Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

msm1267 hasn't commented recently.

Submissions

top

LibreSSL PRNG Vulnerability Patched

msm1267 msm1267 writes  |  about a week ago

msm1267 (2804139) writes "The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator (PRNG).

The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a “catastrophic failure of the PRNG.”

OpenBSD founder Theo de Raadt and developer Bob Beck, however, countered saying that the issue is “overblown” because Ayer’s test program is unrealistic. Ayer’s test program, when linked to LibreSSL and made two different calls to the PRNG, returned the exact same data both times.

“It is actually only a problem with the author’s contrived test program,” Beck said. “While it’s a real issue, it’s actually a fairly minor one, because real applications don’t work the way the author describes, both because the PID (process identification number) issue would be very difficult to have become a real issue in real software, and nobody writes real software with OpenSSL the way the author has set this test up in the article.”"

Link to Original Source
top

Source Code Leaked for Tinba Banking Trojan

msm1267 msm1267 writes  |  about two weeks ago

msm1267 (2804139) writes "The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit.

Tinba performs many of the same malicious functions as other banker Trojans, injecting itself into running processes on an infected machine, including the browser and explorer.exe. The malware is designed to steal financial information, including banking credentials and credit-card data and also makes each infected computer part of a botnet. Compromised machines communicate with command-and-control servers over encrypted channels. Tinba got its name from an abbreviation of “tiny banker”, and researchers say that it’s only about 20 KB in size."

Link to Original Source
top

HackingTeam Mobile Malware, Infrastructure Uncovered

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work.

Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting HackingTeam’s Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices."

Link to Original Source
top

Microsoft Opens Preview of Interflow Information Sharing Platform

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "Much like the Year of PKI that has never come to be, information sharing has been one of security’s more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a competitive edge or exposing further vulnerabilities.

Microsoft hopes the latest tweak to its Microsoft Active Protections Program (MAPP) will calm the waters a bit and engage companies and industries to share threat data in an effort to stem the effects of targeted and persistent attacks and speed up incident response recovery.

A private preview is scheduled to open this week for Microsoft Interflow, a distributed platform for information exchange that is built on open specifications such as the Structured Threat Information eXpression (STIX), the Trusted Automation eXchange of Indicator Information (TAXII), and the Cyber Observable eXpression standards (CybOX). Today’s announcement comes 11 months after Microsoft expanded MAPP, its vendor partner information-sharing program to include incident responders."

Link to Original Source
top

Supermicro IPMI Plaintext Passwords Exposed

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "Much has been written about the insecurity of the IPMI protocol present inside embedded baseboard management controllers (BMCs). Serious vulnerabilities can be exploited to gain remote control over big servers running BMCs, in particular in hosting environments where the controllers help admins with remote management of crucial industrial functions, for example. And despite alerts and warnings from prominent figures in computer security such as Dan Farmer and HD Moore, and patches from vendors, the news keeps getting worse.

The security incident response team for San Diego-based cloud-based hosting provider CARI.net yesterday disclosed that a file storing passwords in plain text is open over port 49152. Close to 32,000 vulnerable systems responded to a GET/PSBlock query on the Shodan search engine over port 49152; more than 9.8 million hosts responded in total.

“You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface,” said Zachary Wikholm, senior security engineer with CARI.net.

The PSBlock password file is found in a XML file stored inside a particular directory, Wikholm said, adding that he notified Supermicro of the issue in November to no avail. Wikholm said anything stored in the directory, including server.pem files, wsman admin passwords and netconfig files, are available."

Link to Original Source
top

Research Project Pays People to Download, Run Executables

msm1267 msm1267 writes  |  about a month ago

msm1267 (2804139) writes "Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences. The more cash the researchers offered, capping out at $1, the more people complied with the experiment.

