HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

How not to avoid browser security warning

Verbal passwords

Obscurity is a Valid Security Layer

Feedback

• Kaspersky’s 7zip file

• Containers/Jails/Zones : Containers vs Zones vs Jails vs VMs, Container descriptions and security, Docker and the rise of popularity of containers, Papers We Love Zones and Jails

Round Up:

• https://www.crunchyroll.com/ Cloudflare configuration compromised

• New York Times via dark web

• USB Stick with Heathrow Security and Queen’ Data Found on London Street see also Met Police Special Escort Group

• Google to ditch public key pinning in Chrome

• Performing & Preventing SSL Stripping: A Plain-English Primer

• Researchers turn LG’s Hom-Bot vacuum cleaner into a real-time spying device

The post SSL Strippers | TechSNAP 344 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

OpenSSH CLI escape sequences

• Notes from when Dan was experimenting with this: Only work if ~ is the first character you type; typing something, then backspace, then ~ will not invoke the escape sequence. Must be the first character after ENTER.

Kaspersky Confirms It Downloaded Classified Docs, Blames NSA Contractor’s Dumb Mistake

• According to Kaspersky, the fault rests of the shoulders of the NSA contractor, who allegedly brought home government surveillance tools and then decided to activate their consumer antivirus software

• The analyst’s computer was infected with malware while Kaspersky’s product was disabled

• When Kaspersky’s product was re-enabled, the user apparently scanned their system multiple times

• A 7-zip archive of documents was retrieved for analysis because the user had set the software to send reports of malicious detections.

‘I Forgot My PIN’: An Epic Tale of Losing $30,000 in Bitcoin

• Spent $3,000 to buy 7.4 bitcoins. Saved them to Trezor hardware wallet. Wrote down a 24-word recovery key. Saved a PIN.

• Paper went missing

• Could not remember PIN

• Tried many times.

• Tried an exploit…..

Feedback

• Backup to tapes

• Feedback on Krack Updates

  • KRACK Test Python Script

• It is worth reporting malware etc?

Round Up:

• grafana – Datasources as configuration

• curl statistics made simple: davecheney/httpstat (written in GO) refers to reorx/httpstat (written in Python) which is in FreeBSD Ports as net/py-httpstat – Dan tweeted his test case

• Gentoo system ransomware’d

• Backblaze Hard Drive Stats for Q3 2017

• ​A flaw in Google’s bug database exposed private security vulnerability reports – original blog post

• Staging Best Practices

• Protocol standards not publicly available

• Oracle ZFS man calls for Big Red to let filesystem upstream into Linux – sounds like Oracle wants to get ZFS into Linux

• Things You Can Do on the Dark Web That Aren’t Illegal

The post Low Security Pillow Storage | TechSNAP 343 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The Ethics of Running a Data Breach Search Service

• HIBP – have i been pwned?

Is the NSA Doing More Harm Than Good in Not Disclosing Exploits?

Post a boarding pass on Facebook, get your account stolen

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

• See also Israel hacked Kaspersky, then tipped the NSA that its tools had been breached

Feedback

• CERN using tapes

• New to FreeBSD – rc scripts see also Practical rc.d scripting in BSD & man rc.subr & man periodic & daemontools

• Steam Reporting Zero Free Space on ZFS disk

• SSH Reverse Tunnel Gateway Port

• Tapes – beware of Maxell

Round Up:

• On Oct 5 High Sierra update fixes bug which exposed the passwords of encrypted Apple File System See also the original post from Sep 27

• When you turn something off, it really should be off

• disqus.com – Security Alert: User Info Breach

• U.S. lawmakers want to restrict internet surveillance on Americans

• Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs

The post Spy Tapes | TechSNAP 340 first appeared on Jupiter Broadcasting.

A common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.

