HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Internet of Terror roundup

• Krebs has been machine-gunning articles about the Internet of Terror devices that were used to attack him recently
• Who makes the IoT things that are under attack
• This first post breaks down the manufacturers of the devices, who is to blame for this nonsense.
• “As KrebsOnSecurity observed over the weekend, the source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released. Here’s a look at which devices are being targeted by this malware”
• “The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords. Many readers have asked for more information about which devices and hardware makers were being targeted. As it happens, this is fairly easy to tell just from looking at the list of usernames and passwords included in the Mirai source code.”
• “In all, there are 68 username and password pairs in the botnet source code. However, many of those are generic and used by dozens of products, including routers, security cameras, printers and digital video recorder (DVRs).”
• All of the passwords are quite bad. A few look almost random, but using one random password on every device doesn’t help. It is as if they tried, but totally missed the point
• “Regardless of whether your device is listed above, if you own a wired or wireless router, IP camera or other device that has a Web interface and you haven’t yet changed the factory default credentials, your system may already be part of an IoT botnet. Unfortunately, there is no simple way to tell one way or the other whether it has been compromised.”
• “However, the solution to eliminating and preventing infections from this malware isn’t super difficult. Mirai is loaded into memory, which means it gets wiped once the infected device is disconnected from its power source.”
• “Several readers have pointed out that while advising IoT users to change the password via the device’s Web interface is a nice security precaution, it may or may not address the fundamental threat. That’s because Mirai spreads via communications services called “telnet” and “SSH,” which are command-line, text-based interfaces that are typically accessed via a command prompt (e.g., in Microsoft Windows, a user could click Start, and in the search box type “cmd.exe” to launch a command prompt, and then type “telnet” to reach a username and password prompt at the target host). The trouble is, even if one changes the password on the device’s Web interface, the same default credentials may still allow remote users to log in to the device using telnet and/or SSH.”
• Europe to push for new security rules amid IoT mess
• “The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.”
• “The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure. The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings.”
• That sounds great, but how do you rate the cyber security of a device? Who is going to be allowed to these audits? Who decides if the Auditor is qualified enough?
• “One of those default passwords — username: root and password: xc3511 — is in a broad array of white-labeled DVR and IP camera electronics boards made by a Chinese company called XiongMai Technologies. These components are sold downstream to vendors who then use it in their own products.”
• “That information comes in an analysis published this week by Flashpoint Intel, whose security analysts discovered that the Web-based administration page for devices made by this Chinese company (https://ipaddress/Login.htm) can be trivially bypassed without even supplying a username or password, just by navigating to a page called “DVR.htm” prior to login.”
• “The issue with these particular devices is that a user cannot feasibly change this password. The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”
• IoT devices as proxies for cybercrime
• “This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity — from frequenting underground forums to credit card and tax refund fraud.”
• The criminals are using your IoT device as a proxy, so when the police hunt down the person who committed the fraud, it looks like it was you.
• “Recently, I heard from a cybersecurity researcher who’d created a virtual “honeypot” environment designed to simulate hackable IoT devices. The source, who asked to remain anonymous, said his honeypot soon began seeing traffic destined for Asus and Linksys routers running default credentials. When he examined what that traffic was designed to do, he found his honeypot systems were being told to download a piece of malware from a destination on the Web.”
• “The researcher found that the malware being pushed to his honeypot system was designed to turn his faux infected router into a “SOCKS proxy server,” essentially a host designed to route traffic between a client and a server. Most often, SOCKS proxies are used to anonymize communications because they can help obfuscate the true origin of the client that is using the SOCKS server.”
• “What he observed was that all of the systems were being used for a variety of badness, from proxying Web traffic destined for cybercrime forums to testing stolen credit cards at merchant Web sites. Further study of the malware files and the traffic beacons emanating from the honeypot systems indicated his honeypots were being marketed on a Web-based criminal service that sells access to SOCKS proxies in exchange for Bitcoin.”
• Krebs’ site has a number of tips on securing your router to prevent this
• SSH TCP Forwarding on-by-default in IoT devices, used in new cedential stuffing attacks
• Of course, routers and other IoT devices can sometimes be used as a proxy without having to be compromised.
• The default SSH configuration used on a number of IoT devices allows the SSH feature ‘AllowTCPForwarding’
• This allows the attacker to login to the IoT device using the default credentials (that you sometimes cannot change), and then bounce their connection off of the device, in such a way that it leaves no trace
• Ezra Caltum, senior security research team leader at Akamai: “We are in for an Internet of unpatchable things. This is my personal opinion, but I’m terrified about it.”

