Authentic iOS Apps can be replaced with malware, the US Postal service gets breached & Microsoft has a hot mess of critical patches.

Plus some great feedback, a rocking round-up & much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Masque Attack — authentic iOS apps can be replaced by malware with ease

• Last week we talked about new malware for OS X that infected iOS devices with malicious apps
• Part of the problem seemed to stem from the fact that if a corporation got a certificate from Apple to sign internally developed apps for use by employees, these apps were innately trusted by all iOS devices, even those not part of the corporation who signed the application
• While we suspected this may be a fairly major vulnerability in the architecture of iOS, it turns out was was only the tip of the iceberg
• “In July 2014, FireEye mobile security researchers have discovered that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like “New Flappy Bird”) that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn’t enforce matching certificates for apps with the same bundle identifier”
• This means that the malicious app, signed by a random corporate certificate issued by Apple (supposedly only for internal use), can replace any application on your phone, except those directly from Apple
• “An attacker can leverage this vulnerability both through wireless networks and USB”
• If you install ‘new flappy bird’, or, connect your iOS device to an infected computer, a malicious charging port in some public space, or untrusted wifi, the Twitter app on your device could be replaced with one that steals the credentials for your account and tweets spam, or worse
• “That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly”
• FireEye shared this information with Apple in July, but after the news about the WireLurker malware, which uses a very limited form of this attack (the attackers may not have realized the full extend of what they had discovered), FireEye felt it necessary to go public with the information so customers can take steps to protect themselves
• “As mentioned in our Virus Bulletin 2014 paper “Apple without a shell – iOS under targeted attack”, apps distributed using enterprise provisioning profiles (which we call “EnPublic apps”) aren’t subjected to Apple’s review process. Therefore, the attacker can leverage iOS private APIs for powerful attacks such as background monitoring (CVE-2014-1276) and mimic iCloud’s UI to steal the user’s Apple ID and password.”
• “The attacker can also use Masque Attacks to bypass the normal app sandbox and then get root privileges by attacking known iOS vulnerabilities, such as the ones used by the Pangu team”

USPS computer networks compromised, telecommuting VPN temporarily shutdown

• Attackers compromised the internal network of the United States Postal Service
• It is not clear how or where the compromise happened, although some information suggestions a call center was compromised, possibly via the VPN
• Possibly compromised information includes: Employee names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information
• “The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident”
• Additional Information
• “VPN was identified as vulnerable to this type of intrusion and will remain unavailable as we work to make modifications to this type of remote access to our networks. When VPN is available again users will notice changes in functionality. We will have additional information about VPN in the near future”
• I wonder if this might have been related to Heartbleed. We have had stories in the recent past about SSL based VPNs that were compromised before they could be upgraded with the heartbleed fix, and then this access was used later on because passwords were not changed
• “Should I change my ACE ID and password, Postal EIN or other postal passwords as a result of this incident?”
• “At this time there is no requirement to change your ACE password or other passwords unless prompted to do so by email prompts from IT as part of the normal password change process. You will be notified if other password changes are required.”
• Having IT email you to ask you to change your password just seems like a really bad idea. This is a great opening for a phishing campaign. If a password change is required, it should be prompted for from a more trustworthy source than email
• After a breach, out of an abundance of caution, all passwords should be changed.

