Month: August 2015

Open-source typeface “Hack” brings design to source code

Posted on

The days of coders being shackled to Monaco or Courier New ends now. At SourceFoundry.org this week, programmer Chris Simpkins debuted the 2.0 version of Hack, an open-source typeface designed specifically for use in source code.

Hack is characterized by a large x-height, wide aperture, and low contrast design in order to be “highly legible” at common coding text sizes. Its “sweet spot runs in the 8px-12px range on modern desktop and laptop monitors,” Simpkins writes on GitHub. “Combine it with an HD monitor and you can comfortably work at 6 or 7px sizes.” As seen in the image above, there’s a heavier semi-bold weight in the regular font, and strategic serifs eliminate large gaps on each side of narrow characters. As Simpkins notes on the SourceFoundry site, this helps to distinguish glyphs like the lowercase l and number 1 at small text sizes.

Open-source typeface “Hack” brings design to source code
Open-source typeface “Hack” brings design to source code

Hack’s roots are in the libre, open source typeface community, and the project expands upon the contributions of the Bitstream Vera & DejaVu projects. (See a full contributors list here.) Simpkins has been working on the project throughout 2015, and he tweeted that this latest version includes “new open type features, changes in weights, significant changes in spacing, Powerline glyphs, and more.” The typeface now comes with four font styles: Regular, Bold, Oblique, and Bold Oblique.

Hack has been released as a free and open source project (available via SourceFoundry andGitHub) that is free to modify, to use in commercial situations, and to download for print, desktop, or Web. To display the typeface within its element, Sourcefoundry.org provides examples of Hack withinPython, C, and Javascript. There’s also a traditional font specimen available.

Source:http://arstechnica.com/

Ashley Madison: Two women explain how hack changed their lives

Posted on

When infidelity dating site Ashley Madison was hacked, the details of 33 million user accounts were published on the web.

The BBC has spoken to two women, one whose fiance used the site and one who used it herself.

Neither wanted to be identified, but their stories give some hint of just how dramatic and wide-reaching the impact of the hack has been.

The first only wanted to be named as “Maria”. She says she used an online tool to search for her fiance’s email address in the dumped data.

The hacking of dating site Ashley Madison has affected millions
The hacking of dating site Ashley Madison has affected millions

“I really didn’t think I would find anything on anybody,” she comments.

She wanted to check, though, because one of her own email accounts had been compromised recently.

When she entered her fiance’s address as well, the database not only confirmed it was there but it spat back a postcode, city and birthdate. All were accurate.

“These things logged your IP [Internet Protocol] address, they logged your provider, they logged everything and not only that, it was your physical description,” she explained to the BBC. “It matched his to a T.”

Maria quickly confronted her fiance.

‘Multiple affairs’

“He denied and denied and denied at first and then he acquiesced and confessed what he did.

“Yes, (he said) he did have multiple affairs, yes. It just… it came out,” she says.

Her fiance said that he couldn’t explain fully why he did what he did and that Maria meant more to him than the women he had met on Ashley Madison. But the conversation didn’t last long.

Maria packed a week’s worth of clothes and left to stay with a friend. The wedding they had been planning is cancelled.

She has since booked a sexual health check, she says, and tried to distance herself as much as possible from her fiance. The whole experience has been “shattering”, she adds.

“It’s one thing if you come forward and say I’m not satisfied or I’m not happy or I’m finding it hard to remain faithful – as long as you’re open,” she says.

“It’s just completely unfair to waste years of a person’s life with duplicity.”

Online advice

You don’t have to look far online to find examples of internet users who seem to be personally affected by the hacking of Ashley Madison. Various forums are full of threads from those who believe their “SO” (significant other) was on the site.

But users of the dating site are also turning to the web for help.

One woman who used Ashley Madison, but who did not want to be named, has also spoken to the BBC. For the purposes of this article, we will refer to her as “Amy”.

She has been married to her husband for 10 years.

But recently she became interested in the idea of having an affair. She had heard advertisements for Ashley Madison on local radio, so a year ago she signed up and began looking for a man with whom to have a relationship.

However, she says she never messaged anyone and soon closed down the account. But six months ago she created another and this time she wanted to address questions she had about her sexuality by contacting other women.

This time she did find someone to talk to. They emailed one another, she says, for several weeks.

One woman, married to a man, has told the BBC she used Ashley Madison to chat to another woman
One woman, married to a man, has told the BBC she used Ashley Madison to chat to another woman

“She was close to where I live and we seemed to hit it off,” says Amy.

“Her story seemed so much similar to mine. She was someone who had been married for a while [and] she had always been curious about that side of herself.”

Amy says the woman she corresponded with told her she thought she was attractive, which made Amy feel flattered.

They were due to to meet, but at the last moment Amy called it off. She says she became fearful and began to feel that her marriage was something she didn’t want to jeopardise.

“Using it kind of made me realise that there were other things that I need to look at,” she explains.

“It’s scary when you have this person that you love so much and you think about hurting them.”

Married and curious

Amy says that so far she hasn’t told anyone who knows her about what happened, but she’s now worried that her husband might find out that she used the site.

She has distracted herself with work for now, but comments that she feels stressed and that the episode has affected her sleep.

Ashley Madison offered users a $19 (£12) “Full Delete” service, which Amy says she used. She checked an online tool to search for her email address in the leaked database and was surprised to find it there, along with other information such as her postcode, gender and the name associated with her credit card.

It’s not clear what has happened in this case, but it’s possible that the database was downloaded by hackers before the date on which Amy paid for her information to be removed.

Either way, she thinks there is now a possibility she’ll be found out.

“If my husband were to come home from work today and say someone found my information I would be open and honest with him about it,” she says.

“It’s really made me think about my behaviour and why I did what I did – and to cherish what I have.”

For now, though, Amy just hopes her husband won’t find out.

Source:http://www.bbc.com/

iOS Jailbreak Backdoor Tweak Compromised 220,000 iCloud Accounts

Posted on

The recent security breach on iOS platform left 220,000 iCloud user accounts vulnerable due to a backdoor privacy attack caused by the installation of a malicious jailbreak tweak, according to an online Chinese vulnerability-reporting platform WooYun.

Yes, 220,000 is a huge number considering it happened to iOS, one of the most popular mobile operating system that is designed by Apple. But don’t get too frightened because this security flaw has nothing to do with Apple’s security and happened after a jailbreak attempt.

iOS Jailbreak Backdoor Tweak Compromised 220,000 iCloud Accounts
iOS Jailbreak Backdoor Tweak Compromised 220,000 iCloud Accounts

WooYun is a Chinese platform that reports on user submitted security flaws discovered by the researchers in an attempt to provide feedbacks to relevant vendors. So it is, in fact, a reliable website.

According to the post on their website, they have outlined the details about this backdoor attack that breached 220,000 iCloud accounts because of the installation of a malicious jailbreak tweak. In the page, they have also mentioned that the notification about the security flaw has already been issued to the appropriate vendors –apparently Apple.

Below is the (slightly broken) translated version of the report.

wooyun

What should make the iCloud users worried is that if your account credentials are breached then it is surely going to have a negative impact as the leaked credentials grant an easy access to your personal information stored in the iCloud including all your photos and contacts.

Now you must be wondering that what the reason behind the flaw is. One of a Reddit user, self.jailbreak created a dedicated post about the issue where he outlined that the security breach affected the users in a specific region only and had abounded reach.

“THIS WAS ANNOUNCED BY A CHINA SECURITY WEBSITE WOOYUN (IT MEANS BLACK CLOUD IN CHINESE BASED ON SOUND) EARLIER ON THEIR WEIBO, AND IT IS BASICALLY TELLING THAT THERE ARE SOME SHADY TWEAKS THAT HAVE BACK-DOORS IS STEALING JAILBREAK USER’S ICLOUD ACCOUNT AND PASSWORD TO A REMOTE SERVER, WHICH SO FAR THERE ARE ROUGHLY 220 THOUSAND ACCOUNTS HAS BEEN LEAKED. THEY HAVEN’T ANNOUNCE THAT WHO STOLE IT AND WHAT FOR, BUT AS FAR AS WE KNOW THAT, IF THEY HACK INTO OUR ICLOUD ACCOUNTS, THEY CAN HAVE ACCESS TO OUR MAILS, PHOTOS OR EVEN PRIVATE STUFF.”

So considering how privacy conscious the iOS jailbreak community is and the tweaks and plug-ins released by them is secure, which makes it highly unlikely that a malicious jailbreak tweak would affect such a huge number of users, and that too by the installation of a single tweak or plug-in.

Here is the proof of the leaked iCloud account data, but apart from this picture, there is nothing else has been surfaced on the Internet yet!

zheng

One of the related Reddit users posted a valuable comment on the post that says:

“IN ASIAN COUNTRIES, IT IS VERY COMMON FOR PEOPLE TO BUY PHONES, NEW OR USED, FROM TECHNOLOGY MARKETS. AT THOSE MARKETS ARE LOTS OF COMPETING STALLS SELLING PHONES, AND JAILBREAKING YOUR PHONE AND SELLING IT TO YOU PREINSTALLED WITH LOTS OF JAILBROKEN / PIRATED APPS IS PART OF THEIR SERVICE.

THAT IS PART OF WHY JAILBREAKING / PANGU IS SO POPULAR IN ASIA / CHINA. THERE ARE ENTIRE MARKETS OF CHINESE-ONLY PROGRAMS AND APPS THAT WE ARE NOT REALLY EXPOSED TO HERE ON THIS ENGLISH- / WESTERN-DOMINATED SUBREDDIT.

ANYWAY, MY POINT IS THAT IF ONE OF THESE “SHADY” APPS IS SOMETHING THAT WAS SOMEWHAT COMMON FOR THESE 3RD-PARTY SELLERS TO INSTALL, THEN THIS STAT WOULDN’T BE THAT SURPRISING. IT DOESN’T TAKE 220,000 PEOPLE WITH PERSONAL TECH KNOW-HOW TO JAILBREAK AND DOWNLOAD A TWEAK: IT JUST TAKES 220,000 PEOPLE BUYING FROM A FEW HUNDRED / THOUSAND TECHNOLOGY BOUTIQUE SHOPS THAT PRELOAD THE SOFTWARE.”

He did raise a valuable point here that it seems like this attack is caused by the installation of malicious tweaks and plug-ins by the third-party sellers, and then the users used those infected devices resulting in a breach of their accounts.

HOW CAN YOU PROTECT YOUR ICLOUD ACCOUNT?

We all know that jailbreaking your iOS device makes it vulnerable to malicious attacks resulting in an increased risk. To protect yourself from these malicious attacks, it is recommended you to take the following precautionary steps:

Tip #1 – Enable two-factor authentication on your iCloud account.

Tip #2 – Don’t download tweaks from any untrusted or third party repository.

Tip #3 – Stay away from pirated apps or tweaks.

But still, even after following the above-mentioned tips you might be vulnerable to security threats because a jailbroken device is never secure!

Source:https://www.hackread.com

How to hide secret messages in music files?

Posted on

There are many reasons to hide information but most common reason is to protect it from unauthorized access and people coming to know the existence of the secret information. In the corporate world audio data hiding can be used to hide and secure confidential chemical formulas or designs of new invention. Not only in commercial sector, it can also be used in used in the non-commercial sector to hide data that someone wants to keep private. Terrorists organization have been using audio data hiding since long time to keep their communications secret and to organize attacks. We are going to talk about confidential information hiding with the help of information and data security solutions expert.

Chrome extensions crocked with simple attack

Steganography is the science of hiding confidential information in a cover file so that only dispatcher and recipient know the existence of the confidential information. Confidential information is encoded in a way so that the very existence of the information is hidden. The main objective of steganography is to converse securely in a completely invisible mode and to shun drawing doubt to the communication of hidden information. Steganography not only prevents people from knowing about the hidden confidential information, but it also prevents others from thinking that somebody is communicating in a hidden way. If a steganography technique causes someone to believe there is hidden information in a carrier medium, then the technique has botched. The essential technique of audio steganography consists of Carrier (Audio file), Message and Password. Carrier file is also called as a cover-file, which hides the confidential information. Essentially, in steganography message is the information that the sender desires that it should remain confidential. Message can be image, plain text, audio or any type of file. Password is also called as a stego-key, and it assures that only the receiver who knows the password will be able to extract the confidential information or message from a cover-file. The cover-file with the confidential information is called as a stego-file.

The confidential information hiding procedure consists of subsequent two steps:

  1. Identification of redundant bits in the cover-file. Redundant bits are that bits that can he modified without corrupting the eminence or destroying the integrity of the cover-file.
  2. To insert the confidential information in the cover file, the redundant bits in the cover file is interchanged by the bits of the confidential information.

 

AUDIO STEGANOGRAPHIC METHODS

Mike Stevens, information and data security training explains that there have been many approaches for hiding confidential information or messages in audio in such a manner that the changes made to the audio file are not visible. Common approaches are:

LSB CODING

LSB (Least Significant Bit) approach is very famous approach and it replaces the least significant bit in some bytes of the cover file to conceal a sequence of bytes enclosing the hidden data. That’s usually an effective approach in cases where the LSB substitution doesn’t cause significant quality degradation, such as in 24-bit bitmaps. In computing, the least significant bit (LSB) is the bit position in a binary integer contributing the unit’s value, that is, controlling whether the number is even or odd. Using this approach you can hide a byte every eight bytes of the cover. There’s a fifty percent chance that the bit you’re substituting is the same as its replacement, in other words, half the time, the bit doesn’t change, which helps to reduce quality degradation.

PARITY CODING

Parity coding is one of the most robust audio steganographic approach. In place of breaking a signal into individual samples, this approach breaks a signal into separate samples and inserts each bit of the confidential information from a parity bit. If the parity bit of a chosen region does not match the secret bit to be encoded, the procedure inverts the LSB of one of the samples in the region. Hence, the sender has different choices in encoding the secret bit.

PHASE CODING

The phase coding method works by switching the phase of an initial audio segment with a reference phase that symbolizes the confidential information. The persisting segments phase is changed in order to preserve the relative phase amid segments. In terms of signal to noise ratio, Phase coding is very effective coding approach. When there is a drastic change in the phase relation amid each frequency element, noticeable phase dispersion will happen. But, as long as the alteration of the phase is adequately small, an inaudible coding can be attained. This approach relies on the fact that the phase elements of sound are not as perceptible to the human ear as noise is says ethical hacking training professor.

SPREAD SPECTRUM

The basic spread spectrum (SS) approach tries to spread confidential information through the frequency spectrum of the audio signal. This is like system, which uses logic of the LSB that spans the message bits unsystematically over the complete sound file. Nevertheless, dissimilar to LSB coding, the Spread Spectrum approach spreads the confidential information through the frequency spectrum of the sound file using a code, which is sovereign of the actual signal. Thus, the final signal captures a bandwidth, which is more than what is actually needed for transmission.

ECHO HIDING

Echo hiding procedure inserts confidential information in a sound file by presenting an echo into the discrete signal. Echo hiding has benefits of delivering a high data transmission rate and higher robustness when competed to other methods. Only one bit of confidential information could be encoded if only one echo was created from the original signal. Therefore, before the encoding procedure begins the original signal is broken down into blocks. When the encoding procedure is done, the blocks are concatenated back together to deliver the final signal.

With the help ofAs per ethical hacking training organization professor of IICyberSecurity, we are going to see some software and mobile apps, which people can use to encode their messages and send hidden messages via email, social media or WhatsApp mobile phone.

 

DeepSound
Deep sound is audio stenography software for windows and can be use to create secret message via audio file. It is information security solutions freeware and supports all kinds of audio files.

Hide secret information into carrier audio file

To hide secret information into audio file, do the following steps:

  • Choose the carrier audio file and make sureits format is one of them flac, wav, wma, mp3, ape.
  • Click encode and the file will be encoded and then you can click  ‘Add files’ to add secret files into the panel on the right side of application.

Deepsound Add Secret Data

 

DeepSoundEncodeSecretData1

  • You can choose output audio format (wav, flac or ape). DeepSound does not support wma output format. If you desire to hide secret information into wma, hide secret information into wav file and then use external software such as Windows Media Encoder for change wav to wma lossless.
  • In the settings you can select to turn On/Off encrypting and set password. New audio file will be saved to the output directory. Select Ok to start hiding secret files into carrier audio file.

 

DeepSound EncodeSecretData2

 

Extract secret data from audio file

As per information and data security solutions experts, to remove secret data from audio file, follow the following steps:

  • In the file explorer, choose the audio file, which encloses secret data. If the secret files are encrypted, input password.
  • DeepSound examines the selected file and exhibits secret files. Click the right mouse button and press F4 key or select extract secret files.

 

DeepSound ExtractSecretData

 

DeepSoundExtractSecretData2

 

How to convert audio files

Open Audio Converter

 

DeepSoundAudioConverter1

 

 

To add input files select ‘Add files’ button and the supported input audio formats are:


– Waveform Audio File Format (.wav)
– Free Lossless Audio Codec (.flac)
– Windows media audio lossless (.wma)
– MPEG audio layer-3 (.mp3)
– Monkey’s Audio (.ape)

 

Choose Output Format for the file and the supported output audio formats are:


– Waveform Audio File Format (.wav)
– Free Lossless Audio Codec (.flac)
– MPEG audio layer-3 (.mp3)
– Monkey’s Audio (.ape)

 

You can learn more about  DeepSound en information security training of International Institute of Cyber Security.

 

Hide It In

Hide-it-in

 

This app conceals an image taken with your iPhone camera into another apparently innocuous image from your photo library. Select the cover image and take any photo from your mobile phone. You can hide It In characters among other things, AES encryption to safeguard that even if the existence of a secret message is questioned, only the people with password can recover the hidden image.

 

Acostic Picture Transmitter

Acoustic-Picture-Transmitte

 

This app lets you transfer and accept images acoustically. To do this each column of the selected message gets altered by a Fast Fourier Transform and outputted across iPhones speaker. On the accepting iOS-device the received audio is envisioned by a spectrogram and the arriving images become visible. You can use this app for instance to transfer images very effortlessly over a phone or to put images in all kind of audio recording says information security solutions experts.

 

Steg-O-Matic

Steg-O-Matic

 

According to developer BlueJava, the Steg-O-Matic app hides the secret message in an image and offers tools for sending the image via email, social media or post it on a public blog. Only those intended to read the secret will know to look for it and know how to retrieve it. You can learn more about it doing information security training.

 

DaVinci Secret Message

DaVinci-Secret-Message

 

An Android app, DaVinci Secret Message can password shield the data hidden within an image, providing another level of security. It also provides the choice to delimit the size of the final image, thus making it more challenging to suspect whether a carrier image holds a secret based on its size alteration from the original image file.

 

Incognito

Incognito

 

This Android application uses both steganography and cryptography to hide diverse types of data such as text messages, pdf files, images, music files, etc. within images without altering the superficial appearance of the image. The experts of ethical hacking training endorses it for use by business individuals worried about competitors spying.

 

Source:http://www.iicybersecurity.com/audio-steganography.html

Court Says the FTC Can Slap Companies for Getting Hacked

Posted on

FOR COMPANIES LIKE the dating site Ashley Madison or the health insurer Anthem, financial loss, customer anger and professional embarrassment aren’t the only consequences of getting massively gutted by hackers. Now a court has confirmed that there’s a three-letter agency that can dish out punishment, too.

In a decision published Monday, a U.S. appellate court ruled that the Federal Trade Commission has the authority to sue Wyndham Hotels for allowing hackers to steal more than 600,000 customers’ data from its computer systems in 2008 and 2009, leading to more than $10 million in fraudulent charges. The ruling more widely cements the agency’s power to regulate and fine firms that lose consumer data to hackers, if the companies engaged in what the FTC deems “unfair” or “deceptive” business practices. At a time when ever-more-private data is constantly getting breached, the decision affirms the FTC’s role as a digital watchdog with actual teeth.

‘This Is a Major Deal’

The FTC originally sued Wyndham in 2012 over the lack of security that led to its massive hack. But before the case proceeded, Wyndham appealed to a higher court to dismiss it, arguing that the FTC didn’t have the authority to punish the hotel chain for its breach. The third circuit court’s new decision spells out that Wyndham’s breach is exactly the sort of “unfair or deceptive business practice” the FTC is empowered to stop, sending Wyndham back to face the FTC’s lawsuit in a lower court.

Guests look out from inside their rooms in the Wyndham Hotel in Pittsburg
Guests look out from inside their rooms in the Wyndham Hotel in Pittsburg

“A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business,” reads the court’s ruling.

For consumer privacy watchdogs, the ruling comes as a relief, solidifying another serious legal incentive for companies to invest in protecting their customers’ data, according to Electronic Privacy Information Center attorney Alan Butler. “This a huge victory for the FTC, but also for American consumers,” says Butler, who filed an amicus brief defending the FTC’s authority earlier in the case. “We see services and companies being hacked on an almost daily basis now. Having the FTC out there, bringing actions against companies that fail to protect consumers’ data is a critical tool.”

Wyndham Hotels, for its part, vowed to continue its case in the lower court. The company points out that the appellate court ruled on the FTC’s authority, not the specific allegations the agency made against Wyndham, namely that it had failed to adequately protect its customers. “We believe the facts will show the FTC’s allegations are unfounded,” reads a statement from Wyndham spokesperson Michael Valentino. “Safeguarding personal information remains a top priority for our company, and with the dramatic increase in the number and severity of cyberattacks on both public and private institutions, we believe consumers will be best served by the government and businesses working together collaboratively rather than as adversaries.”

Even if Wyndham does eventually lose its case against the FTC, it likely won’t be fined, says Berkeley Law professor Chris Hofnagle. Instead, it could face the kind of privacy probation that is a frequent outcome of the FTC’s privacy suits against firms, in which the agency closely oversees its data protection systems for a period as long as 20 years, with the option to later impose fines for any violation of the standards it imposes.

But aside from Wyndham itself, the appellate ruling establishes a more important precedent for the legal consequences of a data breach. “Had Wyndham won at the third circuit, it would have called into question the FTC’s ability to police privacy and security,” says Hofnagle, describing that avoided outcome as a “disaster” for the agency. “This is a major deal.”

Data Insecurity As ‘Unfair’ Business Practice

In its original lawsuit, the FTC accused Wyndham of a long litany of privacy fails, from storing credit card information unencrypted to lacking firewalls to using easily-guessed passwords. The agency compared those practices to Wyndham’s published privacy policy—which promised that it did use some kinds of encryption to protect consumer data as well as firewalls and other “safeguards”—and argued that its insecurity amounted to “unfair” business practices.

Wyndham had specifically challenged that “unfair” claim, arguing that it hadn’t actually engaged in the “unscrupulous or unethical behavior” that it said the FTC’s standard requires. But the appellate court wasn’t persuaded; It ruled that the alleged mismatches between its data protection and its privacy policy were sufficient to meet that “unfair” standard, without any accusations of “unethical” behavior necessary.

The Court also rejected another argument from Wyndham that if the FTC were allowed to punish companies for this sort of data breach, it would be allowed to sue any supermarket that’s “sloppy about sweeping up banana peels,” opening the door to unfair practice claims run amok. On that point, the Court snapped back: “Were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability.”

The appellate ruling doesn’t necessarily grant the FTC new powers so much as dispel legal questions around the power it already possesses to be a data security watchdog, says Berkeley’s Hofnagle. As data breaches increasingly become a source of real suffering for consumers—see the reports of suicides that have already resulted from Ashley Madison’s scandalous data spill—the agency’s mandate more important than ever.

“The law has always imposed responsibility on companies for the care of their customers. When you’re in the restaurant you have to be protected against slips and falls or food-borne illness,” says Hofnagle. “Data is just something new that companies have to protect if they want to bear the benefits of collecting it.”

Source:http://www.wired.com/

Telstra News spews banking trojan after malvertising attack

Posted on

Australia’s dominant telco, Telstra, has been serving one of the world’s most dangerous hacking tools after its news site was infected with malvertising.

Malwarebytes researcher Jerome Segura says the attackers were likely dropping the Tinba trojan, considered to be the world’s smallest malware by file size at about 20kb and one that raids bank accounts.

Telstra News spews banking trojan after malvertising attack
Telstra News spews banking trojan after malvertising attack

“The media home page of Australia’s largest telecommunications company, Telstra, was pushing some malvertising similar to the attack we just documented on the PlentyOfFish website,” Segura says.

It is unknown and difficult to know how many if any users have been popped, but the best exploit kits like Nuclear compromise up to 40 percent of users who encounter it.

Attackers had compromised the media.telstra.com.au/home website through a malicious advertisement. That ad redirects visitors through Google’s URL shortener to a website hosting the Nuclear exploit kit.

Telstra News spews banking trojan after malvertising attack

The attack is not a hack of the Telstra asset but rather a compromise of the advertising chain through which criminals swindle advertising networks like Google and Yahoo!.

The Nuclear exploit kit is the second most popular off-the-shelf hacking box behind the Angler exploit kit. It contains the latest vulnerabilities for runtime environments like Adobe Flash and for browsers such as Internet Explorer.

Net scum use these kits to speed up and improve the delivery of payloads such as Tinba.

Source:http://www.theregister.co.uk/

Apple users are vulnerable to sandbox vulnerability

Posted on

Experts discovered that the sandbox vulnerability affects all apps that use the managed app configuration setting in devices that run older versions.

Kevin Watkins, a security researcher from Appthority, argues that users without iOS 8.4.1 are affected by the sandbox vulnerability, CVE-2015-3269. The flaw affects all apps that use the managed app configuration settings, meaning that Apple is storing enterprise credentials in a directory that can be read by everyone.

Apple users are vulnerable to sandbox vulnerability
Apple users are vulnerable to sandbox vulnerability

“IT will commonly send the credential and authentication information along with the managed app binary for installation on corporate mobile devices [which] often included access to the corporate data security jewels, including server URLs, and credentials with plaintext passwords,”.

“The underlying issue with our critical sandbox violation discovery is that … anyone can also see the credential information on the mobile device as it is stored world readable.” said Watkins.

“An attacker could target as many enterprises it can get into (using the iTunes store to spread an app designed to read and share the configuration files), or a specific target (traditional spear-phishing attack, through targeted e-mail, etc). In either case, they would develop an app that has a high chance of being installed in the enterprise, such as a productivity app. Once the app gets downloaded and installed on the devices, it would continuously monitor the directory for configuration settings being written to the world readable directory, harvesting and sending them to the attacker. Because all apps have access to the directory, it could hide in plain sight and operate as one of the many legitimate apps that have access to the directory in question.”

“An attacker (or a malicious app) with access to an MDM managed device can read all managed configuration settings for an unpatched device. Managed configuration is used to make the provisioning of apps easier and enterprise apps may use this mechanism to provision credentials or details about internal infrastructure this way. Those can be used by the attacker to gain access to those services.”

Corporate app data are more exposed, the expert highlighted the risk of a cyber attack that canallow hackers to steal information stored in an open directory (including mobile device management).

The tests conducted by Watkins revealed that medical apps used by doctors were leaking patient data, user names, passwords, authentication tokens.

“We also found apps used in the healthcare industry, giving doctors access to patient data and records (a likely HIPAA violation).” continues Watkins.

The analysis of the managed settings used by these apps revealed:

  • Close to half (47%) referenced credentials, including username, password and authentication tokens.
  • 67% referenced server identification information.

The good news is that Apple patched the CVE-2015-3269 sandbox vulnerability with the release iOS 8.4.1, but yet many people are running older iOS versions. It has been estimated that around 70% of users still have older iOS versions and still taking some months until iOS 8.4.1 is fully spread.

Please keep in mind the following recommendations to avoid these type of problems:

  • Not using this mechanism to provision secret / confidential data
  • Credentials and other secrets should always be stored using the device keychain
  • A possible way to provision this data would be to use url schemes
  • Use iOS single-sign-on profiles if possible

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge.

Source:http://securityaffairs.co/