Plus some great questions, our answers, a rockin roundup, and much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The 7 problems with ATM security

• Kaspersky presents a list of the 7 reasons why ATMs are so easily compromised, based on a talk given at the SAS2016 conference
• “Automated teller machines (ATM) have always a been a big target for criminals. In the past hunting for ATMs included some heavy tools like a cutting torch or explosives. However with the dawn of the Digital Age, everything has changed. Nowadays culprits can ‘jackpot’ an ATM without such special effects.”

1. ATMs are basically just computers (PCs)
2. That PC is likely running an old operating system (in early 2014, 95% of all ATMs still ran Windows XP)
3. The software other than the OS is also likely vulnerable. Many ATMs still have the bundled version of flash that came with stock Windows XP, which now has 9000 known vulnerabilities
4. ATMs have no software integrity control, no antivirus solutions, no authentication of an app that sends commands to cash dispenser.
5. Weak physical security for the PC part of the ATM. While the deposit box and cash dispenser are armored against attack, the PC is usually only hidden behind some thin plastic. “There is no money in that part of the ATM”
6. ATM control PCs have standard interfaces, that are not secured. Let me just plug this USB stick into your ATM, now it is my ATM
7. ATMs are increasingly directly connected to the Internet. You can find ATMs on Shodan

• ATMs are not replaced very often, so upgrades to the physical protections of the PC component will likely not happen very soon
• When was the last time you saw an ATM down for software updates?
• Maybe if the criminals keep stealing large amounts of money, the banks will be more interested in replacing the ATMs
• This of course doesn’t cover the private ATMs you often see in convenience stores

FireEye Detection Evasion and Whitelisting of Arbitrary Malware

• Researchers at Blue Frost Security have developed a way to evade the dynamic analysis of the FireEye suite of security appliances
• The FireEye appliance works by starting untrusted binaries and applications in virtualization and observing what they do
• If the application is found to be malicious, it is blocked
• Only applications allowed by the FireEye device can be run on the protected computers
• “The analysis engine evasion allows an attacker to completely bypass FireEye’s virtualization-based dynamic analysis on Windows and add arbitrary binaries to the internal whitelist of binaries for which the analysis will be skipped until the whitelist entry is wiped after a day”
• “FireEye is employing the Virtual Execution Engine (VXE) to perform a dynamic analysis. In order to analyze a binary, it is first placed inside a virtual machine. A Windows batch script is then used to copy the binary to a temporary location within the virtual machine, renaming it from “malware.exe” to its original file name.”
• “No further sanitization of the original filename is happening which allows an attacker to use Windows environment variables inside the original filename which are resolved inside the batch script. Needless to say this can easily lead to an invalid filename, letting the copy operation fail.”
• Let’s take the filename FOO%temp%BAR.exe which results in:
• copy malware.exe “%temp%\FOOC:\Users\admin\AppData\Local\TempBAR.exe”
• The filename, directory name, or volume label syntax is incorrect.
• “The batch script continues and tries to execute the binary under its new name which of course will fail as well because it does not exist.”
• “Afterwards the behavioral analysis inside the virtual machine is started which is running for a certain amount of time looking for malicious behavior. Since the binary was not started in the virtual machine in the first place, an empty virtual machine will be analyzed and no malicious behavior will be detected.”
• “Once a binary was analyzed and did not show any malicious behavior, its MD5 hash is added to an internal list of binaries already analyzed. If a future binary which is to be analyzed matches an MD5 hash in this list, the analysis will be skipped for that file. The MD5 hash will stay in the white list until it is wiped after day.”
• The issue was reported to FireEye on September 14th, and responded quickly
• FireEye released updates for some of its products on October 5th and 15th
• On December 31st FireEye published their Q4 security advisory
• FireEye Security Advisory
• On January 14th, FireEye asked that BFS delay publication of the vulnerability for another 30 days, as too many clients had not yet installed the update

Libgraphite Vulnerabilities Impact Firefox, OpenOffice, and Others

• Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library
• Which is used for font processing in Linux, Firefox, OpenOffice, and other major applications.
• The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution.
• A second vulnerability is an exploitable heap overflow.
• Finally, the last two vulnerabilities result in denial of service situations.
• To exploit these vulnerabilities, an attacker simply needs the user to run a Graphite-enabled application that renders a page using a specially crafted font that triggers one of these vulnerabilities.
• Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).
• Graphite is a package that can be used to create “smart fonts” capable of displaying writing systems with various complex behaviors.
• Basically Graphite’s smart fonts are just TrueType Fonts (TTF) with added extensions.
• The issues that Talos identified include the following:

• An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service.
• A specially crafted font can cause a buffer overflow resulting in potential code execution.
• An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash.