Microsoft releases patch for OLE vulnerability

• As part of this months Patch Tuesday, Microsoft has released an official patch for both OLE vulnerability (specially crafted website, and malicious office document) used in the “Sandworm Team” attacks against NATO and other government agencies that we discussed on episode 185
• This new patch, MS14-064 replaces the patch from October’s Patch Tuesday MS14-060
• Microsoft – November Patch Update Summary
• Microsoft Advisory – MS14-064
• Microsoft Advisory – MS14-070 – Local user remote code execution via vulnerability in Windows TCP/IP stack
• Also included was a cumulative patch for Internet Explorer, however this patch breaks compatibility with EMET (Enhanced Mitigation Experience Toolkit
  ) 5.0, and customers are instructed to upgrade to EMET 5.1 before upgrading IE
• “If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation”
• “Microsoft also patched a remote code execution vulnerability in Microsoft Secure Channel, or Schannel, a Windows encryption security package used for SSL and TLS connections”
• “MS14-067 is the final bulletin ranked critical by Microsoft. The vulnerability can be exploited by a malicious website designed to invoke Microsoft XML Core Services through IE. MSXML improperly parses XML content, which can then in turn corrupt the system state and enable remote code execution”
• The previous patch for the OLE vulnerability merely marked files that come from the internet as untrusted. However there are a number of ways around this, some of which may already be in use by attackers
• McAfee Labs – Bypassing Microsofts Patch for Sandworm Zero Day
• In addition, the Microsoft ‘workaround’ for the flaw, by marking the file as untrusted, only applies when you try to ‘execute’ a file. If you right click and file and open it for ‘editing’, or open it from within an application, the untrusted flag is never checked
• McAfee also found samples in the wild that ran the untrusted file as administrator, which only pops up the standard ‘run this program as admin?’ prompt (only if UAC is not disabled), and does not show the ‘this file is not trusted’ prompt

• OpenZFS Developer Summit – OpenZFS

Feedback:

• Instant Answer tutorial

• SGID SFTP Uploads
  • This only works on some file systems
  • On FreeBSD, only set-uid on a directory works (sets owner on all newly created files), only if the file system is UFS, only if the file system is mounted with the MNT_SUIDDIR flag, and only if the Kernel is compiled with support for SUIDDIR (not enabled by default)
  • ZFS is working on a feature to force the owner/group on a dataset

• caryhartline comments on Apple Approved Malware

• FreeBSD ZFS – preferred method of auto snapshot
  • ZFSTools
• shared root password or sudo?
  • SUDO Master

Round Up:

• ISPs caught stripping StartTLS flag from servers, causing clients to not be aware that the remote server supports encryption
• FBI’s most wanted cybercriminal used his cat’s name as a password
• Pwn2Own event in Tokyo breaks security on slew of modern mobile devices
• Home Depot attackers also got 53 million customer email addresses. Other details about the attack, original compromise was via stolen 3rd party vendor credentials
• 4 NOAA (National Oceanic and Atmospheric Administration) websites hacked, services including satelite weather and ice data temporarily suspended
• ‘Replay’ attack used to pilfer money from stolen Home Depot credit cards via chip-and-pin system, even though the bank has never issued cards with chips – because banks do not check properly
• German Spy Agency Wants To Buy Zero-Day Vulnerabilities In Order To Undermine SSL Security
• Silk Road 2.0 and other ‘hidden services’ sites may have been decloaked via DDoS, sending huge amounts of traffic and looking for where it ended up
• Retailers ask to be regulated to protect customers, is the government too gridlocked to actually do it?
• BrowserStack a website testing service for developers, has a rather embarassing security breach
• Mozilla’s “Open Standard” interviews Brian Krebs

The post Hackers Go Postal | TechSNAP 188 first appeared on Jupiter Broadcasting.

The rampant disfunction of US Government has triggered a partial shutdown for the first time in 17 years after congress failed to break a partisan deadlock. But is the Shutdown a scam? Can tea party members force Obama to neuter his signature legislation while holding the the Federal government hostage? We’ll cut through the crap.

Meanwhile the shutdown shenanigans have provided an excellent distraction from recent major NSA leaks, we’ll dig through the latest outrageous revelations.

Then it’s a little GMO talk, your feedback, and much much more.

On this week’s Unfilter.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

— Show Notes —

NSA is CRAZY

• N.S.A. Gathers Data on Social Connections of U.S. Citizens

Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.

The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said.

• How The NSA Plays a central role in the U.S. assassination program

Over the weekend, investigative reporter Jeremy Scahill told an audience in Brazil that he and Guardian journalist Glenn Greenwald are working on a project involving “how the National Security Agency plays a significant, central role in the U.S. assassination program.”

