eng-mosaed
Eng.Mosaed's Log
216 posts
A Computer geek who knows how to deal with zeros and ones better than dealing with human beings...
Don't wanna be here? Send us removal request.
eng-mosaed · 9 years ago
Photo
Tumblr media
How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds...!
In a joint surveillance program, the US intelligence agency NSA (National Security Agency) and the British intelligence agency GCHQ (Government Communications Headquarters) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets. This could be one of the most shocking and embarrassing disclosures for Israel, who is the United States’ ally and prides itself on its technical capabilities. Published by The Intercept, the newly released documents from the former NSA contractor Edward Snowden revealed that in an operation dubbed "Anarchist," UK and US intelligence officials have been… 
...regularly accessing Israeli drone cameras, allowing them to watch live video feeds from drones and fighter jets while Israel bombed Gaza and spied on Syria. 
But, how the intelligence officials were able to do so. How did the Intelligence Agencies Hack into Israeli Drones? The Documents revealed that British Intelligence agency has installed Military-grade Interception systems at Royal Air Force compound in the Troodos Mountains (Cyprus), which is geographically very near to Israel and Syria. These Surveillance tools are capable of intercepting analog video feeds from Israeli and Syrian drones. With the help of some open-source software like Image Magick and AntiSky, agencies were able to decrypt and convert scrambled data from remotely piloted aircraft in order to track the movement of drones. The report includes several snapshots of Israeli drones collected in 2009 and 2010 that clearly indicates that Israel has drones with missiles and attack capabilities, which Israel doesn't publicly acknowledge. 
One snapshot revealed by The Intercept shows an Israeli IAI Heron Drone — a high-altitude strike drone with 350 kilometers range that is capable of carrying a weapon of a 1-ton load and staying aloft for more than 40 hours. Despite these leaked images offer the first direct public evidence that Israel flies attack drones, they provide rare visual evidence to support reports that aren't clear enough to conclude anything right now. For in-depth information, you can read the detailed report here.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
13 Million MacKeeper Users Hacked — 21 GB of Data Exposed
MacKeeper anti-virus company is making headlines today for its lax security that exposed the database of 13 Million Mac users' records including names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. MacKeeper is a suite of software that claims to make Apple Macs more secure and stable, but today the anti-virus itself need some extra protection after a data breach exposed the personal and sensitive information for Millions of its customers. The data breach was discovered by Chris Vickery, a white hat hacker who was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data.
21 GB Trove of MacKeeper Customer Data Leaked 31-year-old Vickery said he uncovered the 21 GB trove of MacKeeper customer data in a moment of boredom while searching for openly accessible databases on Shodan – a specialized search engine that looks for virtually anything connected to the Internet – that require no authentication.
"The search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed)," Vickery said in a Reddit post. "I had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random "port:27017" search on Shodan."
As a result, four IP addresses took him straight to a MongoDB database, containing a range of personal information, including:
Customer Names
Email addresses Usernames
Password hashes
Mobile phone numbers
IP addresses
System information
Software licenses and activation codes
Security Product Using Weak Algorithm to Hash Passwords Although the passwords were encrypted, Vickery believes that MacKeeper was using weak MD5 hashes to protect its customer passwords, allowing anyone to crack the passwords in seconds using MD5 cracking tools.
The company responded to the issue after Vickery posted it on Reddit, saying that the company had no evidence the data was accessed by malicious parties.
"Analysis of our data storage system shows only one individual gained access performed by the security researcher himself," Kromtech, the maker of MacKeeper, said in a statement. "We have been in communication with Chris, and he has not shared or used the data inappropriately."
Though the company claims Vickery was the only person to access the MacKeeper users’'information; you should still change your MacKeeper passwords and passwords on websites that use the same password.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
You can Hack into a Linux Computer just by pressing 'Backspace' 28 times...
So what would anyone need to bypass password protection on your computer? It just needs to hit the backspace key 28 times, for at least the computer running Linux operating system. Wait, what? A pair of security researchers from the University of Valencia have uncovered a bizarre bug in several distributions of Linux that could allow anyone to bypass any kind of authentication during boot-up just by pressing backspace key 28 times.
