« Archives in July, 2010

Defcon 18

It’s finally here! Flying out tomorrow, ready for the fun to begin. See everyone there!

Researcher Hints at WPA2/802.1X Vulnerability

AirTight Networks’ researcher Md Sohail Ahmad will present a WPA2/802.1X weakness at DEFCON18 next week. The post on AirTight Networks site states that Ahmad has uncovered just how easy it is to hack into an encrypted wireless network without breaking the encryption key. Then it goes on to say “A documented, yet little known, vulnerability of the Wi-Fi WPA2 security protocol, which AirTight has named ‘Hole 196,’ exposes secured wireless networks to a key “loophole” that allows authorized users to bypass private key encryption and authentication.” That doesn’t exactly mean hacking into the wireless network to me. The key word here is authorized. I’ll have to wait to see the details at Defcon but it appears to be just another MITM type attack (and vendor propaganda to sell more WIDS devices) by an authorized user.

Don’t get me wrong, I’m not forgetting the insider. This could be a serious threat for corporations and government that use 802.1X, and rely on the additional security (pairwise key support) WPA2 Enterprise provides to prevent one user from sniffing the traffic of any other user.

AirTight Networks press release.

Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks

The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.

The security feature, called “Protected Mode,” is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe’s security chief Brad Arkin.

The first sandbox implementation will isolate all “write” calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. Arkin believes this will mitigate the risk of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system or registry.

Even though this will not protect users against all types of malicious attacks, at least, it’s a step in the right direction by Adobe. You can see the original post by Adobe here.

Microsoft issues tool to repel Windows shortcut attacks

Like manual workaround recommended last week, it leaves Windows nearly unusable

Computerworld – Microsoft Corp. late Tuesday released an automated tool to stymie exploits of a critical unpatched Windows vulnerability that experts fear will soon be used by hackers against the general PC population.

However, the tool, like a manual procedure that Microsoft recommended last week, is only a makeshift defense, one that many users may resist applying, since it makes much of the Windows system, including the desktop, taskbar and Start menu, almost unusable.

Microsoft has promised to patch the problem, but it has yet to name a date. The next regularly scheduled security updates are due to ship in less than three weeks, on Aug. 10.

Read more…

Cybercrime Gets Social

Bad guys look to exploit social networks, games, and other fun things users do at work, Cisco research says.

It happens every day. Employees are checking Facebook, posting to Twitter, playing Web games. You know it. They know it.
And, apparently, hackers know it, too.

That’s one of the key themes discussed in the Cisco 2010 Midyear Security Report, which was published by Cisco researchers earlier today. As employees bring more of their “consumer” technology and behavior into the office, the bad guys are looking to exploit the weak spots in those noncorporate environments.

This was posted on Dark Reading yesterday. Is this really news? Surely, this isn’t the first time you’ve heard this. The bad guys have been using the social channels for some time now. Careful where you go and what you click on when you’re catching up on Facebook!

Microsoft: No plans to pay for security vulnerabilities

Mozilla and Google may be increasing the bounties to security researchers who find security holes in their software products but don’t expect Microsoft to join the pay-for-flaws party. A Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well. Microsoft’s stance comes on the heels of increased discussion around vulnerability disclosure. The company said it will embrace the concept of Coordinated Vulnerability Disclosure (CVD) which, in some cases, will allow the release of information ahead of a patch if attacks are underway.

I actually remember when Microsoft was criticized for proposing to offer bounties for vulnerabilities. The responsible disclosure debate has been going on for some time. I feel responsible disclosure goes both ways. Researchers should work with the vendors but in turn the vendors should respond to the researchers.

What are your thoughts?

New iPhone 4 Logo

This was so good I just had to share it!

iPhone 4

China Cyber-army Talk Pulled from Black Hat

A presentation on the “Chinese Cyber-army” that delved into China’s cyberspace activities between 2001 and 2010 has been yanked off the agenda of the upcoming Black Hat security conference. The talk was canceled by Armorize Technologies after concerns were raised by the Taiwanese government over its content.

The talk, titled “The Chinese Cyber Army: An Archaeological Study from 2001 to 2010,” was to be held by Wayne Huang, CTO of Web application security firm Armorize Technologies. Advertised by Black Hat as “a study of Cyber Army based on incidences, forensics, and investigation data since 2001,” Huang was planning to reconstruct “the face of Cyber Army (CA)” and their techniques.

However, with the conference less than two weeks away, officials with the Taiwanese government felt the presentation was no longer appropriate due to the sensitive nature of its content and Taiwan’s improved relations with China, explained Armorize CEO Caleb Sima.

Flaw could expose 'millions' of home routers

Millions of household routers are susceptible to a flaw that creates a handy means for hackers to hijack surfing sessions or hack into home networks.

Craig Heffner, a researcher at security consultancy Seismic, is due to detail the flaw and release a proof-of-concept tool at the Black Hat conference in Vegas later this month.

Read more…

MS confirms Windows shortcut zero-day flaw

Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw.

Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware – which has been detected in the wild – executes automatically if an infected USB stick is accessed in Windows Explorer.

Read more…