Researchers discover way to factor certain 1024 bit Diffie-Hellman keys

• “Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.”
• While there is a lot of media hype, it isn’t necessarily the end of the world just yet
• Researcher Post
• “We have completed a cryptanalysis computation which is at the same time a formidable achievement in terms of size (a 1024-bit discrete logarithm computation), and a small-scale undertaking in terms of computational resources (two months of calendar time on 2000 to 3000 cores). In comparison, the “real” record for discrete logarithm is 768 bits (announced this spring) and required 10 times as much computational power.”
• “To achieve this, we cheated. Deliberately. We chose the prime number which defines the problem to be solved in a special way, so that the computation can be made much more efficient. However, we did this in a subtle way, so that the trapdoor we inserted cannot be detected.”
• “Unfortunately, for most of the prime numbers used in cryptography today, we have no guarantee that they have not been generated with such a trapdoor. We estimate that breaking a non-trapdoored 1024-bit prime is at least 10,000 times harder than breaking our trapdoored prime was for us once we knew the trapdoor.”
• “Our computation raises questions about some Internet standards that contain opaque, fixed primes. Theoretically, we know how to guarantee that primes have not been generated with a trapdoor, but most widely used primes come with no such public guarantee. A malicious party who inserted a trapdoored prime into a standard or an implementation would be able to break any communication whose security relies on one of these primes in a short amount of time.”
• “Solving discrete log for a Diffie-Hellman key exchange lets an attacker decrypt messages encrypted with the negotiated key. Solving discrete log for a DSA signature lets an attacker forge signatures.”
• So, we have a way to make sure that the process used to select a prime is not backdoored, but not a way to tell if a given prime has been backdoored
• “We have not been able to find any documented seeds or verifiable randomness for widely used 1024-bit primes such as the RFC 5114 primes. Using “nothing up my sleeve” numbers to generate primes like the Oakley groups or the TLS 1.3 negotiated finite field Diffie-Hellman groups (RFC 7919) is a reasonable guarantee of not containing a backdoor.”
• Some older standards contain ‘magic’ numbers, without information about the process that was used to come up with the number. Only numbers in some newer standards, where a “nothing up my sleeve” policy allows anyone to audit the process used to select the prime, are considered secure.
• “The attack we describe affects only Diffie-Hellman and DSA, not ECDH or ECDSA. For RSA, there are not global public parameters like the primes used for Diffie-Hellman that could contain a backdoor like this.”
• “If you run a server, use elliptic-curve cryptography or primes of at least 2048 bits.”
• DH primes less than 1024 were banned recently, after the Logjam attack. Hopefully most people who generated new primes are already using 2048 or bigger primes
• “If you are a developer or standards committee member, use verifiable randomness to generate any fixed cryptographic parameters, and publicly document your seeds. Appendix A.1.1.2 of FIPS 186 describes how to do this for DSA primes.”

Android Fragmentation Sinks Patching Gains — 60,000 unique models of Android device

