Exploitation of common internet encryption technologies

Josh Voorhees of Slate.com had an interesting article about why the NSA has named it’s two known encryption breaking programs Bullrun and Manassas, after the famous American Civil War battle, First Battle of Bull Run (as it was known by Union forces), and First Manassas (as the same battle was known by Confederate Forces).

 FYI – Union forces named battles for nearby geographical features, while Confederate forces named the same battle after nearby towns or cities.
The First Battle of Bull Run was the site of the first major battle of the Civil War, and a defeat for Union forces. The author speculates that the NSA chose these names as a reminder that the Union lost this battle because it didn’t have proper intelligence or training, and the American Civil War went on for another four and a half years after the battle.

New Tools Circumvent DDoS Defenses

According to a darkreading.com article by Kelly Jackson Higgins, there is a new piece of malware that can detect and circumvent DDoS mitigation efforts.

DirtJumper Drive is a toolkit that allows anyone to setup and launch a botnet to conduct DDoS attacks. However, what sets this apart from similar malware, is that it has the ability to detect DDoS mitigation techniques being used on the victim’s site, and attempt to bypass them.
According to the DDoS mitigation provider Prolexic, DirtJumper drive can be purchased for about $150.00 in the underground market.
DirtJumper Drive has several features:
  • A “smart” attack that can detect and bypass defenses.
  • An ICMP attack
  • An attack that lengthens the amount of time a connection is kept open.
The “smart” attack can detect bypass anti-DDoS cookies, metatags that redirect malicious IP traffic, and anti-DDoS redirection methods.
According to Ms. Higgins article, financial services companies lost an estimated $17 Million per DDoS attack last year.

Cracking Passwords at 8 million guesses per second

Just recently, oclHashcat-plus, a new, free password cracking tool was released. This new software can process passwords up to 55 characters long, and it’s very, very fast – it can run through 8 million guesses per second. The user can improve it’s efficiency by shaping their attacks according the target’s password shaping protocol, if it’s known.

 According to Arstechnica.com, the software has been used against hashes that were leaked as a result of compromised databases. Once leaked, hackers can use an unlimited number tries on these leaked hashes, until they find the correct plain text password.
According to the Arstechnica.com article, one researcher tested oclHashcat-plus by using the phrase “Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn1″, which originates from an HP Lovecraft story. But because that phrase had also been in a Wikipedia article, it was included in a word list that allowed the researcher to quickly crack it.

Using femtocell to intercept voice and SMS messages

Researchers, Doug DePerry and Tom Ritter gave a talk at the DefCon 2013 hackers conference this August about using a Verizon Femtocell to intercept Voice, Data and SMS messages.

 Femtocells are low power base stations that telecoms sell to customers who have trouble accessing the local cellular network.
Bogdan Botezatu, senior e-threat analyst at Bitdefender, told technewsworld.com that the hack involved an exploit within the Femtocell’s firmware. 

802.11ac – Blazing Fast Wireless stats

Techradar.com has a nice article about 802.11ac, a new wireless standard that has just hit store shelves.

802.11ac promises super-fast speeds. The marketing materials state that it could be as fast as 1.3 GBps, although there’s marketing hype and then there’s reality. Realistically, you’re looking at 800 Mbps, which is still far, far faster than 802.11n on it’s very best day.
Today’s standard, 802.11n, can theoretically max out at 450 Mbps if it’s using three antennas and conditions are perfect. Most of us can expect between 54 Mbps and 150 Mbps with our 802.11n connection.
How does 802.11ac achieve this speed?
  • First of all, 802.11ac routers will use up to eight antennas, as opposed to the maximum four antennas on an 802.11n router.
  • Second, 802.11ac will use the 5GHz frequency band, which is less cluttered than the 2.4Ghz frequency band.
  • Finally, 802.11ac uses a transmission and reception technology called “beamforming“, which allows the router to roughly calculate the location of the device it’s talking to and strengthen it’s signal in the appropriate antennas. This should reduce interference.