• If a malicious font is provided then an arbitrary length buffer overflow can occur when handling context items.
• The first denial of service issue results from a NULL pointer dereference.

• The second denial of service issue results from an out of bounds read that can not only cause a DoS, but it can also cause a leak of information. When reading an invalid font where the local table size is set to 0, an out of bounds read will occur.

• Known Vulnerable Versions:

• Libgraphite 2-1.2.4

• Firefox 31-42
• Firefox ESR before 38.6.1

Feedback:

• Booting on ZFS

• Open Source Security Systems?

• openHAB

• OpenSSL vs OpenSSH

• pfSense Question

Make sure you patch your linux machines for the glibc vulnerability

• In-Depth Analysis
• Additional Coverage
• FreeBSD base unaffected, but update your linux emulation ports

Round Up:

• Why you should side with Apple, not the FBI, in the San Bernardino iPhone case
• Distribution packages considered insecure
• Google Cloud Platform Blog: Google and Red Hat announce cloud-based scalable file servers
• ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
• U.S. Hacked Into Iran’s Critical Civilian Infrastructure For Massive Cyberattack, New Film Claims
• IRS warns of a 400% increase in phishing and malware for this tax year
• Hospital paid hackers 40 bitcoins to get its network back
• “changing the date to May 1970 or earlier can prevent your iOS device from turning on after a restart” Public WiFi + Rouge NTP server = Bucket of bricked iPhones
• Bitcoin startup Butterfly Labs settles with FTC for $38.6M, but it can’t pay
• Mine 30% more bitcoins be allowing errors
• First tech expert on NSA Advisory board: Steve Bellovin, co-director of Columbia’s Cybersecurity and Privacy Center, and author of such papers as “Keys Under Doormats”, a spectacular broadside against government backdoors in crypto
• Ringo Starr’s twitter account hacked after email address of digital marketing manager compromised
• Cryptolocker-like malware found signed with real code-signing certificate, likely stolen
• Backblaze releases 2015Q4 study on hard drive reliability, and why they use Seagate drives

The post Weaponized Comic Sans | TechSNAP 254 first appeared on Jupiter Broadcasting.

Kaspersky labs has been hacked, we’ll tell you why it looks like a nation state was the attacker, why OPM data is too valuable sell & the real situation with LastPass.

Plus some great questions, our answers & a rocking round up.

All that and much, much more on this week’s TechSNAP!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Kaspersky Lab hacked

• “Russia-based Kaspersky Lab, one of the biggest and most well-known cybersecurity research firms in the world, has admitted to being hacked. In a blog post published earlier today, Kaspersky Lab CEO and founder Eugene Kaspersky wrote, “We discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploded several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.“”
• “The firm dubbed this attack Duqu 2.0. It’s named after a specific series of malware called Duqu, which was considered to be related to the Stuxnet attack that targeted states like Iran, India, France, and the Ukraine in 2011.”
• “The post went on to say that it was not wise to use an advanced never-before-used technology to spy on a firm. For one, Kaspersky sells access to a great deal of its technologies, so this group could have just paid for it. Also, in its attempt to infiltrate Kaspersky, it clued the company into the next generation spying technologies hackers are developing.”
• “”They’ve now lost a very expensive technologically-advanced framework they’d been developing for years,” the post explained.”
• “In the case of Kaspersky Lab, the attack took advantage of a zero-day in the Windows Kernel, and possibly up to two other, currently patched vulnerabilities, which were zero-day at that time. The analysis of the attack revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, ongoing research and internal processes. No interference with processes or systems was detected. More details can be found in our technical paper.”
• “From a threat actor point of view, the decision to target a world-class security company must be quite difficult. On one hand, it almost surely means the attack will be exposed – it’s very unlikely that the attack will go unnoticed. So the targeting of security companies indicates that either they are very confident they won’t get caught, or perhaps they don’t care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they’d remain undiscovered; and lost.”
• Blog: Kaspersky statement on Duqu 2.0 attack
• Research: The mystery of Duqu 2.0
• Research: The Duqu 2.0 persistence module