We know a bit about the NSA’s connection to America’s global capture/kill machine already.

In the 2010 report “Top secret America,” Dana Priest and Will Arkin of The Washington Post reported that the NSA provided the capture/kill squads of Joint Special Operations Command (JSOC) with a huge advantage after the signals intelligence agency “learned to locate all electronic signals in Iraq.”

• Qwest CEO who resisted NSA spying is out of prison. And he feels ‘vindicated’ by Snowden leaks.

After his release from custody Sept. 20, Nacchio told the Wall Street Journal that he feels “vindicated” by the content of the leaks that show that the agency was collecting American’s phone records.

Nacchio was convicted of selling of Qwest stock in early 2001, not long before the company hit financial troubles. However, he claimed in court documents that he was optimistic about the firm’s ability to win classified government contracts — something they’d succeeded at in the past. And according to his timeline, in February 2001 — some six months before the Sept. 11 terrorist attacks — he was approached by the NSA and asked to spy on customers during a meeting he thought was about a different contract. He reportedly refused because his lawyers believed such an action would be illegal and the NSA wouldn’t go through the FISA Court. And then, he says, unrelated government contracts started to disappear.

• Government shutdown won’t shut down NSA spying

  On Friday, the Defense Department released its plans for dealing with a potential shutdown. In a memo, intelligence and surveillance programs were listed as essential duties of the department not be affected by a shutdown.

– Thanks for Supporting Unfilter –

This Week’s New Supporters:

• Don Jr

• Luis V

• Paul L

• Andreas

• Petar N

• Charles K

• Frederick M

• Kenneth M

• Martin E

• Kevin A

• Christopher G

• Thanks to our 189 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience. ‘

• Finally a Supporter

Shutdown Showdown

• Why Boehner doesn’t just ditch the hard right

What we’re seeing is the collapse of institutional Republican power. It’s not so much about Boehner. It’s things like the end of earmarks. They move away from Tom DeLay and they think they’re improving the House, but now they have nothing to offer their members. The outside groups don’t always move votes directly but they create an atmosphere of fear among the members. And so many of these members now live in the conservative world of talk radio and tea party conventions and Fox News invitations.

• Shutdown can’t stop lobbyists from their appointed rounds

“Shutdown can’t stop lobbyists from their appointed rounds,” by Byron Tau: "Beltway lobbyists are making their normal load of Hill meetings and client work happen — in spite of a federal government operating without hundreds of thousands of staffers and …

One of the biggest problems for lobbyists on Capitol Hill on day one of the shutdown was simply getting into the congressional office buildings for the access they need with lobbyists and staff. Massive lines formed Tuesday outside the House and Senate office buildings because the shutdown forced the Capitol complex to reduce the number of open entrances. Even after the morning rush of staffers arriving for work was over, it was common to see lines of nearly 100 people waiting to get into the congressional office buildings. … [David Urban, a lobbyist with the American Continental Group] – ‘being a good lobbyist,’ he joked – [said:] ‘I had one of the staffers come pick us up and he drive us into the garage’ … bypassing the security lines. … ‘I went to a 7:45 a.m. breakfast on the Hill this morning with two congressmen — it was packed and they were on time,’ said Brian Johnson, a tax and trade lobbyist at the American Petroleum Institute. ‘With long lines at all the congressional buildings, I’m thankful I’ve built relationships where folks on the Hill will just take a call — most of them, that is.’

• Postal Service defaults on $5.6 billion payment – Oct. 1, 2013

“We have not made the required $5.6 billion Retiree Health Benefits prefunding payment due Sept. 30, 2013,” wrote USPS spokeswomen Patricia Licata in an email to CNNMoney. She added that the default has absolutely nothing to do withthe federal government shutdown. “We have been saying for several months that we will be defaulting on this payment. This is the third time we have [done so],” Licata wrote.

Postal officials have long complained about a Congressional mandate that requires them to set aside billions of dollars for a retiree health care fund each year. The Postal Service also defaulted on these prefund payments last year. In fiscal year 2012, the Postal Service lost a total of $15.9 billion, including $11.1 billion in defaulted payments that it owes to prefund health benefits for retirees.

