Show Notes: techsnap.systems/421

The post Firewall Fun | TechSNAP 421 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/374

The post Quantum Resistant Encryption | TechSNAP 374 first appeared on Jupiter Broadcasting.

Another major flaw in consumer routers needs patched ASAP, the tech of sending messages via tone comes to Chrome & Popcorn Hour lands in your web browser, but there’s a major catch.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Critical vulnerability in NetUSB driver exposes millions of routers to hacking | PCWorld

Millions of routers and other embedded devices are affected by a serious vulnerability that could allow hackers to compromise them.

The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more.

NetUSB is implemented in Linux-based embedded systems, such as routers, as a kernel driver. The driver is developed by Taiwan-based KCodes Technology. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients.

Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. If exploited, this kind of vulnerability can result in remote code execution or denial of service.

Since the NetUSB service code runs in kernel mode, attackers who exploit the flaw could gain the ability to execute malicious code on the affected devices with the highest possible privilege, the Sec Consult researchers said in a blog post Tuesday.

Many vendors integrate NetUSB into their products, but have different names for it. For example, Netgear calls the feature ReadySHARE, while others simply call it print sharing or USB share port.

Google Is Close to Unveiling New Web Photo Service – Bloomberg Business

The new photo tool, which will let users post images to Facebook Inc. and Twitter Inc., will probably be unveiled at Google’s annual software developers conference in San Francisco later this month, said the people, who asked not to be identified because the matter is private.

Google Tone is a Chrome extension for sharing URLs with nearby computers using sound | VentureBeat | Dev | by Paul Sawers

To try the feature, all computers must first have the Google Tone Chrome extension installed and be within reasonable earshot of each other. Then, when you’re on a webpage you’d like to share, hit the little Google Tone tab in your browser and you’ll hear a little succession of beeps — not too dissimilar to an old ZX Spectrum computer loading a game. Nearby machines receive a notification with the sender’s Google profile and picture embedded within the message, and the user can choose to open the URL on their own PC.

• Chirp.io

You Can Now Use ‘Netflix for Torrents’ Popcorn Time in Your Browser

The new website, at PopcornInYourBroswer.net, provides much the same service as Popcorn Time always has. Just now it’s in your browser.

• Time4Popcorn (popcorn-time.se) now includes Adware. Do not install it and help spread the word.

The post Browser Pirates | Tech Talk Today 173 first appeared on Jupiter Broadcasting.

Kaspersky researchers discover malware hidden in the firmware of hard drives & link the development to the NSA. We discuss what’s known publicly at this point.

The Pebble smartwatch just got access to Android Wear apps & Apple prepares to sell millions & millions of watches.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica

In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn’t know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn’t the first time the operators—dubbed the “Equation Group” by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group’s extensive library. (Kaspersky settled on the name Equation Group because of members’ strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list. Because of a self-destruct mechanism built into the malware, the researchers suspect that this is just a tiny percentage of the total; the actual number of victims likely reaches into the tens of thousands.

• Kaspersky PDF Report
• Someone (probably the NSA) has been hiding viruses in hard drive firmware | The Verge

Report: Apple Prepping Electric Car | News & Opinion | PCMag.com

Still, according to the Journal, “the size of the project team and the senior people involved indicate that the company is serious.”

The paper pointed to talks with high-end car makers and Apple’s work with designer Marc Newsom, who has experience with car design.

Apple Orders More Than 5 Million Watches for Initial Run – Digits – WSJ

Apple has asked its suppliers in Asia to make a combined five to six million units of its three Apple Watch models during the first quarter ahead of the product’s release in April, according to people familiar with the matter.

Pebble’s Smartwatch Now Officially Supports Android Wear Apps | TechCrunch

Now your watch can take advantage of apps that support Google’s Android Wear platform, in addition to those within Pebble’s own app store.

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details – Slashdot

A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here’s the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

The post No Security Anymore | Tech Talk Today 134 first appeared on Jupiter Broadcasting.