U.S. Office of Personnel Management (OPM) hacked

• “OPM discloses breach affecting up to 4 million federal employees, offers 18 months of free credit monitoring through CSID. Follow-up reports indicate that the breach may extend well beyond federal employees to individuals who applied for security clearances with the federal government.”
• The Office of Personnel Management (OPM) confirmed that both current and past employees had been affected.
• The breach could potentially affect every federal agency
• OPM said it became aware of the breach in April during an “aggressive effort” to update its cyber security systems.
• As the OPM’s Inspector General report put it, “attacks like the ones on Anthem and Premera [and OPM] are likely to increase. In these cases, the risk to Federal employees and their families will probably linger long after the free credit monitoring offered by these companies expires.”
• “In those files are huge treasure troves of personal data, including “applicants’ financial histories and investment records, children’s and relatives’ names, foreign trips taken and contacts with foreign nationals, past residences, and names of neighbors and close friends such as college roommates and co-workers. Employees log in using their Social Security numbers.”
• “That quote aptly explains why a nation like China might wish to hoover up data from the OPM and a network of healthcare providers that serve federal employees: If you were a state and wished to recruit foreign spies or uncover traitors within your own ranks, what sort of goldmine might this data be? Imagine having access to files that include interviews with a target’s friends and acquaintances over the years, some of whom could well have shared useful information about that person’s character flaws, weaknesses and proclivities.”
• Krebs Coverage
• The Krebs article has a great timeline
• US Law Makers demand encryption after OPM hack
• DHS says: Encryption would not have helped OPM
• OPM’s archaic IT infrastructure to blame for breach
• Krebs finds that [version of OPM data on the darkweb] is actually from a different hack of ](https://krebsonsecurity.com/2015/06/opms-database-for-sale-nope-it-came-from-another-us-gov/)

Feedback:

• Choosing a Dedicated Server Provider

• Home Backup Plan

• stmps vs smtpd

• ZFS Worth it for a Single Drive?

• ZFS and different sized disks.

BSDCan Videos:

The videos from BSDCan have started to appear. Not all of them are online yet, but a good sample to get you started.

• https://www.youtube.com/playlist?list=PLWW0CjV-TafY0NqFDvD4k31CtnX-CGn8f

Round Up:

• LastPass compromise
• Netflix Instance Analysis talk at Monitorama
• New exploit turns Samsung Galaxy phones into remote bugging devices
• Microscopic Adventures of a Chip Circuitry Repairman
• US Baseball team being investigated for hacking another teams computer systems
• US Navy was trying to buy zero day exploits
• Chromium on Linux silently downloads binary blob that listens to everything you say
• Blockchain bitcoin wallet app relied on random.org via unencrypted http connection for all randomness, error caused $8100 worth of bitcoins to be sent to the wrong person
• Fake Mobile Phone Towers Operating In The UK
• Google expands its bug bounty program for Android, will pay for exploits that work on a patched Nexus 6
• How did game developers pack entire games into so little memory 25 years ago?
• TRIM on some models of SSD under linux causing issues
• Krebs on Twitter
• More Krebs

The post OPM Data too Valuable to Sell | TechSNAP 219 first appeared on Jupiter Broadcasting.

Was “the biggest” recent government hack in history the result of out of date software & crappy detection systems? We share the details.

