server – Jupiter Broadcasting

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Owning Your Communications | Ask Noah 34 first appeared on Jupiter Broadcasting.

Starting a Business with Linux | Ask Noah 26

chris — Mon, 18 Sep 2017 20:40:33 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Starting a Business with Linux | Ask Noah 26 first appeared on Jupiter Broadcasting.

Some WebAssembly Required | CR 248

chris — Mon, 13 Mar 2017 15:49:04 +0000

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Feedback

El Hoop

3 Docker Tips for the Enterprise + BONUS!

How’s Mike’s Video adventure going so far?

Starting my day off in #Gimp. I feel my #Linux conversion is now complete lol. Also working on a new video for @BuccaneerTech 's YouTube

— Michael Dominick (@dominucco) March 12, 2017

Canonical Launches New Ubuntu Tutorials Website

Canonical plan to make it easy for developers to contribute their own tutorials to the site (hopefully with some sort of vetting involved to maintain quality) and has made adding ‘functionality to write tutorials using markdown’ a near-term goal.

Ubuntu App Developer Portal Released, Wants To Help You Develop Apps For Ubuntu – OMG! Ubuntu!

Canonical’s David Planella has announced the release of the Ubuntu Developer Portal, which can be found over at developer.ubuntu.com.

The post Some WebAssembly Required | CR 248 first appeared on Jupiter Broadcasting.

Fancy Bear Misfire.apk | TechSNAP 299

chris — Thu, 29 Dec 2016 18:41:47 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Patch Your Sh** T-Shirt

TechSNAP is about to reach episode 300 so before Chris and Allan hand over the show to Wes & Dan we have a round of PATCH YOUR SH** swag to get out! Be sure to check out the tote bag and the sticker too!

Exploit in PHPMailer puts almost every PHP CMS at risk

“PHPMailer continues to be the world’s most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily.”
“Probably the world’s most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, [..], Joomla! and many more”
“An independent researcher uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.”
“To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class.”
“A successful exploitation could let remote attackers to gain access to the target server in the context of the web server account which could lead to a full compromise of the web application.”
When the mailer software calls the system’s sendmail binary to send the email, it can optionally pass additional parameters to sendmail, like -f to override the from address.
Proper input validation was not performed on this input. Instead of the content being restricted based on what is safe to evaluate in the shell, the input is validated as an email address via RFC 3696, which allows for quoted usernames with spaces.
So if the attacker fills out the form such that their email address is:
“attacker\” -oQ/tmp/ -X/var/www/cache/phpcode.php some”@email.com
this will actually execute:
Arg no. 0 == [/usr/sbin/sendmail]
- Arg no. 1 == [-t]
- Arg no. 2 == [-i]
- Arg no. 3 == [-fattacker]
- Arg no. 4 == [-oQ/tmp/]
- Arg no. 5 == [-X/var/www/cache/phpcode.php]
- Arg no. 6 == [some”@email.com]
If the attacker can also provide some PHP code as the body of the message, it will be written to the indicated file, phpcode.php, where it can then be run by the attacker via the web server.
“The vulnerability was responsibly disclosed to PHPMailer vendor. The vendor released a critical security release of PHPMailer 5.2.18 to fix the issue as notified”
“UPDATE: The author of this advisory published a bypass of the current solution/fix which makes the PHPMailer vulnerable again in versions <5.2.20”
There was also a similar vulnerability found in SwiftMailer, another similar application

Use of Fancy Bear Android Malware in Tracking of Ukrainian Field Artillery Units

“From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk”
“The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to Sherstuk’s interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military”
“Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them”
“Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal”
“This previously unseen variant of X-Agent represents FANCY BEAR’s expansion in mobile malware development from iOS-capable implants to Android devices, and reveals one more component of the broad spectrum approach to cyber operations taken by Russia-based actors in the war in Ukraine”
“The collection of such tactical artillery force positioning intelligence by FANCY BEAR further supports CrowdStrike’s previous assessments that FANCY BEAR is likely affiliated with the Russian military intelligence (GRU), and works closely with Russian military forces operating in Eastern Ukraine and its border regions in Russia”
“The original application central to this discussion, Попр-Д30.apk, was initially developed domestically within Ukraine by a member of the 55th Artillery Brigade. Based on the file creation timestamps as well as the app signing process, which occurred on 28 March 2013, CrowdStrike has determined that the app was developed sometime between 20 February and 13 April 2013.”
Distributed on a forum, and popularized via social media under a name that translates to “Correction-D30”, described as “Modern combat software”
“As an additional control measure, the program was only activated for
use after the developer was contacted and issued a code to the individual
downloading the application”
“At the time of this writing, it is unclear to what degree and for how long this specific application was utilized by the entirety of the Ukrainian Artillery Forces. Based on open source reporting, social media posts, and video evidence, CrowdStrike assesses that Попр-Д30.apk was potentially used through 2016 by at least one artillery unit operating in eastern Ukraine”
“The use of the X-Agent implant in the original Попр-Д30.apk application appears to be the first observed case of FANCY BEAR malware developed for the Android mobile platform. On 21 December 2014 the malicious variant of the Android application was first observed in limited public distribution on a Russian language, Ukrainian military forum.”
“The creation of an application that targets some of the front line forces pivotal in Ukrainian defense on the eastern front would likely be a high priority for Russian adversary malware developers seeking to turn the tide of the conflict in their favor”
“Although traditional overhead intelligence surveillance and reconnaissance (ISR) assets were likely still needed to finalize tactical movements, the ability of this application to retrieve communications and gross locational data from infected devices, could provide insight for further planning, coordination, and tasking of ISR, artillery assets, and fighting forces.”
“The X-Agent Android variant does not exhibit a destructive function and does not interfere with the function of the original Попр-Д30.apk application. Therefore, CrowdStrike Intelligence has assessed that the likely role of this malware is strategic in nature. The capability of the malware includes gaining access to contacts, Short Message Service (SMS) text messages, call logs, and internet data, and FANCY BEAR would likely leverage this information for its intelligence and planning value.”
“CrowdStrike Intelligence assesses a tool such as this has the potential ability to map out a unit’s composition and hierarchy, determine their plans, and even triangulate their approximate location. This type of strategic analysis can enable the identification of zones in which troops are operating and help prioritize assets within those zones for future targeting”
The Evidence to Prove the Russian Hack

Bigger than Miria? New leet botnet launches ddos attacks

“Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet.”
“In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as “just as powerful as the most dangerous one to date”. The concern for 2017 is that “it’s about to get a lot worse”.”
“Clearly proud of the work put into the malware, the creator or creators saw fit to sign it. Analysis of the attack showed that the TCP Options header of the SYN packets used spelled out l33t, hence the Leet Botnet name.”
“The attack itself took place on 21 December, but details of what happened are only just starting to come out. It targeted a number of IP addresses, and Imperva speculates that a single customer was not targeted because of an inability to resolve specific IP addresses due to the company’s proxies. One wave of the attack generated 650 Gbps of traffic — or more than 150 million packets per second.”
“Despite attempting to analyze the attack, Imperva has been unable to determine where it originated from, but the company notes that it used a combination of both small and large payloads to “clog network pipes and bring down network switches”. While the Mirai attacks worked by firing randomly generated strings of characters to generate traffic, in the case of Leet Botnet the malware was accessing local files and using scrambled versions of the compromised content as its payload. Imperva describes the attack as “a mishmash of pulverized system files from thousands upon thousands of compromised devices”. What’s the reason for using this particular method?”
“Besides painting a cool mental image, this attack method serves a practical purpose. Specifically, it makes for an effective obfuscation technique that can be used to produce an unlimited number of extremely randomized payloads. Using these payloads, an offender can circumvent signature-based security systems that mitigate attacks by identifying similarities in the content of network packets.”
“While in this instance Imperva was able to mitigate the attack, the company says that Leet Botnet is “a sign of things to come”. Brace yourself for a messy 2017…”
Technical Details
“The attack began around 10:55 AM on December 21, targeting several anycasted IPs on the Imperva Incapsula network.”
“It’s hard to say why this attack didn’t focus on a specific customer. Most likely, it was the result of the offender not being able to resolve the IP address of his actual victim, which was masked by Incapsula proxies. And so, lacking any better option, the offender turned his attention to the service that stood between him and his target.”
“The first DDoS burst lasted roughly 20 minutes, peaking at 400 Gbps. Failing to make a dent, the offender regrouped and came back for a second round. This time enough botnet “muscle” to generate a 650 Gbps DDoS flood of more than 150 million packets per second (Mpps)”
“Both attack bursts originated from spoofed IPs, making it impossible to trace the botnet’s actual geo-location or learn anything about the nature of the attacking devices.”
So, unlike Mirai, it seems leet depends on reflection and amplification, rather than raw power
The attack traffic was generated by two different SYN payloads:
Regular-sized SYN packets, ranging from 44 to 60 bytes in size
Abnormally large SYN packets, ranging from 799 to 936 bytes in size
“The former was used to achieve high Mpps packet rates, while the latter was employed to scale up the attack’s capacity to 650 Gbps.”
Additional Coverage

Feedback:

ZFS pool additions
I thought it would never happen to me.
Torikun asks: So ISP’s have slow upload speeds and high download speeds. Is my download speed affected when I max out the upload?

