Week 51 In Review – 2013

Events Related

• CCC, 100-gbps, and your own private Shodan – blog.erratasec.com
  One of the oldest/biggest “hacker” conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet.

Resources

• Quick Joomla Refresher – blog.spiderlabs.com
  In this blog post David Kirkpatrick mention some of the tools he used to check the security of a particular Joomla installation and comment upon their effectiveness.
• The DNS Census 2013 – dnscensus2013.neocities.org
  The DNS Census 2013 is an attempt to provide a public dataset of registered domains and DNS records. The dataset contains about 2.5 billion DNS records gathered in the years 2012-2013.
• Symantec Intelligence Report: November 2013 – www.symantec.com
  Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. You can download your copy here.

Tools

• evasi0n7 – iOS 7.x Jailbreak – evasi0n.com
  evasi0n7 is a production of evad3rs. Compatible with all iPhone, iPod touch, iPad and iPad mini models running iOS 7.0 through 7.0.4.
• WinAppDbg 1.5 is out! – breakingcode.wordpress.com
  The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. Download links are available here.
• Crash – labs.portcullis.co.uk
  The crash tool is a similar tool than the crash.exe tool from FileFuzz but for OS X. The purpose of this tool is to catch crashes from OS X applications and print debugging information such as registers, disassembled code and a memory dump of the stack.
• Capstone – capstone-engine.org
  Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
  • Capstone – github.com
    Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Techniques

• FLYING PIG: GCHQ’s TLS/SSL knowledge base – koen.io
  Documents from the ICTR-NE organization at the GCHQ show that it operates a program under the name FLYING PIG that provides analysts with information about secure communications over TLS/SSL. In this article, Koen Rouwhorst described the program on the basis of some actual screen captures of its interface.
• OpenIOC Series: Investigating with Indicators of
  Compromise (IOCs) – Part I – mandiant.com
  The Back to Basics: OpenIOC blog series previously discussed how Indicators of Compromise (IOCs) can be used to codify information about malware or utilities and describe an attacker’s methodology. This blog post will focus on writing IOCs by providing a common investigation scenario, following along with an incident response team as they investigate a compromise and assemble IOCs.

Vendor/Software patches

• Microsoft Security Intelligence Report desktop application updated with over 750 pages of data – blogs.technet.com
  Based on all the positive customer feedback that Microsoft received about the SIR app, they are pleased to share that a new version of the SIR app is now available. The app includes over 750 pages of content from the latest SIR, volume 15.

Vulnerabilities

• New attack steals e-mail decryption keys by capturing computer sounds – arstechnica.com
  Computer scientists have devised an attack that reliably extracts secret cryptographic keys by capturing the high-pitched sounds coming from a computer while it displays an encrypted message. Scientists use smartphone to extract secret key of nearby PC running PGP app.
• Severe Office 365 Token Disclosure Vulnerability – Research and Analysis – adallom.com
  The vulnerability that Adallom labs researched here and the security incident that used it is a bona fide Perfect Crime; a crime where the victim doesn’t know that he’s been hit; a crime where there’s no proof of any foul play anywhere; a crime where protecting yourself against it without being familiar with its modus operandi is next to impossible.

Other News

• Exclusive: Secret contract tied NSA and security industry pioneer – www.reuters.com
  As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.