Week 51 In Review – 2013

Events Related

  • CCC, 100-gbps, and your own private Shodan – blog.erratasec.com
    One of the oldest/biggest “hacker” conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet.

Resources

  • Quick Joomla Refresher – blog.spiderlabs.com
    In this blog post David Kirkpatrick mention some of the tools he used to check the security of a particular Joomla installation and comment upon their effectiveness.
  • The DNS Census 2013 – dnscensus2013.neocities.org
    The DNS Census 2013 is an attempt to provide a public dataset of registered domains and DNS records. The dataset contains about 2.5 billion DNS records gathered in the years 2012-2013.
  • Symantec Intelligence Report: November 2013 – www.symantec.com
    Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. You can download your copy here.

Tools

  • evasi0n7 – iOS 7.x Jailbreak – evasi0n.com
    evasi0n7 is a production of evad3rs. Compatible with all iPhone, iPod touch, iPad and iPad mini models running iOS 7.0 through 7.0.4.
  • WinAppDbg 1.5 is out! – breakingcode.wordpress.com
    The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. Download links are available here.
  • Crash – labs.portcullis.co.uk
    The crash tool is a similar tool than the crash.exe tool from FileFuzz but for OS X. The purpose of this tool is to catch crashes from OS X applications and print debugging information such as registers, disassembled code and a memory dump of the stack.
  • Capstone – capstone-engine.org
    Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

    • Capstone – github.com
      Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Techniques

  • FLYING PIG: GCHQ’s TLS/SSL knowledge base – koen.io
    Documents from the ICTR-NE organization at the GCHQ show that it operates a program under the name FLYING PIG that provides analysts with information about secure communications over TLS/SSL. In this article, Koen Rouwhorst described the program on the basis of some actual screen captures of its interface.
  • OpenIOC Series: Investigating with Indicators of
    Compromise (IOCs) – Part I
     – mandiant.com
    The Back to Basics: OpenIOC blog series previously discussed how Indicators of Compromise (IOCs) can be used to codify information about malware or utilities and describe an attacker’s methodology. This blog post will focus on writing IOCs by providing a common investigation scenario, following along with an incident response team as they investigate a compromise and assemble IOCs.

Vendor/Software patches

Vulnerabilities

  • New attack steals e-mail decryption keys by capturing computer sounds – arstechnica.com
    Computer scientists have devised an attack that reliably extracts secret cryptographic keys by capturing the high-pitched sounds coming from a computer while it displays an encrypted message. Scientists use smartphone to extract secret key of nearby PC running PGP app.
  • Severe Office 365 Token Disclosure Vulnerability – Research and Analysis – adallom.com
    The vulnerability that Adallom labs researched here and the security incident that used it is a bona fide Perfect Crime; a crime where the victim doesn’t know that he’s been hit; a crime where there’s no proof of any foul play anywhere; a crime where protecting yourself against it without being familiar with its modus operandi is next to impossible.

Other News

  • Exclusive: Secret contract tied NSA and security industry pioneer – www.reuters.com
    As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Leave A Comment