Displaying items by tag: Hacking

The one common thing that I keep hearing everyone talk about at Black Hat and even DEF CON is how to protect your data. It is pretty much a given that if someone wants to get into your network they are going to get in. The number of flaws, vulnerabilities and compromises that are out there are simply too many to protect against. So there needs to be some other method to make sure that any sensitive data that you have is keep out of the hands of the “bad guys”. There are many suggestions about this, but most of them still try to do the same things stop the barbarians at the gate.

One of the truths in security is that while an attacker can stay hidden they can continue to operate. In short, if you do not know about something, there is nothing you can do. Now you would think that this fact would encourage firms to talk about breaches and hacks more openly, but this is still not the case. One of the things I have seen over the years is that every company operates as an island. They do not share threat information (they might share your private data, but not threat information). This has created an environment where threat actors can continue to maintain attacks even after discovery at a different location. It is also why we tend to see the same threat vectors used over and over again.

For a while now (many years actually) I have argued that the rush to turn everything into a techno-gadget has been irresponsible and dangerous. However, companies that are looking into the “Internet of things” simply do not care. They see dollar signs and revenue streams in adding services to their devices that were a one-time purchase before. Because of this they are blindly rushing products to market that are open to attack on a massive scale. Consumers who are ignorant to these flaws are buying them up at a rapid pace leaving themselves exposed to data theft and worse.

Last year during DEF CON 22 we saw a demonstration of a UEFI root kit that was extremely worrying. This root kit was installed using a multipart systems to infect the UEFI BIOS in such a way as to grant the same level of access to an attacker as the CPU has (Ring 0). It was an almost unprecedented style of attack. When we reported on this many seemed to feel that it was not an issue. Now researchers are finding evidence of this same type of attack in the data lifted from the Hacking Team.

After three spate 0-day vulnerabilities are found in your product you can pretty much expect the market to call for you go away. This is the situation that Adobe is in right now. After fighting to their little slice of dominance in the computing industry Adobe’s Flash is arguably one of the most commonly used APIs to rendering rich content. This has made them a rather large target for a number of years… well this and the fact that the Flash development team has made some rather poor choices when it comes to their application.

Although it will not come as a surprise, there seems to be yet another bug in Adobe’s flash player that allows for an attacker to potentially take control of a system by forcing a crash of the application. According to TrendMicro, CVE 2015-5123 is a critical bug in the latest version of Flash player for Linux, Windows, and OSX operating systems. Adobe has already released a customer advisory stating they are already aware of this flaw being exploited in the wild.

The Italian Security firm Hacking Team is now admitting that their spying software is potentially in the hands of bad guys. After a hack that saw roughly 400GB of company information liberated from their systems they have been monitoring what is being released online. They have now concluded that there is sufficient source code for their monitoring applications to allow someone to mount the same style surveillance that they were providing to their clients.

Irony is one of those things that is not appreciated by security guys. They do not find humor in it nor do they enjoy it when someone points an ironic situation involving them out. This has to be the case for the privacy company LifeLock. A pair of security researchers (Eric Taylor and Blake Welsh) have found an interesting feature in LifeLock’s web site. The flaw allows for a cross-site scripting attack to be used to do a fair amount of damage including injecting malware.

Cisco has acknowledged (and released patches for) a fairly serious security bug in three of their virtual appliances that, oddly enough, are related to security. The three products in question are the Cisco Web Security Virtual Appliance, the Email Security Virtual Appliance and the Security Management Virtual Appliance. These three devices all share a default preinstalled SSH encryption key. This meddlesome little fact means that it is very simple to get into an SSH session because you can grab the key off of another copy of the product. We are pretty sure that the default keys are already floating around on the internet somewhere as well.

There is nothing worse than thinking you are protecting your internet travels when in reality you are participating in a giant botnet. That appears to be the case that is happening with VPN provider Hola. According to security researchers the use of the service still leaves you at risk of being tracked regardless of what you do and leaves you at even greater risk than just tracking.