Round Up:

The post Fancy Bear Misfire.apk | TechSNAP 299 first appeared on Jupiter Broadcasting.

The Many Faces of Linux | LINUX Unplugged 177

chris — Tue, 27 Dec 2016 14:53:03 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Links

The post The Many Faces of Linux | LINUX Unplugged 177 first appeared on Jupiter Broadcasting.

Schoolhouse Exploits | TechSNAP 296

chris — Thu, 08 Dec 2016 21:37:05 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Project Zero: Breaking the chain

“Much as we’d like it to be true, it seems undeniable that we’ll never fix all security bugs just by looking for them. One of most productive ways to dealing with this fact is to implement exploit mitigations. Project Zero considers mitigation work just as important as finding vulnerabilities. Sometimes we can get our hands dirty, such as helping out Adobe and Microsoft in Flash mitigations. Sometimes we can only help indirectly via publishing our research and giving vendors an incentive to add their own mitigations.”
“This blog post is about an important exploit mitigation I developed for Chrome on Windows. It will detail many of the challenges I faced when trying to get this mitigation released to protect end-users of Chrome. It’s recently shipped to users of Chrome on Windows 10 (in M54), and ended up blocking the sandbox escape of an exploit chain being used in the wild.”
“It’s possible to lockdown a sandbox such as Chrome’s pretty comprehensively using Restricted Tokens. However one of the big problems on Windows is locking down access to system calls. On Windows you have both the normal NT system calls and Win32k system calls for accessing the GUI which combined represents a significant attack surface.”
“While the NT system calls do have exploitable vulnerabilities now and again (for example issue 865) it’s nothing compared to Win32k. From just one research project alone 31 issues were discovered, and this isn’t counting the many font issues Mateusz has found and the hundreds of other issues found by other researchers.”
“Much of Win32k’s problems come from history. In the first versions of Windows NT almost all the code responsible for the windowing system existed in user-mode. Unfortunately for 90’s era computers this wasn’t exactly good for performance so for NT 4 Microsoft moved a significant portion of what was user-mode code into the kernel (becoming the driver, win32k.sys). This was a time before Slammer, before Blaster, before the infamous Trustworthy Computing Memo which focussed Microsoft to think about security first. Perhaps some lone voice spoke for security that day, but was overwhelmed by performance considerations. We’ll never know for sure, however what it did do was make Win32k a large fragile mess which seems to have persisted to this day. And the attack surface this large fragile mess exposed could not be removed from any sandboxed process.”
“That all changed with the release of Windows 8. Microsoft introduced the System Call Disable Policy, which allows a developer to completely block access to the Win32k system call table. While it doesn’t do anything for normal system calls the fact that you could eliminate over a thousand win32k system calls, many of which have had serious security issues, would be a crucial reduction in the attack surface.”
“However no application in a default Windows installation used this policy (it’s said to have been introduced for non-GUI applications such as on Azure) and using it for something as complex as Chrome wasn’t going to be easy. The process of shipping Win32k lockdown required a number of architectural changes to be made to Chrome. This included replacing the GDI-based font code with Microsoft’s DirectWrite library. After around two years of effort Win32k lockdown was shipping by default.”
The problem is that plugins, like Flash and PDFium, run via the PPAPI, and cannot have access to the Win32k blocked
“This would seem a pretty large weak point. Flash has not had the best security track record (relevant), making the likelihood of Flash being an RCE vector very high. Combine that with the relative ease of finding and exploiting Win32k vulnerabilities and you’ve got a perfect storm.”
“It would seem reasonable to assume that real attackers are finding Win32k vulnerabilities and using them to break out of restrictive sandboxes including Chrome’s using Flash as the RCE vector. The question was whether that was true. The first real confirmation that this was true came from the Hacking Team breach, which occurred in July 2015. In the dumped files was an unfixed Chrome exploit which used Flash as the RCE vector and a Win32k exploit to escape the sandbox. While both vulnerabilities were quickly fixed I came upon the idea that perhaps I could spend some time to implement the lockdown policy for PPAPI and eliminate this entire attack chain.”
“For a better, more robust solution I needed to get changes made to Flash. I don’t have access to the Flash source code, however Google does have a good working relationship with Adobe and I used this to get the necessary changes implemented. It turned out that there was a Pepper API which did all that was needed to replace the GDI font handling, pp::flash::FontFile. Unfortunately that was only implemented on Linux, however I was able to put together a proof-of-concept Windows implementation of pp::flash::FontFile and through Xing Zhang of Adobe we got a full implementation in Chrome and Flash.”
So, with some work, most of the code in Flash that needed access to the Win32k API could be removed, so access to it could be blocked
“From this point I could enable Win32k lockdown for plugins and after much testing everything seemed to be working, until I tried to test some DRM protected video. While encrypted video worked, any Flash video file which required output protection (such as High-bandwidth Digital Content Protection (HDCP)) would not.”
“Still this presents a problem, as video along with games are some of the only residual uses of Flash. In testing, this also affected the Widevine plugin that implements the Encrypted Media Extensions for Chrome. Widevine uses PPAPI under the hood; not fixing this issue would break all HD content playback.”
“The ideal way of fixing this would be to implement a new API in Chrome which exposed enabling HDCP then get Adobe and Widevine to use that implementation. It turns out that the Adobe DRM and Widevine teams are under greater constraints than normal development teams. After discussion with my original contact at Adobe they didn’t have access to the DRM code for Flash. I was able to have meetings with Widevine (they’re part of Google) and the Adobe DRM team but in the end I decided to go it alone and implement redirection of these APIs as part of the sandbox code.”
It seems that the DRM code is so locked down, that even the developers at the companies that created it, cannot modify it
So the Chrome developer just created a compatibility layer, that brokers the Win32k calls to a separate process, that is outside of the Win32k API blocking, so the calls can succeed
“From the first patch submitted in September 2015 to the final patch in June it took almost 10 months of effort to come up with a shipping mitigation. The fact that it’s had its first public success (and who knows how many non-public ones) shows that it was worth implementing this mitigation.”
“In the latest version of Windows 10, Anniversary Edition, Microsoft have implemented a Win32k filter which makes it easier to reduce the attack surface without completely disabling all the system calls which might have sped up development. Microsoft are also taking pro-active effort to improve the Win32k code base.”