A back backdoor found in many common routers gets covered up instead of patched, and all it takes is a knock on the door to exploit it. We’ll share the details.

Plus cross VM attacks just got much easier, a great batch of your questions – our answers, and much much more!

On this week’s episode of TechSNAP!

Thanks to:

— Show Notes: —

Intentional backdoor in home routers, when reported vendor just attempts to hide it better

• Back around Christmas researchers found a backdoor in 24 different models of routers from Cisco, Linksys, Netgear and Diamond. The backdoor gave an attacker who knew about the flaw a full root shell on the router, and allowed them to dump the entire config, and make changes to the configuration
• This could allow an attacker to get inside your network by forwarding ports etc, but also conduct a Man-in-the-Middle attack by changing the DNS resolvers on your router to be malicious ones that would direct your traffic to the wrong location
• Shortly there after, Netgear released updated firmware from the vendor (sercomm)
• When the researchers dissected the firmware, they found that the backdoor was still there, but was only listening on a UNIX domain socket, inaccessible from the network
• However, they found that in specific circumstances, the backdoor will be reenabled
• If the router receives a specially crafted ethernet frame, it will reenable the backdoor via TCP
• They also found additional capabilities, including the ability to change query the router for its MAC access, change the LAN IP address, or cause different LED lights on the modem
• Since this requires a specially crafted ethernet frame, it can only be sent from 1 hop away
• This means that the backdoor can only be enabled from the local LAN or WLAN, or by the ISP
• A number of the features of this ‘backdoor’ would appear to be useful to an ISP, querying data from the routers and reprogramming them etc
• However the negative security aspects outweigh all of the gain
• Researcher PDF

Fine grain Cross-VM Attacks on Xen and VMware

• Researchers from Worcester Polytechnic Institute have published new research showing the cloud services may be vulnerable
• “we show that AES in a number popular cryptographic libraries including OpenSSL, PolarSSL and Libgcrypt are vulnerable to Bernstein’s correlation attack when run in Xen and VMware (bare metal version) VMs, the most popular VMs used by cloud service providers (CSP) such as Amazon and Rackspace. We also show that the vulnerability persists even if the VMs are placed on different cores in the same machine. The results of this study shows that there is a great security risk to AES and (data encrypted under AES) on popular cloud services.”
• Use a separate machine for each client, although this basically breaks the entire purpose of ‘the cloud’
• Using AES-NI mitigates the attack entirely, however many clouds still use older machines that do not support AES-NI
• Newer versions of the various libraries seem to mitigate the attack against the last round of crypto, but are still susceptible during the first round
• The researchers suggest using AES256 instead of AES128 because 256 uses 14 rounds to 128’s 10

Feedback:

• RE: Brett bare metal backup

• Question for System Network Administration Experts

• Forking OpenSSL is bad

• Tricky home printing scenario

• Follow Up: Arch ZFS readonly issue // Slexy 2.0

Round Up:

• Chrome Extension Stealing Bitcoins
• Mozilla offers $10,000 bounty for bugs to incentivize auditing of the new certificate verification library before it ships with a future version of Firefox
• Tech Titans Launch \’Core Infrastructure Initiative\’ to Secure Key Open Source Components
• Cisco proposed RFC 3924 – Architecture for Lawful Intercept in IP Networks
  
• Google Offered to Help Samsung in its Patent Battles with Apple
• The design flaw that almost wiped out an NYC skyscaper – a lesson in responsible engineering
• F.C.C., in a Shift, Backs Fast Lanes for Web Traffic
• Vulnerability in Netsupport Manager could allow attackers to steal data
• Verizon’s Data Breach Investigations Report reveals that the most common cause of data breaches is weak credentials
• DDoS attacks increasingly being used to cover up or distract from theft and fraud

The post Intentional Backdoor | TechSNAP 159 first appeared on Jupiter Broadcasting.