Week 43 In Review – 2015

Events Related

• HouSecCon v6 2015 Videos – www.irongeek.com

• Hack.lu 2015
  Today started the 11th edition of hack.lu in Luxembourg. Being one of my preferred event, I drove to Luxembourg this morning direction to the Alvisse Parc hotel!
  • Hack.lu 2015 Wrap-Up Day #1 – blog.rootshell.be
  • Hack.lu 2015 Wrap-Up Day #2 – blog.rootshell.be
  • Hack.lu 2015 Wrap-Up Day #3 – blog.rootshell.be

• BruCON – www.youtube.com
  Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

Resources

• Index of /archive/2015 – 2015.hack.lu

• October 2015 NTP Security Vulnerability Announcement (Medium) – support.ntp.org
  NTF’s NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4

• Western Digital drives vulnerable: BadUSB, EvilMaid – firmwaresecurity.com
  Most news sites are reporting about bad security in Western Digital hard drives. As presented at Hardware.io the other week, and from the Full Disclosure mailing list from a few days ago.

• BoringSSL – www.imperialviolet.org
  We recently switched Google’s two billion line repository over to BoringSSL, our fork of OpenSSL. This means that BoringSSL is now powering Chromium (on nearly all platforms), Android M and Google’s production services.

• Advanced x86: Introduction to BIOS & SMM – opensecuritytraining.info
  John’s work led to the “BIOS Chronomancy” work (published at both BlackHat and ACM CCS), porting the team’s existing Timing-Based Attestation system from the kernel level down to the BIOS.

• Wadi Fuzzer – www.sensepost.com
  One can see the importance of fuzzing as one of the techniques used to test software security against malformed input leading to crashes and in some cases exploitable bugs.

• lte – github.com
  Presentation about the security features provided by the 3GPP specifications for LTE.

• Hack.lu 2015 Radare2 firmware hacking workshop materials – firmwaresecurity.com
  There was a Radare2 workshop at HACK.LU 2015, which included firmware targets.

Tools

• thc-ipv6 – github.com
  IPv6 attack toolkit

• Win10Pcap-Exploit – github.com
  Exploit Win10Pcap Driver to enable some Privilege in our process token ( local Privilege escalation )

• Xtreme Vulnerable Web Application (XVWA) – github.com
  XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

• Debloat win10 – pastebin.com

• Mobile-Security-Framework-MobSF – github.com
  Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.

Vendor/Software Patches

• Adobe patches Flash Player vulnerability used in Pawn Storm APT campaign – www.symantec.com
  Adobe has issued an emergency patch for a new Flash Player vulnerability (CVE-2015-7645) exploited by attackers behind the Operation Pawn Storm campaign.

• Apple fixes 49 security bugs in iOS 9.1; kills jailbreak – www.zdnet.com
  The company, which released the software on Wednesday for iPhones and iPads, detailed the flaws in its updated security documentation.

Techniques

• Retrospection & Full PCAP Reveal Instances of XcodeGhost Dating Back to April 2015 – www.protectwise.com
  Last month when news broke of XcodeGhost, the iOS malware that infected apps on the Apple App Store, we retrospected our haystack for evidence of this malware across our customers. We quickly discovered that more than half of our customers had affected devices on their networks, with infections dating as far back as April 25th, 2015 (much earlier than reported by several news outlets).

• Pass the hash security templates – rootsecdev.blogspot.com

Vulnerabilities

• X-Ray Scans Expose an Ingenious Chip-and-Pin Card Hack – www.wired.com
  The chip-enabled credit card system long used in Europe, a watered down version of which is rolling out for the first time in America, is meant to create a double check against fraud.In a so-called “chip-and-PIN” system, a would-be thief has to both steal a victim’s chip-enabled card and be able to enter the victim’s PIN.

• Security updates available for Adobe Flash Player – helpx.adobe.com
  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

• Western Digital Encryption Flaws
  Researchers claim one of the more popular brands of so-called “self-encrypting” drives is plagued by serious security vulnerabilities that allow an attacker trivial access to data stored on its products.
  • ‘No Excuses’ As Western Digital Leaves Gaping Crypto Flaws In Hard Drives – www.forbes.com
  • Some Popular ‘Self Encrypting’ Hard Drives Have Really Bad Encryption – motherboard.vice.com

• Oracle slams door on Russian cyberspies who hacked Nato PCs through Java – www.itworld.com
  Oracle has fixed a vulnerability in Java that a Russian cyberespionage group used to launch stealthy attacks earlier this year. At the same time, Oracle fixed 153 other security flaws in Java and a wide range of its other products, it said Tuesday.

• Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access – www.trustwave.com
  Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.

Other News

• Hacking for Security, and Getting Paid for It – bits.blogs.nytimes.com
  Technology companies including Google, Facebook, Dropbox, Microsoft, Yahoo, PayPal and even the electric-car maker Tesla now offer hackers bounties for reporting the flaws they find in the companies’ wares.

• Symantec Intelligence Report: September 2015 – www.symantec.com
  Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.

• Unmasked: What 10 million passwords reveal about the people who choose them – wpengine.com
  A lot is known about passwords. Most are short, simple, and pretty easy to crack. But much less is known about the psychological reasons a person chooses a specific password.

• The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik’s Cube – blogs.microsoft.com
  When people who care about technology look back at the year 2015, they will remember October as the month when the EU-U.S. Safe Harbor collapsed. An international legal agreement that has been in place for 15 years was invalidated in a single day.

• WikiLeaks posts data from CIA director’s email account – www.zdnet.com
  CIA director John Brennan reportedly used his AOL account to store possibly classified — or, at very least, sensitive — materials.

• Congress Is Trying to Ban Car Hacking In Every Possible Form – gizmodo.com
  Today, the House Energy and Commerce Committee began safety hearings with a proposed bill to reform the National Highway Traffic Safety Administration. That bill contains a provision which completely outlaws car owners from hacking their own cars.

• HP Sells Network Security Business TippingPoint To Trend Micro For $300M – techcrunch.com
  On the heels of Dell buying EMC for $67 billion and Western Digital buying SanDisk for $19 billion, HP is selling off its TippingPoint network security business to TrendMicro for $300 million.

• Security researchers face wrath of spy agencies – www.theregister.co.uk
  Researchers tasked with revealing attacks by intelligence agencies are being harassed, locked out of tenders, and in some cases deported, Kaspersky researcher Juan Andrés Guerrero-Saade says.