Watering Hole Attacks

We experienced a Watering Hole attack at my old company.

We had gone to a cheap web provider for a very basic website ($5.99 a month!) because we just wanted to be able to display PDFs of our product catalog and images of our products.

There was some kind of issue with the website, so I ended up downloading the entire contents of our site’s file folders (maybe 50 mb of images and PDFs), when my antivirus software alerted me to a virus buried in the downloaded files.
Sure enough, someone had embedded some malicious Java code that, if implemented in a web page, would’ve hijacked a viewer’s browser and forwarded them to a scummy website. Fortunately for us, our website was so rudimentary (a couple of HTML web pages and one Active Server Page), that the code couldn’t be executed when the pages were browsed.
I don’t think the rogue Java was uploaded using our FTP account. Instead, I suspect that hackers had gotten root level access to the server, which hosted many, many websites, and seeded their code in various folders. If they had accessed it via our FTP account, they could’ve just embedded it right into our web pages. Or maybe our site was too small to bother with.
Needless to say, we ditched the company shortly thereafter – you get what you pay for!

Emergency Alerting System Hacked – warned of Zombies

The Emergency Alerting System (EAS), which overrides local radio stations to warn civilians in the event of a disaster, was hacked to send out a bogus Emergency Alert, which warned of an impending zombie attack. This hack occurred back in February in Montana, New Mexico and Michigan.

What allowed hackers to override the EAS? Apparently a number of television stations utilizing EAS equipment neglected to change the well known, default passwords.
There had been other vulnerabilities in the EAS, which included a compromised SSH root key and predictable password generation.

iPhone 5s fingerprint sensor

There’s an article on blog.lookout.com that states that there are several challenges to hacking a fingerprint sensor:

  1. Getting a clean print of the specific finger that is used for fingerprint verification.
  2. Having access to some specialized equipment for lifting the print and reproducing it.
  3. Having the knowledge and time to do so.
That said, the author mentioned that it is certainly possible to hack a fingerprint sensor. In the article, the author mentioned that hacking a fingerprint scanner takes about as much time as and effort as hacking someone’s pin.
However, an answer to the problem of securing your data may be a combination of two-factor authentication – using a combination of your fingerprint and a pin number.

Your E-Z Pass – Being Tracked away from Toll Booths

Forbes magazine has an interesting article about how the E-ZPass tags we use to travel up and down the Garden State Parkway, NJ Turnpike, and into New York City are being tracked away from toll booths.

According to the article, an E-Z pass user hacked his RFID enabled E-ZPass and configured it to light up whenever it was scanned. As expected, it lit up when going through tolls. However, while traveling through New York City, he discovered that it was also being scanned multiple times on the drive between Times Square and  Madison Square Garden in Manhattan, as well as on his way out of the city in the Lincoln Tunnel.
It turns out this is part of a new New York City initiative called Midtown In Motion. This initiative uses E-ZPass readers, traffic cameras, and microwave sensors to measure the volume of traffic in “a 110-square block area bound by Second to Sixth Avenues and 42nd to 57th streets.”

Tips For Securing Home WiFi

I found these tips for securing your Home WiFi network on PrivateWiFi.com

  • Turn your firewall on. Keep anti-virus and malware protection up-to-date.
  • Change your default administrative password and the default name of your wireless network.
  • Use WPA2 encryption. Don’t use WEP, which can be easily hacked.
  • Patch and update your operating system frequently.
  • Disable the SSID broadcast option on your home WiFi network.
  • If you aren’t using your WiFi connection, turn it off.
The article then suggests readers can use a product called PRIVATE WiFi (http://www.privatewifi.com/). You run it if you’re using your device at a public hotspot. It takes the data you’re transmitting, encrypts it,  routes it through one of their servers, decrypts it, and sends it to it’s final destination. It reverses the process for data coming back to your device.
Does this sound like something any of you would use? Or are there better products or alternatives?