From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #145

Recorded October 17, 2017 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Don Pezet
    CTO and Co-Founder of ITProTV, EdutainmentLIVE host, industry veteran, Weird Al aficionado.
  • News

    1. What You Should Know About the KRACK WiFi Security Weakness - A weakness is the key exchange in WPA2 was found to have flaws that could allow attackers to perform MITM and other attacks. Lets review some of the facts surrounding the KRACK attacks: First, an attacker has to be on the same WiFi network as the victims, not necessarily with a stronger signal than the legitimate APs, but within range and force the clients to change channels (which is built into the 802.11 protocol). The newly discovered flaws take advantage of the weaknesses in WPA2 itself, specifically the 4-way handshake. It does not require knowledge of the pre-shared key and works regardless of EAP type in WPA2 Enterprise networks. Largely this is an issue with the client software, and Linux and Android are most vulnerable because they use WPA Supplicant from the OpenBSD project. Wireless APs could detect the attack, so be on the lookout for new firmware for your access points and new software for your clients. I fear that many IoT devices that have wireless clients may be vulnerable and never receive updates. Apple and Microsoft products are vulnerable, but not to the extent as Linux-based platforms. Tune-in to Paul's Security Weekly this Thursday evening for a full discussion with our resident wireless expert Larry Pesce.
    2. Security Flaw in Infineon Smart Cards and TPMs - If that wasn't enough: A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. The attack has been dubbed ROCA stands for the Return of Coppersmith's Attack and Ultimately, the company's pseudorandom number generator didn't generate truly random numbers, said University of Surrey cryptography specialist Professor Alan Woodward.
    3. Google Busy Removing More Malicious Chrome Extensions from Web Store - Google scrambled this week to remove a malicious Chrome extension from its store and users’ machines after a popular Twitter account disclosed the issue publicly. The incident ramped up again one day later when the developers were able to get two other shady plugins past Google’s defenses before those were removed. Wow, this is starting to remind me of Wordpress plugins...
    4. Yet Another Linux Kernel Privilege-Escalation Bug Discovered - Security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Discovered by Venustech ADLab (Active-Defense Lab) researchers, the Linux kernel vulnerability (CVE-2017-15265) is due to a use-after-free memory error in the Advanced Linux Sound Architecture (ALSA) sequencer interface of the affected application.
    5. Dangerous Malware Allows Anyone to Empty ATMsAnd Its On Sale! - Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker. Hopefully you could make a good return on the investment!
    6. Equifax, TransUnion Hit by Malicious JavaScript Security Risk - As it turns out, the vulnerability was not the result of a new breach at Equifax, but rather the result of third party JavaScript code used for website performance tracking. The same issue also allegedly impacted Equifax's rival TransUnion, according to security firm MalwareBytes. More just picking on the credit scoring industry, highlighting the lack of attention to security.
    7. Adobe Patches Zero-Day Used To Plant Gov't Spying Software - On Monday, researchers from Kaspersky Lab revealed the new, previously unknown vulnerability which has been actively used in the wild by advanced persistent threat (APT) group BlackOasis. Originally discovered by Kaspersky's Anton Ivanov, the flaw, CVE-2017-11292, is a critical type confusion vulnerability that could lead to code execution on Windows, Mac, Linux and Chrome OS systems.