Plus a look back at the best Star Trek games of all time, a browser extension that reads that Terms of Service for you & Kaspersky labs gets hacked!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Why the “biggest government hack ever” got past the feds | Ars Technica
• Kaspersky Lab admits that it was hacked by a nation state – Business Insider
• A People’s History of Star Trek Video Games | Geek and Sundry
• Terms of Service; Didn’t Read

The post Embarrassed Einstein | Tech Talk Today 182 first appeared on Jupiter Broadcasting.

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, we’ll break down how this is possible, the danger that still exists & more.

Plus the story of a billion dollar cyber heist anyone could pull off, the Equation group, your questions, our answers & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

APT Attack robs banks

• A staggering APT attack has been conducted against over 100 banks in 30 countries, and has reportedly managed to steal as much as 1 billion USD.
• “In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.”
• While investigating, Kaspersky Labs found no malware on the ATM, just a strange VPN connection
• Later, they were called into the bank’s headquarters, after the bank’s security officer got an alert about a connection from their domain controller to China
• Kaspersky Video
• “In order to infiltrate the bank’s intranet, the attackers used spear phishing emails, luring users to open them, infecting machines with malware. A backdoor was installed onto the victim’s PC based on the Carberp malicious code, which, in turn gave the name to the campaign — Carbanak.”
• “After obtaining control over the compromised machine, cybecriminals used it as an entry point; they probed the bank’s intranet and infected other PCs to find out which of them could be used to access critical financial systems.”
• “That done, the criminals studied the financial tools used by the banks, using keyloggers and stealth screenshot capabilities.”
• “Then, to wrap up the scheme, the hackers withdrew funds, defining the most convenient methods on a case-by-case basis, whether using a SWIFT transfer or creating faux bank accounts with cash withdrawn by ‘mules’ or via a remote command to an ATM.”
• On average, it took from two to four months to drain each victim bank, starting from the Day 1 of infection to cash withdrawal.
• The oldest code that could be found related to these attacks was from August 2013
• Additional Coverage – NY Times
• Additional Coverage – ThreatPost
• Additional Coverage – SecureList
• Report PDF
• This attack is related to the malware installed directly on ATMs that we have reported on before

Lenovo spyware installs own Root CA

• It has been discovered that Lenovo has been shipping devices preinstalled with an advertising application called SuperFish
• This “Visual Discovery” advertising system injects picture ads for items related to search terms into your google search results, and other websites
• While this is bad enough, and upsets many people, the bigger problem is how they do it
• In order to snoop upon the search terms you are using, SuperFish must intercept your encrypted communications with Google and others
• In order to do this, the SuperFish software installs its own SSL Root Certificate Authority into the trusted certificate store
• This makes your machine trust every certificate signed by SuperFish
• The proxy that SuperFish installs, intercepts all of your web traffic, when it sees you trying to make a secure connection, which it would not be able to snoop on, what it does is create (on the fly), a new certificate for the site you are trying to visit (google.com, bankofamerica.com, whatever), and signs it with its private key
• Now your browser trusts the authenticity of this fake certificate, so it does not issue a warning, and you are completely unaware that SuperFish is intercepting all of your communications
• There are a number of security problems with this, including, does SuperFish sign a ‘valid’ certificate even for invalid certificates, like self signed certificates, meaning that an attack could trick you into going to a website, and seeing it as authentic when it is not, because SuperFish has signed a fresh certificate for it
• Worse, because of the way SuperFish works, rather than relying on the SuperFish backend infrastructure to generate these bogus certificates, instead SuperFish ships the private key for their fake Root CA with their software
• Researchers at Errata Security were able to crack the password used to encrypt the private key in only 3 hours
• The password was: komodia
• He found it fairly easily, first using procdump to defeat the self-encryption used by SuperFish (procdump wrote out the binary as it was in memory after it had decrypted it self)
• Next, he ran the standard unix tool ‘strings’ on the resulting file, and found the encrypted SSL private key
• After failed attempts to brute force it, or run a dictionary attack against it, he went back to his ‘strings’ file
• After filtering it down to only include short all lowercase words, he used it as a dictionary, and found the password
• Now, anyone can download the SuperFish software, extract the certificate and private key, and start signing bogus certificates for any website they wish, and every Lenovo or other machine that has the SuperFish software installed, will happily accept it as genuine
• SuperFish CEO Adi Pinhas tells Ars that “Superfish has not been active on Lenovo laptops since December. We standby this Lenovo statement
• While Lenovo and SuperFish disabled the server side component of SuperFish, which will prevent it from showing the ads, it seems that even uninstalling the SuperFish software, does not remove the trusted root certificate, leaving the users vulnerable to Man-In-the-Middle attacks
• It is unclear what the certificate pinning feature in Google’s Chrome browser did not prevent this from working
• Given that this same technique is popular in corporate security software, and there are also open source application proxies that can do it (OpenBSD’s relayd for one), it may be that Google had to relax their requirements to be compatible with corporate networks
• Lenovo Forums
• Additional Coverage – ThreatPost
• Additional Coverage – TheNextWeb
• Additional Coverage – TechSpot
• Additional Coverage – ZDNet

