Tag sandbox

InfoSec Week 51, 2018

Google Project Zero published a blog about the FunctionSimSearch open-source library which is capable to find similar functions in the assembly.
They are using it to detect code statically-linked vulnerable library functions in executables.
https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-vulnerable.html

London's police is testing facial recognition technology in central London this week. Feel free to get your face scanned and processed for the bright future.
https://arstechnica.com/tech-policy/2018/12/londons-police-will-be-testing-facial-recognition-in-public-for-2-days/

Facebook gave Spotify and Netflix access to a users' private messages. Also shared user information with Microsoft, Amazon, Yahoo without explicit consent.
https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html

Researchers published results of an investigation into Russian election interference on behalf of the US Senate Intelligence Committee. They have analyzed data sets from Facebook, Twitter, Google.
https://www.newknowledge.com/disinforeport

Adam Langley wrote about their further Google Chrome TLS experiments with the post-quantum lattice based cryptography.
https://www.imperialviolet.org/2018/12/12/cecpq2.html

Matthew Green wrote his thoughts on GCHQ’s latest proposal for surveilling encrypted messaging and phone calls.
https://blog.cryptographyengineering.com/2018/12/17/on-ghost-users-and-messaging-backdoors/

Tencent Blade Team discovered a remote code execution vulnerability in SQLite. It was already fixed in Chromium.
https://blade.tencent.com/magellan/index_en.html

Good story about the investigation of the Chinese industrial espionage.
https://www.bbc.co.uk/news/resources/idt-sh/Looking_for_Chinas_spies

University of California, Berkeley researchers are building open-source secure enclave using RISC-V.
https://hackaday.com/2018/12/13/risc-v-will-stop-hackers-dead-from-getting-into-your-computer/

Well-known cypherpunk movement founder Timothy May passed away.
https://reason.com/blog/2018/12/16/tim-may-influential-writer-on-crypto-ana

Microsoft introduced Windows Sandbox for applications.
https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849

Interesting paper on systematic parsing of X.509 certificates with strong termination guarantees: "Systematic Parsing of X.509: Eradicating Security Issues with a Parse Tree".
https://arxiv.org/abs/1812.04959

A Dive into Cypherlock, a tool that could prevent forced decryption.
https://medium.com/chainrift-research/farewell-forced-decryption-a-dive-into-cypherlock-e515223a7123

Instant, re-usable, generic MD5 collisions over different file formats. https://github.com/corkami/pocs/blob/master/collisions/README.md

InfoSec Week 16, 2017

Crooks are already using recently leaked NSA hack tools to exploit thousands of unpatched Windows machines.
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/

Bosch Drivelog Connector dongle could allow hackers to halt the engine.
https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/

Android MilkyDoor malware lets attackers infiltrate phone's connected networks via Secure Shell (SSH) tunnels.
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/

The Hajime IoT worm is hardening IoT devices (closing open ports for now) to lock out other IoT malware. The code is not weaponised, contains only white hat's message.
https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things

The guy found out how to trade other customers' stocks due to the bad implementation of the iPhone trading app.
https://privacylog.blogspot.ch/2017/04/what-happens-when-you-send-zero-day-to.html

NVIDIA is shipping node.js under the name "NVIDIA Web Helper.exe". As it's signed by the NVIDIA key, the application is whitelisted by Microsoft AppLocker, and can be used for bypassing protection.
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html

Criminals are spreading financial malware using spam emails disguised as a payment confirmation email from Delta Air. Looks genuine. https://heimdalsecurity.com/blog/hancitor-malware-delta-airlines/

Some darkmarket real IP addresses can be found through the Shodan search.
"RAMP (Russian drug market, server in Russia) and Hydra (international drug market, server in Germany) are leaking.Anyone see other big ones?"
https://twitter.com/HowellONeill/status/855550034741309440 https://twitter.com/AlecMuffett/status/855542397165502464

Nice blog about the common mistakes done by developers when using encryption \ secrets.
https://littlemaninmyhead.wordpress.com/2017/04/22/top-10-developer-crypto-mistakes/

Apple File System (APFS), introduced in March 2017, reverse engineered by Jonas Plum.
https://blog.cugu.eu/post/apfs/

WikiLeaks publishes the User Guide for CIA's "Weeping Angel" tool - an implant designed for Samsung F Series Smart Televisions. Based on the "Extending" tool from MI5/BTSS, the implant is designed to record audio from the built-in microphone and egress or store the data.
https://wikileaks.org/vault7/#Weeping Angel

Funny research paper co-authored by Daniel J. Bernstein, "Post-quantum RSA", explores potential "parameters for which key generation, encryption, decryption, signing, and verification are feasible on today’s computers while all known attacks are infeasible, even assuming highly scalable quantum computers".
Funny part is that the actual parameters are "really" practical. Example: "For the 2Tb (256GB) encryption, the longest multiplication took 13 hours, modular reduction took 40 hours, and in total encryption took a little over 100 hours."
https://cr.yp.to/papers/pqrsa-20170419.pdf

A local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS.
http://seclists.org/fulldisclosure/2017/Apr/73

fake sandbox processes (FSP) - script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid. Windows only. https://github.com/Aperture-Diversion/fake-sandbox