‘Avalanche’ Global Fraud Ring Dismantled

“In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks.”
“The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide, although exact calculations are difficult due to the high number of malware families managed through the platform.”
“The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, 5 individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. Also, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing[1] to combat botnet[2] infrastructures and is unprecedented in its scale, with over 800 000 domains seized, sinkholed or blocked.”
“Built as a criminal cloud-hosting environment that was rented out to scammers, spammers other ne’er-do-wells, Avalanche has been a major source of cybercrime for years. In 2009, when investigators say the fraud network first opened for business, Avalanche was responsible for funneling roughly two-thirds of all phishing attacks aimed at stealing usernames and passwords for bank and e-commerce sites. By 2011, Avalanche was being heavily used by crooks to deploy banking Trojans.”
““Cyber criminals rented the servers and through them launched and managed digital fraud campaigns, sending emails in bulk to infect computers with malware, ransomware and other malicious software that would steal users’ bank details and other personal data,” the NCA said in a statement released today on the takedown. The criminals used the stolen information for fraud or extortion. At its peak 17 different types of malware were hosted by the network, including major strains with names such as goznym, urlzone, pandabanker and loosemailsniffer. At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.””
“The Avalanche network was especially resilient because it relied on a hosting method known as fast-flux, a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind an ever-changing network of compromised systems acting as proxies.”
By constantly changing addresses, it is hard for researchers and others to report the compromised hosts. Even when trying constant lookups, a researcher will only see a fraction of the actual hosts in the network.
“It’s worth noting here that Avalanche has for many years been heavily favored by crime gangs to deploy Zeus and SpyEye malware variants involved in cleaning out bank accounts for a large number of small to mid-sized businesses. These attacks relied heavily on so-called “money mules,” people willingly or unwittingly recruited into helping fraudsters launder stolen funds.”
“The Shadowserver Foundation, a non-profit organization of security professionals that assisted in what the organization described in a post on the takedown as an 18-month collaboration with law enforcement, described Avalanche as a “Double Fast Flux” botnet. Individual nodes within the botnet are registered and then quickly de-registered as the host associated with a Domain Name Service A address record for a single DNS name The destination addresses for a DNS record often change as quickly as once every 5 minutes, and can cycle through hundreds or thousands of IP addresses. And there are multiple domain names for command and control nodes hard-coded into the botnet malware, allowing the bots to switch to a different domain name if a specific domain is blocked.”
Additional Coverage
EuroPol Announcement
EuroPol Technical Infographic

Meet the men who spy on women through their webcams

The article describes some miscreants using RATs (Remote Administration Trojans) to control people’s computers, then using it to harass them and/or spy on them in various ways
It describes a scenario of a ratter watching and taunting a victim. Trying to scare and shock them
“See! That shit keeps popping up on my fucking computer!” says a blond woman as she leans back on a couch, bottle-feeding a baby on her lap.
“The woman is visible from thousands of miles away on a hacker’s computer. The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman’s screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun. He enters a series of shock and pornographic websites and watches them appear on the woman’s computer.”
“The woman is startled. “Did it scare you?” she asks someone off camera. A young man steps into the webcam frame. “Yes,” he says. Both stare at the computer in horrified fascination. A picture of old naked men appears in their Web browser, then vanishes as a McAfee security product blocks a “dangerous site.””
“Far away, the hacker opens his “Fun Manager” control panel, which provides a host of tools for messing with his RAT victims. He can hide their Windows “Start” button or the taskbar or the clock or the desktop, badly confusing many casual Windows users. He can have their computer speak to them. Instead, he settles for popping open the remote computer’s optical drive”
“Copies of the incident aren’t hard to find. They’re on YouTube, along with thousands of other videos showing RAT controller (or “ratters,” as they will be called here) taunting, pranking, or toying with victims. But, of course, the kinds of people who watch others through their own webcams aren’t likely to limit themselves to these sorts of mere hijinks—not when computers store and webcams record far more intimate material.”
“”Man I feel dirty looking at these pics,” wrote one forum poster at Hack Forums, one of the top “aboveground” hacking discussion sites on the Internet (it now has more than 23 million total posts). The poster was referencing a 134+ page thread filled with the images of female “slaves” surreptitiously snapped by hackers using the women’s own webcams. “Poor people think they are alone in their private homes, but have no idea they are the laughing stock on HackForums,” he continued. “It would be funny if one of these slaves venture into learning how to hack and comes across this thread.””
“Whether this would in fact be “funny” is unlikely. RAT operators have nearly complete control over the computers they infect; they can (and do) browse people’s private pictures in search of erotic images to share with each other online. They even have strategies for watching where women store the photos most likely to be compromising.”
I have always found people’s storage and organization strategies fascinating, especially for material they are trying to ‘hide in plain sight’
“RAT tools aren’t new; the hacker group Cult of the Dead Cow famously released an early one called BackOrifice at the Defcon hacker convention in 1998. The lead author, who went by the alias Sir Dystic, called BackOrifice a tool designed for “remote tech support aid and employee monitoring and administering [of a Windows network].” But the Cult of the Dead Cow press release made clear that BackOrifice was meant to expose “Microsoft’s Swiss cheese approach to security.” Compared to today’s tools, BackOrifice was primitive. It could handle the basics, though: logging keystrokes, restarting the target machine, transferring files between computers, and snapping screenshots of the target computer.”
“”I seem to get a lot of female slaves by spreading Sims 3 with a [RAT] server on torrent sites,” wrote one poster. Another turned to social media, where “I’ve been able to message random hot girls on facebook (0 mutual friends) and infect (usually become friends with them too); with the right words anything is possible.””
“Calling most of these guys “hackers” does a real disservice to hackers everywhere; only minimal technical skill is now required to deploy a RAT and acquire slaves. Once infected, all the common RAT software provides a control panel view in which one can see all current slaves, their locations, and the status of their machines. With a few clicks, the operator can start watching the screen or webcam of any slave currently online.”
“One of the biggest problems ratters face is the increasing prevalence of webcam lights that indicate when the camera is in use. Entire threads are devoted to bypassing the lights, which routinely worry RAT victims and often lead to the loss of slaves.”
“Unfortunately she asked her boyfriend why the light on her cam kept coming on,” one RAT controller wrote. “And he knew, she never came back :)”
“RATs can be entirely legitimate. Security companies have used them to help find and retrieve stolen laptops, for instance, and no one objects to similar remote login software such as LogMeIn. The developers behind RAT software generally describe their products as nothing more than tools which can be used for good and ill. And yet some tools have features that make them look a lot like they’re built with lawlessness in mind.”
“RATs aren’t going away, despite the occasional intervention of the authorities. Too many exist, plenty of them are entirely legal, and source code is in the wild (a version of the Blackshades source leaked in 2010). Those who don’t want to end up being toyed with in a YouTube video are advised to take the same precautions that apply to most malware: use a solid anti-malware program, keep your operating system updated, and make sure plugins (especially Flash and Java) aren’t out of date. Don’t visit dodgy forums or buy dodgy items, don’t click dodgy attachments in e-mail, and don’t download dodgy torrents. Such steps won’t stop every attack, but they will foil many casual users looking to add a few more slaves to their collections.”
“If you are unlucky enough to have your computer infected with a RAT, prepare to be sold or traded to the kind of person who enters forums to ask, “Can I get some slaves for my rat please? I got 2 bucks lol I will give it to you :b” At that point, the indignities you will suffer—and the horrific website images you may see—will be limited only by the imagination of that most terrifying person: a 14-year-old boy with an unsupervised Internet connection.”
Honestly, this article was rather tame in its list of possibly things the ratters could do to you.
To pay off webcam spies, Detroit kid pawns $100k in family jewels for $1,500

Feedback:

Round Up:

The post Schoolhouse Exploits | TechSNAP 296 first appeared on Jupiter Broadcasting.

Weiner’s Explosive Leak | Unfilter 211

chris — Thu, 03 Nov 2016 00:29:43 +0000

RSS Feeds:

Become an Unfilter supporter on Patreon:

— Show Notes —

Links:

The post Weiner's Explosive Leak | Unfilter 211 first appeared on Jupiter Broadcasting.

A Lemur Eats an Apple | CR 228

chris — Mon, 24 Oct 2016 15:52:59 +0000

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Hoopla

Mike Gets a new Rig, the Lemur

New post re my Switch from #Mac to @system76′s Lemur #Linux for my daily driver @ChrisLAS @Kernellinux https://t.co/dtATxbH3Ck

— Michael Dominick (@dominucco) October 22, 2016

Bye MacBook, Hello Lemur! – dominickm.com

I am making a bet that the puck is going toward Linux powered AI.

.NET on Linux – bye, Windows 10.

My point is that if you’re not tied up to some specific technology which is not cross platform (which usually means for the Windows users only), you might want to give a try to some other environment. It’s always a good thing to try out something new, hone skills and broaden your horizons.

How to design APIs that don’t suck

The post A Lemur Eats an Apple | CR 228 first appeared on Jupiter Broadcasting.

