amazon S3 for offsite backups (using duplicity). Up until now they had been accessing S3 through a squid proxy to get the data to and from S3. This enables them to limit the outgoing HTTP connections from their hosts.

Recently, they discovered that the performance of backups has been highly variable and restores are extremely slow. In testing today we found that performance through the proxy (with just duplicity) was much slower than it was going direct to S3. Of course, this now caused some problems with firewall configuration. In order to try to limit access, we need to find the IP addresses that are used by S3. Unfortunately, this does appear to be an easy task. Google was not immediately helpful.

I then started looking at DNS. It appears that *.s3.amazonaws.com goes through a number of CNAME records before arriving at an IP address. The last step alone the way appears to be one of three host names:

  1. s3-1-w.amazonaws.com.
  2. s3-2-w.amazonaws.com.
  3. s3-3-w.amazonaws.com.
It appears that each of these host names resolve to IP addresses in different blocks.  By running whois queries against an IP address in each block I was able to discover the following blocks:
  1. 72.21.192.0/19
  2. 87.238.80.0/21
  3. 207.171.160.0/19
For now, this is good enough...

-Bob

Posted by JustBob at 6:18 PM 0 comments

Labels: , , ,

Subscribe to: Posts (Atom)