Week 8 In Review – 2016

Events Related

• BSidesCapeTown 2015 – www.youtube.com

Resources

• Ray Sharp CCTV DVR Password Retrieval & Remote Root – community.rapid7.com
  On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras.

• Comodo: Comodo Internet Security installs and starts a VNC server by default – code.google.com
  When you install Comodo Internet Security, in the default configuration an application called “GeekBuddy” is also installed and added to HKLM\System\CurrentControlSet\Services.

Tools

• CVE-2016-0051 – github.com
  BSoD PoC for CVE-2016-0051 (MS-016)

• smod – github.com
  MODBUS Penetration Testing Framework

Techniques

• Pwning CCTV Cameras – www.pentestpartners.com
  CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR.

• SimpliSafe home security system
  Today we’re releasing information on a critical security vulnerability in a wireless home security system from SimpliSafe. This system consists of two core components, a keypad and a base station.
  • Remotely Disabling a Wireless Burglar Alarm – blog.ioactive.com
  • Low Cost SimpliSafe Attacks – greatscottgadgets.com

• nsa-rules – github.com
  Password cracking rules and masks for hashcat that I generated from cracked passwords.

• GPS hacking (PART 1) – en.wooyun.io
  GPS hacking has alway been a hot topic on security conferences over the past few years. But the contents are over academic and the cost for necessary equipment is too high, which stops many fans from getting started.

Vulnerabilities

• Arbritrary file Upload on AirMax – hackerone.com
  It’s possible to overwrite any file (and create new ones) on AirMax systems, because the “php2” (maybe because of a patch) don’t verify the “filename” value of a POST request.

• IP freely? Your VoIP phone can become a covert spy tool… – www.theregister.co.uk
  VoIP phones running default or weak passwords can be used for secret surveillance, independent security consultant Paul Moore warns.

• Year-old critical Magento flaw still exploited, payment info stolen – www.helpnetsecurity.com
  A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, warns Sucuri researcher Denis Sinegubko.

• Backdoor in MVPower DVR Firmware Sends CCTV Stills to an Email Address in China – news.softpedia.com
  IoT security experts from Pen Test Partners have confirmed the presence of a backdoor in the firmware used by some DVR devices commonly deployed with CCTV surveillance systems.

• Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking – www.csoonline.com
  Hackers can log into DVRs from RaySharp and six other vendors using a six-digit hard-coded root password

• Glibc DNS bug
  Security researchers appear somewhat divided over the extent of the danger posed by a major bug in a shared library used in thousands of Linux-based applications and systems worldwide.
  • Glibc Flaw Affects Thousands Of Linux Apps But How Dangerous Is It? – www.darkreading.com
  • A Skeleton Key of Unknown Strength – dankaminsky.com

• This is Why People Fear the ‘Internet of Things’ – krebsonsecurity.com
  This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide.

• Beware of hacked ISOs if you downloaded Linux Mint on February 20th! – linuxmint.com
  Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Other News

• What It Takes to Master Security (Hint: It’s Not Certs) – blog.opendns.com
  Currently in security jobs are plentiful. LinkedIn connection invites and recruiter calls are as normal as a daily Agile meeting. But those with career foresight know, it’s not enough to be complacent. To become an expert at the top of the field, progression is essential.

• Hacker Summer Camp Planning Guide – systemoverlord.com
  A couple of coworkers who have never been to DEF CON, BSides Las Vegas or Black Hat (collectively, “Hacker Summer Camp”) asked me about planning their first trips, so I decided to collect my tips here. I’m going to be splitting my advice into two parts: this planning guide for travel/scheduling/registration information, and a Hacker Summer Camp survival guide for advice that’s more relevant while you’re at the conferences.