Long Broken SSL History | TechSNAP 289

chris — Thu, 20 Oct 2016 23:26:01 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Spreading the DDoS Disease and Selling the Cure

Krebs has done some more digging into DDoS for hire businesses
“Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service called vDOS. Turns out, the site where the Mirai source code was leaked had some very interesting things in common with the place vDOS called home.”
“The domain name where the Mirai source code was originally placed for download — santasbigcandycane[dot]cx — is registered at the same domain name registrar that was used to register the now-defunct DDoS-for-hire service vdos-s[dot]com”
“Normally, this would not be remarkable, since most domain registrars have thousands or millions of domains in their stable. But in this case it is interesting mainly because the registrar used by both domains — a company called namecentral.com — has apparently been used to register just 38 domains since its inception by its current owner in 2012, according to a historic WHOIS records gathered by domaintools.com (for the full list see this PDF).”
That is highly unusual, the cost of ICANN accreditation ($3,500, plus $4,000/year) makes this seem unlikely
“What’s more, a cursory look at the other domains registered via namecentral.com since then reveals a number of other DDoS-for-hire services, also known as “booter” or “stresser” services.”
vDoS, before it was taken down by authorities thanks to Krebs, was hacked, and its user database and history were posted online. From this data, Krebs was able to gather a list of other DDoS for Hire services, that were just reselling the vDoS service, using its API to launch attacks on behalf of their own customers
“And a number of those vDOS resellers were registered through Namecentral, including 83144692[dot].com — a DDoS-for-hire service marketed at Chinese customers. Another Namecentral domain — vstress.net — also was a vDOS reseller.”
“Other DDoS-for-hire domains registered through Namecentral include xboot[dot]net, xr8edstresser[dot]com, snowstresser[dot]com, ezstress[dot]com, exilestress[dot]com, diamondstresser[dot]net, dd0s[dot]pw, rebelsecurity[dot]net, and beststressers[dot]com.”
So, it seems a lot of these might have actually been the same company, just with many faces
“Namecentral’s current owner is a 19-year-old California man by the name of Jesse Wu. Responding to questions emailed from KrebsOnSecurity, Wu said Namecentral’s policy on abuse was inspired by Cloudflare, the DDoS protection company that guards Namecentral and most of the above-mentioned DDoS-for-hire sites from attacks of the very kind they sell.”
When asked about why the registrar had so few domains: Wu: “Like most other registrars, we register domains only as a value added service,” he replied via email. “We have more domains than that (not willing to say exactly how many) but primarily we make our money on our website/ddos protection/ecommerce protection.”
Wu: “We have a policy inspired by Cloudflare’s similar policy that we ourselves will remain content-neutral and in the support of an open Internet, we will almost never remove a registration or stop providing services, and furthermore we’ll take any effort to ensure that registrations cannot be influenced by anyone besides the actual registrant making a change themselves – even if such website makes us uncomfortable,” Wu said. “However, as a US based company, we are held to US laws, and so if we receive a valid court issued order to stop providing services to a client, or to turn over/disable a domain, we would happily comply with such order.”
“Taking a page from Cloudflare, indeed. I’ve long taken Cloudflare to task for granting DDoS protection for countless DDoS-for-hire services, to no avail. I’ve maintained that Cloudflare has a blatant conflict of interest here, and that the DDoS-for-hire industry would quickly blast itself into oblivion because the proprietors of these attack services like nothing more than to turn their attack cannons on each other. Cloudflare has steadfastly maintained that picking and choosing who gets to use their network is a slippery slope that it will not venture toward.”
“Although Mr. Wu says he had nothing to do with the domains registered through Namecentral, public records filed elsewhere raise serious unanswered questions about that claim.”
Krebs found a paper trail linking a number of the DDoS for Hire services to Thomas McGonagall, who at one point is also listed as the directory of “Namecentral LTD”
“Now we were getting somewhere. Turns out, Wu isn’t really in the domain registrar business — not for the money, anyway. The real money, as his response suggests, is in selling DDoS protection against the very DDoS-for-hire services he is courting with his domain registration service.”
But then Krebs caught Wu in a lie
“That other company —SIMPLIFYNT LTD — was registered by Mr. McGonagall on October 29, 2014. Turns out, almost the exact same information included in the original Web site registration records for Jesse Wu’s purchase of Namecentral.com was used for the domain simplifynt.com, which also was registered on Oct. 29, 2014. I initially missed this domain because it was not registered through Namecentral. If someone had phished Mr. Wu in this case, they had been very quick to the punch indeed.”
“In the simplyfynt.com domain registration records, Jesse Wu gave his email address as jesse@jjdev.ru. That domain is no longer online, but a cached copy of it at archive.org shows that it was once a Web development business. That cached page lists yet another contact email address: sales@jjdevelopments.org. I ordered a reverse WHOIS lookup from domaintools.com on all historic Web site registration records that included the domain “jjdevelopments.org” anywhere in the records. The search returned 15 other domains, including several more apparent DDoS-for-hire domains such as twbooter69.com, twbooter3.com, ratemyddos.com and desoboot.com.”
“Among the oldest and most innocuous of those 15 domains was maplemystery.com, a fan site for a massively multiplayer online role-playing game (MMORPG) called Maple Story. Another historic record lookup ordered from domaintools.com shows that maplemystery.com was originally registered in 2009 to a “Denny Ng.” As it happens, Denny Ng is listed as the co-owner of the $1.6 million Walnut, Calif. home where Jesse until very recently lived with his mom Cindy Wu (Jesse is now a student at the University of California, San Diego).”
Then there is another person, that uses Namecentral
“Another domain of interest that was secured via Namecentral is datawagon.net. Registered by 19-year-old Christopher J. “CJ” Sculti Jr., Datawagon also bills itself as a DDoS mitigation firm. It appears Mr. Sculti built his DDoS protection empire out of his parents’ $2.6 million home in Rye, NY. He’s now a student at Clemson University, according to his Facebook page.”
Krebs talked to this person back in 2015 about their cybersquatting suit with Dominos Pizza, and when Sculti didn’t like what Krebs wrote about him, he started DDoS’ing Krebs’ skype account and website.
“Last year, Sculti formed a company in Florida along with a self-avowed spammer. Perhaps unsurprisingly, anti-spam group Spamhaus soon listed virtually all of Datawagon’s Internet address space as sources of spam.”
“Are either Mr. Wu or Mr. Sculti behind the Mirai botnet attacks? I cannot say. But I’d be willing to bet money that one or both of them knows who is. In any case, it would appear that both men may have hit upon a very lucrative business model. More to come.”
DDoS Protection services, with connections to DDoS for Hire services, sounds an aweful lot like racketeering to me

The VeraCrypt Audit Results

“The QuarksLab audit of VeraCrypt has been completed, and this is the public release of the results”
The quick and dirty:
VeraCrypt 1.18 and its bootloaders were evaluated. This release included a number of new features including non-western developed encryption options, a boot loader that supports UEFI (modern BIOSes), and more. QuarksLab found:
8 Critical Vulnerabilities
3 Medium Vulnerabilities
15 Low or Informational Vulnerabilities / Concerns
“This public disclosure of these vulnerabilities coincides with the release of VeraCrypt 1.19 which fixes the vast majority of these high priority concerns. Some of these issues have not been fixed due to high complexity for the proposed fixes, but workarounds have been presented in the documentation for VeraCrypt.”
“VeraCrypt is much safer after this audit, and the fixes applied to the software mean that the world is safer when using this software.”
“I’d also like to extend a special thank you to Fred, Jean-Baptiste, and Marion at QuarksLab for conducting this audit, to Mounir at Idrix for his enthusiastic participation and continued development of this crucial open-source software, and to VikingVPN and DuckDuckGo and all of our individual donors for the funding to make this audit possible. We have all made the digital world a little bit safer for all of us.”
“This report describes the results of the security assessment of VeraCrypt 1.18 made by Quarkslab between Aug. 16 and Sep. 14, 2016 and funded by OSTIF. Two Quarkslab engineers worked on this audit, for a total of 32 man-days of study.”
The audit followed two lines of work:
The analysis of the fixes introduced in VeraCrypt after the results of the Open Crypto Audit Project’s audit of TrueCrypt 7.1a have been published.
- The assessment of VeraCrypt’s features that were not present in TrueCrypt.
“VeraCrypt is a hard to maintain project. Deep knowledge of several operating systems, of the Windows kernel, of the system boot chain and good concepts in cryptography are required. The improvements made by IDRIX demonstrate the possession of these skills.”
“Vulnerabilities which require substantial modifications of the code or the architecture of
the project have not been fixed. These include:”
TC_IOCTL_OPEN_TEST multiple issues (need to change the application behavior)
EncryptDataUnits() lacks error handling (need to design a new logic to retrieve
errors)
AES implementation susceptible to cache-timing attacks (need to fully rewrite the AES implementations)
“Vulnerabilities leading to incompatibilities with TrueCrypt, as the ones related to cryptographic mechanisms, have not been fixed. Most notable are:”
Keyfile mixing is not cryptographically sound
Unauthenticated ciphertext in volume headers.
“Among the problems found during the audit, some must be corrected quickly:”
The availability of GOST 28147-89, a symmetric block cipher with a 64-bit block size, is an issue. This algorithm must not be used in this context.
Compression libraries are outdated or poorly written. They must be updated or replaced
If the system is encrypted, the boot password (in UEFI mode) or its length (in legacy mode) could be retrieved by an attacker
“Finally, the UEFI loader is not mature yet. However, its use has not been found to cause security problems from a cryptographic point of view”
The full assessment PDF is on the website linked at the top of this story
With the original authors not around to sue anyone, it seems this Apache 2 licensed fork will continue, and might not be a bad choice for those that need to encrypt files across OSes

