Feedback Blowout #1 | TechSNAP 60

Anti censorship application circulating with backdoor keylogger

• The anti-censorship application Simurgh, used heavily in Iran and Syria to get around government internet censorship, has been spotted on P2P networks and download sites
• The official version of the application from the official site is legitimate, however the version being propagated via P2P networks has been modified to log keystrokes and send the data back to a server in the USA on an IP block registered in Saudi Arabia
• The infected version injects javascript into pages, and removes the windows navigation sounds to prevent the user noticing the automated activity
• Anyone who has run a compromised version should consider all of their online accounts (email, IM, social networks, banking) compromised

---

WHMCS databases compromised via Social Engineering

• WHMCS (Web Hosting Management Complete Solution) is a commonly used billing, help desk and client management system for web hosting companies
• The attackers called the hosting company where WHMCS has their servers, managed to successfully answer the security questions and have the administrative passwords etc send to them
• The attackers made off with 1.7GB of data including the usernames, email addresses, hashed passwords, and encrypted credit card details
• The hashed passwords as not immediately vulnerable, however they can still be brute forced with time (especially if they are plain MD5 rather than salted MD5)
• It is highly recommended that you change all of your passwords if you were a WHMCS customer
• The attackers claim they targetted WHMCS because they refused to stop doing business with cyber criminals, specifically, script kiddies selling exploits, malware and running scams while using WHMCS to process the payments
• Additional Coverage
• Official Response
• It seems the group that comprised the data, has since analyzed the source code for WHMCS and found a number of vulnerabilities
• PHP Register Globals
• SQL Injection

---

Cambridge Researchers find backdoor in US Military chips

• The backdoor is in the chip, not the firmware, so it cannot be resolved with a firmware update
• The backdoor was discovered using a newly developed scanning technique
• The backdoor seems to have been left by the designers, not added by the Chinese manufacturers as has been incorrectly reported in the last few weeks
• This vulnerability could allow a remote attacker to disable or alter the functionality of the chips
• The research also suggests it is possible to steal the AES encryption keys used by these chips
• Open letter from researchers at Cambridge University to interested Governments
• Additional Coverage
• Errata Security: Bogus story: no Chinese backdoor in military chip

---

Feedback:

KatsumeBlisk wrote:

The Blizzard thing is why I use their 2-factor authentication. There’s no reason not to when there’s an app for the major mobile OSes and the $6.50 physical one.

• Blizzard Store
• How to clone RSA software tokens

Wayne Merricks asks: How can I replace DFS

• DRBD: What is DRBD
• HAST: Highly Available Storage
• AFS: Andrew File System
• CODA: COnstant Data Availability

Justin Bates asks: Backing up Between two Windows Hosts

• CrashPlan Backup

Chris Urie asks: How to Setup SSH Keys

• SSH/OpenSSH/Keys – Community Ubuntu Documentation
• SSH Keys – ArchWiki
• Using PuTTYgen
• Quick Logins with ssh Client Keys

Jono asks: Safely Storing Local Passwords

A few of you asked: WHY U NO MIRO?

• TechSNAP in HD in the Miro Guide now!

---

Round-Up:

• Microsoft forbids class actions in new Windows licence
• Google: Microsoft, Not The Film Or Music Industry, Leads Copyright Takedown
• Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers
• Microsoft cloud calendar gives the UK the wrong day off
• NoMachine Announces Free Remote Desktop Control for Windows, Linux and Mac
• Fake AV scammers called a security researcher
• Hacked Bitcoin bank had no backups