Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

ASML Recently Discovered IT Systems Security Incident; No Evidence That Anything of Value Has Been Compromised

March 1, 2015, 11:35 am
$
0
0
ASML Holding N.V. (ASML) recently discovered unauthorized access to a limited portion of its IT systems. ASML took immediate steps to contain the breach and is conducting an ongoing investigation. The time between the break-in and the discovery by ASML IT staff was short. At this time it appears that only a limited amount of data has been accessed. ASML has not found any evidence that valuable files, either from ASML or our customers and suppliers, have been compromised. We cannot be certain about the identity of the hackers.

more here........http://www.asml.com/asml/show.do?lang=EN&ctx=5869&rid=51584
Search

Paper: Windows NT pagefile.sys Virtual Memory Analysis

March 1, 2015, 11:41 am
$
0
0
As hard disk encryption, RAM disks, persistent data avoidance technology and memory resident malware become more widespread, memory analysis becomes more important. In order to provide more virtual memory than is actually physical present on a system, an operating system may transfer frames of memory to a pagefile on persistent storage. Current memory analysis software does not incorporate such pagefiles and thus misses important information. We therefore present a detailed
analysis of Windows NT paging. We use dynamic gray-box analysis, in which we place known data into virtual memory and examine where it is mapped to, in either the physical memory or the pagefile, and cross-reference these findings with the Windows NT Research Kernel source code. We demonstrate how to decode the non-present page table entries, and accurately reconstruct the complete virtual memory space, including non-present memory pages on Windows NT systems using 32-bit, PAE or IA32e paging. Our analysis approach can be used to analyze other operating systems as well.

more here............https://www1.cs.fau.de/filepool/gruhn/pagefile.pdf

Vulnerabilities in Hikvision DS-7204HWI-SH

March 2, 2015, 12:24 am
$
0
0


There are Abuse of Functionality and Brute Force vulnerabilities in Hikvision DS-7204HWI-SH.

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: Hikvision DS-7204HWI-SH with different versions of firmware.

----------
Details:
----------

Abuse of Functionality (WASC-42):

Login is persistent: admin (only logins for users can be changed). Which simplify Brute Force attack.

Brute Force (WASC-11):

In login form http://site/doc/page/login.asp there is no protection against Brute Force attacks. Which allows to pick up password (if it was changed from default).

I found this and other web cameras during summer to watch terrorists activities in Donetsk and Lugansks regions of Ukraine and also I took under control web cameras in Russia (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html).

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7272/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

upstart logrotate privilege escalation in Ubuntu Vivid (development)

March 2, 2015, 12:29 am
$
0
0
Problem description: Ubuntu Vivid 1504 (development branch) installs an insecure upstart logrotation script which will read user-supplied data from /run/user/[uid]/upstart/sessions and pass then unsanitized to an env command. As user run directory is user-writable, the user may inject arbitrary commands into the logrotation script, which will be executed during daily cron job execution around midnight with root privileges.

more here........http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/

Microsoft Onenote Image Caching Bug (Confidential Information Leakage)

March 2, 2015, 12:30 am
$
0
0
Bug Summary

A security bug in the Microsoft Onenote allows images placed in user created password protected sections to be cached persistently in the user profile temporary directory folder:

C:\Users\%username%\AppData\Local\Temp.

Analysing the content the temporary folder will reveal images that should be securely protected by Onenote.

more here..........http://labs.jumpsec.com/2015/03/01/microsoft-onenote-image-caching-bug-confidential-information-leakage/

XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617)

March 2, 2015, 12:36 am
$
0
0
I. VULNERABILITY
-------------------------
XSS Reflected vulnerabilities in Fortimail version 5.2.1

II. BACKGROUND
-------------------------
Fortinet’s industry-leading, Network Security Platforms deliver Next
Generation Firewall (NGFW) security with exceptional throughput, ultra
low latency, and multi-vector threat protection.

III. DESCRIPTION
-------------------------
Has been detected two XSS Reflected vulnerability in FortiMail in "
/module/releasecontrol?release=" parameter “release” that allows the
execution of arbitrary HTML/script code to be executed in the context of
the victim user's browser.

IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “release“ in
“/module/releasecontrol?release=“
https://10.0.0.38/module/releasecontrol?release=1:aaa:aaaaaaa<script>a
lert(document.cookie)</script>

V. BUSINESS IMPACT
-------------------------
Vulnerability allows the execution of arbitrary HTML/script code to be
executed in the context of the victim user's browser.

VI. REQUIREMENTS
-----------------------
An Attacker needs to know the IP of the device.
An Administrator needs an authenticated connection to the device.

VII. SYSTEMS AFFECTED
-------------------------
Try FortiMail version 5.2.1 VM

VIII. SOLUTION
-------------------------
Upgrade version 5.2.3
http://www.fortiguard.com/advisory/FG-IR-15-005/

Authored by William Costa

WHICH VPN SERVICES TAKE YOUR ANONYMITY SERIOUSLY? 2015 EDITION

March 2, 2015, 12:41 am
$
0
0
VPN services have become an important tool to counter the growing threat of Internet surveillance, but unfortunately not all VPNs are as anonymous as one might hope. In fact, some VPN services log users' IP-addresses and other private info for months. To find out how anonymous VPNs really are, TF asked the leading providers about their logging practices and other privacy sensitive policies.

more here.......http://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/

Box

March 2, 2015, 12:41 am
$
0
0
Box is a toy project to implement a decent UI for using cryptography within the Irssi IRC client.

more here.........https://github.com/ahf/box
Search

Samsung-TV-Hacks

March 2, 2015, 12:42 am
$
0
0
These are files used to hack my Samsung TV.

more here..........https://github.com/ohjeongwook/Samsung-TV-Hacks

Piwik Downloads Updates over HTTP

March 2, 2015, 12:46 am
$
0
0
Piwik is an open-source web analytics tool. Its updater downloads and
executes PHP code over an insecure (not-HTTPS) connection. The issue was
reported on the public GitHub tracker in October of 2014 and remains
unfixed.

https://github.com/piwik/piwik/issues/6441

Code signing is implemented, but signatures are not verified.

Workaround: Manually download the update over HTTPS (the build server
has a valid SSL certificate), and check the signatures yourself.



Aothored by Taylor Hornby

Slim Framework - (CVE-2015-2171, PHP Object Injection), Other Vulnerabilities

March 2, 2015, 1:37 am
$
0
0
Product: Slim PHP Framework
Website: http://www.slimframework.com/
Affected versions: 2.5.0 and lower
Fixed in: 2.6.0 (released 2015-03-01)
CVSS Score: I don't care. Does anybody really?

From their homepage:

"""
Slim has super-secure cryptography using military-grade encryption. Slim
uses your unique key to encrypt session and cookie data before persisting
data to disk.
"""

Wow, sounds great. Let's look under the hood.

https://github.com/slimphp/Slim/issues/1034
https://github.com/slimphp/Slim/issues/1035
https://github.com/slimphp/Slim/issues/1037

So not are they calling unserialize() on user data (hello PHP Object
Injection) in their SessionCookie class, but their "super-secure" crypto
library that uses "military-grade" encryption doesn't authenticate
ciphertexts. Oops.

And even if you were using the develop branch, there were a whole host of
issues with it (h/t Taylor Hornby for his 10 minute audit).

Their readme claims to encrypt cookie data, but this is moot since they're
using AES-CBC without any authentication. You just need 256 (128 on
average) tries per byte to change it to a valid value. Since the client
controls session state, you get unlimited tries.

After a lengthy discussion, I wrote a patch that replaced the serialization
with JSON encoding and closed one hole, but there are undoubtedly plenty
more that remain.

======================================================================
Vulnerable code:

https://github.com/slimphp/Slim/blob/3a2ac723f17b5d81607287ff28575d38b9fbc70e/Slim/Middleware/SessionCookie.php#L127

If you are using the Slim framework, you might not be vulnerable. If you
were using the session cookie feature (which limits the amount of data you
can store in $_SESSION to under 4 KB) on Slim 2.5.0 or older, you are
vulnerable. Upgrade to 2.6.0 immediately.
======================================================================

Speaking from personal experience, PHP developers catch a lot of flak from
the infosec community, and some of us don't really deserve it. It's
actually quite obnoxious.

That said, the owner of the Slim framework is also the author of PHP: The
Right Way. I'm a little disappointed that something so obvious would be
found in one of his projects. (Next thing you know, someone is going to
find a remotely exploitable vulnerability in Symfony, or something!) Silver
lining: he rolled out a new version the same day it was reported.

I only discovered this because someone complained that an Anti-CSRF library
wouldn't work with Slim. I'll leave the thought of "how many people could
have seen this and not reported it so they could silently exploit it for
fun and profit?" to your imagination since I have no data on this.

TL;DR - Slim users should upgrade to 2.6.0 as soon as possible. Developers
should stop using unserialize() on user input, and stop rolling out their
own cryptography libraries. Also, encryption is not authentication. Go play
with the Matasano Crypto Challenges for more on "unauthenticated CBC mode
is not secure".

Thank you and good night.

Scott Arciszewski

P.S. If anyone is interested in learning more about writing secure PHP
code, the http://www.securingphp.com newsletter is great. I highly
recommend it.