SSL/TLS and PKI History

“A comprehensive history of the most important events that shaped the SSL/TLS and PKI ecosystem. Based on Bulletproof SSL and TLS, by Ivan Ristić”
It starts in November of 1994: “Netscape develops SSL v2, an encryption protocol designed to support the Web as a hot new commerce platform. This first secure protocol version shipped in Netscape Navigator 1.1 in March 1995.”
A year later: “SSL v2 is shot down because of serious security issues. Consequently, Netscape scrambles to release SSLv3. This protocol seems good enough for now and the golden era of the Web begins. The specification was eventually published as RFC 6101”
So, we knew SSLv2 was bad, in 1995… why was it still in use in 2015?
January 1999: “In 1996, an IETF working group is formed to standardize SSL. Even though the resulting protocol is almost identical to SSL v3, the process takes 3 years. TLS v1.0 is published as RFC 2246. Microsoft forces the change of protocol name to Transport Layer Security (TLS), creating a confusion that continues to this day.”
January 2001: “Someone calls VeriSign claiming to be from Microsoft, pays $400, and gets away with two code-signing certificates. The certificates have no special powers, but the owner name is misleading and potentially dangerous.”
April 2006: “A new version of the TLS protocol is released as RFC 4346. This version addresses the BEAST attack, but it will be 5 years before the world realizes.”
June 2007: “In the early days, CAs are strict about identify verification before certificate issuance. Eventually, some CAs realise that they can get away with less work and domain-validated (DV) certificates are born. To restore the balance, Extended Validation (EV) certificates are designed as a way of guaranteeing a connection between a domain name and a real-life business entity.”
It used to require a lot of money ($100s or $1000s), a lot of paperwork, and a reasonable amount of time to get an SSL certificate. Eventually DV certificates meant anyone could get a cert for $9 a year. So the CAs came up with a way to charge $100s again.
May 2008: “It is discovered that a catastrophic programming error had been introduced to Debian in September 2006, becoming part of the official release in April 2007. All private keys generated on vulnerable systems were insecure.”
August 2008: “A new version of TLS is released as RFC 5246, although hardly anyone notices. A major new feature in this version is authenticated (AEAD) encryption, which removes the need for streaming and block ciphers (and thus the inherently vulnerable CBC mode).”
July 2009: “SSL Labs launches to build better tools for secure server assessment and research how SSL/TLS and PKI are used in practice.”
March 2011: “The IETF attempts to formally deprecate SSL v2 by publishing RFC 6176. According to SSL Labs, 54% HTTPS servers supported this obsolete protocol version in 2011.”
August 2011: DigiNotar
July 2012: “After their success with EV certificates, the CA/Browser Forum publishes Baseline Requirements to standardise issuance of all certificates.”
May 2013: “Edward Snowden releases thousands of classified NSA documents to selected journalists, changing the public’s perspective of the Internet forever. We eventually realise the extent of passive monitoring of plaintext communication.”
August 2013: “Work on TLS 1.3 begins. Although TLS 1.2 seems good enough for now, it’s clear that it can’t support the next few decades of Internet evolution. Thus, work on the next-generation encryption protocol begins.”
January 2014: “At the beginning of 2014, 1024-bit RSA keys for subscriber certificates are retired; 2048-bit RSA certificates become the new minimum. Weak intermediate and root keys remain in use.”
April 2014: “A critical vulnerability in OpenSSL, a very widely used TLS library, is discovered. If exploited, Heartbleed enables attackers to retrieve process memory from vulnerable servers, often resulting in private key compromise. Because of tremendous hype associated with the attack, most public servers fix the vulnerability practically overnight. A long tail of vulnerable devices remains, though. Heartbleed’s biggest contribution is showing the world how severely underfunded the OpenSSL project was in its 20 years of existence. In the following months, large organisations start contributing to the project and a big cleanup begins.”
February 2015: “The IETF publishes RFC 7465 to formally prohibit usage of the weak but ever-popular RC4 cipher.”
November 2015: “Let’s Encrypt is launched to provide free certificates with automated issuance. It is widely expected that this new non-profit CA will further drive down the price of DV certificates and encourage similar programs from other, more established CAs. However, it is their focus on automated issuance that excites, allowing all infrastructure to be protected.”
January 2016: “CAs are no longer allowed to issue public SHA1 certificates. The key word here is “public”. Some CAs continue to issue SHA1 certificates from roots that are not trusted by modern browsers, but continue to be trusted by older devices.”
February 2016: “Previous versions of SSL and TLS were either rushed (SSL v2 and SSL v3) or maintenance efforts (TLS v1.0-v1.2). With TLS v1.3, the working group is taking a different approach; after more than two years in development, a workshop is held to carefully analyse the new designs.”
The timeline extends into the future
January 2017: Browsers will stop accepting all SHA1 certificates
July 2018: “From July 2018, PCI-compliant merchants must not support TLS 1.0. Originally, this date was intended to be in July 2016, but that was not realistic because of too many users relying on obsolete technology that doesn’t support modern protocols.”

Feedback:

Round Up:

The post Long Broken SSL History | TechSNAP 289 first appeared on Jupiter Broadcasting.

Internet of Default Passwords | TechSNAP 288

chris — Thu, 13 Oct 2016 16:31:36 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Internet of Terror roundup

