Week 46 In Review

Events Related

• Source Barcelona 2011 Wrap-up – blog.rootshell.be
  After a smooth flight to Barcelona, I arrived on Tuesday evening just in time to take part to the speakers party at the apartments reserved for the conference. That’s something really unique (from what I know) to SOURCE: speakers, crew and some participants are sharing a bunch of apartments instead of hotel rooms. That’s a unique way to meet old and new friends and to continue discussions about security topics once the talks are over.

Resources

• The DeepSec Files
  Various resources from the event.
• How To Rob An Online Bank (And Get Away With It) – blog.c22.cc
• Ground BeEF: Cutting, Devouring, and Digesting The Legs Off A Browser – blog.c22.cc
• Your Crown Jewels Online: Further Attacks To SAP Web Applications – blog.c22.cc
• Reassemble or GTFO! – IDF Evasion Strategies – blog.c22.cc
• Intelligent Bluetooth Fuzzing – Why bother? – blog.c22.cc
• Windows Pwn 7 OEM – Owned Every Mobile? – blog.c22.cc
• SMS Fuzzing – SIM Toolkit Attack – blog.c22.cc
• Extending Scapy by a GSM Air Interface and Validating the Implementation Using Novel Attacks – blog.c22.cc
• List of Freely Available Programming Books – stackoverflow.com
  I’m trying to amass a list of programming books that are freely available on the Internet. The books can be about a particular programming language or about computers in general.

Techniques

•  Shell Script: Parse Juniper Firewall Logs – h-i-r.net
  Juniper firewalls (at least the ScreenOS-based one I have in the lab) have an interesting format for their syslog entries. It’s a whole line full of variable=parameter type stuff. Usually, these are in a pretty predictable order, but you can’t rely on the nth parameter to be the same in every log entry just due to the fact that different types of traffic have different parameters.

Vendor/Software Patches

• Apple Fixes Man-in-the-middle Security Hole – zdnet.com
  Apple today shipped an iTunes update to fix a serious security hole that could allow man-in-the-middle hacking attacks.
• Wireshark 1.6.4 Released – wireshark.org
  Wireshark 1.6.4 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

Vulnerabilities

• Android 4.0 Face Recognition Flawed – h-online.com
  The face recognition unlock feature in Google’s Android 4.0 “Ice Cream Sandwich” mobile operating system has been bypassed by a simple photo trick. A blogger recently demonstrated how easy it was to unlock the device.
• Man vs. ROP – Overcoming Adversity One Gadget At Time – exploit-monday.com
  I recently discovered a rather simple stack-based buffer overflow in a legacy application that shall remain unnamed. With DEP disabled, exploiting the vulnerability was trivial. It’s no longer 1999, however. If you want to write any exploit these days you have to at least be proficient in return-oriented programming techniques to bypass data execution prevention.
• Security Researcher Gets Root On Windows 8 With Bootkit – arstechnica.com
  At the upcoming MalCon security conference in Mumbai, Austrian independent developer and security analyst Peter Kleissner is scheduled to release the first known “bootkit” for Windows 8—an exploit that is able to load from a hard drive’s master boot record and reside in memory all the way through the startup of the operating system, providing root access to the system.

Other News

• Charlie Miller vs. Apple
  Last week, prominent researcher Charlie Miller and Apple had a falling out. After Miller publicly disclosed a flaw in Apple’s App Store, Apple punished him by revoking his app developer’s license.
• Charlie Miller’s Punishment By Apple Tests A Complex Relationship – huffingtonpost.com
• The Engadget Interview: Dr. Charlie Miller – engadget.com
• Duqu Authors Sprinkle Humor In Dangerous Code – techworld.com.au
  For all of the concern around Duqu, the most discussed piece of malicious software since Stuxnet, the latest analysis of its code shows its writers have a sense of humor. Wrapped in the code used to infect computers is an “Easter egg,” or a hidden message. Easter eggs have long been inserted in computer code, often seen only by those who enjoy browsing computer code.
• US Satellites Compromised By Malicious Cyber Security – abcnews.go.com
  The incidents involved two Earth observation satellites. While it may be difficult to trace who hacked the satellites, U.S. officials acknowledged the incidents had to come from a nation power.
• Hacker Schools University In Grade Change Caper – wired.com
  A hacker apparently broke into the computer system of Santa Clara University to change the grades of more than 60 current and former students, the California school announced on Monday.
• F-Secure Finds Rare Digitally Designed Malware – news.cnet.com
  Researchers at F-Secure have uncovered a rarity–malware that is signed with a valid code-signing certificate stolen from a government.
• Removing Your Wi-Fi Network From Google’s Map – news.cnet.com
  The Mountain View, Calif.-based company late today announced a way for the owners of Wi-Fi networks to be removed from Google’s crowdsourced geolocation database, which it reworked this summer after CNET drew attention to privacy concerns.
• GAO Blasts IRS Over Information Security Weakness – securityweek.com
  In a report issued to the Secretary of the Treasury last week, the GAO said that the IRS had met just 15 percent of the 105 previously reported recommendations where information security is concerned. Taking a blunt approach, the GAO said that the IRS “lacks reasonable assurance as to the accuracy of financial information or the adequate protection of sensitive taxpayer information.”
• DOJ: Lying on Match.com needs to be a crime – news.cnet.com
  In a statement obtained by CNET that’s scheduled to be delivered tomorrow, the Justice Department argues that it must be able to prosecute violations of Web sites’ often-ignored, always-unintelligible “terms of service” policies.
• Security Risk Intelligence Company Rapid7 Raises $50 Million – techcrunch.com
  Rapid7 provides the enterprise with an offering that identifies any security risks in a company’s IT infrastructure, and prioritize their remediation based on the probability of an attack. Nexpose, the company’s flagship product, scans for security risks across entire IT environments, including Web, network, applications and databases.
• Full Disk Encryption Is Too Good, Says Intelligence Agency – extremetech.com
  It turns out that real federal intelligence agencies, like the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks — and according to a new research paper, this is a serious risk to national security.