• It’s been 13 months since Google began releasing Android security bulletins and software patches on a scheduled, monthly basis. So far, the benefits of the new strategy to shore up Android’s defenses are mixed at best.
• Security experts say look no further than to this past August and Google’s patching of the high-profile QuadRooter vulnerability that took 96 days for Google to go from vulnerability notification by Qualcomm to the release of the final patch for the critical flaws on Sept. 6. By comparison, it took Apple just 10 days from the time researchers tipped off the company to the notorious Trident vulnerabilities, which were publicly attacked unlike QuadRooter, to Apple releasing its iOS patch.
• That stark difference in patch times, illustrates to many mobile security experts that despite security gains within the Android platform
• From MediaServer hardening and file-level encryption – Google’s security efforts are still stymied by the nagging problem of fragmentation.
• For example, only a fraction of phones vulnerable to the QuadRooter vulnerability have received Google’s patches.
• Kyle Lady, research and development engineer at Duo Labs, says issues tied to fragmentation are hurting the Android ecosystem on two fronts.
• One front is Google’s efforts to work with a myriad partners on identifying risks and prepping patches for Google’s monthly security updates.
• The second is making sure those patches are deployed by Android handset makers and wireless carriers to consumers in a timely manner.
• Since Google released its last patch to fix the QuadRooter vulnerability, only 15 percent of Android phones capable of receiving the security update had done so, according to the most recent data available from Duo Labs collected Oct. 5.
• The patching results are interesting, “percentage of Android phones that have not patched in the last 90 days”:
  • Nexus: 2.3% (almost every phone is patched)
  • Samsung: 55% (slightly more than half of all phones are unpatched)
  • LG: 73% (almost 3/4s of all phones are unpatched)
  • Motorola: 96% unpatched
  • Sony: 98% unpatched
• For the first time that I have seen, Google’s support policy is also spelled out:
• “For Google’s part, it says it will provide support for its Nexus brand phones for at least three years from device availability, or 18 months after the last device is sold by Google”
• Motorola’s phone unit was recently sold to Lenovo, which had this to say:
• “We understand that keeping phones up-to-date with security patches is important to our customers and strive to push security patches as quickly as we can. We work with our carrier partners, software providers and other partners to extensively test patches before they are delivered, which can be in various forms, such as pure Security Maintenance Releases, scheduled Maintenance Releases and OS Upgrades.”
• “In August, Motorola said it couldn’t promise its flagship Moto Z and Moto G4 would receive monthly Android security patches. Instead, Motorola said updates would be quarterly. Samsung and LG said they have committed to monthly security updates for their handsets. HTC did not respond to a request for comment on this story.”
• It would be interesting to see these same numbers while looking at a more confined view, say, Phones sold in the last 18 months, rather than all phones on the market.
• Google is also trying to solve the problem by going around the Manufacturers and the Carriers: “with the release of Android 7.0 (Nougat) Google is attempting to become more self-reliant by creating independent apps that might have otherwise been Android OS baked-in features. For example, Google recently introduced its Allo and Duo (formerly Hangouts) messaging features as standalone apps. Now, Google can push out software updates if needed to those apps, independent of device makers and carriers.”

Feedback:

• FreeNAS, Hot Laptops and Cisco Routers

• HomeServer question

• Removing SSL at a network level

  • multicast into adjacent network0

Round Up:

• Telegram Messenger on Twitter: “Issues in North and Latin America: cooling system died in one data center, massive overheating. Data safe, working with DC staff to fix.”
• Microsoft patches 5 zero-day flaws and Adobe releases update to address 81 flaws in Acrobat, Reader, and Flash
• BitTorrent reportedly fires its CEOs, gets out of the media game
• More OpenSSL vulnerabilities, project decides there is no need for a CVE
• Yahoo makes it difficult to leave its service by disabling automatic email forwarding
• Microsoft no longer allows you to pick and choose updates. You just get the “October 2016 Security Monthly Quality Rollup for Windows”
• Ford engineer called MyFord Touch infotainment system ‘a polished turd’
• macOS Sierra permanently remembers SSH key passphrase by default
• Comcast Deploys 1-Terabyte Data Plan | Multichannel
• British man spends 11 hours trying to make a cup of tea with his WiFi kettle
• Microsoft: No More Pick-and-Choose Patching
• Why Sonic the Hedgehog ran faster in America
• Ex-Yahoo Employee: Government Spy Program Could Have Given a Hacker Access to All Email

The post Internet of Default Passwords | TechSNAP 288 first appeared on Jupiter Broadcasting.

How the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist & Keylogging before computers.

Plus a great batch of your questions, a rocking round-up & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

How might the NSA be breaking crypto?

• “There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand. However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community.”
• “Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.”
• PDF: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
• “The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.”
• “If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.”
• “For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.”
• “Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.”
• “Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation. For instance, the Snowden documents show that NSA’s VPN decryption infrastructure involves intercepting encrypted connections and passing certain data to supercomputers, which return the key. The design of the system goes to great lengths to collect particular data that would be necessary for an attack on Diffie-Hellman but not for alternative explanations, like a break in AES or other symmetric crypto. While the documents make it clear that NSA uses other attack techniques, like software and hardware “implants,” to break crypto on specific targets, these don’t explain the ability to passively eavesdrop on VPN traffic at a large scale.”
• “8.4% of Alexa Top 1M HTTPS domains allow DHE_EXPORT, of which 92.3% use one of the two most popular primes”
• “After a week-long precomputation for each of the two top export-grade primes (see Table 1), we can quickly break any key exchange that uses them. Here we show times for computing 3,500 individual logs; the median is 70 seconds.”
• “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?”
• If the NSA has precomputed just one DH 1024 group, they would be able to compromise 37% of the HTTPS traffic to the top 1 million sites using an active downgrade attack. If they have precomputed the ten most popular DH 1024 groups, that number increases to 56%
• When applied to VPNs, the single most popular DH 1024 group would comprise 66% of all traffic. For SSH, the number is 25%. For both VPN and SSH, the top 10 does not increase the likelihood of compromise, this suggests that outside of a specific very popular 1024 bit group, most other sites do not reuse the same group as others.
• “we performed a scan in which we mimicked the algorithms offered by OpenSSH 6.6.1p1, the latest version of OpenSSH. In this scan, 21.8% of servers preferred the 1024-bit Oakley Group 2, and 37.4% preferred a server-defined group. 10% of the server-defined groups were 1024-bit, but, of those, near all provided Oakley Group 2 rather than a custom group”
• Recommendations from the paper:
  • Transition to elliptic curves: Transitioning to elliptic curve Diffie-Hellman (ECDH) key exchange with appropriate parameters avoids all known feasible cryptanalytic attacks
  • Increase minimum key strengths: Server operators should disable DHE_EXPORT and configure DHE ciphersuites to use primes of 2048 bits or larger.
  • Avoid fixed-prime 1024-bit groups: For implementations that must continue to use or support 1024-bit groups for compatibility reasons, generating fresh groups may help mitigate some of the damage caused by NFS-style precomputation for very common fixed groups.
  • Don’t deliberately weaken crypto: Our downgrade attack on export-grade 512-bit Diffie-Hellman groups in TLS illustrates the fragility of cryptographic “front doors”. Although the key sizes originally used in DHE_EXPORT were intended to be tractable only to NSA, two decades of algorithmic and computational improvements have significantly lowered the bar to attacks on such key sizes.
• “Prior to our work, Internet Explorer, Chrome, Firefox, and Opera all accepted 512-bit primes, whereas Safari allowed groups as small as 16 bits. As a result of our disclosures, Internet Explorer, Firefox, and Chrome are transitioning the minimum size of the DHE groups they accept to 1024 bits, and OpenSSL and Safari are expected to follow suit.”
• Additional information from the researchers site WeakDH.org
• Sysadmin’s guide to securing your servers

• https://www.onlinemeetingnow.com/register/?id=pmsy0fu2ck&inf_contact_key=c3de960e4fc660a9c3744ecc74a608bdde91a80fc9d58288c71bfd6d9c0209ad

Fresh Zero Day exploit against fully patched Adobe Flash

• Just last week, we were commenting on how quiet things have been on the Adobe Flash front
• Sorry for jinxing it for everyone
• This zero day exploit even affects Flash version 19.0.0.207 which was released on Tuesday
• Adobe expects to release a patch that fixes the Zero day some time next week
• “Attackers are exploiting a previously unknown vulnerability in fully patched versions of Adobe’s Flash Player so they can surreptitiously install malware on end users’ computers”
• “So far, the attacks are known to target only government agencies as part of a long-running espionage campaign carried out by a group known as Pawn Storm, researchers from antivirus provider Trend Micro said in a blog post published Tuesday. It’s not unusual for such zero-day exploits to be more widely distributed once the initial element of surprise wanes. The critical security flaw is known to reside in Flash versions 19.0.0.185 and 19.0.0.207 and may also affect earlier versions. At this early stage, no other technical details are available”
• “In this most recent campaign of Pawn Storm, several Ministries of Foreign Affairs received spear phishing e-mails. These contain links to sites that supposedly contain information about current events, but in reality, these URLs hosted the exploit”
• In this wave of attacks, the emails were about the following topics:
  • “Suicide car bomb targets NATO troop convoy Kabul”
• “Syrian troops make gains as Putin defends air strikes”
• “Israel launches airstrikes on targets in Gaza”
• “Russia warns of response to reported US nuke buildup in Turkey, Europe”
• “US military reports 75 US-trained rebels return Syria”
• The most startling thing here is that you would not expect government employees to get such news via email, so they should know better than to fall for emails with these subjects or follow links with such headlines.
• “It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.”
• It will be interesting to see if any of the exploit kits manage to pick up this Zero-day before the patch is released
• This attack is currently focused on the government, and the attackers likely want to keep their zero-day to themselves
• Once a fix is released, I would expect the regular malware authors to reverse engineer the fix to find the exploit, and see this added to the regular exploit kits
• Additional Coverage: Krebs

Keylogging before computers: How Soviets used IBM Selectric keyloggers to spy on US diplomats

• “A National Security Agency memo that recently resurfaced a few years after it was first published contains a detailed analysis of what very possibly was the world’s first keylogger—a 1970s bug that Soviet spies implanted in US diplomats’ IBM Selectric typewriters to monitor classified letters and memos.”
• “The electromechanical implants were nothing short of an engineering marvel. The highly miniaturized series of circuits were stuffed into a metal bar that ran the length of the typewriter, making them invisible to the naked eye. The implant, which could only be seen using X-ray equipment, recorded the precise location of the little ball Selectric typewriters used to imprint a character on paper. With the exception of spaces, tabs, hyphens, and backspaces, the tiny devices had the ability to record every key press and transmit it back to Soviet spies in real time.”
• “The Soviet implants were discovered through the painstaking analysis of more than 10 tons’ worth of equipment seized from US embassies and consulates and shipped back to the US. The implants were ultimately found inside 16 typewriters used from 1976 to 1984 at the US embassy in Moscow and the US consulate in Leningrad. The bugs went undetected for the entire eight-year span and only came to light following a tip from a US ally whose own embassy was the target of a similar eavesdropping operation.”
• “”Despite the ambiguities in knowing what characters were typed, the typewriter attack against the US was a lucrative source of information for the Soviets,” an NSA document, which was declassified several years ago, concluded. “It was difficult to quantify the damage to the US from this exploitation because it went on for such a long time.” The NSA document was published here in 2012. Ars is reporting the document because it doesn’t appear to have been widely covered before and generated a lively conversation Monday on the blog of encryption and security expert Bruce Schneier.”
• “When the implant was first reported, one bugging expert cited in Discover magazine speculated that it worked by measuring minute differences in the time it took each character to be imprinted. That theory was based on the observation that the time the Selectric ball took to complete a rotation was different for each one. A low-tech listening device planted in the room would then transmit the sounds of a typing Selectric to a Soviet-operated computer that would reconstruct the series of key presses.”
• “In fact, the implant was far more advanced and worked by measuring the movements of the “bail,” which was the term analysts gave to the mechanical arms that controlled the pitch and rotation of the ball.”
• “In reality, the movement of the bails determined which character had been typed because each character had a unique binary movement corresponding to the bails. The magnetic energy picked up by the sensors in the bar was converted into a digital electrical signal. The signals were compressed into a four-bit frequency select word. The bug was able to store up to eight four-bit characters. When the buffer was full, a transmitter in the bar sent the information out to Soviet sensors.”
• “There was some ambiguity in determining which characters had been typed. NSA analysts using the laws of probability were able to figure out how the Soviets probably recovered text. Other factors which made it difficult to recover text included the following: The implant could not detect characters that were typed without the ball moving. If the typist pressed space, tab shift, or backspace, these characters were invisible to the implant. Since the ball did not move or tilt when the typist pressed hyphen because it was located at the ball’s home position, the bug could not read this character either.”
• “The implants were also remarkable for the number of upgrades they received. Far from being a static device that was built once and then left to do its job, the bugs were constantly refined.”
• “There were five varieties or generations of bugs. Three types of units operated using DC power and contained either eight, nine, or ten batteries. The other two types operated from AC power and had beacons to indicate whether the typewriter was turned on or off. Some of the units also had a modified on and off switch with a transformer, while others had a special coaxial screw with a spring and lug. The modified switch sent power to the implant. Since the battery-powered machines had their own internal source of power, the modified switch was not necessary. The special coaxial screw with a spring and lug connected the implant to the typewriter linkage, and this linkage was used as an antenna to transmit the information as it was being typed. Later battery-powered implants had a test point underneath an end screw. By removing the screw and inserting a probe, an individual could easily read battery voltage to see if the batteries were still active.”
• “The devices could be turned off to avoid detection when the Soviets knew inspection teams were in close proximity. Newer devices operated by the US may have had the ability to detect the implants, but even then an element of luck would have been required, since the infected typewriter would have to be turned on, the bug would have to be turned on, and the analyzer would have to be tuned to the right frequency. To lower this risk, Soviet spies deliberately designed the devices to use the same frequency band as local television stations.”
• I thought this was an interesting example of how espionage works and how hard it can be to detect

