Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security news bytes

91 views

Published on

Presentation at NULL meet at Pune on 13th August 2016

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security news bytes

  1. 1. Security News Bytes - Aniket Rastogi
  2. 2. Severe Vulnerabilities identified in HTTP/2  The new HTTP/2 protocol (considered a replacement to the HTTP/1) was approved by the IESG in February 2015  Included the benefits over the HTTP/1 like header compression, multiplexing and concurrency and Server push  There were 4 major flaws identified in the protocol which as mentioned below:  Slow read attack or the Slowloris attack (CVE-2016-1546) – Attack calls on a malicious client to read responses very slowly. This vulnerability also existed in HTTP/1.1 protocol  HPACK Bomb Attack (CVE-2016-1544, CVE-2016-2525) – An attacker sends a small message to the server that unpacks into gigabytes of data thereby consuming all the server memory resources  Dependency Cycle Attack (CVE-2015-8659) - A specially crafted requests can be used to prompt a dependency cycle getting the server into an infinite loop. Can cause a DoS attack or allow to run arbitrary code.  Stream Multiplexing Abuse (CVE-2016-0150) - Attack allows attacker to exploit vulnerabilities in the way servers implement the stream multiplexing functionality in order to crash the server.  All these vulnerabilities have now been fixed!!!
  3. 3. Bitcoins worth USD $72 Million stolen  Hong Kong-based Bitcoin exchange 'Bitfinex' had shutdown its operation on 2nd August 2016, after discovering a security breach that allowed an attacker to steal some user funds.  The cause of the breach and the people behind the incident is still not known, but the attackers appear to have bypassed Bitfinex’s mandated limits of withdrawals.  Bitfinex is the third-largest Bitcoin exchange in the world.  After the news of the Bitfinex hack, the price of Bitcoin dropped almost 20%, from $602.78 to $541 per Bitcoin, within a day  Bitfinex's security firm Bitgo — a Bitcoin security company that allows bitcoin exchanges to provide separate, multi-signature wallets for each user's funds said it did not find any evidence of a breach on any BitGo servers during its investigation  So is this a possible case of corporate vengeance to bring down bitcoin popularity or is it an insider job, only time will tell
  4. 4. Torrentz.eu Shutdown!!!  Few days after US authorities arrested the owner of Kickass Torrents in Poland, Torrentz.eu, the Internet's biggest BitTorrent meta-search engine, has shut down  Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines  The purpose of the site was to index torrents from several large portals and aggregate all the different trackers. This allowed users to download torrent files with multiple trackers in their source, speeding up downloads and preventing dead links in case servers went down  All Torrentz backup domains including the main .EU domain and its backups .ME, .CH, and .IN are also down. The site's HTTPS version also features the messages “Torrentz will always love you. Farewell”  With legal pressure increasing on The Pirate Bay and following the Kickass Torrents arrests, many piracy portals have decided to shut down on their own, so could be the case with torrentz as well  A possibility of a hostile takeover by a group of attackers can not be neglected as such websites generally do not have strong defense controls
  5. 5. Other News…  A newly discovered PoS (Point-of-Sale) malware can bypass computer defences such as User Account Control (UAC) by posing as a legitimate Microsoft application, Doctor Web researchers have discovered  Adobe’s Flash Player might be the most targeted product when criminal exploit kits are involved, but Microsoft products such as Office, Windows and Internet Explorer take centre stage when Russian advanced persistent threat (APT) groups are involved  Just two weeks after Chrome 52 was released in the stable channel, Google has issued an update to resolve 10 security vulnerabilities, 7 of which were discovered by external developers
  6. 6. THANK YOU!!!

×