Oh no… GMO?

• Look at who is funding the fight against labeling GMO foods

• Whos Funding the YES labling

Feedback:

• Auto ins compared to ObamaCare

• Bitmessage Address: BM-GuQ4gqmBeW8CYpSo3Htg2pBrBdHbvpe7

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Connect with Chase

The post Shutdown Shenanigans | Unfilter 69 first appeared on Jupiter Broadcasting.

We’ll push past the distractions and focus on the important events. During an interview this week NSA Whistleblower Russ Tice claims to have held the orders in his hands to wiretap top government officials, today the NSA Admits It Analyzes more people’s data than previously revealed, in what continues to be a series of story changes. We’ll bring you up to date.

Then: Edward Snowden seeks asylum in Russia, while the media runs wild with claims of a secret NSA blueprint.

Plus a follow up on the death of Michael Hastings, your feedback, and much much more.

On this week’s Unfilter.

Direct Download:

Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

Video Feed | MP3 Feed | OGG Feed | HD Torrent | Mobile Torrent | iTunes

Become an Unfilter Supporter:

— Show Notes —

Zimmerman Trial a Distraction?

• Lyons: Race a distraction in Zimmerman trial | Amarillo Globe-News

For the record, that’s where I’m coming from regarding the George Zimmerman-Trayvon Martin murder trial in Florida — a lamentable tragedy of errors marketed as a multimedia morality play on the combustible theme of race. It makes me crazy to see what I call the Mighty MSNBC Art Players and other media figures fictionalize, dissemble and play fast and loose with facts. The case is troubling enough without turning the participants into political symbols.

– Thanks for Supporting Unfilter –

This Week’s New Supporters:

• Tony D
• Michael
• Chris B
• Joseph S
• Todd E
• Jonathan H
• Travis D
• Conrad
• Jason H
• Jacob B

• Thanks to our 138 Unfilter supporters!

• Supporter perk: Downloadable Pre and Post show. Extra clips, music, hijinks, and off the cuff comments. The ultimate Unfiltered experience.

Latest Leaks

• NSA Blackmailing Obama? | Interview with Whistleblower Russ Tice – YouTube

Abby Martin talks to Russell Tice, former intelligence analyst and original NSA whistleblower, about how the recent NSA scandal is only scratches the surface of a massive surveillance apparatus, citing specific targets the he saw spying orders for including former senators Hilary Clinton and Barack Obama.

• The NSA Admits It Analyzes More People’s Data Than Previously Revealed

But Inglis’ statement was new. Analysts look “two or three hops” from terror suspects when evaluating terror activity, Inglis revealed. Previously, the limit of how surveillance was extended had been described as two hops. This meant that if the NSA were following a phone metadata or web trail from a terror suspect, it could also look at the calls from the people that suspect has spoken with—one hop. And then, the calls that second person had also spoken with—two hops. Terror suspect to person two to person three. Two hops. And now: A third hop.

For a sense of scale, researchers at the University of Milan found in 2011 that everyone on the Internet was, on average, 4.74 steps away from anyone else. The NSA explores relationships up to three of those steps. (See our conversation with the ACLU’s Alex Abdo on this.)

• NSA Sued By Unusual Coalition Of Gun Rights And Environmental Activists Over ‘Dragnet Surveillance’

Plaintiffs include: GreenPeace, Human Rights Watch and the National Organization for the Reform of Marijuana Laws. CalGuns, which lobbies against more restrictive gun laws, and one California gun manufacturer, Franklin Armory, have also joined the case, as have religious groups including the Council on American-Islamic Relations.

The suit was brought by the Electronic Frontier Foundation, a digital rights advocacy group and law firm. It asserts that the NSA’s “dragnet surveillance” – which extends to millions of Americans – is illegal and unconstitutional.

Other organizations, including the American Civil Liberties Union, have also recently sued the NSA in response to leaked information on its surveillance programs. This most recent case is especially notable in that it represents a broad coalition of groups that often don’t have much use for each other.

