Events Related

  • Source Barcelona 2011 Wrap-up – blog.rootshell.be
    After a smooth flight to Barcelona, I arrived on Tuesday evening just in time to take part to the speakers party at the apartments reserved for the conference. That’s something really unique (from what I know) to SOURCE: speakers, crew and some participants are sharing a bunch of apartments instead of hotel rooms. That’s a unique way to meet old and new friends and to continue discussions about security topics once the talks are over.

Resources

Techniques

  •  Shell Script: Parse Juniper Firewall Logs – h-i-r.net
    Juniper firewalls (at least the ScreenOS-based one I have in the lab) have an interesting format for their syslog entries. It’s a whole line full of variable=parameter type stuff. Usually, these are in a pretty predictable order, but you can’t rely on the nth parameter to be the same in every log entry just due to the fact that different types of traffic have different parameters.

Vendor/Software Patches

  • Apple Fixes Man-in-the-middle Security Hole – zdnet.com
    Apple today shipped an iTunes update to fix a serious security hole that could allow man-in-the-middle hacking attacks.
  • Wireshark 1.6.4 Released – wireshark.org
    Wireshark 1.6.4 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

Vulnerabilities

  • Android 4.0 Face Recognition Flawed – h-online.com
    The face recognition unlock feature in Google’s Android 4.0 “Ice Cream Sandwich” mobile operating system has been bypassed by a simple photo trick. A blogger recently demonstrated how easy it was to unlock the device.
  • Man vs. ROP – Overcoming Adversity One Gadget At Time – exploit-monday.com
    I recently discovered a rather simple stack-based buffer overflow in a legacy application that shall remain unnamed. With DEP disabled, exploiting the vulnerability was trivial. It’s no longer 1999, however. If you want to write any exploit these days you have to at least be proficient in return-oriented programming techniques to bypass data execution prevention.
  • Security Researcher Gets Root On Windows 8 With Bootkit – arstechnica.com
    At the upcoming MalCon security conference in Mumbai, Austrian independent developer and security analyst Peter Kleissner is scheduled to release the first known “bootkit” for Windows 8—an exploit that is able to load from a hard drive’s master boot record and reside in memory all the way through the startup of the operating system, providing root access to the system.

Other News

  • Charlie Miller vs. Apple
    Last week, prominent researcher Charlie Miller and Apple had a falling out. After Miller publicly disclosed a flaw in Apple’s App Store, Apple punished him by revoking his app developer’s license.
  • Duqu Authors Sprinkle Humor In Dangerous Code – techworld.com.au
    For all of the concern around Duqu, the most discussed piece of malicious software since Stuxnet, the latest analysis of its code shows its writers have a sense of humor. Wrapped in the code used to infect computers is an “Easter egg,” or a hidden message. Easter eggs have long been inserted in computer code, often seen only by those who enjoy browsing computer code.
  • US Satellites Compromised By Malicious Cyber Security – abcnews.go.com
    The incidents involved two Earth observation satellites. While it may be difficult to trace who hacked the satellites, U.S. officials acknowledged the incidents had to come from a nation power.
  • Hacker Schools University In Grade Change Caper – wired.com
    A hacker apparently broke into the computer system of Santa Clara University to change the grades of more than 60 current and former students, the California school announced on Monday.
  • F-Secure Finds Rare Digitally Designed Malware – news.cnet.com
    Researchers at F-Secure have uncovered a rarity–malware that is signed with a valid code-signing certificate stolen from a government.
  • Removing Your Wi-Fi Network From Google’s Map – news.cnet.com
    The Mountain View, Calif.-based company late today announced a way for the owners of Wi-Fi networks to be removed from Google’s crowdsourced geolocation database, which it reworked this summer after CNET drew attention to privacy concerns.
  • GAO Blasts IRS Over Information Security Weakness – securityweek.com
    In a report issued to the Secretary of the Treasury last week, the GAO said that the IRS had met just 15 percent of the 105 previously reported recommendations where information security is concerned. Taking a blunt approach, the GAO said that the IRS “lacks reasonable assurance as to the accuracy of financial information or the adequate protection of sensitive taxpayer information.”
  • DOJ: Lying on Match.com needs to be a crime – news.cnet.com
    In a statement obtained by CNET that’s scheduled to be delivered tomorrow, the Justice Department argues that it must be able to prosecute violations of Web sites’ often-ignored, always-unintelligible “terms of service” policies.
  • Security Risk Intelligence Company Rapid7 Raises $50 Million - techcrunch.com
    Rapid7 provides the enterprise with an offering that identifies any security risks in a company’s IT infrastructure, and prioritize their remediation based on the probability of an attack. Nexpose, the company’s flagship product, scans for security risks across entire IT environments, including Web, network, applications and databases.
  • Full Disk Encryption Is Too Good, Says Intelligence Agency – extremetech.com
    It turns out that real federal intelligence agencies, like the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks — and according to a new research paper, this is a serious risk to national security.