Krebs has been machine-gunning articles about the Internet of Terror devices that were used to attack him recently
Who makes the IoT things that are under attack
This first post breaks down the manufacturers of the devices, who is to blame for this nonsense.
“As KrebsOnSecurity observed over the weekend, the source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released. Here’s a look at which devices are being targeted by this malware”
“The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords. Many readers have asked for more information about which devices and hardware makers were being targeted. As it happens, this is fairly easy to tell just from looking at the list of usernames and passwords included in the Mirai source code.”
“In all, there are 68 username and password pairs in the botnet source code. However, many of those are generic and used by dozens of products, including routers, security cameras, printers and digital video recorder (DVRs).”
All of the passwords are quite bad. A few look almost random, but using one random password on every device doesn’t help. It is as if they tried, but totally missed the point
“Regardless of whether your device is listed above, if you own a wired or wireless router, IP camera or other device that has a Web interface and you haven’t yet changed the factory default credentials, your system may already be part of an IoT botnet. Unfortunately, there is no simple way to tell one way or the other whether it has been compromised.”
“However, the solution to eliminating and preventing infections from this malware isn’t super difficult. Mirai is loaded into memory, which means it gets wiped once the infected device is disconnected from its power source.”
“Several readers have pointed out that while advising IoT users to change the password via the device’s Web interface is a nice security precaution, it may or may not address the fundamental threat. That’s because Mirai spreads via communications services called “telnet” and “SSH,” which are command-line, text-based interfaces that are typically accessed via a command prompt (e.g., in Microsoft Windows, a user could click Start, and in the search box type “cmd.exe” to launch a command prompt, and then type “telnet” to reach a username and password prompt at the target host). The trouble is, even if one changes the password on the device’s Web interface, the same default credentials may still allow remote users to log in to the device using telnet and/or SSH.”
Europe to push for new security rules amid IoT mess
“The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.”
“The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure. The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings.”
That sounds great, but how do you rate the cyber security of a device? Who is going to be allowed to these audits? Who decides if the Auditor is qualified enough?
“One of those default passwords — username: root and password: xc3511 — is in a broad array of white-labeled DVR and IP camera electronics boards made by a Chinese company called XiongMai Technologies. These components are sold downstream to vendors who then use it in their own products.”
“That information comes in an analysis published this week by Flashpoint Intel, whose security analysts discovered that the Web-based administration page for devices made by this Chinese company (https://ipaddress/Login.htm) can be trivially bypassed without even supplying a username or password, just by navigating to a page called “DVR.htm” prior to login.”
“The issue with these particular devices is that a user cannot feasibly change this password. The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”
IoT devices as proxies for cybercrime
“This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity — from frequenting underground forums to credit card and tax refund fraud.”
The criminals are using your IoT device as a proxy, so when the police hunt down the person who committed the fraud, it looks like it was you.
“Recently, I heard from a cybersecurity researcher who’d created a virtual “honeypot” environment designed to simulate hackable IoT devices. The source, who asked to remain anonymous, said his honeypot soon began seeing traffic destined for Asus and Linksys routers running default credentials. When he examined what that traffic was designed to do, he found his honeypot systems were being told to download a piece of malware from a destination on the Web.”
“The researcher found that the malware being pushed to his honeypot system was designed to turn his faux infected router into a “SOCKS proxy server,” essentially a host designed to route traffic between a client and a server. Most often, SOCKS proxies are used to anonymize communications because they can help obfuscate the true origin of the client that is using the SOCKS server.”
“What he observed was that all of the systems were being used for a variety of badness, from proxying Web traffic destined for cybercrime forums to testing stolen credit cards at merchant Web sites. Further study of the malware files and the traffic beacons emanating from the honeypot systems indicated his honeypots were being marketed on a Web-based criminal service that sells access to SOCKS proxies in exchange for Bitcoin.”
Krebs’ site has a number of tips on securing your router to prevent this
SSH TCP Forwarding on-by-default in IoT devices, used in new cedential stuffing attacks
Of course, routers and other IoT devices can sometimes be used as a proxy without having to be compromised.
The default SSH configuration used on a number of IoT devices allows the SSH feature ‘AllowTCPForwarding’
This allows the attacker to login to the IoT device using the default credentials (that you sometimes cannot change), and then bounce their connection off of the device, in such a way that it leaves no trace
Ezra Caltum, senior security research team leader at Akamai: “We are in for an Internet of unpatchable things. This is my personal opinion, but I’m terrified about it.”

Researchers discover way to factor certain 1024 bit Diffie-Hellman keys

“Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.”
While there is a lot of media hype, it isn’t necessarily the end of the world just yet
Researcher Post
“We have completed a cryptanalysis computation which is at the same time a formidable achievement in terms of size (a 1024-bit discrete logarithm computation), and a small-scale undertaking in terms of computational resources (two months of calendar time on 2000 to 3000 cores). In comparison, the “real” record for discrete logarithm is 768 bits (announced this spring) and required 10 times as much computational power.”
“To achieve this, we cheated. Deliberately. We chose the prime number which defines the problem to be solved in a special way, so that the computation can be made much more efficient. However, we did this in a subtle way, so that the trapdoor we inserted cannot be detected.”
“Unfortunately, for most of the prime numbers used in cryptography today, we have no guarantee that they have not been generated with such a trapdoor. We estimate that breaking a non-trapdoored 1024-bit prime is at least 10,000 times harder than breaking our trapdoored prime was for us once we knew the trapdoor.”
“Our computation raises questions about some Internet standards that contain opaque, fixed primes. Theoretically, we know how to guarantee that primes have not been generated with a trapdoor, but most widely used primes come with no such public guarantee. A malicious party who inserted a trapdoored prime into a standard or an implementation would be able to break any communication whose security relies on one of these primes in a short amount of time.”
“Solving discrete log for a Diffie-Hellman key exchange lets an attacker decrypt messages encrypted with the negotiated key. Solving discrete log for a DSA signature lets an attacker forge signatures.”
So, we have a way to make sure that the process used to select a prime is not backdoored, but not a way to tell if a given prime has been backdoored
“We have not been able to find any documented seeds or verifiable randomness for widely used 1024-bit primes such as the RFC 5114 primes. Using “nothing up my sleeve” numbers to generate primes like the Oakley groups or the TLS 1.3 negotiated finite field Diffie-Hellman groups (RFC 7919) is a reasonable guarantee of not containing a backdoor.”
Some older standards contain ‘magic’ numbers, without information about the process that was used to come up with the number. Only numbers in some newer standards, where a “nothing up my sleeve” policy allows anyone to audit the process used to select the prime, are considered secure.
“The attack we describe affects only Diffie-Hellman and DSA, not ECDH or ECDSA. For RSA, there are not global public parameters like the primes used for Diffie-Hellman that could contain a backdoor like this.”
“If you run a server, use elliptic-curve cryptography or primes of at least 2048 bits.”
DH primes less than 1024 were banned recently, after the Logjam attack. Hopefully most people who generated new primes are already using 2048 or bigger primes
“If you are a developer or standards committee member, use verifiable randomness to generate any fixed cryptographic parameters, and publicly document your seeds. Appendix A.1.1.2 of FIPS 186 describes how to do this for DSA primes.”

Android Fragmentation Sinks Patching Gains — 60,000 unique models of Android device

It’s been 13 months since Google began releasing Android security bulletins and software patches on a scheduled, monthly basis. So far, the benefits of the new strategy to shore up Android’s defenses are mixed at best.
Security experts say look no further than to this past August and Google’s patching of the high-profile QuadRooter vulnerability that took 96 days for Google to go from vulnerability notification by Qualcomm to the release of the final patch for the critical flaws on Sept. 6. By comparison, it took Apple just 10 days from the time researchers tipped off the company to the notorious Trident vulnerabilities, which were publicly attacked unlike QuadRooter, to Apple releasing its iOS patch.
That stark difference in patch times, illustrates to many mobile security experts that despite security gains within the Android platform
From MediaServer hardening and file-level encryption – Google’s security efforts are still stymied by the nagging problem of fragmentation.
For example, only a fraction of phones vulnerable to the QuadRooter vulnerability have received Google’s patches.
Kyle Lady, research and development engineer at Duo Labs, says issues tied to fragmentation are hurting the Android ecosystem on two fronts.
One front is Google’s efforts to work with a myriad partners on identifying risks and prepping patches for Google’s monthly security updates.
The second is making sure those patches are deployed by Android handset makers and wireless carriers to consumers in a timely manner.
Since Google released its last patch to fix the QuadRooter vulnerability, only 15 percent of Android phones capable of receiving the security update had done so, according to the most recent data available from Duo Labs collected Oct. 5.
The patching results are interesting, “percentage of Android phones that have not patched in the last 90 days”:
- Nexus: 2.3% (almost every phone is patched)
- Samsung: 55% (slightly more than half of all phones are unpatched)
- LG: 73% (almost 3/4s of all phones are unpatched)
- Motorola: 96% unpatched
- Sony: 98% unpatched
For the first time that I have seen, Google’s support policy is also spelled out:
“For Google’s part, it says it will provide support for its Nexus brand phones for at least three years from device availability, or 18 months after the last device is sold by Google”
Motorola’s phone unit was recently sold to Lenovo, which had this to say:
“We understand that keeping phones up-to-date with security patches is important to our customers and strive to push security patches as quickly as we can. We work with our carrier partners, software providers and other partners to extensively test patches before they are delivered, which can be in various forms, such as pure Security Maintenance Releases, scheduled Maintenance Releases and OS Upgrades.”
“In August, Motorola said it couldn’t promise its flagship Moto Z and Moto G4 would receive monthly Android security patches. Instead, Motorola said updates would be quarterly. Samsung and LG said they have committed to monthly security updates for their handsets. HTC did not respond to a request for comment on this story.”
It would be interesting to see these same numbers while looking at a more confined view, say, Phones sold in the last 18 months, rather than all phones on the market.
Google is also trying to solve the problem by going around the Manufacturers and the Carriers: “with the release of Android 7.0 (Nougat) Google is attempting to become more self-reliant by creating independent apps that might have otherwise been Android OS baked-in features. For example, Google recently introduced its Allo and Duo (formerly Hangouts) messaging features as standalone apps. Now, Google can push out software updates if needed to those apps, independent of device makers and carriers.”

