Tag OpenSSL

InfoSec Week 37, 2018

Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/

Zerodium exploit acquisition program published a serious Tor Browser 7.x vulnerability leading to a full bypass of Tor / NoScript 'Safest' security level which is supposed to block all javascript.
This kind of bug is an law enforcement dream.
https://twitter.com/Zerodium/status/1039127214602641409

Very interesting read from Troy Hunt on the effectiveness of negative media coverage and shaming of bad security.
https://www.troyhunt.com/the-effectiveness-of-publicly-shaming-bad-security/

Researchers say that the developers of Adware Doctor, the fourth highest ranking paid app in the Mac App Store, have found a way to bypass Apple restrictions and sends the browsing history of its users to a server in China. Apple already removed the application from the Mac Store.
https://objective-see.com/blog/blog_0x37.html

Apple has also removed most of the popular security applications offered by cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.
https://www.bleepingcomputer.com/news/security/trend-micro-apps-leak-user-data-removed-from-mac-app-store/

European Court of Human Rights rules that GCHQ Data collection violates the human rights charter.
https://www.theguardian.com/uk-news/2018/sep/13/gchq-data-collection-violated-human-rights-strasbourg-court-rules

The Iran government, at least since 2016, is is spying on its citizens, Kurdish and Turkish natives, and ISIS supporters, using mobile applications with a malware.
The operation has been named Domestic Kitten.
https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/

Researchers introduced previously overlooked side-channel attack vector called Nemesis that abuses the CPU’s interrupt mechanism to leak microarchitectural instruction timings from enclaved execution environments such as Intel SGX, Sancus, and TrustLite.
https://github.com/jovanbulck/nemesis

India’s controversial Aadhaar identity database software was hacked, ID database compromised.
The vulnerability could allow someone to circumvent security measures in the Aadhaar software, and create new entries.
https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472

Criminals are faking Google Analytics script to steal credential and stay under the radar.
https://gwillem.gitlab.io/2018/09/06/fake-google-analytics-malware/

The OpenSSL team released version 1.1.1. There are a lots of new features like TLS 1.3 support, side-channel hardening, new RNG, SHA3, Ed25519 support.
https://www.openssl.org/blog/blog/2018/09/11/release111/

InfoSec Week 47, 2017

According to the annual State of Open Source Security report, 77% of 433000 analyzed sites use at least one front-end JavaScript library with a known security vulnerability.
https://snyk.io/blog/77-percent-of-sites-still-vulnerable/

The AWS team published blog about the recent improvements to the secure random number generation in Linux 4.14, OpenSSL and libc.
https://aws.amazon.com/blogs/opensource/better-random-number-generation-for-openssl-libc-and-linux-mainline/

Really good introduction to the anonymous communication network design and mix nets in general, published by Least Authority.
https://leastauthority.com/blog/mixnet-intro/

Those guys reverse-engineered the Furby Connect DLC file format and are able to remotely upload their own logos, songs to the device over Bluetooth.
https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect

There is a critical vulnerability in the MacOS High Sierra, anyone can login as root with empty password after clicking on login button several times. For now, it could be mitigated by just changing the root password.
https://krebsonsecurity.com/2017/11/macos-high-sierra-users-change-root-password-now/
https://objective-see.com/blog/blog_0x24.html

Very good investigative journalism about the mysterious NSA contractor which could provided top secret documents to the Shadow Brokers.
https://krebsonsecurity.com/2017/11/who-was-the-nsa-contractor-arrested-for-leaking-the-shadow-brokers-hacking-tools/

Uber paid hackers $100k to delete stolen data on 57 million people and shut up. They have even tried to fake it as an bug bounty payment.
http://blog.trendmicro.com/uber-how-not-to-handle-a-breach/

Someone published remote code execution exploit for the Exim Mail server (CVE-2017-16944) on GitHub. Shodan.io shows more than 400k servers with the vulnerable CHUNKING feature.
https://twitter.com/_miw/status/934872934681804800
https://github.com/LetUsFsck/PoC-Exploit-Mirror