Week 43 In Review – 2014

Events Related

• Hack.lu 2014 Wrap-Up Day #1 – blog.rootshell.be
  After attending BlackHat last week in Amsterdam, Xavier is now in Luxembourg until Friday to attend the 10th edition of Hack.lu. here is Xavier’s wrap-up for the first day. As usual, the first day started via a first bunch of workshops.
  • Hack.lu 2014 Wrap-Up Day #2 – blog.rootshell.be
    Here is Xavier’s small wrap-up for the second day. There was again some Cisco forensics workshops on the schedule, that’s why he was not able to attend all that day’s talks.
  • Hack.lu 2014 Wrap-Up Day #3 – blog.rootshell.be
    Here’s the daily quick wrap-up for the third day. Xavier attended more talks on that day (no workshops).
• Black Hat Europe – day 1 – www.virusbtn.com
  The 14th edition of Black Hat Europe took place in the RAI Convention Centre, Amsterdam. Programme packed with interesting talks.

Resources

• GrrCON 2014 Videos – irongeek.com
  These are the videos of the presentations from GrrCON 2014. You can watch and download the videos from here.
• Ruxcon Slides – ruxcon.org.au
  These are the presentation slides of all speakers at Ruxcon 2014. You can download the slides from here.
• CSAW CTF 2014 VM – isisblogs.poly.edu
  CSAW-CTF, A competition designed for undergraduate students who are trying to break into cyber security. A few weeks ago the CSAW CTF was run from NYU-Poly and over 2500 teams registered to play.
• Reverse Engineering a Web Application – for fun, behavior & WAF Detection – blog.c22.cc
  In this presentation Rodrigo “Sp0oKeR” Montoro (Sucuri Security) will share some of their research, results and how they have maintained WAF (Web Application Firewall) using very low CPU processes and high detection rates. Presenation is based on WordPress / NGINX, but concepts can be applied to any Wed Application / CMS technologies.
• Symantec Intelligence Report: September 2014 – symantec.com
  Here is the September edition of the Symantec Intelligence report. There were 600 vulnerabilities disclosed in the month of September, the highest number so far in 2014 and second-highest in the last 12 months.

Tools

• RF Analyzer – Explore the frequency spectrum with the HackRF on an Android device – github.com
  This is the repository of the RF Analyzer app for Android. It can be used to view a FFT plot and a waterfall plot of the frequency spectrum received by a HackRF.
• OWTF 1.0 “Lionheart” released! – blog.7-a.org
  OWTF 1.0 “Lionheart” (beta) is the biggest release ever by Abraham Aranguren, this contains many cool projects implemented by many , so, in no particular order, here is a quick overview of the new major features!

Vendor/Software patches

• Watch That Windows Update: FTDI Drivers Are Killing Fake Chips – hackaday.com
  The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system.
  • Windows Update drivers bricking USB serial chips beloved of hardware hackers -arstechnica.com
    Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux.
  • FTDI Screws Up, Backs Down -hackaday.com
    A few days ago hackaday learned chip maker FTDI was doing some rather shady things with a new driver released on Windows Update. Microsoft has since released a statement and rolled back two versions of the FTDI driver to prevent counterfeit chips from being bricked.

Vulnerabilities

• PSA: don’t run ‘strings’ on untrusted files (CVE-2014-8485) – lcamtuf.blogspot.com
  Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout – something that is very unlikely to put you at any risk.
• R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities – community.rapid7.com
  Rapid7 Labs started scanning the public Internet for NAT-PMP as part of Project Sonar. NAT-PMP is a protocol implemented by many SOHO-class routers and networking devices that allows firewall and routing rules to be manipulated to enable internal, assumed trusted users behind a NAT device to allow external users to access internal TCP and UDP services for things like Apple’s Back to My Mac and file/media sharing services.
• POODLE Unleashed: Understanding the SSL 3.0 Vulnerability – community.rapid7.com
  Three researchers from Google have published findings about a vulnerability in SSL 3.0, a cryptographic protocol designed to provide secure communication over the internet. Successful exploitation of this vulnerability can result in an attacker exposing data encrypted between an SSL 3.0 compatible client and a SSL 3.0 compatible server.
  • POODLE: Turning off SSLv3 for various servers and client. -isc.sans.edu
    Before you start: While adjusting your SSL configuration, you should also check for various other SSL related configuration options. Here are some configuration directives to turn off SSLv3 support on servers.
  • OpenSSL Releases OpenSSL 1.0.1j, 1.0.0o and 0.9.8zc -isc.sans.edu
    This update to the OpenSSL Library addresses 4 vulnerabilities. One of these is the “POODLE” vulnerability announced last week.
  • POODLE: Padding Oracle On Downgraded Legacy Encryption -labs.portcullis.co.uk
    Last week, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566. The summary is, essentially, that SSLv3 uses a MAC-then-encrypt construction, which doesn’t authenticate the padding as it is applied on the plaintext message before padding or encryption are applied.

Other News

• NSA-Approved Samsung Knox Stores PIN in Cleartext – threatpost.com
  A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency.