Tag GPS

InfoSec Week 45, 2017

Researchers exploited antivirus software quarantine mechanism to gain privileges by manipulating the restore process from the virus quarantine. By abusing NTFS directory junctions, the AV quarantine restore process can be manipulated, so that previously quarantined files can be written to arbitrary file system locations.
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

Wikileaks released source code of leaked CIA hacking tools and it indicates that the CIA used fake certificates attributed to Kaspersky Labs for signing their malware.
https://wikileaks.org/vault8/
https://twitter.com/i/web/status/928669548210991104

A security researcher has discovered factory application in OnePlus devices. It can be used to gain root privileges, dump photos, collect WiFi & GPS information.
https://www.bleepingcomputer.com/news/security/second-oneplus-factory-app-discovered-this-one-dumps-photos-wifi-and-gps-logs/
https://github.com/sirmordred/AngelaRoot

There was a vulnerability in CouchDB caused by a discrepancy between the database’s native JSON parser and the Javascript JSON parser used during document validation. Because CouchDB databases are meant to be exposed directly to the internet, this enabled privilege escalation, and ultimately remote code execution, on a large number of installations.
https://justi.cz/security/2017/11/14/couchdb-rce-npm.html

Researchers from the Princeton university have been studying third-party trackers that record sensitive personal data that users type into websites, and the results are not good.
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/

iPhone X's Face ID facial recognition security mechanism system was circumvented by Vietnam experts using a 3D mask.
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure

Security researcher Maxim Goryachy reports being able to execute unsigned code on computers running the Intel Management Engine through USB.
https://twitter.com/h0t_max/status/928269320064450560

Deep dive into the Facebook sextorcism scheme using fake young girls profiles by the guys from Marseille.
http://ici.radio-canada.ca/special/sextorsion/en/index.html

Long read about how the security breaches by the Shadow Brokers damaged the US National Security Agency.
https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html

Analysis of a low cost Chinese GSM listening and location device hidden inside the plug of a standard USB data/charging cable.
https://ha.cking.ch/s8_data_line_locator/

Privacy Pass is a browser extension for Chrome and Firefox, which uses privacy-preserving cryptography to allow users to authenticate to the services without compromising their anonymity. It uses blind signature schemes.
https://privacypass.github.io

InfoSec Week 44, 2017

There are at least 14 newly discovered vulnerabilities in the Linux kernel USB subsystem. The vulnerabilities were found by the Google syzkaller kernel fuzzer. According to the researchers, all of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine.
http://www.openwall.com/lists/oss-security/2017/11/06/8

Mozilla will remove root certificate of the Staat der Nederlanden (State of the Netherlands) Certificate Authority from Firefox browser if the Dutch government vote a new law that grants local authorities the power to intercept Internet communication using "false keys".
https://www.bleepingcomputer.com/news/security/mozilla-wants-to-distrust-dutch-https-provider-because-of-local-dystopian-law/

Bug hunter Scott Bauer has published an in depth analysis of the Android remotely exploitable bug in the blog post named "Please Stop Naming Vulnerabilities: Exploring 6 Previously Unknown Remote Kernel Bugs Affecting Android Phones".
https://pleasestopnamingvulnerabilities.com/

Some web pages use textfield with the CSS "asterix" trick instead of the password field so they can bypass browser security warning when password field is on an unencrypted web page. Nonsense.
https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/

More than 54 thousand have the same pair of 512-bit RSA keys as their DNS Zone Signing Keys.
https://lists.dns-oarc.net/pipermail/dns-operations/2017-October/016878.html

Good blog from the ElcomSoft about the history and current possibilities in the iOS and iCloud forensics.
https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/

The Norwegian National Communications Authority reported GPS signal jamming activity in the Finnmark region near the Russian border.
https://twitter.com/aallan/status/926553232591159296/photo/1
https://rntfnd.org/wp-content/uploads/Norway-Comms-Auth-Report-GPS-Jamming-Sept-2017.pdf

Mac and Linux versions of the Tor anonymity software contained a flaw that can leak users real IP addresses.
https://blog.torproject.org/tor-browser-709-released

Software and HDL code for the PCILeech FPGA based devices that can be used for the Direct Memory Access (DMA) attack and forensics is now available on a GitHub. The FPGA based hardware provides full access to 64-bit memory space without having to rely on a kernel module running on the target system.
https://github.com/ufrisk/pcileech-fpga