News bytes Oct-2011


Published on

Null + OWASP + SecurityXploded + Garage4hackers Meet at Bangalore

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

News bytes Oct-2011

  1. 1. Null / OWASP / SecurityXploded / Garage4hackers Meetup <br />About me: <br />Ashwin Patil<br /> GCIH, RHCE, CCNA<br /> 2+ in Infosec<br />
  2. 2. Announcements<br /><ul><li>Malcon 2011 : Call for Paper </li></ul><br />Venue: Mumbai , Nov -2011<br /><ul><li>CFP for nullcon 2012 (Tritiya) is open!!!</li></ul><br />Venue : Goa, Feb -2012<br /><ul><li>ClubHACK 2011 : CFP closes 2nd week of Oct</li></ul><br />Venue: Pune, first weekend of December.<br />
  3. 3. Security Conferences happened<br /><ul><li>Brucon 2011</li></ul>Slides (Some) posted :<br /><ul><li>Derbycon 2011 </li></ul>Videos Posted :<br /><ul><li>HITB SecConf 2011 </li></ul>Slides being Posted on Fly :<br />
  4. 4. Arrest of Lulzsec Members<br /><ul><li>FBI arrested lulzsec member Recursion : Cody Kretsinger,23
  5. 5. Accused of using SQL injection attacks against Sony.
  6. 6. Earlier in UK : 2 more arrests happened claimed to be Kayla and Topiarry.
  7. 7. Ringleader Sabu tweeted only 2 left.
  8. 8. Group chatlog revealed use of HideMyAss`s Proxy service to disguise his IP in SONY attack.
  9. 9. The site followed court order asking for information for above case.</li></ul>UK based Company explained –<br /><ul><li>VPN services are not designed to commit illegal activity.
  10. 10. We only log time you connect and disconnect.
  11. 11. We comply with UK Law. If request for information came from overseas ,it should come from UK channels only</li></ul>-- arstechnica, hidemyass blogs<br />
  12. 12. SSL Broken … Again<br /><ul><li>2 Researchers : Juliano Rizzo and Thai Duong at Ekoparty Security Conference.
  13. 13. Presented New Fast block-wise chosen plaintext attack against AES algorithm in SSL/TLS.
  14. 14. TLS version 1.0– vulnerable . TLS v1.1 and 1.2 : not vulnerable</li></ul> but major websites uses TLS v1.0 as later are unsupported in browsers<br /><ul><li>Old vulnerability & ignored for years due to crypto people thought its unexploitable.
  15. 15. P.O.C. Application : BEAST : Browser Exploit Against SSL/TLS </li></ul>-- theregister, threatpost <br />
  16. 16. How it works ? And Patches ?<br /><ul><li> a.k.a Cryptographic Trojan Horse
  17. 17. Injects client side BEAST code in victims browser. (iframe/JavaScript)
  18. 18. Then works with network sniffer to look for active TLS connections. </li></ul>Grabs and decrypt HTTPS authentication cookie.<br /><ul><li>Workarounds are possible but real solution is switch to newer protocol.</li></ul>Workarounds by browser vendors:<br /><ul><li>Chrome developer version 15.0 making attack more complex.
  19. 19. Firefox considering to disable java but it will break many websites and functionalities
  20. 20. Microsoft working on Windows Update to fix the issue. </li></ul>Advisory: 2588513<br />-- technet , chrome, mozilla blogs<br />
  21. 21. compromised <br />spreading malware to visitors<br /><ul><li> Last Time (March-2011) it was SQL injection.
  22. 22. Simply visiting website serves malware through JavaScript </li></ul>and redirects to malicious domains hosting Blackhole exploit kit.<br /><ul><li>Discovered by first armorize
  23. 23. TrendMicro found in Russian </li></ul>underground forum hacker <br />sourcec0de selling root<br />access of clusters<br /><ul><li>Price starts from 3000$</li></ul>-- armorize, SANS ISC, TrendMicro <br />
  24. 24. The Good, the Bad and the Ugly of Microsoft<br />The Good Microsoft:<br /><ul><li>Microsoft does it again , Takes down Kelihos Botnet.
  25. 25. Estimated 41000 compromised hosts, capable of sending 3.8 billion spam messages
  26. 26. Previously Rustock botnet taken down.</li></ul>The Bad Microsoft:<br /><ul><li>Microsoft Security Essential detected chrome.exe as piece of malware </li></ul>( PWS: Win32)<br /><ul><li>Microsoft released emergency update to the signature to fix the issue.
  27. 27. Chrome also released update to fix the issue
  28. 28. Microsoft is joining anti-flash crowd.
  29. 29. Metro version of IE 10 in windows 8 will not accommodate plugins.</li></ul>-- arstechnica, threatpost , chrome, cnet blogs<br />
  30. 30. Continued …<br />The Ugly Microsoft<br /><ul><li>UEFI : Unified Extensible Firmware Interface
  31. 31. New Type of boot environment :</li></ul> replaces standard BIOS process. <br /><ul><li> UEFI is a part of windows 8 secured</li></ul>Boot architecture.<br /><ul><li>To ensure that pre-OS environment is secure
  32. 32. System with UEFI enabled & Microsoft </li></ul>signing keys will only boot secure Windows OS.<br /> Major Concern: <br /><ul><li>Dual booting non windows OS such as Linux
  33. 33. installing new hardware with unsigned keys drivers</li></ul>-- msdn blogs, cnet , <br />
  34. 34. Reverse Proxy bypass of Apache<br /><ul><li>Apache webservers affected with this issue </li></ul>when running in reverse proxy mode.<br /><ul><li>Could let attackers access DB, firewalls, routers and other internal network resources.
  35. 35. Misconfiguration in rewrite rule in Apache config file.</li></ul>RewriteRule ^(.*) http://internalserver:80$1 <br />RewriteRule ^(.*) http://internalserver:80/$1 <br /><ul><li>Apache issued patch to stop these type of attacks. CVE-2011-3368.patch
  36. 36. IIS could also be vulnerable if it is importing apache mod_rewrite rules.</li></ul>-- blog, full disclosure <br />
  37. 37. German Federal Trojan: R2D2<br /><ul><li>“Lawful interception” malware program to spy on citizens
  38. 38. Reverse engineered and analyzed by European Chaos Computer Club (CCC). Submitted to ccc anonymously
  39. 39. Used by German police forces.
  40. 40. Not only sends data but also offers remote control or backdoor functionalities to upload and execute arbitrary programs</li></ul>Sony : Game is not over<br /><ul><li>CISO informs breach of 93000 accounts (PSN and SOE)
  41. 41. Attackers used large amount of data obtained from compromised lists of other companies
  42. 42. Claims credit card information is not at risk</li></ul>-- , PlayStation blogs<br />
  43. 43. XSS in Skype for iOS<br /><ul><li>XSS bug in iPhone and iPad version of Skype client
  44. 44. Incorrect webkit settings allows an attacker to directly access files on device including address books.</li></ul>More details:<br /><br />Backdoor in HTC Android Smartphones<br /><ul><li>Vulnerability in app called HtcLogger.apk found by
  45. 45. App collects all kinds of data and provides to anyone who asks by opening a local port
  46. 46. Any app with INTERNET permission can access the information and can send data to remote server.
  47. 47. Patch Promised by HTC ..will be firmware OTA update.
  48. 48. Till then if you are rooted, remove HtcLogger.apk </li></ul>-- h-online, androidpolice,<br />
  49. 49. News Overview<br /><ul><li>Newer and more complicated android malware variants are expected to emerge.
  50. 50. ANDROIDOS_ANSERVER.A : arrives as a eBook reader app and Uses encrypted blog posts as C & C.
  51. 51. New Zeus Crimeware toolkit comes with peer-to-peer design.
  52. 52. Harder to takedown such botnets as No centralized C & C server which they can infiltrate or shut down.
  53. 53. AmEx Debug Mode left site wide open, providing access to vulnerable debug tools
  54. 54. Security Issue was noticed by developer Niklas Fermerstand.
  55. 55. Difficulties in finding security contact when contacted via twitter.
  56. 56. AmEx responded and shut down debug mode
  57. 57. Facebook is partnering with Websense to protect its members from malware and malicious web sites.
  58. 58. When Facebook user clicks on a link, it will be checked against Websense database.
  59. 59. if links is malicious, user will be presented a choice to continue or not on his risk.</li></ul>--theregister,, TrendMicro, bbc. networkworld,<br /><br />
  60. 60. Security Tools Releases<br /><ul><li> sshtrix-0.0.2.tar.gz:Very fast Multithreaded SSH Login cracker
  61. 61. Malware Analyzer 3.5:Malware Analyzer is freeware tool to perform static and dynamic analysis on malwares
  62. 62. ExeScan : PE File Anomaly Detector Tool by SecurityXploded
  63. 63. Another File Integrity Checker 2.18: another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms
  64. 64. WebCookiesSniffer: Packet sniffer tool displays all cookies in a simple Table form.
  65. 65. fbpwn: A cross-platform Java based Facebook social engineering framework
  66. 66. Zscaler Like Jacking Prevention:Plugin for browser to keep users safe from Facebook scams.
  67. 67. PuttyHijackV1.0.rar: POC Tool to hijack putty sessions by injecting dll in process.
  68. 68. Websecurify :Powerful, cross-platform web security testing technology
  69. 69. owasp-wte: OWASP Web Testing Environment.
  70. 70. wpscan: Wordpress security scanner</li></li></ul><li>Security Reading <br /><ul><li>Microsoft Security Intelligence Report (SIR) Volume 11
  71. 71. Best Practices for reporting Badware URLs
  72. 72. Post Exploitation Command Lists for Win, Unix, OS X: Excellent Reference for post exploitations
  73. 73. This Python has Venom: Symantec blog covering python Trojan
  74. 74. Cracking Passwords Version 1.1
  75. 75. Busting Windows in Backtrack 5 : Armitage demo in Backtrack 5
  76. 76. Evading Antimalware Engines via Assembly Ghostwriting
  77. 77. Bypassing Windows 7 Kernel ASLR
  78. 78. Clubhack Magazine : Oct 2011</li></li></ul><li>Thank You<br />R.I.P. Steve jobs and Dennis Ritchie<br />Comments ,Feedbacks, Suggestions<br />Twitter : @ashwinpatil<br />LinkedIn :<br />Slideshare : ashwin_patil<br /><br />Photo Credits: Wikipedia<br />