The Equation Group — Part of the NSA?

• Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.
• Known as the Equation Group, used two of the zero days contained in Stuxnet before that worm employed them and have used a number of other infection methods +
• Beginning in 2001, and possibly as early as 1996, the Equation Group began conducting highly targeted and complex exploitation and espionage operations against victims in countries around the world. The group’s toolkit includes components for infection, a self-propagating worm that gathers data from air-gapped targets, a full-featured bootkit that maintains control of a compromised machine and a “validator” module that determines whether infected PCs are interesting enough to install the full attack platform on.
• An unusual if not truly novel way of bypassing code-signing restrictions in modern versions of Windows, which require that all third-party software interfacing with the operating system kernel be digitally signed by a recognized certificate authority. To circumvent this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.
• The trump card for the Equation Group attackers is their ability to inject an infected machine’s hard drive firmware. This module, known only by a cryptic name – “nls_933w.dll”, essentially allows the attackers to reprogram the HDD or SSD firmware with a custom payload of their own creation.
• One of the Equation Group’s malware platforms, for instance, rewrote the hard-drive firmware of infected computers—a never-before-seen engineering marvel that worked on 12 drive categories from manufacturers including Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate.
• Additional Coverage – Ars Technica
• Additional Coverage – ZDNet
• Additional Coverage – Digital Munitition

Feedback:

• ZFS expansion on iSCSI or LUN on FreeBSD

• Towers and Bread Racks posing as a Data Center.. I’ve got that beat!!

• FreeBSD as Xen Dom0 host?
  • FreeBSD Xen Dom0

• Exclude a specific device from my VPN

• Vizio TV Broadcasting SSID

Round-Up:

• French government has its own malware capable of eavesdropping on Skype, MSN, Yahoo Messanger and the like
• HTTP/2 is Done
• Even your car wash is on Facebook
• m0n0wall – End of the m0n0wall project
• TrueCrypt 7.1a audit stirs back to life
• UK parliament calls for Internet to be classified as a public utility
• Vint Cerf: we need to do a better job of recording the history of what we do on computers
• The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle
• After Microsoft spat, Google will allow 14 days of flexibility beyond the 90 day disclosure window
• Payment Processor Stripe Now Allows Any Business to Accept Bitcoin
• Flaw in netgear wi-fi routers exposes admin password and WLAN settings
• Russian man extradited to US while visiting NL, charged with Heartland and Dow Jones hacks
• BadUSB in SCADA/ICS gear too
• AOL Email went down for many hours starting at 4am this morning

The post SuperFishy Mistake | TechSNAP 202 first appeared on Jupiter Broadcasting.

Kaspersky researchers discover malware hidden in the firmware of hard drives & link the development to the NSA. We discuss what’s known publicly at this point.