This time, the issue is neither in a kernel nor in an operating system itself, but rather the vulnerability actually resides in Grub2, the popular Grand Unified Bootloader, which is used by most Linux systems to boot the operating system when the PC starts.
The source of the vulnerability is nothing but an integer underflow fault that was introduced with single commit in Grub version 1.98 (December 2009) – b391bdb2f2c5ccf29da66cecdbfb7566656a704d – affecting the grub_password_get() function.
Here's How to Exploit the Linux Vulnerability If your computer system is vulnerable to this bug: Just hit the backspace key 28 times at the Grub username prompt during power-up. This will open a "Grub rescue shell" under Grub2 versions 1.98 to version 2.02. This rescue shell allows unauthenticated access to a computer and the ability to load another environment. From this shell, an attacker could gain access to all the data on your computer, and can misuse it to steal or delete all the data, or install persistent malware or rootkit, according to researchers Ismael Ripoll and Hector Marco, who published their research on Tuesday.
Here's How to Protect Linux System
The Grub vulnerability affects Linux systems from December 2009 to the present date, though older Linux systems may also be affected.
The good news is the researchers have made an emergency patch to fix the Grub2 vulnerability. So if you are a Linux user and worried your system might be vulnerable, you can apply this emergency patch, available here. Meanwhile, many major distributions, including Ubuntu, Red Hat, and Debian have also released emergency patches to fix the issue. Linux is often thought to be a super secure operating system compare to others, and this Grub vulnerability could be a good reminder that it's high time to take physical security just as seriously as network security.
7 notes · View notes
eng-mosaed · 9 years ago
Photo
Tumblr media
Juniper Firewalls with ScreenOS Backdoored Since 2012
Juniper Networks has announced that it has discovered "unauthorized code" in ScreenOS, the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs). It's not clear what caused the code to get there or how long it has been there, but the release notes posted by Juniper suggest the earliest buggy versions of the software date back to at least 2012 and possibly earlier
The backdoor impacts NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, states the advisory published by the company. However, there's no evidence right now that whether the backdoor was present in other Juniper OSes or devices. The issue was uncovered during an internal code review of the software, according to Juniper chief information officer Bob Worrall, and requires immediate patching by upgrading to a new version of the software just released today.
"Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections," Worrall said.
How Does the Backdoor Occur?
The backdoor occurred due to a pair of critical vulnerabilities:
First allows anyone to decrypt VPN traffic and leave no trace of their actions
Second allows anyone to complete compromise a device via an unauthorized remote access vulnerability over SSH or telnet.
In short, an attacker could remotely log-in to the firewall with administrator privileges, decrypt and spy on thought-to-be-secure traffic, and then even remove every trace of their activity.
Sounds awful, although Juniper claims the company has not heard of any exploitation in the wild so far and released patched versions of Screen OS that are available now on its download page.
1 note · View note
eng-mosaed · 9 years ago
Photo
Tumblr media
FBI Director Asks Tech Companies to At least Don't Offer End-to-End Encryption.
FBI declared War against Encryption. Encryption is defeating government intelligence agencies to detect terrorist activities and after the recent ISIS-linked terror attacks in Paris and California, the issue has once again become a political target in Washington. ...and meanwhile, Kazakhstan plans to make it Mandatory for its Citizens to Install Internet Backdoor, allowing the government to intercept users' traffic to any secure website and access everything from web browsing history to usernames and passwords.
FBI: For God's Sake, Don't Use End-to-End Encryption At a Senate hearing on Wednesday, FBI's Director James Comey called for tech companies currently providing users with end-to-end encryption to reconsider "their business model" and simply stop doing that, reported The Intercept.
Yes, instead of asking companies for a "backdoor" this time, Comey suggested them to adopt encryption techniques that help federal agencies intercept and turn over end-to-end encrypted communications when necessary.
"The government doesn't want a backdoor, but [it] hopes to get to a place where if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own the best way to do that," said Comey.
Comey: Keep Readable Version of Customers' Messages
End-to-end Encryption
is a secure communication that encrypts the data on the sender's system before passing it to a company server. The company then passes the encrypted data to the intended recipient, who is the only person who can decrypt it.
Nobody in between, be an application service provider, an Internet service provider (ISP), hacker, or even law enforcement officials, can read the data or tamper with it.
However, Comey is asking for the technology companies to retain a readable version of that initial data, just in case the authorities need it.
"There are plenty of companies today that provide secure services to their customers and still comply with court orders," he said. "There are plenty of folks who make good phones [and] are able to unlock them in response to a court order."
Terrorists and Encryption
Moreover, Comey also gave an example of a situation in which law enforcement officials faced obstacle because of encryption.
Here's the example Comey provided:
"In May, when two terrorists attempted to kill a whole lot of people in Garland, Texas, and were stopped by the action of great local law enforcement. That morning, before one of those terrorists, left to try to commit mass murder, he exchanged 109 messages with an overseas terrorist. We have no idea what he said because those messages were encrypted. That is a big problem."
You can watch his full speech at the Senate hearing in the video given below:
vimeo
FBI Director James Comey Talks Encryption from The Intercept on Vimeo.
So at last, the FBI director did not actually make crystal clear exactly what measures he wants tech companies to adopt, or whether he had favor laws to force the companies to do it. But, he made partially clear that he is not at all satisfied with the current need to encrypt devices.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
Is Telegram Really Secure? — 4 Major Privacy Issues Raised by Researcher
he terrorist groups are encouraging its followers to use Telegram to make their propaganda invisible from law enforcement, but some security experts believe that Telegram may not be as secure as jihadi advocates may like to believe. Telegram is an end-to-end encrypted messaging service that has been adopted by a lot more people than ISIS — as of last year, the company claimed more than 50 Million Telegram users sending 1 Billion messages per day. Terrorists love Telegram because it not only provides an encrypted Secret Chat feature that lets its users broadcast messages to unlimited subscribers but also offers self-destructing message allowing users to set their messages to self-destruct itself after a certain period.
Is Telegram Really Secure? In a blog post published Wednesday, the security researcher known as "the Grugq" pointed out several issues with Telegram that might obstruct terrorists from using it.
Here's the list of issues with Telegram:
1. Error prone
Telegram's end-to-end encrypted chat feature is not enabled by default. One has to select Secret Chat before start chatting, and it is not possible to encrypt an existing conversation.
2. Contact Theft
Telegram requires you to register a working phone number and uploads the entire Contacts database to its servers, helping it create a trail of breadcrumbs for law enforcement and investigators to follow.
"This allows Telegram to build a huge social network map of all its users and how they know each other," the Grugq wrote in his blog post.
3. Leak Voluminous Metadata
The use of a mobile phone can expose a wide range of metadata. Even if secure chat is enabled, law enforcement can collect other Metadata for sure by compromising the servers. This could help them track down who talked to whom, at what time, from which location, which will be an enough information for agencies seeking for possible suspects. For Example: If A and B are communicating with each other on encrypted channel, and A is on the suspect list of agencies, then they can at least figure out the connection between both using this Metadata.
4. Wonky Homebrew Encryption
Some security experts are also worried about the encryption that Telegram uses, although its encryption hasn't been publicly broken. Telegram has announced a contest to crack the app's encryption with a prize money of $300,000, but nobody claimed it. However, when it comes to nation-state adversary, one wouldn't trust encryption protection in Telegram, as the app might work for the average user, but is not secure enough for terrorists. Whatever be the privacy concerns regarding Telegram, the good news is: Telegram has blocked 78 ISIS-affiliated Channels that the terrorist used to communicate with their members, spread propaganda and plan operations.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
Black Hat Europe: Researchers demonstrate how to bypass LTE/4G security
LTE (4G) is more secure than GSM (2G) and UMTS (3G) but that doesn't make it impervious to International Mobile Subscriber Identity (IMSI) catchers.
That's the conclusion of a presentation due to be given at Black Hat Europe this week, by Ravishankar Borgaonkar, Altaf Shaik, N. Asokan, Valtteri Niemi and Jean-Pierre Seifert.
