Announcements<br /><ul><li>Malcon 2011 : Call for Paper </li></ul>http://malcon.org/cfp/<br />Venue: Mumbai , Nov -2011<br /><ul><li>CFP for nullcon 2012 (Tritiya) is open!!!</li></ul>http://nullcon.net/cfp-nullcon/<br />Venue : Goa, Feb -2012<br /><ul><li>ClubHACK 2011 : CFP closes 2nd week of Oct</li></ul>http://clubhack.com/2011/<br />Venue: Pune, first weekend of December.<br />
We comply with UK Law. If request for information came from overseas ,it should come from UK channels only</li></ul>-- arstechnica, hidemyass blogs<br />
SSL Broken … Again<br /><ul><li>2 Researchers : Juliano Rizzo and Thai Duong at Ekoparty Security Conference.
Presented New Fast block-wise chosen plaintext attack against AES algorithm in SSL/TLS.
TLS version 1.0– vulnerable . TLS v1.1 and 1.2 : not vulnerable</li></ul> but major websites uses TLS v1.0 as later are unsupported in browsers<br /><ul><li>Old vulnerability & ignored for years due to crypto people thought its unexploitable.
How it works ? And Patches ?<br /><ul><li> a.k.a Cryptographic Trojan Horse
Then works with network sniffer to look for active TLS connections. </li></ul>Grabs and decrypt HTTPS authentication cookie.<br /><ul><li>Workarounds are possible but real solution is switch to newer protocol.</li></ul>Workarounds by browser vendors:<br /><ul><li>Chrome developer version 15.0 making attack more complex.
Firefox considering to disable java but it will break many websites and functionalities
Microsoft working on Windows Update to fix the issue. </li></ul>Advisory: 2588513<br />-- technet , chrome, mozilla blogs<br />
Mysql.com compromised <br />spreading malware to visitors<br /><ul><li> Last Time (March-2011) it was SQL injection.
TrendMicro found in Russian </li></ul>underground forum hacker <br />sourcec0de selling root<br />access of mysql.com clusters<br /><ul><li>Price starts from 3000$</li></ul>-- armorize, SANS ISC, TrendMicro <br />
The Good, the Bad and the Ugly of Microsoft<br />The Good Microsoft:<br /><ul><li>Microsoft does it again , Takes down Kelihos Botnet.
Previously Rustock botnet taken down.</li></ul>The Bad Microsoft:<br /><ul><li>Microsoft Security Essential detected chrome.exe as piece of malware </li></ul>( PWS: Win32)<br /><ul><li>Microsoft released emergency update to the signature to fix the issue.
New Type of boot environment :</li></ul> replaces standard BIOS process. <br /><ul><li> UEFI is a part of windows 8 secured</li></ul>Boot architecture.<br /><ul><li>To ensure that pre-OS environment is secure
System with UEFI enabled & Microsoft </li></ul>signing keys will only boot secure Windows OS.<br /> Major Concern: <br /><ul><li>Dual booting non windows OS such as Linux
installing new hardware with unsigned keys drivers</li></ul>-- msdn blogs, cnet , <br />
Reverse Proxy bypass of Apache<br /><ul><li>Apache webservers affected with this issue </li></ul>when running in reverse proxy mode.<br /><ul><li>Could let attackers access DB, firewalls, routers and other internal network resources.
Misconfiguration in rewrite rule in Apache config file.</li></ul>RewriteRule ^(.*) http://internalserver:80$1 <br />RewriteRule ^(.*) http://internalserver:80/$1 <br /><ul><li>Apache issued patch to stop these type of attacks. CVE-2011-3368.patch
IIS could also be vulnerable if it is importing apache mod_rewrite rules.</li></ul>-- contextis.com blog, seclists.org full disclosure <br />
German Federal Trojan: R2D2<br /><ul><li>“Lawful interception” malware program to spy on citizens
Reverse engineered and analyzed by European Chaos Computer Club (CCC). Submitted to ccc anonymously
Not only sends data but also offers remote control or backdoor functionalities to upload and execute arbitrary programs</li></ul>Sony : Game is not over<br /><ul><li>CISO informs breach of 93000 accounts (PSN and SOE)
Attackers used large amount of data obtained from compromised lists of other companies
Claims credit card information is not at risk</li></ul>-- ccc.de , PlayStation blogs<br />
XSS in Skype for iOS<br /><ul><li>XSS bug in iPhone and iPad version of Skype client
Incorrect webkit settings allows an attacker to directly access files on device including address books.</li></ul>More details:<br />https://superevr.com/blog/2011/skype-xss-explained/<br />Backdoor in HTC Android Smartphones<br /><ul><li>Vulnerability in app called HtcLogger.apk found by androidpolice.com
App collects all kinds of data and provides to anyone who asks by opening a local port
Any app with INTERNET permission can access the information and can send data to remote server.
Patch Promised by HTC ..will be firmware OTA update.
Till then if you are rooted, remove HtcLogger.apk </li></ul>-- h-online, androidpolice, allthingsd.com<br />
News Overview<br /><ul><li>Newer and more complicated android malware variants are expected to emerge.
ANDROIDOS_ANSERVER.A : arrives as a eBook reader app and Uses encrypted blog posts as C & C.
New Zeus Crimeware toolkit comes with peer-to-peer design.
Harder to takedown such botnets as No centralized C & C server which they can infiltrate or shut down.
AmEx Debug Mode left site wide open, providing access to vulnerable debug tools
Security Issue was noticed by developer Niklas Fermerstand.
Difficulties in finding security contact when contacted via twitter.