Feedback:

• 2gbps with direct connections?
  • ifconfig lagg0 create
  • ifconfig lagg0 laggproto roundrobin laggport igb0 laggport igb1
  • ifconfig lagg0 192.168.101.1/24

• VLAN Basics

• PHP-FPM Tweaking

• Remote PC power on
  • APC AP7900 is $600+, but can be cheap on ebay

Round Up:

• Security researcher claims $24k bounty from Microsoft for Hotmail hack
• Turning the FCC’s proposal around, a coalition of 260 security researchers want the FCC to REQUIRE that all router firmwares be open source
• University of Cambridge study finds 87% of Android devices are insecure
• Flaw in Kaspersky’s “Network Attack Blocker” could allow an adversary to trick your firewall into blocking traffic from any address, including Kaspersky and Windows update
• “USB Killer” flash drive can fry your computer’s innards in seconds
• OpenZFS adds new hashing algorithms: SHA512/256, Skein, and Edon-R … and RESUMABLE ZFS REPLICATION!!!!
• EMC agrees to buyout by Dell
• Web Authentication Arms Race — A tale of two security experts
• Windows 10 start menu to include ads for “suggest apps”
• Statically Linking a Windows Kernel Driver as an ELF — A FireEye challenge
• Kemoge: Another Mobile Malicious Adware Infecting Over 20 Countries
• Researcher sets up a DigitalOcean droplet with the shellshock vulnerability, and watches what happens
• Company offers up to $3 million for jailbreak of new “rootless” iOS9
• An XSS vector containing no letters

The post National Security Breaking Agency | TechSNAP 236 first appeared on Jupiter Broadcasting.

Researches have uncovered a weakness in almost all Internet encryption. We’ll explain what LogJam is, how to protect yourself & what the cause is.

Plus Linux gets bit by a filesystem corruption bug, passport id thieves, a great batch of questions & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

LogJam: How Diffie-Hellman Fails in Practice

• Researches have uncovered several weaknesses in how the Diffie-Hellman key exchange has been deployed.
• Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS.
• The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said.
• The weakness is the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad.
• The regime was established by the Clinton administration so the FBI and other agencies could break the encryption used by foreign entities.
• Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material.
• Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties.
• Ironically, Diffie-Hellman is supposed to provide an additional layer of protection because it allows the two connected parties to constantly refresh the cryptographic key securing Web or e-mail sessions.
• The so-called perfect forward secrecy that Diffie-Hellman makes possible significantly increases the work of eavesdropping because attackers must obtain the key anew each time it changes, as opposed to only once with other encryption schemes, such as those based on RSA keys.
• Logjam is significant because it shows that ephemeral Diffie-Hellman—or DHE—can be fatal to TLS when the export-grade ciphers are supported. Logjam is reminiscent of the FREAK attack that also allowed attackers to downgrade HTTPS connections to 512-bit cryptography.
• If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.
• Make sure you have the most recent version of your browser installed, and check for updates frequently. Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.
• Make sure any TLS libraries you use are up-to-date and that you reject Diffie-Hellman Groups smaller than 1024-bit.
• PDF Report: Imperfect Forward Secrecy:
  How Diffie-Hellman Fails in Practice
• Additional Coverage: ArsTechnica
• Logjam Attack Proof of Concept Demonstrations
• How 1990s Encryption Backdoors Put Today’s Internet In Jeopardy
• You can disable all short DH key lengths in Firefox’s about:config

