Week 42 In Review – 2014

Events Related

• BlackHat Europe 2014 Wrap-Up Day #1 – blog.rootshell.be
  BlackHat is back in Amsterdam and here is Xavier’s wrap-up for the first day. The day started with the Adi Shamir’s keynote and some crypto.
  • BlackHat Europe 2014 Wrap-Up Day #2 – blog.rootshell.be
    Here is Xavier’s small wrap-up for the second BlackHat day. His first choice was to attend a talk about IPv6.

Resources

• SIM Card Forensics – 0xicf.wordpress.com
  The SIM (subscriber identity module) is a fundamental component of cellular phones. It’s also known as an integrated circuit card (ICC), which is a microcontroller-based access module.
• ruxconbreakpoint slides – ruxconbreakpoint.com
  All of the presentation slides of Breakpoint 2014 are available. You can download from here.
• Index of /hitbsecconf2014kul/materials – conference.hitb.org
  Here are an index of hitbsecconf2014 available. You can download all of the pdf now.
• Worried about the POODLE vulnerability? – tinfoilsecurity.com
  Use tinpoilsecurities quick check to see if your website is vulnerable. Check it out!

Tools

• snapchat-decrypt – github.com
  Python script for decrypting stored images from Snapchat version 5.0.34. Snapchat updated the application after the script was released. No much has changed.
• Badges of BsidesDC – twitter.com
  TessSchrodinger shared some beautifull BsidesDC badges here. Which one you like most?
• Faraday v1.0.4. release – blog.infobytesec.com
  infobytesec are happy to announce Faraday v1.0.4. After three months of heavy development they finally are releasing the newest version!

Vulnerabilities

• iHype discovers zero-day CVE-2014-8==D, or “TrouserSnake” – sites.google.com
  Zero-day impacting all versions of computer, used in opportunistic “flash” attacks often taking place after work hours, and exploiting the gullibility of corporate employees, leaving many exposed.
• Sandworm APT Team Found Using Windows Zero Day Vulnerability – threatpost.com
  A cyberespionage team, possibly based in Russia, has been using a Windows zero day vulnerability to target a variety of organizations in several countries, including the United States, Poland, Ukraine and western Europe. The vulnerability, which was patched already by Microsoft, is trivially exploitable.
  • CVE-2014-4114 in a picture – twitter.com
    Here Markloman shared the picture of CVE-2014-4114 on twitter. See how it looks like.
• Hackers hold 7 million Dropbox passwords ransom – cnet.com
  Hackers are threatening a major breach in Dropbox security, claiming to have stolen the login details of almost 7 million users, and promising to release more password details if they’re paid a Bitcoin ransom. Dropbox has updated its most recent statement, acknowledging the release of more passwords but denying their validity.
• Two Limited, Targeted Attacks; Two New Zero-Days – fireeye.com
  The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks against some major corporations. Both zero-days exploit the Windows Kernel, with Microsoft assigning CVE-2014-4148 and CVE-2014-4113 to and addressing the vulnerabilities in their October 2014 Security Bulletin.
• This POODLE bites: exploiting the SSL 3.0 fallback – googleonlinesecurity.blogspot.com
  Google security team published the details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
  • Dancing Poodles – csoandy.com
    An attack affectionately known as “POODLE” (Padding Oracle On Downgraded Legacy Encryption), should put a stake in the heart of SSL, and move the world forward to TLS. There are two interesting vulnerabilities: POODLE, and the SSL/TLS versioning fallback mechanism.
  • Dreaded SSLv3 bug no monster, only a POODLE – csoonline.com
    Google’s Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker on the network.
  • Some POODLE notes – blog.erratasec.com
    Heartbleed and Shellshock allowed hacks against servers (meaning websites and such). POODLE allows hacking clients (your webbrowser and such).
  • POODLE – An SSL 3.0 Vulnerability (CVE-2014-3566) – ecurityblog.redhat.com
    Red Hat Product Security has been made aware of a vulnerability in the SSL 3.0 protocol, which has been assigned CVE-2014-3566. To mitigate this vulnerability, it is recommended that you explicitly disable SSL 3.0 in favor of TLS 1.1 or later in all affected packages.
  • SSL 3 is dead, killed by the POODLE attack – blog.ivanristic.com
    The vulnerability is very similar to the 2011 BEAST exploit. In order to successfully exploit POODLE the attacker must be able to inject malicious JavaScript into the victim’s browser and also be able to observe and manipulate encrypted network traffic on the wire.
  • There Is a New Security Vulnerability Named POODLE, and It Is Not Cute – wired.com
    POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server.