Appie v-2 released : Android Pentesting Portable Integrated Environment

March 2, 2015, 1:48 am
$
0
0
Appie is now capable Android Application Security Assessment, Android Forensics, Android Malware Analysis

more here..........https://manifestsecurity.com/appie-release/

Samsung Pay Promises To Allow Tap-And-Pay At 90% Of Credit Card Terminals, Attacks Google Wallet And Apple Pay Head On

March 2, 2015, 2:09 am
$
0
0
Samsung presentations always include a litany of buzzwords and redundant features, some of which are meaningless or borrowed directly from Google and Android, while others point to bigger aspirations. Today's announcement for the Galaxy S6 and S6 Edge introduced a new feature called Samsung Pay, a direct competitor to Google Wallet and Apple Pay. Even though this is just one more product that attempts to have consumers replace their credit cards with a phone, it carries a distinct advantage over NFC-based alternatives: it also works with traditional credit card readers.

more here.......http://www.androidpolice.com/2015/03/01/samsung-pay-promises-to-allow-tap-and-pay-at-90-of-credit-card-terminals-attacks-google-wallet-and-apple-pay-head-on/

Thanks for the Memories: Identifying Malware from a Memory Capture

March 2, 2015, 4:53 am
$
0
0
We've all seen attackers try and disguise their running malware as something legitimate. They might use a file name of a legitimate Windows file or even inject code into a legitimate process that's already running. Regardless of how it's done, that code has to run, which means it has to be in memory. Somewhere.

In this blog post we lay out a real-life examination of computer memory which enabled us to identify a keylogger that was running, what files were responsible for running it, and how it managed to ensure it was started every time the machine booted up. Not only did this provide us with previously unknown indicators of compromise, but also specific details with which we could assist the client in their remediation efforts.

more here............http://www.contextis.com/resources/blog/thanks-memories-identifying-malware-memory-capture/

TorrentLocker spam has DMARC enabled

March 2, 2015, 4:55 am
$
0
0
Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an interesting blog post about a spam campaign that was spreading the 'TorrentLocker' ransomware and which, unusually, was using DMARC.

TorrentLocker is one of the most prominent families of encryption ransomware — a worryingly successful kind of malware that first appeared two years ago. The malware initially implemented its cryptography rather poorly, but has since become one of the most successful of its kind.

more here........https://www.virusbtn.com/blog/2015/03_02.xml
Search

AVG unveils invisibility glasses to defend against facial recognition

March 2, 2015, 7:12 am
$
0
0
Could 'invisibility' glasses become the next trend in cities crawling with cameras and full of facial recognition technology?

more here.......http://www.zdnet.com/article/avg-unveils-invisibility-glasses-to-defend-against-facial-recognition/

Paper: Defending against Return-Oriented Programming

March 2, 2015, 7:50 am
$
0
0
Return-oriented programming (ROP) has become the primary exploitation technique for
system compromise in the presence of non-executable page protections. ROP exploits are
facilitated mainly by the lack of complete address space randomization coverage or the presence
of memory disclosure vulnerabilities, necessitating additional ROP-specific mitigations.
Existing defenses against ROP exploits either require source code or symbolic debugging
information, or impose a significant runtime overhead, which limits their applicability for
the protection of third-party applications.
We propose two novel techniques to prevent ROP exploits on third-party applications
without requiring their source code or debug symbols, while at the same time incurring
a minimal performance overhead.

more here..............http://www1.cs.columbia.edu/~angelos/Papers/theses/vpappas_thesis.pdf

Google quietly backs away from encrypting new Lollipop devices by default

March 2, 2015, 10:28 am
$
0
0
Last year, Google made headlines when it revealed that its next version of Android would require full-disk encryption on all new phones. Older versions of Android had supported optional disk encryption, but Android 5.0 Lollipop would make it a standard feature.

But we're starting to see new Lollipop phones from Google's partners, and they aren't encrypted by default

more here..........http://arstechnica.com/gadgets/2015/03/google-quietly-backs-away-from-encrypting-new-lollipop-devices-by-default/

Signal 2.0: Private messaging comes to the iPhone-end to end encrypted

March 2, 2015, 10:33 am
$
0
0
Whisper releases Signal 2.0, with support for TextSecure private messaging.

more here..........https://whispersystems.org/blog/the-new-signal/

Avast study exposes global Wi-Fi browsing activity

March 2, 2015, 10:40 am
$
0
0
The use of open, unprotected Wi-Fi networks has become increasingly popular across the globe. Whether you’re traveling around a new city and rely on public Wi-Fi networks to get around or you’re at your favorite coffee shop and connect to its Wi-Fi, you’re left in a vulnerable situation when it comes to protecting your data. Just as you lock the door of your house when you leave, you should also use a security app if using public Wi-Fi.

more here...........https://blog.avast.com/2015/03/02/avast-study-exposes-global-wi-fi-browsing-activity/
Viewing all 8064 articles
Browse latest View live
Search