US Passport Agency contractor stole applicants’ data to steal their identities

• Three women from Houston, Texas, stand accused of engaging in an identity theft scheme in which one of them, a contract employee of the Department of State Passport Agency, was in charge of stealing personally identifiable information of persons applying for a passport.
• The information was then used to create counterfeit identification documents, which the other two women would use to successfully impersonate the affected individuals in order to fraudulently obtain commercial lines of credit and to purchase iPhones, iPads and other goods online.
• This scheme went on for over five years.
• No direct details on how the contractors captured the data in question. But we can make a reasonable guess based on recent IT security policy changes.
• According to The Washington Post, the US Passport Agency has decided last month to ban both federal employees and private contractors from bringing devices equipped with a camera into the offices where they review and process requests for passports.
• Apparently, this decision was influenced by the Houston incident, indicating that McClendon likely took pictures of private information on passports.
• Jim Gogolinski, Senior Threats Researcher at Trend Micro, wrote a helpful overview of the malicious insider problem, and offered some advice on how to prevent and mitigate the insider threat:
• Jim’s basic premises is, the insider threat can be broken down into three issues: why do people within become threats, what damage can they do, and how these can be prevented.
• Insider threats 101: The threat within

New Linux kernel corrupting file systems

• It appears that the current Linux 4.0.x kernel is plagued by an EXT4 file-system corruption issue. If there’s any positive note out of the situation, it seems to mostly affect EXT4 Linux RAID users.
• There have been several reports of people affected by an ext4 data corruption bug in Linux 4.0.2.
• All EXT4 RAID0 users on the Linux 4.0.x kernel or current Linux 4.1 Git code are advised to downgrade until the next 4.1 release candidate or 4.0.x stable release otherwise you stand good chances of hosing your file-system.
• It also looks like if dropping the discard mount option you will also avoid being hit by this serious issue. This isn’t a problem for Linux users on distributions like RHEL, Ubuntu, and other fixed-release distributions that don’t tend to update major versions of their kernel post-release.
• The issue was caused by an MD commit late into the Linux 4.0 kernel cycle, a.k.a. a commit that was “md/raid0: fix bug with chunksize not a power of 2..”
• The commit was by SUSE’s Neil Brown.
• Eric Work has devised a small fix to address the corruption problem, but for now it’s only present within the MD Git tree.
• kernel/git/torvalds/linux.git – Linux kernel source tree
• #785672 – Critical ext4 data corruption bug – Debian Bug report logs

Feedback:

• ZFS Fragmentation

• Certificate chain, the Intermediate issuer is interchangeable?

• VMs to Linux

• Double gateways for pfSense squid?

Round-Up:

• U.S. aims to limit exports of undisclosed software flaws – Said another way: US to prohibit the export of penetration testing tools without a license
• CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
• NSA Planned to Hijack Google App Store to Hack Smartphones
• US Navy Abandons Cloud and Data Center Plans In Favor of New Strategy
• NetUSB Driver Flaw Exposes Millions of Routers to Hacking
• Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed
  
• FBI: researcher admitted to hacking plane in-flight, causing it to “climb”
• Trident whistleblower says nuclear subs are insecure, unsafe and ‘a disaster waiting to happen’
• Simple Flaw Exposed Data On Millions of Charter Internet Customers

The post EXTenuating Circumstances | TechSNAP 215 first appeared on Jupiter Broadcasting.