Week 17 in Review – 2013

Event Related

• Notacon 10 (2013) Videos – irongeek.com
  These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, Bunsen, Fry Steve and myself (at least that is who it was last year, if you got he names for 2013 let me know).
• AIDE 2013 – irongeek.com
  Recorded at AIDE 2013. Big thanks to Bill Gardner (@oncee) for having me out to record.
• Serial Offenders: Widespread Flaws in Serial Port Servers – community.rapid7.com
  At the InfoSec Southwest 2013 conference I gave a presentation on serial port servers. This presentation was drawn from research that tried to determine how prevalent and exposed internet-connected serial port servers are.
• BSidesLondon 2013 Wrap-Up – blog.rootshell.be
  The first presentation I attended was “Pentesting like a Grandmaster” by Abraham Aranguren. The talk was split in two parts. FIrst, Abraham started with an interesting comparison: “Pentesting == a chess game“.

Resources

• TrueType Font (TTF) Fuzzing and Vulnerability
  [Infiltrate2013] – f13-labs.net
  Different types of font are available within Windows Operating system, for instance: TrueType font (.ttf), Bitmap font (.fon), OpenType PostScript font (.otf) and etc
• At long last – the 2013 DBIR is out! – securityblog.verizonbusiness.com
  Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage.
• ioerror/duraconf – github.com
  What you find here are recommended configurations, you should seriously consider using these, but you have to make
  some choices.

Tools

• Pip3line – the Swiss army knife of byte manipulation – nccgroup.com
  What is Pip3line? It’s a raw bytes manipulation utility, able to apply well known and less well known transformations from anywhere to anywhere (almost).
• Basic Packers: Easy As Pie – SpiderLabs Anterior – spiderlabs.com
  In essence, packers are tools that are used to compress a PE file. This primarily allows the person running the tool to reduce the size of the file. As an added benefit, since the file is compressed, it will also typically thwart many reverse engineers from analyzing the code statically (without running it).

Techniques

• Adventures in IOSland Analyzing IOS Apps – securepla.net
  So I’ve been spending a lot of time reversing IOS apps and trying to secure them. In my hunt for bugs, I’ve used your standard set of tools and processes on a jail-broken iPhone.
• Implementing PSLoggedOn in Metasploit (+ a bonus history module) – sensepost.com
  After some trial and error, we now present enum_domain_user.rb a simple Metasploit post exploit module capable of finding network sessions for a specific user.
• Facebook Privacy: CyberSecurity 101 – veracode.com
  While Facebook grants its users lots of control over their privacy settings, keeping up with the latest privacy controls can be difficult.
• Smeege Sec: WSDL Wizard: Burp Suite Plugin for Detecting and Discovering WSDL Files – smeegesec.com
  WSDL (Web Service Description Language) files often provide a unique and clear insight into web application functionality.
• SMB Relay Demystified and NTLMv2 Pwnage with Python – pen-testing.sans.org
  The SMB Relay attack is one of those awesome tactics that really helps penetration testers demonstrate significant risk in a target organization; it is reliable, effective, and almost always works.
• Abusing Safari’s webarchive file format – community.rapid7.com
  Safari’s webarchive format saves all the resources in a web page – images, scripts, stylesheets – into a single file. A flaw exists in the security model behind webarchives that allows us to execute script in the context of any domain (a Universal Cross-site Scripting bug).
• Eavesdropping on a wireless keyboard – windytan.blogspot.fr
  Some time ago, I needed to find a new wireless keyboard. With the level of digital paranoia that I have, my main priority was security. But is eavesdropping a justifiable concern? How insecure would it actually be to type your passwords using an older type of wireless keyboard?

Vendor/Software Patches

• K.I.A. – Java CVE 2013-2423 Via New and Improved Cool EK – invincea.com
  Java continues to be the most significant vulnerability being exploited on individual machines and enterprise networks today.

Vulnerabilities

• Microsoft’s Security Intelligence Report (SIRv14) released – isc.sans.edu
  This past Thursday (17 APR) Microsoft released volume 14 of its Security Intelligence Report (SIRv14) which includes new threat intelligence from over a billion systems worldwide.
• Researcher’s Serial Port Scans Find More Than 100,000 Hackable Devices, Including Traffic Lights And Fuel Pumps – forbes.com
  You probably remember serial ports as the ancient nine-pin plugs you once used to hook up your mouse or joystick to your computer in the pre-USB dark ages.
• Update WP Super Cache and W3TC Immediately Remote Code Execution Vulnerability Disclosed – blog.sucuri.net
  Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution.
• Mailbox iOS App is a Security Fail – subhb.org
  After posting this on HackerNews some developers / users feel my hypothesis is wrong and one can not repeat the steps below without having physical access to an user’s phone or locked devices.
• Here’s a Good Reason to Encrypt Your Data – wired.com
  There’s many reasons to password-protect — or encrypt — one’s digital data. Foremost among them is to protect it during a security breach.

Other News

• Living Social
  • LivingSocial Hacked More Than 50 Million Accounts Compromised – blog.sucuri.net
    Just as we were thinking we were going to avoid any major enterprise compromises this week, LivingSocial announces that it has been compromised and some 50 million accounts have been compromised.
  • LivingSocial Hacked — More Than 50 Million Customers Impacted – allthingsd.com
    LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive cyber attack on its computer systems, which an email from CEO Tim O’Shaughnessy — just sent to employees and obtained by AllThingsD.com — said resulted in “unauthorized access to some customer data from our servers.”
  • A look into the LivingSocial Hack – blog.imperva.com
    Earlier today, the New York Times has published an article following the recent hack of LivingSocial. the Washington based company had issued a letter to its employees, citing that 50 million customer records were compromised, the information contained personal information such as names, emails, addresses and birthdates as well as encrypted passwords.
• AP Twitter Hack Preceded By A Phishing Attempt, News Org Says – techcrunch.com
  The AP Twitter hack which sent the stock market briefly crashing was caused by a phishing attack, according to the AP.