(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Re: [FD] Mozilla extensions: a security nightmare
Re: [FD] Mozilla extensions: a security nightmare
Re: [FD] Mozilla extensions: a security nightmare
Re: [FD] Mozilla extensions: a security nightmare

Over the past decade, keyless entry systems have largely displaced traditional physical keys as the means for locking and unlocking cars and garages around the world. Just push a button and the electronic devices transmit a secret code that activates or deactivates the lock, saving people the hassle of manually controlling it.

Now, serial hacker Samy Kamkar has devised RollJam, a $30 device that steals the secret codes so attackers can use them to gain unauthorized access to a car or garage. It works against a variety of market-leading chips, including the KeeLoq access control system from Microchip Technology Inc. and the High Security Rolling Code generator made by National Semiconductor. RollJam is capable of opening electronic locks on cars from Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, Volkswagen Group, Clifford, Shurlok, and Jaguar. It also works against a variety of garage-door openers, including the rolling code garage door opener made by King Cobra.

Rolling codes are similar to the pseudo-random numbers used by the RSA SecurID and similar two-factor authentication devices—with one important difference that will be explained later in this post. An algorithm inside the electronic key and the lock allow the two devices to remain synchronized so the lock can determine when it has received a legitimate rolling code sent by the authorized key. A legitimate rolling code is valid until it's received by the lock. The next time the electronic key is pressed, it will issue a different code. In the event that the key issues a rolling code that isn't received by the lock—say, when the two devices aren't within radio range of each other—the lock is able to accept a newer rolling code and invalidate any earlier rolling codes that weren't received.

Read 4 remaining paragraphs | Comments

Re: [FD] Mozilla extensions: a security nightmare
DOJ Contact:xa0Office of Public Affairs, 202-514-2007xa0The U.S. Department of Justice (DOJ) and the U.S. Department of Commerces National Institute of Standards and Technology (NIST) today announced six appointments to the National ...

It's never a good idea to return a computer or other gadget to a store without first erasing all your personal data. Stores with good policies and training will generally wipe devices back to factory settings before selling them again, but you never know when one might slip through the cracks.

We've seen this happen a few times with Best Buy, that ubiquitous chain with 1,600 stores in North America, which boasts that "more than 70 percent of the [US] population lives within 15 minutes of a Best Buy store."

The most recent incident happened last week when Michal Urban bought an open box Apple TV from a Best Buy in Mission Viejo, California. The Apple TV was still logged in to several of the previous owner's accounts, Urban told Ars. Urban provided us with screenshots showing logged-in accounts for iTunes, Netflix, Hulu, and HBO Now.

Read 13 remaining paragraphs | Comments

LinuxSecurity.com: Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
LinuxSecurity.com: Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. [More...]
LinuxSecurity.com: Keystone could be made to expose sensitive information over thenetwork.
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
LinuxSecurity.com: Several security issues were fixed in Swift.
LinuxSecurity.com: Cinder could be made to access unintended files over the network by anauthenticated user.
LinuxSecurity.com: Fixes for CVE-2015-3290 CVE-2015-3291 CVE-2015-1333 in the kernel.Also fixes for a minor warning in pcmcia.
It turns out that embedded computing devices can be used to broadcast data covertly in all sorts of ways, as demonstrated in this video from Ang Cui's Funtenna project.

LAS VEGAS—During the Cold War, Soviet spies were able to monitor the US Embassy in Moscow by using a radioretroreflector bug—a device powered, like modern RFID tags, by a directed radio signal. But that was too old school for Ang Cui, chief scientist at Red Balloon Security and a recent PhD graduate of Columbia University. He wanted to see if he could do all of that with software.

Building on a long history of research into TEMPEST emanations—the accidental radio signals given off by computing systems’ electrical components—Cui set out to create intentional radio signals that could be used as a carrier to broadcast data to an attacker even in situations where networks were “air-gapped” from the outside world. The result of the work of his research team is Funtenna, a software exploit he demonstrated at Black Hat today that can turn a device with embedded computing power into a radio-based backchannel to broadcast data to an attacker without using Wi-Fi, Bluetooth, or other known (and monitored) wireless communications channels.

Cui has previously demonstrated a number of ways to exploit embedded systems, including printers and voice-over-IP phones. In 2012, he demonstrated an exploit of Cisco phones that turned on the microphone and transformed phones into a remote listening device. Michael Ossmann of Great Scott Gadgets, a hardware hacker who has done some development of exploits based on concepts from the NSA's surveillance "playset,"  suggested to Cui that he could turn the handset cord of the phone into a “funtenna”—an improvised broadcast antenna generating radio frequency signals programmatically.

Read 4 remaining paragraphs | Comments



InfoSec: SANS Gulf Region 2015 opens for Registration
SANS returns to Dubai this October for the Gulf Region's largest Information Security training event offering six intensive training courses all with an associated GIAC certification. The event will take place at the Hilton Dubai Jumeirah in Dubai from ...

Re: [FD] Mozilla extensions: a security nightmare
FreeBSD Security Advisory FreeBSD-SA-15:19.routed

In my last diary entry I mentioned offline use of Sysinternal tools with my tool virustotal-search.

So you want to use sigcheck but you cant connect the machine to the Internet. Then you can use sigchecks option -h to calculate cryptographic hashes of the files it checks, and option -c to produce a CSV output (-ct for CSV with a tab separator). If you want, you can limit sigcheck" />

To extract a unique list of MD5 hashes, you can use this pipe of awk, tail, sed and sort (for a tab separated CSV file):

awk -F \t {print $10} sigcheck-system32.csv | tail -n +2 | sed s///g | sort -u

And then you can use virustotal-search to submit the hashes.

If you suspect the machine is infected with malware that has rootkit features, then dont boot from the suspect disk, but mount the disk on another machine or boot from a Live CD and use sigcheck to scan the disk.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
Re: [FD] Mozilla extensions: a security nightmare

Crowdsourced InfoSec Budgeting Tool Available Free to Peerlyst Users
IT Business Net
SAN FRANCISCO, CA -- (Marketwired) -- 08/05/15 -- Peerlyst, the preeminent information security community, is today pleased to announce PeerSource Budget™. The crowdsourced free tool gives InfoSec professionals, for the first time, a flexible and ...

Internet Storm Center Infocon Status