Information Security News
How Obama's Hacking Laws Could Make You a Criminal
Computer-security researchers fear President Barack Obama's proposed changes to federal hacking laws could put them out of business, could make computers less secure overall, and could put some of them — and maybe even you — in prison. "Under the ...
by Sean Gallagher
Just over a year ago, Jacob Appelbaum and Der Spiegel revealed pages from the National Security Agency's ANT catalog, a sort of "wish book" for spies that listed technology that could be used to exploit the computer and network hardware of targets for espionage. One of those tools was a USB cable with embedded hardware called Cottonmouth-I—a cable that can turn the computer's USB connections into a remote wiretap or even a remote control.
Cottonmouth-I is the sort of man-in-the-middle attack that hackers dream of. Built into keyboard or accessory cables, it allows an attacker to implant and communicate with malware even on a computer that's "airgapped"—completely off a network. And its hardware all fit neatly into a USB plug. Because of the sophistication of the hardware, the advertised price for Cottonmouth-I was over $1 million per lot of 50—meaning each single device cost $20,000.
But soon, you'll be able to make one in your basement for less than $20 in parts, plus a little bit of solder. At Shmoocon in Washington, DC, this past weekend, Michael Ossman, a wireless security researcher and founder of Great Scott Gadgets, and a contributor to the NSA Playset–a set of projects seeking to duplicate in open source the capabilities in the NSA's toolbox, showed off his progress on TURNIPSCHOOL, a man-in-the-middle USB cable project under development that fits a USB hub-on-a-chip and a microprocessor with a built-in radio onto a circuit board that fits into a molded USB plug.
by Dan Goodin
An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.
US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008. The dongle tracks users' driving to help determine if they qualify for lower rates. According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.
"Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.
2014 in infosec: Spammers sneak small botnets under the wire, Java is dull
Cisco's annual report on the state of global cybersecurity claims spammers just won't die and are using new tactics to avoid detection by filters; malware programmers are abandoning exploiting Java; and there's a possible silver cloud in the Sony ...
Official releases for the League of Legends and Path of Exile online games were found laced with a nasty trojan after attackers compromised an Internet platform provider that distributed them to users in Asia.
The compromise of consumer Internet platform Garena allowed the attackers to attach malicious software components to the official installation files for the two games, according to a blog post published Monday by antivirus provider Trend Micro. In addition to the legitimate game launcher, the compromised executable file also included a dropper that installed a remote access tool known as PlugX and a cleaner file that overwrote the infected file after it ran.
According to Trend Micro, the attackers took care to conceal their malware campaign, an effort that may have made it hard for victims to know they were infected. The cleaner file most likely was included to remove evidence that would tip users off to a compromise or the origin of the attack. The cryptographic hash that was included with the tampered game files was valid, so even people who took care to verify the authenticity of the game installer would have no reason to think it was malicious, Trend Micro researchers said. The researchers linked to this December 31 post from Garena. Translated into English, one passage stated: "computers and patch servers were infected with trojans. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected."
How to Safely Test Software Without Messing Up Your System
Before you install something awful, give yourself an infosec education. Here are the best tools to protect yourself out there when you're experimenting with new programs. Unless you have spare computers lying around, you need to protect your system ...
We often tend to ignore privilege escalation flaws. In order to take advantage of these vulnerabilities, an attacker first needs to have access to the system itself. But in particular for systems that many users have access to, it can be difficult to monitor them all for compromised credentials. Systems with web servers often suffer from web application flaws that can be used to execute code as the web server, which then can be used to gain root access via a privilege escalation flaw.
From a defensive point of view, the problem with privilege escalation flaws is that there are so many of them, and they are not limited to bugs that can be patched. Frequently configuration mistakes can give rise to privilege escalation flaws. Auditing your system for these problems should be done regularly to avoid privilege escalation flaws.
For example, a user may create a cron job, and then have root execute the cron job, but the file remains writable by the user. Someone gaining access to the system as this user could now easily escalate privilegesby modifying the script.
Luckily, there are a number of scripts that make it easier for us to find these problems:
unix-privesc-check: Very comprehensive script that works on many Unix flavors, not just Linux. Read the ToDo section at the beginning as it lists other areas that should be checked. The output is send to stdout, and you better pipe it to a file as it is very verbose even in default mode.
LinEnum: A more limited script as far as privilege escaltion goes, but it does summarize other configuration options nicely.
linuxprivchecker: Similar to LinEnum in that it summarizes system configuration information, not just privilege escalation issues.
And if you prefer to take a more manual approach, or if you need to verify some of the results produced by the scripts, check this very nice cheat sheet:
Any tools I missed? Please let me know!
Posted by InfoSec News on Jan 20http://www.infosecnews.org/jimmy-kimmel-asks-what-is-your-password/
Posted by InfoSec News on Jan 20http://techcrunch.com/2015/01/19/microsoft-outlook-hacked-in-china-new-report-finds/
Posted by InfoSec News on Jan 20http://www.wired.com/2015/01/why-i-hope-congress-never-watches-blackhat/
Posted by InfoSec News on Jan 20http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html
Posted by InfoSec News on Jan 20http://www.politico.com/story/2015/01/cyber-warfare-capitol-114383.html
Posted by InfoSec News on Jan 20http://www.defenseone.com/technology/2015/01/us-uk-establish-joint-hacker-team-conduct-cyber-war-games/103170/
Posted by InfoSec News on Jan 20http://arstechnica.com/security/2015/01/a-hacked-ddos-on-demand-site-offers-a-look-into-mind-of-booter-users/