Skip to content

Category: Hackerterrorcybercyber

Microsoft fixed Wannacrypt on XP in February, didn’t release

The Register reports:

[O]ur analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.

Here’s the dates in the patches:

  • Windows 8 RT (64-bit x86): Feb 13, 2017
  • Windows 8 RT (32-bit x86): Feb 13, 2017
  • Windows Server 2003 (64-bit x86): Feb 11, 2017
  • Windows Server 2003 (32-bit x86): Feb 11, 2017
  • Windows XP: Feb 11, 2017
  • Windows XP Embedded: Feb 17, 2017

This is bad.

7 Comments

WSJ on Government Backdoors, intentional and unintentional

The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services.

the WSJ comments. This time the leak is an unintentional backdoor the NSA used to get onto devices. The NSA used the Vulnerabilities Equities Process to determine that ETERNALBLUE is burnt and informed Microsoft, which then promptly generated an urgent critical patch, which did not make it out to systems in the field fast enough.

There is little difference according to the WSJ between flaws being used as government backdoors, and intentional government backdoors, which may be detected and abused, or leaked. So this whole Wannacry(pt) thing is a very good example of what will happen with Government mandated backdoors in systems.

Leave a Comment

Rittal sends USB sticks that act as keyboards – as advertisement

Holger Köpke got a USB stick (article in German) that supposedly is from data center equipment maker Rittal, unsolicited, in the mail. Of course he did not plug it into a device, it could be anything.

He then (from his first comment in the same article) set up a test VM on a scratch device, inserted the USB stick there and the stick identified not as USB memory, but as a USB HID, a keyboard. Seemed that he was right not to trust it. Sends a mail to Rittal explaining them why he thinks this is dangerous, and asks if this is indeed legit.

Gets a response (another article in German), a letter as a PDF sent by email.

1 Comment

CVE-2017-0290

So the above Tweet came along, but the way it was framed it was not very worthy reporting, because it was nothing actionable: »I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way.«

And reported and handled it was, in record time. This is now public on Project Zero, and a fix is being rolled out to all current Windows.

Leave a Comment

Protecting MySQL Network Traffic

Percona Live Talk by Daniël van Eeden: Protecting MySQL Network Traffic.

Warning: It is somewhat more complicated than this:

Slideshare

Check out the performance slide (#22), too.

Tl;Dr: You want a MySQL compiled against OpenSSL, because SSL Tickets and AES-NI support. YaSSL sucks, hard. With Tickets and hardware symmetric encryption, TLS support in MySQL is actually no longer slow.

Tl;DR 2: MariaDB is actually pretty well positioned here.

Leave a Comment

TR069 meets Brickerbot and friends

Bleepingcomputer has a report on the californian ISP Sierra Tel, who apparently has visitors (JPG of letter) over at their customers TR069 interfaces.

TR069 is the config interface of home DSL equipment, and if it is insufficiently secured, can be used to own each and every home DSL router of an ISP.

Which happened to Sierra, twice, simultaneously. Which did not improve the results at all.

“BrickerBot was active on the Sierra Tel network at the time their customers reported issues,” Janit0r told Bleeping Computer in an email, “but their modems had also just been mass-infected with malware, so it’s possible some of the network problems were caused by this concomitant activity.”

Janit0r suggested the other culprit was Mirai, a malware also known to cause similar issues.

Mirai is also the malware that disabled a bunch of German and British Telekom modems earlier this year.

 

Leave a Comment

Handling Mail, correctly.

Somebody sent me a mail with
Content-Type: multipart-mixed;
  boundary=X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*”
Thank you for that. This is precisely my kind of humor.
5 Comments

Bose Connect App creates illegal listening profiles

A class action lawsuit has been filed against Bose, by Kyle Zak, on the grounds of the Bose Connect App for their wireless headphones creating illegal listening profiles, and sharing data with data miners.

1. Defendant Bose manufactures and sells high-end wireless headphones and speakers. To fully operate its wireless products, customers must download Defendant’s “Bose Connect” mobile application from the Apple App or Google Play stores and install it on their smartphones. With Bose Connect, customers can “pair” their smartphones with their Bose wireless products, which allows them to access and control their settings and features.

2. Unbeknownst to its customers, however, Defendant designed Bose Connect to (i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent.

Affected are all users of the Bose Connect App, that is minimum users of the QuietComfort 35, SoundSport Wireless, Sound Sport Pulse Wireless, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, and SoundLink Color II (“Bose Wireless Products”), but possibly more.

Fun Fact: The German adjective meaning “evil” is “böse”.

3 Comments