Phone Motion Sensors: The New Attack Vector

January 23, 2019 by Marc Handelman in Attack Vectors, Attack Analysis, Information Security

Quite likely, this subterfuge attack, utilizing one of the more clever methods to evade detection to date, is the new attaque-du-jour.

Proof(s) →

May 26, 2018 by Marc Handelman in Attacks, Attack Analysis, Attack Kill Chain, Attack-Proof Code, Code

Kevin Hartnett, Senior Writer at Quanta Magazine, expounds on the notion of formal code verification when used to provide assurance of attack-proof code... Similar to unsinkable ocean liners? Or, is it only a matter of time before a successful attack is mounted thereupon? Is attack-proof code provable utilizing proofs (as in mathematical proofs)? You be the judge.

'“They were not able to break out and disrupt the operation in any way,” said Kathleen Fisher, a professor of computer science at Tufts University and the founding program manager of the High-Assurance Cyber Military Systems (HACMS) project. “That result made all of DARPA stand up and say, oh my goodness, we can actually use this technology in systems we care about.”' - via Kevin Hartnett, Senior Writer at Quanta Magazine

Illustration from the Kaspersky Labs Document.

Six Years The Lurker →

March 12, 2018 by Marc Handelman in Vulnerable Systems, Vulnerability Research, Vulnerabilities, Attack Analysis, APT

Dan Goodin, writing at ArsTechnica, provides us with the surreptitious history of the malice-filled code-miscreant APT monikered Slingshot; of which, is apparently an alternatative mwthod of describing the devil's offspring in code-complete form. More, here.

"The researchers still don't know precisely how Slingshot initially infected all its targets. In several cases, however, Slingshot operators got access to routers made by Latvian manufacturer MikroTik and planted a malicious code in it." - via Dan Goodin, slaving away over a sizziling keyboard at ArsTechica

Apple, Heal Thyself →

February 15, 2018 by Marc Handelman in Information Security, Attack Vectors, Attack Analysis

Felix Krause, well-known founder of fastlane, has discovered a procedural + programmatic heretofore undiscussed attack vector of rather gaping proportions... Namely, the capability of any Mac application to leverage connectivity to the desktop screen grab routine (presumably the CGImageRef routine, as reported by Mr. Krause). Bad news for all users of Apple Hardware and software. Indeed. Read Mr. Krause's Open Radar (rdar://37423927) entry. Listen up Apple Inc...

North Korean Dingus of Mass Disruption →

November 28, 2017 by Marc Handelman in All is Information, Attack Analysis, Cybersecurity, Cyberwar, Information Security, Electronic Warfare

Erudite write-up by Adam Meyers (opining at 38North) in which, Adam details the cyberweapons of mass disruption (in this case the primary weapons discussed are WannaCry, the Wiper Attack and who-can't-forget the electronic Bonnie-and-Clyde aka the 2016 SWIFT attack on the Bank of Bangladesh). Enjoy!

"North Korean offensive cyber operations have been conducted to collect sensitive political and military intelligence information, to lash out at enemies who threaten their beliefs and interests, and most interestingly, to generate revenue." - Adam Meyers writing at 38North)

Ira Winkler's 'How to Hack a Navy Vessel'

August 28, 2017 by Marc Handelman in US Navy, Information Security, Attack Analysis, Attack Vectors, Asymmetry, Must Read

The USS John S. McCain (DDG56) underway long before the collision that killed, maimed and injured many of our nations finest Sailors.

Today's Must Read - Ira Winkler's 'How to Hack a Navel Vessel' - Ira's well-crafted, on-target and plausible thought piece discussing the potential for electronic systems intrusion utilizing a Denial of Service modus related to the four reported damage incidents and the tragic loss of life of our Navy personnel and fellow citizens while United States Navy Vessels were underway.

Node Package Manager, Tribulátio, In Paradiso

August 23, 2017 by Marc Handelman in Attacks, Attack Analysis, Security Development, Security Failure, Security Flaws, Information Security, Infosec Competence

Well, looks like there is a bit of bother at npm, what with the security failures of recent import. Read Adam Shostack's well-crafted piece detailing what's broken, and what to do about it (it being fairly obvious once you read his thoughtful post). Enjoy.

"In June, security researcher ChALkeR explained how he "obtained direct publish access to 14% of npm packages (including popular ones). The estimated number of packages potentially reachable through dependency chains is 54%." Then, there was a typo-squatting attack that went undetected for two weeks. And just a few days ago, Ivan Akulov reported on malicious packages in npm." - via Adam Shostack, writing at IANS

ATM Equals 'All The Money' →

May 03, 2017 by Marc Handelman in All is Information, Attack Analysis, Attack Vectors, Bank Security, Crime, Criminal Enterprise, Hardware Security, Information Security, Financial Security

John Leyden, writing at El Reg, tells the tale of the latest ATM SNAFU. All based on CVE-2017-6968... Astonishing, indeed.

"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg

Splunked, The Leak →

April 06, 2017 by Marc Handelman in All is Information, Analytics, Attack Analysis, Data That Is Big, Information Sciences, Information Security

via the eponymous Richard Chirgwin, whilst writing at El Reg, comes this unfortunate tale of security flaws within Splunk Enterprise (now, happily patched). First discovered by John Page (aka hyp3rlinx), and published via an advisory at Full Discosure. Here's hyp3rlinxs' source.

For the Record: We have always been pleased with Splunk products, and, most importantly, they are fast and focused when fixing issues.

The takeway? Make an effort to be extraordinarily cognizant of the threats posed by log and machine generated data aggregation in the enterprise. That is all.

BSides Tampa 2017, Andy Thompson 's Advanced Targeted Attack →

March 21, 2017 by Marc Handelman in All is Information, Attack Analysis, Conferences, Education, Information Security

Finnish HVAC Systems DDoS'd →

December 13, 2016 by Marc Handelman in All is Information, Attack Analysis, DDoS, Information Security

News, via Finnish site Metropolitan, of a DDoS attack on computer-managed HVAC systems in the town of Lappeenranta, Finland. In a country situated geographically as Finland, this attack should be construed as a life safety issue. H/T

POC PwnFest - Safari Compromised →

November 14, 2016 by Marc Handelman in All is Information, Attack Analysis, Conferences, Information Security, Cruft

News from the Past (the recent past, that is) - Apple Inc. (NasdaqGS: AAPL) Safari drops the drawbridge, and is summarily PWND at POC PwnFest 2016. The exploit took twenty seconds to work its magic... Cruft, the gift that keeps on giving; hearty congratulations to PANGU for their outstanding effort.