Information Security News
For the past seven years, an annual hacker competition that pays big cash prizes has driven home the point that no Internet-connected software, regardless of who made it, is immune to exploits that surreptitiously install malware on the underlying computer. The first day of this year's Pwn2Own 2014 and the companion contest that ran concurrently stuck with much the same theme, with successful hacks of the Internet Explorer, Firefox, and Safari browsers and Adobe's Flash and Reader applications.
Contestants from Vupen, the France-based firm that sells fully weaponized exploits to governments it deems non-repressive, fetched $400,000 during day one of the two-day event. The haul came from exploits that allowed team members to gain full control over IE, Firefox, Flash, and Reader. Vupen's Firefox attack was one of three hacks that successfully compromised the Mozilla browser, with researchers Mariusz Mlynski and Juri Aedla also taking it down, feats that won them $50,000 each. At the Pwn4Fun contest held at the same CanSecWest security conference, researchers from Google toppled Apple's Safari browser, and their counterparts from HP commandeered IE.
During day two, Chrome was on tap to be tested. If it is successfully felled, it wouldn't be the first time. Meanwhile, George "GeoHot" Hotz, the hacker who famously bypassed the copyright restrictions of the Sony PlayStation 3, reportedly became the fourth contestant to defeat Firefox during day two. Update: Vupen has reportedly pwned Chrome as well.
On Wednesday, developers of an alternative version of Google's Android mobile operating system published a startling claim: Samsung's S3, Note 2, and seven other models of Galaxy smartphones contained a backdoor that provides remote access to virtually all data stored on the devices. The code that allows access, which controls the phones' baseband or modem processors, made it possible to remotely read, write, or even modify users' files.
"Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly," Paul Kocialkowski, one of the Free Software Foundation (FSF) developers who reported the finding, wrote in a separate post. "This is yet another example of what unacceptable behavior proprietary software permits!" Going on to plug the Android replacement known as Replicant, he continued: "Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it."
To get a second opinion, Ars turned to Dan Rosenberg, a senior security researcher at Azimuth Security, who specializes in the reverse engineering of Unix and embedded devices. While he expanded the list of affected phones to include Samsung's more recent S4 and Note 3 models, he largely dispelled the claims that the software provided a backdoor that could be used to compromise users' privacy or security. What follows is an e-mail interview conducted early Thursday.
A SANS ISC reader sent us the following Apache log snippet earlier today
108.178.x.x - [11/Mar/2014:04:21:14 +0100] "GET /index.shtml/RK=0/RS=o_wLEbyzxJDMeXhdrhZU9KN7uD4- HTTP/1.0" 302 206
196.196.x.x - [11/Mar/2014:07:43:19 +0100] "GET /index.shtml/RS=^ADAY1N1JxWPFnnOEW3FpVC1g.n4rec- HTTP/1.0" 302 206
88.80.x.x - [11/Mar/2014:15:02:01 +0100] "GET /index.shtml/RS=^ADAw5eOsxy0br6iGm1BZPRs2wtnyAE- HTTP/1.1" 302 206
index.shtml exists on the reader's server, but the RS= / RK= stuff is bogus. The RS= looks like it could be a regular expression for a pattern match of sorts, since it is starting with an anchor "^", but that's guessing. We don't really know. Googling for the pattern shows that this sort of thing has been around for a while, but I didn't find any definite explanation about which software or toolkit these requests are attempting to exploit, if any. If you have information on what this is, please share in the comments below, or via our contact form.
Posted by InfoSec News on Mar 13http://www.infosecnews.org/for-ec-council-mums-the-word/
Posted by InfoSec News on Mar 13http://www.nextgov.com/health/2014/03/75-percent-hospitals-and-clinics-are-worried-about-healthcaregov-hacks/80344/
Posted by InfoSec News on Mar 13http://news.cnet.com/8301-1001_3-57620262-92/google-fixes-7-chrome-security-holes-just-before-cansecwest/
Posted by InfoSec News on Mar 13http://www.ft.com/cms/s/0/f5c87808-a883-11e3-b50f-00144feab7de.html
Posted by InfoSec News on Mar 13http://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/