• Report: Postal Service uses “spying” programs similar to NSA – CBS News

Approximately 160 billion envelopes, packages and postcards were photographed by the United States Postal Service last year, reports The New York Times.

• ACLU reveals docs of mass license plate reader surveillance

The American Civil Liberties Union has released documents confirming that police license plate readers capture vast amounts of data on innocent people, and in many instances this intelligence is kept forever.

According to documents obtained through a number of Freedom of
Information Act requests filed by ACLU offices across the United
States, law enforcement agencies are tracking the whereabouts of
innocent persons en masse by utilizing a still up-and-coming
technology.

In some jurisdictions, that information is then held forever.
FOIA requests obtained by the ACLU estimated that authorities in
Jersey City, New Jersey have accumulated 10 million license plate
records as of last year — in a town of only 250,000 — because
retention policies allow officials to keep that data for five
years. In Milpitas, California — a town with roughly four times
the population — has no retention policy and has picked up around
4.7 million plates.

• Millions of US license plates tracked and stored, new ACLU report finds | Law | guardian.co.uk

Some authorities such as Minnesota State Patrol delete all their scanned records after 48 hours. Others are much looser in their regulations, such as the town of Milpitas in California, population 67,000, which stores almost 5m plate reads with no time limits at all.

• NJ Congressman Rush Holt Is Attempting To Repeal The Patriot Act And FISA Amendments Act | Techdirt

Soon, I will introduce legislation that would repeal the laws that brought us our current “surveillance state”: the Patriot Act and the FISA Amendments Act. My bill would restore the probable cause-based warrant requirement for any surveillance against an American citizen being proposed on the basis of an alleged threat to the nation.

Where in the World is Snowden

• Edward Snowden requests temporary asylum in Russia in compromise

WikiLeaks, which has been advising Snowden, announced his application in a tweet: “Edward Snowden today has filed for a temporary protection visa with Russia’s ministry of immigration.”

• NSA leaker Snowden has asked for asylum in Russia, lawyer says

National Security Agency leaker Edward Snowden on Tuesday submitted a request for temporary asylum in Russia, his lawyer said.

Anatoly Kucherena, a lawyer who is a member of the Public Chamber, a Kremlin advisory body, said that Snowden submitted the asylum request to Russia’s Federal Migration Service. The service had no immediate comment.

Kucherena told The Associated Press that he met Snowden in the transit zone of Moscow’s Sheremetyevo airport and Snowden made the request after the meeting.

• Glenn Greenwald: Edward Snowden has NSA ‘blueprints’

“In order to take documents with him that proved that what he was saying was true he had to take ones that included very sensitive, detailed blueprints of how the NSA does what they do,” Greenwald said in Brazil, adding that the interview was taking place about four hours after his last interaction with Snowden.

• Email exchange between Edward Snowden and former GOP Senator Gordon Humphrey | Glenn Greenwald | Comment is free | guardian.co.uk

Former two-term GOP Senator Gordon Humphrey of New Hampshire emailed Edward Snowden

Michael Hastings Cremated Without Family Consent:

• Investigation into Michael Hastings accident continues

Hastings’ friend and confidant SSgt. Joe Biggs disclosed a macabre twist in the award-winning journalist’s death in a suspicious single-car accident. According to SSgt. Biggs, “Michael Hastings’ body was returned to Vermont in an urn.”

Feedback:

Bitmessage Address: BM-GuQ4gqmBeW8CYpSo3Htg2pBrBdHbvpe7

• Bitmessage for Unfilter?

• Gun Rights more Important than Ever?

• Timeline of Ed’s chat with der Spiegel

If you’re a Supporter check your inbox!

Call us: 1.425.312.1756

Follow the Us:

• Unfilter on Reddit
• Chris on Twitter
• Chase’s Geek and Gaming Network
• Chase’s Indiegogo Campaign

The post The Zimmerman Distraction | Unfilter 59 first appeared on Jupiter Broadcasting.