Feedback:

Round Up:

The post Internet of Default Passwords | TechSNAP 288 first appeared on Jupiter Broadcasting.

Microsoft’s Golden Ticket | TechSNAP 280

chris — Thu, 18 Aug 2016 07:40:22 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Security Breach at Oracle’s MICROS point of sales division

A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp.
More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.
Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.
A source briefed on the investigation says the breach likely started with a single infected system inside of Oracle’s network that was then used to compromise additional systems. Among those was a customer “ticketing portal” that Oracle uses to help MICROS customers remotely troubleshoot problems with their point-of-sale systems.
Those sources further stated that the intruders placed malicious code on the MICROS support portal, and that the malware allowed the attackers to steal MICROS customer usernames and passwords when customers logged in the support Web site.
This breach could be little more than a nasty malware outbreak at Oracle. However, the Carbanak Gang’s apparent involvement makes it unlikely the attackers somehow failed to grasp the enormity of access and power that control over the MICROS support portal would grant them.
This [incident] could explain a lot about the source of some of these retail and merchant point-of-sale hacks that nobody has been able to definitively tie to any one point-of-sale services provider, I’d say there’s a big chance that the hackers in this case found a way to get remote access” to MICROS customers’ on-premises point-of-sale devices.

It is not clear if the breach at Oracle may have resulted in the attackers being able to remotely control MICROS payment terminals.
According to comments on the Krebs articles, the actual credit card processing is usually done on the pinpad unit, and just the results are processed by the cash register running MICROS

After investigative reporter Brian Krebs reported a compromise of Oracle’s MICROS unit earlier this week, it now appears the same allegedly Russian cybercrime gang has hit five others in the last month: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell. Together, they supply as many as, if not more than, 1 million point-of-sale systems globally.

TCP stack bug in Linux 3.6+ means many systems vulnerable

At the 25th Usenix Security Symposium on Wednesday, researchers with the University of California at Riverside and the US Army Research Laboratory will demonstrate a proof-of-concept exploit that allows them to inject content into an otherwise legitimate USA Today page that asks viewers to enter their e-mail and passwords.
Computer scientists have discovered a serious Internet vulnerability that allows attackers to terminate connections between virtually any two parties and, if the connections aren’t encrypted, inject malicious code or content into the parties’ communications.
The vulnerability resides in the design and implementation of RFC 5961, a relatively new Internet standard that’s intended to prevent certain classes of hacking attacks.

However, in order to prevent a denial of service attack, there is a global rate limit to the number of responses this new code will send. The issue is, an attacker can now exploit this, by eliciting enough responses to research that limit, it means that the server will not send legitimate responses to the user. This then allows the attacker to send a response pretending to be the server, and shutdown the connection between the user and the server.

Attackers can go on to exploit the flaw to shut down the connection, inject malicious code or content into unencrypted data streams, and possibly degrade privacy guarantees provided by the Tor anonymity network.
The flawed code was introduced into the Linux operating system kernel starting with version 3.6 in 2012, has added a largely complete set of functions implementing the standard. Linux kernel maintainers released a fix with version 4.7 almost three weeks ago, but the patch has not yet been applied to most mainstream distributions. For the attack to work, only one of the two targeted parties has to be vulnerable, meaning many of the world’s top websites and other services running on Linux remain susceptible.

What makes this attack especially bad is that the attacker does not need to be Man-in-the-Middle, it works as a so called “off-path” attack. The attacker just sits on the sidelines with their regular internet connection, and sends packets to one or both parties, and by guessing the port numbers used on each side (usually by brute force), can inject content into the flow of packets between the two parties.
This is normally prevented by the TCP three-way handshake (which gets a positive acknowledgement from both sides, to prevent someone from being able to spoof their IP), and the sequence numbers prevent an attacker from easily injecting packets in the connection stream.

In this paper, we discover a much more powerful off-path attack that can quickly 1) test whether any two arbitrary hosts on the Internet are communicating using one or more TCP connections (and discover the port numbers associated with such connections); 2) perform TCP sequence number inference which allows the attacker to subsequently, forcibly terminate the connection or inject a malicious payload into the connection. We emphasize that the attack can be carried out by a purely off-path attacker without running malicious code on the communicating client or server. This can have serious implications on the security and privacy of the Internet at large.
The root cause of the vulnerability is the introduction of the challenge ACK responses and the global rate limit imposed on certain TCP control packets. The feature is outlined in RFC 5961, which is implemented faithfully in Linux kernel version 3.6 from late 2012. At a very high level, the vulnerability allows an attacker to create contention on a shared resource, i.e., the global rate limit counter on the target system by sending spoofed packets. The attacker can then subsequently observe the effect on the counter changes, measurable through probing packets.
Through extensive experimentation, we demonstrate that the attack is extremely effective and reliable. Given any two arbitrary hosts, it takes only 10 seconds to successfully infer whether they are communicating. If there is a connection, subsequently, it takes also only tens of seconds to infer the TCP sequence numbers used on the connection. To demonstrate the impact, we perform case studies on a wide range of applications.

So the features introduced by the new RFC make it possible for the attacker to figure out the sequence number of the TCP connection to inject traffic into it

Besides injecting malicious JavaScript into a USA Today page, the researchers also show how the vulnerability can be exploited to break secure shell, or SSH, connections and tamper with communications traveling over Tor. In the latter case, attackers can terminate key links in the Tor chain—for instance, those connecting an end user to an entry node, an entry node to a middle relay, or a middle relay to the exit node. The Tor attack could be particularly effective if it knocked out properly functioning exit nodes because the technique would increase the chances that connections would instead use any malicious exit nodes that may exist.

Microsoft bungles SecureBoot key handling, golden keys can unlock any system

Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot — and it may not be possible to fully resolve the leak.
If you provision this magic policy, that is, if you install it into your firmware, the Windows boot manager will not verify that it is booting an official Microsoft-signed operating system. It will boot anything you give it provided it is cryptographically signed, even a self-signed binary – like a shim that loads a Linux kernel.

This signed policy was never meant to leave the lab, but it seems it did

The Register understands that this debug-mode policy was accidentally shipped on retail devices, and discovered by curious minds including Slip and MY123. The policy was effectively inert and deactivated on these products but present nonetheless.
For internal debugging purposes, Microsoft created and signed a special Secure Boot policy that disables the operating system signature checks, presumably to allow programmers to boot and test fresh OS builds without having to sign each one.
This, in turn, allows someone with admin rights or an attacker with physical access to a machine not only to bypass Secure Boot and run any operating system they wish, such as Linux or Android, but also permits the installation and execution of bootkit and rootkits at the deepest level of the device
A backdoor, which MS put into secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!
You can see the irony. Also the irony in that MS themselves provided us several nice “golden keys” (as the FBI would say for us to use for that purpose

Between June and July, Microsoft awarded a bug bounty, and pushed a fix — MS16-094. However, this fix was deemed “inadequate,” although it had somewhat mitigated the problem, resulting in a second patch, MS16-100, being issued in August.
This update blacklists a bunch of revoked keys and signatures so they can no longer be used, but Microsoft cannot revoke all old keys, because they are used on things like read-only installation disks

If you’re using a locked-down Secure Boot PC and you have admin rights on the box, and you want to boot something else, all the above is going to be of interest to you. If you’re an IT admin who is relying on Secure Boot to prevent the loading of unsigned binaries and drivers – such as rootkits and bootkits – then all the above is going to worry you.

Additional Coverage: TheRegister
The article at The Register provides links to a number of scripts and tools to be able to unlock the UEFI firmware on Windows RT tablets, and be able to install an alternative OS
Researcher Blog (with demoscene music)
The point raised by the researchers is especially poignant: Having “secure” secret backdoor keys will never work. They will always end up getting leaked, and there is no way to undo that damage when it happens.
Secure Golden Key Boot: (MS16-094 / CVE-2016-3287, and MS16-100 / CVE-2016-3320)

Feedback:

Round Up:

The post Microsoft’s Golden Ticket | TechSNAP 280 first appeared on Jupiter Broadcasting.