To prove the point, the researchers will build an LTE IMSI catcher and demonstrate how "most popular phones" fail the test courtesy of vulnerabilities in baseband software and deployed networks that bypass enhanced LTE security measures. If that weren't enough, the same team reckon it has also managed to perform what it describes as being rudimentary Denial of Service (DoS) attacks that effectively block the LTE signal and force the handset to dropdown to a 3G or 2G connection on demand.
The researchers from Aalto University, the Technische Universitat Berlin, University of Helsinki, University of Turku and Telekom Innovation Laboratories, claim that these represent the first wave of practical attacks aimed at 4G networks. Pinpointing a location invades privacy, and service disruption could prevent calls from being made. However, none put any data stored on the target devices at risk.
All of which is hugely interesting from a mobile network nerds perspective, pretty interesting from a security nerds perspective, but should ends users actually be worried by all of this or would they be better aiming their anxiety at existing credential logging, data stealing, money spending malware instead?
SCMagazineUK.com got in touch with Jonathan Parker-Bray, CEO of Criptyque and a former telecoms executive with 25 years of network building experience who has now moved into end-to-encryption with a secure mobile platform called Pryvate.
We asked him just how problematical, in the real world and for most users, is the notion that someone could triangulate the precise location of their smartphone or other mobile device?
"The thought of a hacker triangulating someone's mobile device is not only a worrying notion but a very real threat that could be used for many purposes such as criminals targeting high-profile individuals and professionals," Parker-Bray told us.
He said hackers "have access to tools which enable them to intercept and record calls and text messages from up to 30 kilometres away" which, when coupled with location knowledge, "could lead to critical communications being overheard."
Parker-Bray also pointed out that triangulation isn't actually even necessary to determine location as it's quite possible to obtain a user's unique MAC address from a cellular intercept, and that can then be monitored for approximate positioning of the device.
Wim Remes, strategic services manager EMEA at Rapid7, isn't so convinced it will concern most folk. “Most users already use a large amount of location apps. Find your friends, Swarm, Facebook, Twitter, Uber, Tinder and their peers hold and share information about where you are exactly at what moment. Not to mention a history of where you were," he said.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
Chrome Zero-day Exploit leaves MILLIONS of Android devices vulnerable to Remote Hacking
Hackers have found a new way to hack your Android smartphone and remotely gain total control of it, even if your device is running the most up-to-date version of the Android operating system. Security researcher Guang Gong recently discovered a critical zero-day exploit in the latest version of Chrome for Android that allows an attacker to gain full administrative access to the victim's phone and works on every version of Android OS. The exploit leverages a vulnerability in JavaScript v8 engine, which comes pre-installed on almost all (Millions) modern and updated Android phones.
All the attacker needs to do is tricking a victim to visit a website that contains malicious exploit code from Chrome browser. Once the victim accessed the site, the vulnerability in Chrome is exploited to install any malware application without user interaction, allowing hackers to gain remotely full control of the victim’s phone. Also Read: This Malware Can Delete and Replace Your Entire Chrome Browser with a lookalike This Chrome for Android zero-day exploit was practically demonstrated by Gong in a hacking contest MobilePwn2Own during the 2015 PacSec conference in Tokyo. Complete technical details on the exploit are not available yet, but the researcher has already alerted Google to the bug, and the company is expected to pay out a sizeable bug bounty for the exploit. Also Read: Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking Just to be on the safer side, Android users are advised to use alternative browsers until Google patches the vulnerability.
1 note · View note
eng-mosaed · 9 years ago
Photo
Tumblr media
Kim Dotcom's Decentralized Internet — For You, Powered By You
Imagine the internet that would offer you to communicate privately with anyone else without censorship, safe from the prying eyes of surveillance authorities…. … Decentralized, Encrypted, Peer-to-Peer Supported and especially a non-IP Address based Internet. Yeah, a New Private Internet that would be harder to get Hacked. This Internet is a dream of all Internet users today and, of course, Kim Dotcom – the Famous Internet entrepreneur who introduced legendary Megaupload and MEGA file sharing services to the World.
