From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #130

Recorded June 20, 2017 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • News

    1. 25-Year-Old Hacker Pleads Guilty to Hacking U.S. Military Satellite Phone System - Guilty and awaiting sentencing: A British computer hacker who allegedly hacked a United States Department of Defense satellite system in 2014 and accessed the personal information of hundreds of military personnel has pleaded guilty on Thursday. Sean Caffrey, a 25-year-old resident of Sutton Coldfield in the West Midlands, has admitted to breaking into a US military communications system in June 2014 and stealing usernames and email addresses of over 800 employees and data from 30,000 satellite phones, the UK's National Crime Agency announced on Thursday.
    2. IoT Malware Activity Already More Than Doubled 2016 Numbers Attackers are targeting the low hanging fruit more than ever: Honeypots laid out by Kaspersky Lab researchers mimicking a number of connected devices running Linux have attracted more than 7,200 different malware samples through May, all bent on infecting connected devices over telnet and SSH primarily. Last year, Kaspersky detected 3,200 samples. and expect this trend to continue: “The Mirai botnet has shown that smart devices can be harnessed for this purpose – already today, there are billions of these devices globally, and by 2020 their number will grow to 20-50 billion devices, according to predictions by analysts at different companies,” researchers wrote.
    3. Advanced CIA firmware has been infecting Wi-Fi routers for years Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks. CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. I have always thought this would be popular, and even used in nation-state attacks.
    4. WikiLeaks Dumps CIA WiFi Pwnage Tool Docs Online And here is a great example of my fears: allows agents to infect both wireless and wired access points by installing a firmware upgrade dubbed FlyTrap that can be put on the device without needing physical access to it. Flytrap can monitor internet traffic through the router, redirect web browser connections to websites that the CIA wants a target to see, proxy a target's network connections, and harvest and copy data traffic. It then sends it all back to a command and control system called Cherry Tree.
    5. UPnP Is Helping Black-Hats Run Banking Malware - Another banking malware variant has been spotted in the wild, and it's using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet. McAfee Labs says the new campaign uses a variant of the ancient “Pinkslipbot”, and says it uses Universal Plug'n'Play (UPnP) to open ports through home routers, “allowing incoming connections from anyone on the Internet to communicate with the infected machine”.
    6. A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered - Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover. Dubbed Stack Clash, the vulnerability (CVE-2017-1000364) has been discovered in the way memory was being allocated on the stack for user space binaries. There are now 7, count them, 7 PoCs in the wild for you to test with, in addition to updates.
    7. Web-hosting firm agrees to pay over $1 million to ransomware extortionists - This is not good: Nayana, a South Korean web hosting firm, was hit hard by a ransomware attack earlier this month which hit over 153 of its Linux servers, and impacting over 3,400 websites the company hosts for its business customers. Nayana’s systems are thought to have been hit by a Linux variant of the Erebus ransomware, designed to encrypt files on web servers and demand a payment for the data’s safe return. In all, Erebus hints for 433 different file types on web servers – including documents, databases, images and videos.
    8. Many companies have been hacked, but please dont make it THIS easy - Yea, so like, don't just leave stuff laying around, its something I tell my kids: UpGuard researcher Chris Vickery discovered that a contractor employed by the Republican National Committee (RNC) had carelessly left databases containing information on a staggering 198 million potential voters exposed to the internet – meaning anyone who knew where to look could download it without entering any passwords. Yes, that’s right. No password required.
    9. Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3) - The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The SMBv1 is one of the internet's most ancient networking protocols that allows the operating systems and applications to read and write data to a system and a system to request services from a server. The WannaCry ransomware, which wreaked havoc last month, was also leveraging an NSA's Windows SMB exploit, dubbed EternalBlue, leaked by the Shadow Brokers in its April data dump. and the peasants rejoiced.

    Expert Commentary: Jason Wood, Paladin Security

    Erosion of ISP privacy rules sparks new anti-snooping efforts

    The battle over privacy of online communications continues unabated. In reaction to the US Senate voting to rollback several scheduled FCC privacy rules, 22 states have responded with legislation that sets several requirements for privacy. At this point, the legislation in these states is only proposed and has not been implemented into law. It is an interesting development in this latest round of the privacy wars.

    This current battle began back in October of 2016 when the FCC voted to set rules on the information that ISPs would be allowed to collect. These rules would have prevented them from using and selling information such as application usage, browsing histories, mobile location data and more. The ISP industry was hoping to build a new revenue stream by selling advertising targeting these users by their activities and interest. Then in March of this year, the US Senate voted to rollback privacy rules that were scheduled for implementation. Reaction from the ISPs was obviously positive, though consumers were not so pleased. This reaction has, in part, led to the response of individual states to create their own privacy legislation.

    So far, US consumers have not had significant protection from the ISPs in regards to their online activities. The FCC rules never were actually implemented and were only to be scheduled to be so. Nevertheless, consumers do not like the idea of their ISPs recording and reselling their online activities. This has actually caused a spike in interest in VPN services by non-technical consumers who want to avoid this situation. Privacy is at this time is a complicated issue and something that consumers both expect and give up on a regular basis. As the battle has now reached down to the state legislature, it might be a good idea to take the time to write or meet with your state representatives. Let them know what your concerns are and what you would like to see happen. These people are generally more accessible than our federal representatives and could help start similar legislation in your state if it is not already occurring.