The results toss a big bucket of cold water on long-standing security awareness training advice that urges people not to trust third-party downloads from unknown sources in order to guard the sanctity of their computer. A Hershey bar or a Kennedy half-dollar, apparently, sends people spiraling off course pretty rapidly and opens up a potential new malware distribution channel for hackers willing to compensate users.

The study was released recently in a paper called: “It’s All About The Benjamins: An empirical study on incentivizing users to ignore security advice.” While fewer than half of the people who viewed the task actually ran the benign executable when offered a penny to do so, the numbers jumped to 58 percent when offered 50 cents, and 64 percent when offered $1."

Link to Original Source
top

New Pandemiya Banking Trojan Written From Scratch

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "A new banking Trojan has surfaced on hacker forums called Pandemiya. While the malware offers many of the same features criminals would find in Zeus, Citadel or Carberp, the malware is a completely new offering, a yearlong project, written from scratch featuring more than 25,000 lines of original C code."
Link to Original Source
top

IPMI Protocol Vulnerabilities Have Long Shelf Life

msm1267 msm1267 writes  |  about a month and a half ago

msm1267 (2804139) writes "If enterprises are indeed moving services off premises and into the cloud, there are four letters those companies’ IT organizations should be aware of: IPMI.

Short for Intelligent Platform Management Interface, these tiny computers live as an embedded Linux system attached to the motherboards of big servers from vendors such as IBM, Dell and HP. IPMI is used by a Baseboard Management Controller (BMC) to manage Out-of-Band communication, essentially giving admins remote control over servers and devices, including memory, networking capabilities and storage. This is particularly useful for hosting providers and cloud services providers who must manage gear and data in varied locations.

Noted researchers Dan Farmer, creator of the SATAN vulnerability scanner, and HD Moore, creator of Metasploit, have been collaborating on research into the vulnerabilities present in IPMI and BMCs and the picture keeps getting uglier. Last July, Farmer and Moore published some research on the issue based upon work Farmer was doing under a DARPA Cyber Fast Track Grant that uncovered a host of vulnerabilities, and Internet-wide scans for the IPMI protocol conducted by Moore.

Yesterday, Farmer released a paper called “Sold Down the River,” in which he chastises big hardware vendors for ignoring security vulnerabilities and poor configurations that are trivial to find and exploit."

Link to Original Source
top

TrueCrypt Cryptanalysis to Include Crowdsourcing

msm1267 msm1267 writes  |  about 1 month ago

msm1267 (2804139) writes "A cryptanalysis of TrueCrypt will proceed as planned, said organizers of the Open Crypto Audit Project who announced the technical leads of the second phase of the audit and that there will be a crowdsourcing aspect to phase two.
The next phase of the audit, which will include an examination of everything including the random number generators, cipher suites, crypto protocols and more, could be wrapped up by the end of the summer."

Link to Original Source
top

Embedded Devices Leak Authentication Data Via SNMP

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Researchers have discovered previously unreported problems in SNMP on embedded devices where devices such as secondary market home routers and a popular enterprise-grade load balancer are leaking authentication details in plain text.

The data could be extracted by gaining access to the read-only public SNMP community string, which enables outside access to device information. While only vulnerabilities in three brands were disclosed today, a Shodan search turns up potentially hundreds of thousands of devices that are exposing SNMP to the Internet that could be equally vulnerable."

Link to Original Source
top

SMTP SMARTTLS Deployments Better Than Expected

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "Facebook dug into the prevalence of SMTP STARTTLS deployments for email encryption and found that 58 percent of messages are sent encrypted and certificate validation happened without a hitch for about half of the encrypted email.

Facebook said it believes STARTTLS support has achieved “critical mass,” and backs that up with data that indicates 76 percent of unique MX (mail exchange) hostnames that receive email from Facebook, such as notifications, support the extension. Facebook said that 58 percent of its notification email messages were successfully encrypted and that certificate validation passed for about half of the encrypted email. The other half were opportunistically encrypted, Facebook said."