Kim Dotcom announced plans to start his very own private internet at the beginning of this year and has now revealed more details about MegaNet — a decentralized, non-IP based network that would share data via "Blockchains," the technology behind Bitcoins. On Thursday, Dotcom remotely addressed a conference in Sydney, Australia, where he explained how MegaNet will utilize the power of mobile phones and laptops to operate. How will MegaNet work? MegaNet will work on non-IP-based Internet that will use blockchains and new protocols to communicate and exchange data while using the Internet's existing physical infrastructure. MegaNet will actually rely on the unused processing power of people's smartphones and laptops. Users with MegaNet on their smartphone would be able to donate their device's processing capability and storage bandwidth when they actually aren't using it. Dotcom believes that once the service has enough subscribers, this would become an incredibly large amount of power, so much so that it can operate MegaNet.
MegaNet – The Internet For the People, From the People
"If you have a 100 Million smartphones that have the MegaNet app installed we'll have more online storage capacity, calculating power and bandwidth than the top 10 largest websites in the world combined [together], and that is the power of MegaNet," Dotcom said. "Over the years with these new devices and capacity especially mobile bandwidth capacity, there will be no limitations."
So in short, MegaNet is a decentralized Internet, as Dotcom says, "from the people, for the people."
Encryption Used Won't be Cracked Even by Supercomputers MegaNet will still use using the Internet's existing physical infrastructure people use today, but will add an extra layer of encryption running through all communications. Dotcom did not reveal too much detail about the encryption he will be going to utilize, but said that he is going to harness very long keys, systems that won't be "reverse engineered or cracked by any supercomputer."
Difficult to Invade Privacy of Users
Most importantly, MegaNet will make it difficult for law enforcement agencies to invade its users privacy, as the entire network is fully encrypted.
"If you don't have IP addresses you can not hack the server, you can not execute denial of service [DDoS] attacks on gaming services or websites," Dotcom said from New Zealand, where he's currently awaiting the result of his extradition trial.
The millionaire is confident that MegaNet would be an excellent technology solution that will keep you secure over the Internet, without the requirement of any new infrastructure for users’ privacy.
With the launch of MegaNet, which is expected sometime in 2016, Dotcom hopes 100 Million users to sign-up within the first year of its launch.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
How NSA successfully Broke Trillions of Encrypted Connections
Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe.
Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet. According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a common means of exchanging cryptographic keys over untrusted channels – to decrypt a large number of HTTPS, SSH, and VPN connections.
Diffie-Hellman – the encryption used for HTTPS, SSH, and VPNs – helps users communicate by swapping cryptographic keys and running them through an algorithm that nobody else knows except the sender and receiver. 
It is described as secure against surveillance from the NSA and other state-sponsored spies, as it would take hundreds or thousands of years and by them and a nearly unimaginable amount of money to decrypt directly. However, a serious vulnerability in the way the Diffie-Hellman key exchange is implemented is allowing the intelligence agencies and spies to break and eavesdrop on trillions of encrypted connections. To crack just one of the extremely large prime numbers of a Diffie-Hellman in the most commonly used 1024-bit Diffie-Hellman keys would take about a year and cost a few hundred Million dollars.
However, according to researchers, only a few prime numbers are commonly used that might have fit well within the agency's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."
"Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," said Alex Halderman and Nadia Heninger in a blog post published Wednesday.
"Breaking a single, 1024-bit prime would allow the NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
Around 92% of the top 1 Million Alexa HTTPS domains make use of the same two primes for Diffie-Hellman, possibly enabling the agency to pre-compute a crack on those two prime numbers and read nearly all Internet traffic through those servers.
According to the duo, this NSA technological project to crack crypto on a scale has "not seen since the Enigma cryptanalysis during World War II." For in-depth detail, you can read the full paper entitled Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice [PDF].
6 notes · View notes
eng-mosaed · 9 years ago
Photo
Tumblr media
USB Killer v2.0 — Latest USB Device that Can Easily Burn Your Computer...
Remember Killer USB?? In March, a Russian security researcher devised a weird USB stick that is capable of destroying sensitive components of a computer when plugged-in. Now, the same researcher, nicknamed Dark Purple, has launched a new version of his computer-frying USB Killer pendrive – USB Killer version 2.0. USB Killer 2.0 is much more powerful than the previous version and is able to "kill" more than just a PC it is plugged in.
USB Killer 2.0 is More Powerful to Damage any Computer The first version of USB Killer was consist of a DC/DC converter, a few caps and an FET. When plugged into a system, the converter in the USB Killer would charge the caps up to -110V, apply that voltage to signal lines of the USB interface, and repeat the entire process until everything possible in the computer is broken down. However, the second version of USB Killer dump -220V directly onto the signal lines of the USB interface, which is powerful enough to damage practically any computer with a USB port. Another major improvement in the new version of USB Killer is the reaction rate. Once plugged into a computer, USB Killer 2.0 takes only a few seconds for the PC to shut down and stop working.
Proof-of-Concept Video Demonstration
youtube
While testing his USB Killer 2.0 stick, Dark Purple destroyed his brand new Lenovo Thinkpad X60 laptop. You can watch the video demonstration given above that shows the attack in work.
Do not worry about the laptop, the new motherboard is on the way - and the laptop will live again," Dark Purple wrote in a blog post. "Originally did not plan to restore it, the laptop was purchased specifically for the test."
Killer USB is not at all a new concept, USB drives are used as a valid weapon to compromise the system in air-gapped networks.
Stuxnet worm is one of the real examples that was designed to destroy centrifuges at the Nuclear facility, and all this started with a USB drive.
So it's not false to say that a computer could be converted into a bomb because a hacker can probably make your computer explode as well.
Therefore, next time if you find a USB stick that doesn't belong to you, just beware before inserting it into your laptop. You could lose your Laptop, along with all your important files and data stored in it.
4 notes · View notes
eng-mosaed · 9 years ago
Photo
Tumblr media
Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately
SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die. Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected. According to a team of researchers, SHA-1 is so weak that it may be broken and compromised by hackers in the next three months. The SHA-1 algorithm was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hash functions, SHA-1 converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that message. Like fingerprints, the resulting hashes are useful as long as they are unique. If two different message inputs generate the same hash (also known as a collision), it can open doors for real-world hackers to break into the security of banking transactions, software downloads, or any website communication. Collision Attacks on SHA-1 Researchers from the Centrum Wiskunde & Informatica in the Netherlands, Inria in France, and Nanyang Technological University in Singapore have published a paper that showed that SHA-1 is vulnerable to the same collision attacks, which they dubbed – Freestart Collision. Collision attacks appear when the same hash value (fingerprint) is produced for two different messages, which then can be exploited to forge digital signatures, allowing attackers to break communications encoded with SHA-1.
Breaking SHA1 Now Costs between $75,000 and $120,000
Back in 2012, the well-known security researcher, Bruce Schneier
estimated
that it would cost $700,000 to carry out a collision attack on SHA1 by 2015 and just $173,000 by 2018.
However, based on new research, such attacks could be performed this year for $75,000 to $120,000 – thanks to a new graphics-card technique known as "
boomeranging
" that finds SHA1 collisions.
"Our new GPU-based projections are now more accurate, and they are significant below Schneier’s estimations," the research paper reads. "More worrying, they are theoretically already within Schneier estimated resources of criminal syndicates as of today, almost 2 years earlier than previously expected and 1 year before SHA-1 being marked as unsafe."
Move to SHA-2 or SHA-3 Before it Gets TOO Late
The published findings are theoretical and will not cause any immediate danger, but we strongly encourage administrators to migrate from SHA-1 to the secure
SHA-2 or SHA-3
hash algorithms as soon as possible. Administrators should consider the impact SHA-1 would have to their organization and plan for:
Hardware compatible with SHA-2/SHA-3
Server software updates supporting SHA-2/SHA-3
Client software support for SHA-2/SHA-3
Custom application code support for SHA-2/SHA-3
SHA-2 is developed by the NSA, whereas SHA-3 is developed by a group of independent researchers.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices
Less than a month after Apple suffered one of its biggest malware attacks ever, security researchers have discovered another strain of malware that they claim targets both jailbroken as well as non-jailbroken iOS devices. Last month, researchers identified more than 4,000 infected apps in Apple's official App Store, which was targeted by a malware attack in which some versions of software used by developers to build apps for iOS and OS X were infected with malware, named XcodeGhost. And Now: Researchers from a California-based network security firm Palo Alto Networks have discovered new malware that targets Apple's iOS users in China and Taiwan.
Capabilities of YiSpecter Malware
Dubbed YiSpecter, the malware infects iOS devices and once infected, YiSpecter can:
Install unwanted apps
Replace legitimate apps with ones it has downloaded
Force apps to display unwanted, full-screen ads
Change bookmarks as well as default search engines in Safari
Send user information back to its server
Automatically reappears even after a user manually deletes it from the iOS device
It is still unclear how many users have been or could be infected by YiSpecter, but according to the researchers, this first instance of iOS malware targeting and succeeding in infecting non-jailbroken iOS devices has been around since November 2014.
"Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed," the researchers wrote in a blog post on Monday. "Even if you manually delete [YiSpecter], it will automatically re-appear."
YiSpecter targets jailbroken as well as non-jailbroken iOS devices by abusing private APIs to allow its four components that are signed with enterprise certificates to install from a centralized command and control server. Three of the four malicious components can be used to hide their icons from iOS SpringBoard – the standard app that runs the home screen – and also disguise themselves with the same name and logos of system applications to escape detection from users.
Vectors of YiSpecter malware
According to researchers, YiSpecter malware has been targeting Apple's iOS devices for over 10 months, when it was first spread by disguising as an app that lets users watch free porn.
The app was advertised as a private version of a famous media player "QVOD" – a popular video streaming app developed by Kuaibo (快播) to share porn videos.
The malware then infected more devices through:
Hijacked Internet traffic from ISPs
A Windows worm that first attacked the Tencent’s instant messaging service QQ
Online communities where people install third-party applications in exchange for promotion fees from app developers
Security researchers from Palo Alto Networks have already reported the latest YiSpecter malware to Apple, which says "they are investigating" the issue.
How to Remove YiSpecter from Your iOS Devices?
For iOS users who are potentially infected by YiSpecter should follow the below
four-step process to remove the malware from your devices:
Head on to Settings –> General –> Profiles and remove all unknown or untrusted profiles.
Delete any installed apps with names 情涩播放器, 快播私密版 or 快播0.
You can use any third-party iOS management tool such as iFunBox on Windows or Mac OS X to connect with your iPhone or iPad
Then check for installed iOS apps like Phone, Weather, Game Center, Passbook, Notes, or Cydia and delete them. (Note: this will not affect original system apps but just delete the fake malware apps)
You can further visit Palo Alto Networks' blog post for more information on YiSpecter.
1 note · View note
eng-mosaed · 9 years ago
Photo
Tumblr media
Attention Android users!
More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities. Yes, Android Stagefright bug is Back… …and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.
In July, Joshua Drake, a Security researcher at Zimperium revealed the first Stagefright bug that allowed hackers to hijack Android smartphones with just a simple text message (exploit code).
How Stagefright Bug 2.0 Works Both newly discovered vulnerabilities (CVE-2015-6602 and CVE-2015-3876) also reside in the Android Media Playback Engine called 'Stagefright' and affects all Android OS version from 1 to latest release 5.1.1.
Reportedly, merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device.
New Stagefright Attack Vectors
The Stagefright Bug 2.0 vulnerability can be triggered (attack vectors) by:
Webpage
Man-in-the-middle attack
Third-party media player
Instant messaging apps
"Additionally, the attacker gains a foothold, from which they could conduct further local privilege escalation attacks and take complete control of the device," Zimperium said.
Google has scheduled monthly Android Security Update on 5th October 2015, which will patch newly discovered vulnerabilities for Nexus devices.
Google has already shared vulnerability report and patches with OEM Partners on Sept. 10. So you might be receiving patches soon from your Android device manufacturer.
Zimperium reported the flaws to Google on Aug. 15. The firm also plans to release technical details and proof-of-concept exploit code once a fix is released.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
These Top 30 Ashley Madison Passwords are just as Terrible as You'd Think
First the Password Cracking Team 'CynoSure Prime' cracked more than 11 Million Ashley Madison’s passwords in just 10 days (quite an achievement, though), now a member of the team shares the same list of passwords with few calculations. The calculations are... ...What passwords are mostly used and by how many users? Terrible?
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
This is Really Insane!! Germany's top intelligence agency handed over details related to German citizen metadata just in order to obtain a copy of the National Security Agency's Main XKeyscore software, which was first revealed by Edward Snowden in 2013. According to the new documents obtained by the German newspaper Die Zeit, the Federal Office for the Protection of the Constitution (BfV - Bundesamtes für Verfassungsschutz) traded data of its citizens for surveillance software from their US counterparts. Germany and the United States signed an agreement that would allow German spies to obtain a copy of the NSA's flagship tool Xkeyscore, to analyse data gathered in Germany. So they covertly illegally traded access to Germans' data with the NSA.
XKeyscore surveillance software program was designed by the National Security Agency to collect and analyse intercepted data it obtains traveling over a network.
Tumblr media
The surveillance software is powerful enough to be able to pull up more than 20 Terabytes of data daily, including emails, chats, social media interactions, and even browsing histories all in real-time without bothering the need of any warrant, as The Hacker News reported in 2013.
It seems that when NSA demonstrated the XKeyscore software to Germany's domestic intelligence agency BfV back in 2011, the BfV was so impressed that it struck a deal with NSA to exchange data for computer software.
After two years long negotiation with the U.S., the German agency signed an agreement to receive the NSA spyware software and deploy it for analysing data gathered on German citizens.
In return, the German intelligence agency promised to share their citizens metadata. According to Die Zeit, the document "Terms of Reference" stated:
"The BfV will: To the maximum extent possible share all data relevant to NSA's mission".
The BfV didn't fully informed Germany's data protection commissioner, nor it informed the Parliamentary Control Panel, which oversights the BfV, about the deal it signed with the United States.
"Once again, I have to learn from the press of a new BfV-NSA contract and the impermissible transfer of data to the [United States] secret service," Green Party parliamentarian Hans-Christian Ströbele, a member of the Parliamentary Control Panel, told Die Zeit.
However, the BfV still received a lower level of access compared to the other non-U.S. "Five Eyes" nations, including the United Kingdom, Canada, Australia and New Zealand, who all had direct access to the main XKeyscore system.
0 notes
eng-mosaed · 9 years ago
Photo
Tumblr media
Researchers create a worm that infects Macs silently and permanently
Macs have typically been heralded as the more secure of the two main operating systems. But according to researchers, at the firmware level, that's not necessarily true. Ahead of their 'Thunderstrike 2: Sith Strike' Black Hat presentation, Xeno Kovah, Trammell Hudson and Corey Kallenberg demonstrated to Wired that Macs have some of the same vulnerabilities as their Windows counterparts. The exploit is especially troubling because now a phishing email or click on a link on a malicious site could compromise the computer. This is in addition to the exploit shown last year that was spread by the ROM of infected external drives and accessories like a Thunderbolt to ethernet adapter. These exploits are nearly impossible to detect because security software doesn't scan the firmware and reinstalling the system doesn't remove the problem.
https://www.youtube.com/watch?v=Jsdqom01XzY
The exploit highlights that firmware (the software that boots a computer) isn't typically encrypted out of the factory and doesn't authenticate updates from the manufacturer. The researchers say they have alerted Apple about the issue and according to the Wired article, the company has patched one exploit and partially patched another.
This is the second Thunderstrike exploit to target Macs. The first version was fixed with OS X 10.10.2 and required the hacker to have physical access to the computer. This new version is more nefarious because the malware can be delivered via a link. The latest OS X security update (10.10.4) seems to keep the exploit from taking hold.
Still, vulnerabilities like this are a reminder that companies should be encrypting all the elements of a machine to reduce the chance of their customers getting hacked in the first place.
2 notes · View notes