Windows Exploit Edition | TechSNAP 274

chris — Thu, 07 Jul 2016 19:21:02 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

On this weeks episode we cover a UEFI firmware bug that is affecting computers including ThinkPads, tell you how your windows box can be totally pwned even if it’s fully encrypted & talk about the shortcomings of the MD5 checksum. Plus the feedback, the roundup & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

ThinkPwn, Lenovo and possible other vendors vulnerable to UEFI bug

“This code exploits 0day privileges escalation vulnerability (or backdoor?) in SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware. Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the neweset one is T450s (with latest firmware versions available at this moment). Running of arbitrary System Management Mode code allows attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do others evil things.”
an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode
“Vulnerable code of SystemSmmRuntimeRt UEFI driver was copy-pasted by Lenovo from Intel reference code for 8-series chipsets.”
“Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability’s presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code”
Lenovo Advisory
The vulnerable code has also been found in HP Pavilion Laptops, some Gigabyte Motherboards (Z68, Z77, Z87, Z97), Fujitsu, and Dell.
Exploring and exploiting Lenovo firmware secrets
ThinkPWN, proof of concept exploit

From zero to SYSTEM on a fully encrypted Windows machine

“Whether you want to protect the operating system components or your personal files, a Full Disk Encryption (FDE) solution allows you to keep track of the confidentiality and integrity. One of the most commonly used FDE solutions is Microsoft Bitlocker®, which due to its integration with the Trusted Platform Module (TPM) as well as the Active Directory environment makes it both user-friendly and manageable in a corporate environment.
When the system is protected with a FDE solution, without a pre-boot password, the login or lock screen makes sure attackers with physical access are not able to gain access to the system.”
“In this post we will explain how an attacker with physical access to an active directory integrated system (e.g. through stealing) is able to bypass the login or lock screen, obtain a clear-text version of the user’s password and elevate his privileges to that of a local administrator or SYSTEM. This can be accomplished via two security vulnerabilities which affects all Windows versions (from Vista to 10) and abusing a standard “security” feature.”
“These two vulnerabilities, discovered with the help of my colleague Tom Gilis were reported to Microsoft however only one vulnerability is patched at the time of writing CVE-2016-0049 / MS16-014.
“The other one, which allows you to elevate your privileges to that of a local administrator or SYSTEM is still under investigation by Microsoft and is not yet disclosed here.”
Acknowledgement by Microsoft
Since the time of this post, the patch has been released. It turns out, it is MS16-072
You might remember MS16-072 from TechSNAP #272 as the Windows Update that broke Group Policies!
“Step 1 – Hibernation – Your friendly neighbourhood password dumper”
“Speaking for myself, and probably a lot of other users, shutting down a laptop has become a thing of the past. In order to be able to rapidly start using your system when travelling from one place to another, we put it into sleep (or hibernation) mode, essentially putting all processes on hold to be easily resumed when needed. Although in order to resume your session after sleep or hibernation, you’ll have to enter your password on the lock screen (or at least I hope so), the system has your password stored somewhere in memory in order to resume the different processes. We want the system to dump the contents of the memory on disk so we can recover it later. Hibernation is there to the rescue, but we need to be able to force the system into hibernation, creating the HIBERFIL.SYS.”
“Luckily, the default configuration of a laptop running Windows depicts going into hibernation if the battery hits a critical low. This feature, by default at set 5%, ensures you don’t lose any unsaved documents when your battery dies. Once we force the laptop into hibernation mode we reboot it and move to the next step”
“Step 2 – Bypassing the login or lock screen”
“If the computer is a member of an AD Domain, and the user has logged in on this machine before, so their password is cached locally, all an attacker needed to do is create a rogue Kerberos server with the targets user account’s password set to a value of choice and indicated as expired. Upon login attempt, Windows would then prompt the user to change the password before continuing”
“Once the password change procedure is completed, the cached credentials on the machine are updated with the new password set by the attacker. Because the system is not able to establish a secure connection, the password is not updated on the Kerberos server but still allows the attacker to login when the system no longer has an active network connection (using the cached credentials)”
So, since the attacker set the new password on the Domain Controller (not really, but the computer things they did), they know this password, and when they attempt to login with it, and windows cannot reach the domain controller, it uses this locally cached password, and allows them to login
“Although the authentication has been bypassed, we still only have the (limited) privileges of the victim’s account (taking into consideration this is not an local administrator). This is where the next step comes in, in which we explain how you can obtain full local administrative privileges just by using standard Windows functionalities and thus not relying on any vulnerable installed software.”
“Step 3 – Privilege escalation to SYSTEM”
“We know that the trust between the client and Domain Controller (DC) is not always properly validated, we have a working Active Directory set-up and we have a working rogue DC. The question is are there any other Windows functionality that is failing to properly validate the trust?”
“How about Group Policies? It works on all supported Windows versions. There is no need for any additional (vulnerable) software. No specific configuration requirements”
“There are 2 types of Group Policy Objects (GPO), Computer Configuration and User Configuration Policies.”
“Computer Configuration Policies are applied before logon, the machine account is used to authenticated to the DC in order to retrieve the policies and finally all policies are executed with SYSTEM privileges. Since we don’t know the machine account password using Computer Configuration Policies is not an option.”
“User Configuration Policies are applied after a user is logged in, user’s account is used to authenticated to the DC to retrieved the User Configuration Policies and the policies are either executed as the current logged-on user or as SYSTEM.”
“Now this last type of Policy is interesting because we know the password of the user as we reset it to our likings.”
“Let’s create a Scheduled Task GPO that will execute NetCat as SYSTEM and finally will connect to the listening NetCat service as a the current user.”
On Windows 7, Immediately game over, you own the system
“Windows 7 fails to validate if the DC from where the Group Policies are being applied is indeed a trusted DC. It is assumed that the user credentials are sufficient to acknowledge the trust relationship. In this attack all encrypted traffic remains intact and doesn’t require any modification whatsoever.”
On Windows 10, it didn’t work right out of the box
It turns out, the Rouge DC needs to have a user object matching the SID of the user that is logging in. Luckily, with Mimikatz, you can edit the SID of the user on the Rouge DC to make it match
Additional Coverage: Part 2
Slides
So, Microsoft has patched both of these vulnerabilities, and we are all safe again, right?
“Bypassing patch MS16-014: Yes, you’ve read it right! There is still a way to bypass the Windows Login screen and bypass Authentication More details will be released soon!”
The author has not released the details yet, as they are waiting on Microsoft to release another patch

The MD5 collision is here

“A while ago a lot of people visited my site (~ 90,000 ) with a post about how easy it is to make two images with same MD5 by using a chosen prefix collision. I used Marc Steven’s HashClash on AWS and estimated the the cost of around $0.65 per collision.”
“Given the level of interest I expected to see cool MD5 collisions popping up all over the place. Possibly it was enough for most people to know it can be done quite easily and cheaply but also I may have missed out enough details in my original post”
A 2014 blog post showed how to create two php scripts with the same MD5
An early 2015 blog post showed two JPGs with the same MD5
So, this version of the tools was able to make two different .jpg images, that had the same MD5 checksum, but different contents, while still being perfectly valid JPG images
The post included instructions and an Amazon AWS images to do the number crunching
That a later follow up post on how to do the same thing with executable files
Same Binaries Blog Post
This example shows a C binary that prints an Angel if a condition is true, and a Devil if it is false
It contains a bunch of filler that can be changed to make the hashes the same in a second version of the file, where the condition is false. The end result is a pair of binaries, with the same MD5 hash, but different output
Using this same technique, Casey Smith (@subtee) managed to make an Angel.exe that is a copy if mimikatz, a windows password dumping utility, and a devil.exe that just says ‘nothing to see here’
Demo of the attack
This means all I need to do is run this tool against my malware, and say, regedit.exe that is on the whitelist in Windows, and now I have a malware binary that will be trusted

Feedback:

Round Up:

The post Windows Exploit Edition | TechSNAP 274 first appeared on Jupiter Broadcasting.