Skip to content

Category: Hackerterrorcybercyber

The cost of winning…

Tech.co has an article titled Artificial Intelligence Startups Are Winning the Cybersecurity Race. The claim is basically first that old, pattern and signature based malware recognition is useless, and second, that new, behavior based malware recognition employing mystery AI technologies fixes things. The article closes with

In the near future, we predict that AI will be able to effectively fight against hackers by easily detecting repacked viruses. It’s just a matter of time. That’s why, more than resources or experience, companies who actively apply AI, especially cybersecurity companies, will ultimately be successful.

That will be interesting to see. Here is a data point:

Vault 7 and what it means

So, Wikileaks has been publishing a bunch of documents from the CIA, regarding hacking tools and working with tech and crypto under the headline of Vault 7.

In their words,

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.

Much has been made about the timing of this release, with regards to Trump’s Russian connection or other political context. That may or may not be true, but it’s actually relatively unimportant.

SHA1 attack on Bittorrent backdoors binaries

BitErrant is an exploit with a logo.

On https://biterrant.io we can find the following:

“Here are two EXE files with different functionality (evil has a meterpreter that will listen on all interfaces), but yielding the same .torrent file.”

That means that it is possible to attack the BitTorrent protocol, when downloading software or content, replacing the actual content with malicious one that may contain exploits.

Warning: Exploit with logo, impact unclear

Namespaces, but “uname -r” says 2.6

In this blog post, RedHat explains how they not only fork codebases, but also Version Numbers, making any RedHat install cryptic and hard to compare against upstream codebases and developments.

A simple things such as

rpm --queryformat="%{name}\t%{version}\n" -qa

may allow you to say something about lesser distros, but not RedHat.

From the article:

 rpm -q --changelog openssl | grep -E --color \
"(CVE-2016-2108|CVE-2016-0799|CVE-2016-0705|CVE-2016-6304|CVE-2016-2109|CVE-2016-0798|CVE-2016-2182|CVE-2016-6303|CVE-2014-8176)"
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2014-8176 - invalid free in DTLS buffering code

Just say “no” to this mess.

App can’t be opened because the identity of the developer cannot be confirmed

Policy Settings can prevent the execution of unsigned binaries.

MacOS can be set to prevent the execution of unsigned binaries. This is done by pushing a security policy to the system, which is then enforced by the SecAssessment subsystem.

Of course, you can still install XCode and compile binaries locally, and even execute them. You can also code in interpreted languages such as the local Python, and call system functions from there, so the policy is only of very limited use in locking down the system.