The Pebble smartwatch just got access to Android Wear apps & Apple prepares to sell millions & millions of watches.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica

In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn’t know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn’t the first time the operators—dubbed the “Equation Group” by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group’s extensive library. (Kaspersky settled on the name Equation Group because of members’ strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list. Because of a self-destruct mechanism built into the malware, the researchers suspect that this is just a tiny percentage of the total; the actual number of victims likely reaches into the tens of thousands.

• Kaspersky PDF Report
• Someone (probably the NSA) has been hiding viruses in hard drive firmware | The Verge

Report: Apple Prepping Electric Car | News & Opinion | PCMag.com

Still, according to the Journal, “the size of the project team and the senior people involved indicate that the company is serious.”

The paper pointed to talks with high-end car makers and Apple’s work with designer Marc Newsom, who has experience with car design.

Apple Orders More Than 5 Million Watches for Initial Run – Digits – WSJ

Apple has asked its suppliers in Asia to make a combined five to six million units of its three Apple Watch models during the first quarter ahead of the product’s release in April, according to people familiar with the matter.

Pebble’s Smartwatch Now Officially Supports Android Wear Apps | TechCrunch

Now your watch can take advantage of apps that support Google’s Android Wear platform, in addition to those within Pebble’s own app store.

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details – Slashdot

A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here’s the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

The post No Security Anymore | Tech Talk Today 134 first appeared on Jupiter Broadcasting.

Hypocrisy abounds this episode as new methods of tracking citizens by governments have been revealed & the campaign to shut down cop reporting on Waze has gone public.

Plus the amazing mesh network in Cuba, bullet proof vest for batteries in a smartphone & much more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

France Seeks to Sanction Web Companies for Posts Pushing Terror

President Francois Hollande said Tuesday in Paris the government will present a draft law next month that makes Internet operators “accomplices” of hate-speech offenses if they host extremist messages.

Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies

Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. “Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together,” wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report.

Police Organization Wants Cop-Spotting Dropped From Waze App

“The Register reports on a request from the US National Sheriffs’ Association, which “wants Google to block its crowd-sourced traffic app Waze from being able to report the position of police officers, saying the information is putting officer’s lives at risk.” From the article: “‘The police community needs to coordinate an effort to have the owner, Google, act like the responsible corporate citizen they have always been and remove this feature from the application even before any litigation or statutory action,’ AP reports Sheriff Mike Brown, the chairman of the NSA’s technology committee, told the association’s winter conference in Washington….Brown called the app a ‘police stalker,’ and said being able to identify where officers were located could put them at personal risk. Jim Pasco, executive director of the Fraternal Order of Police, said his members had concerns as well. ‘I can think of 100 ways that it could present an officer-safety issue,’ Pasco said. ‘There’s no control over who uses it. So, if you’re a criminal and you want to rob a bank, hypothetically, you use your Waze.'”

DEA cameras tracking hundreds of millions of car journeys across the US

A U.S. Drug Enforcement Administration program to keep tabs on cars close to the U.S.-Mexican border has been gradually expanded nationwide and is regularly used by other law enforcement agencies in their hunt for suspects.

The extent of the system, which is said to contain hundreds of millions of records on motorists and their journeys, was disclosed in documents obtained by the American Civil Liberties Union as part of a Freedom of Information Act request. Much of the information disclosed to the ACLU was undated, making it difficult to understand the growth of the network, which is different from the cameras used to collect traffic tolls on expressways.

Batteries Made With Bulletproof Kevlar Fibers May Never Explode

The researchers at the University of Michigan layered nanofibers extracted from Kevlar on top of each other to create very thin insulating sheets. And it turns out the microscopic pores on this new material are actually far too small to allow the tips of those fern-like dendrite structures to poke through and make contact with other electrodes. Individual lithium-ions can still squeeze through as needed, but nothing else.

The post Two Waze Street | Tech Talk Today 122 first appeared on Jupiter Broadcasting.

A CloudFlare outage takes down three quarter of a million sites, we’ll tell you what went wrong.

Some old school malware gets the job done, Allan’s cool toys from Japan, a big batch of your questions our answers, and much more on this week’s TechSNAP.

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Support the Show:

   

Support the Show: