Hack Naked News 109 January 31 2017

From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #109

Recorded January 31, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Don Pezet
    CTO and Co-Founder of ITProTV, EdutainmentLIVE host, industry veteran, Weird Al aficionado.
  • News

    This week,

    ITPro.TV Annoucenment: "Upcoming courses include Cybersecurity Analyst+, CCNA Cyber Ops, ITIL Operational Support and Analysis, and Microsoft System Center. ITProTV is introducing a new membership level soon. All current Premium Members will be granted the highest membership level available, so​ ​sign up today! Visit itpro.tv/hacknaked and use code ​ HN30."

    • InfoSecWorld - Your 10% off discount code to promote to your members is OS17-SW. This will give them 10% off the main conference or the World Pass.
    • 2017 SOURCE Boston Proposal - Code SECURITYWEEKLY for $100 off either a conference ticket or one of the trainings. The early bird prices are currently in effect, but they can get an additional discount by using your code.
    • Charity Event Shaves that Save at the RSA Conference 6:00 pm - 8:00pm PT on Wednesday, Feb 15, 2017 At the RSA Conference Moscone Center South, Gateway Ballroom / Viewing Room To register / more details: https://www.stbaldricks.org/events/infosecshaves2017

    Security News

    1. Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass - A security researcher at Trustwave discovered an authentication disclosure vulnerability in 20 different model Netgear routers. Simon Kenin analyzed some exploits released in 2014 and eventually figured out that with just one request to the web administration interface the routers would reveal the password. The flaw was part of the password recovery functionality in the associated firmware. CVE-2017-5521 Simon's post is a great read, detailing how one of the web application's server-side scripts ignored any passed parameters and simply returned the current admin password. After a long disclosure process Netgear has release firmware updates to correct this issue.
    2. Forgot your GitHub password? Facebook cooks up spec to reset logins via social network - Facebook has published an open specification for password recovery. Sources state that password recovery methods that use email and cell phone SMS messages to recover your password are insecure, because someone could already have access to your email or have stolen your phone. The solution? Provide Facebook with a token, so when you forget or lose your password to another service, you can log into Facebook and recover that service's account. I fail to see how your Facebook account is any more or less secure than your email or cell phone, but I digress. On the up side, Facebook has implemented two-factor authentication using the U2F open standard, which I've tested and really like. At least thats a step in the right direction. This program is currently being tested with GitHub.
    3. We don't want to alarm you, but PostScript makes your printer an attack vector - While many printer vulnerabilities and associated exploits garner little attention, this one has the potential for disaster. Attackers have figured out a way to create a malicious web page that will determine of your system is connected to a printer or on the same network as a printer. From there the attackers use Postscript to essentially execute a cross-site scripting attack against your printer. Until the printer is reboot, attackers can place code on vulnerable printers that will give them the ability to intercept all print jobs sent to the printer, even ones sent by other users. This vulnerability is believed to be present in printers supporting Postscript, which represent most printers released in the past 32 years. Some nifty attack vectors come in to play in order to pull off this attack, including cross-origin resource sharing (CORS) and abusing XMLHttpRequest (XHR) using JavaScript. Full details of this attack, along with proof-of-concept code can be found at hacking-printers.net. Word is more printer exploits will be released on this site in the future, so check back for more carnage.
    4. Ransomware Shut Down Most Washington Surveillance Cameras - Ransomware disabled 183 security cameras, and the presidential inauguration web site, earlier this month. Ransom was demanded, however officials chose to wipe all of the equipment and re-install all of the software rather than pay the ransom. No word on how these systems got infected, but lets hope they changed the default passwords.
    5. Want to bring down that pesky drone? Try the power of sound - Similar to how a wine glass will break when playing sounds at a certain frequency, the same can be done to take down a drone. Be sending sound waves inaudible to humans, researchers have figured out a way to disrupt drones. In a talk at Enigma 2017 Yongdae Kim, professor in the Korea Advanced Institute of Science and Technology’s Graduate School of Information Security, showed how active and passive sensors can be hacked by simple laser pointer or speakers set on just the right frequency. Thankfully this is fairly easy to block. as you can simply cover the transparent sections of the device in masking tape.