Link to Original Source
top

TLS 1.3 Ready to Drop RSA Key Transport

msm1267 msm1267 writes  |  about 2 months ago

msm1267 (2804139) writes "The IETF working group responsible for the TLS 1.3 standard is closing in on a decision to remove RSA key transport cipher suites from the protocol.

Decades-old RSA-based handshakes don’t cut it anymore, according to experts, who are anxious to put a modern protocol in place, one that can fend off an intense commitment from cybercriminals and intelligence agencies to snoop and steal data. The consensus is to support Diffie-Hellman Exchange or Elliptic Curve Diffie-Hellman Exchange, both of which support perfect forward secrecy, which experts are urging developers and standards-bearers to instill as a default encryption technology in new applications and build-outs."

Link to Original Source
top

XP Systems Getting Emergency IE Zero Day Patch

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.

Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said.

Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."

Link to Original Source
top

UltraDNS Dealing with DDoS Attack

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "DNS service provider UltraDNS dealt with a DDoS attack for most of yesterday. Parent company Neustar announced late yesterday that it had mitigated the attack for most of its customers, but Western U.S. customers were still down. Meanwhile, the SANS Institute received reports from UltraDNS customers that a 100 Gbps DDoS attack was causing latency issues."
Link to Original Source
top

Apple Fixes Serious SSL Issue in OS X, iOS

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code.

The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user’s network, he might be able to intercept supposedly secure traffic or change the connection’s properties."

Link to Original Source
top

Tor Blacklisting Exit Nodes Vulnerable to Heartbleed

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 vulnerable to Heartbleed where he was able to retrieve plaintext user traffic.

Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."

Link to Original Source
top

Phase 1 of TrueCrypt Audit Turns up No Backdoors

msm1267 msm1267 writes  |  about 3 months ago

msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase.

A report on the first phase of the audit was released today by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."

Link to Original Source
top

One Billion Android Devices Open to Privilege Escalation

msm1267 msm1267 writes  |  about 4 months ago

msm1267 (2804139) writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks.

Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges.
The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.

The researchers said they found a half-dozen different Pileup flaws within Android’s Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said."

Link to Original Source
top

Wide Gap Between Attackers, BIOS Forensics Research

msm1267 msm1267 writes  |  about 4 months ago

msm1267 (2804139) writes "Advanced attackers who target BIOS and firmware with bootkits and other malware have a decided edge on security research and defense in this discipline. These attacks are dangerous because they enable persistence on a PC or server that is difficult to repair without bricking a machine. Researchers at MITRE and chip companies, however, are trying to reverse that trend with research into vulnerabilities in hardware and firmware as well as developing tools that help analyze problems present in BIOS."
Link to Original Source
top

CanSecWest Presenter Self-Censors Risky Critical Infrastructure Talk

msm1267 msm1267 writes  |  about 4 months ago

msm1267 (2804139) writes "A presenter at this week’s CanSecWest security conference has withdrawn his scheduled talk for fear the information could be used to attack critical infrastructure worldwide.
Eric Filiol, scientific director of the Operational Cryptology and Virology lab. CTO/CSO of the ESIEA in France, pulled his talk on Sunday, informing organizer Dragos Ruiu via email. Filiol, a 22-year military veteran with a background in intelligence and computer security, said he has been studying the reality of cyberwar for four months and came to the decision after discussions with his superiors in the French government.
Filiol said he submitted the presentation, entitled “Hacking 9/11: The next is likely to be even bigger with an ounce of cyber,” to CanSecWest three months ago before his research was complete. Since his lab is under supervision of the French government, he was required to review his findings with authorities.
“They told me that this presentation was unsuitable for being public,” Filiol said in an email. “It would be considered as an [incentive] to terrorism and would give precise ideas to terrorists on the know-how (the methodology) and the details regarding the USA (but also how to find weaknesses in other countries).”"

Link to Original Source

Journals

msm1267 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...