QUBES OS: A Reasonably Secure Operating System

The article is about Tor not being as anonymous as many think. Tor users can be identified through Tor’s use of DNS or by deploying a Tor sniffer at ‘internet scale.’ The article gets more in depth about how DNS requests aren’t encrypted. Defec Tor are attacks that exploit the DNS requests lack of encryption. If these attacks monitor egress and ingress traffic, then the attack can easily map the user’s DNS traffic. If the DNS traffic map is used in conjunction with website fingerprinting it becomes even more potent. The article mentions a few suggestions to help mitigate this problem which you can see at: http://www.theregister.co.uk/2016/10/04/domain_name_resolution_is_a_tor_attack_vector_but_dont_worry/

I stumbled upon this article while I was looking for sniffer related news articles. While this article isn’t explicitly about sniffers I found it interesting because, while I don’t know much about Tor, I understand its supposed to provide anonymous web browsing. The article makes me wonder if its really possible to be 100% anonymous on the web. I know you can utilize VPNs, Proxys, etc to help with anonymity, but how secure are they, what vulnerabilities do they have?

Security vendor FireEye recently published a report describing the carder business of two cyber criminals called “Vendetta Brothers.” The two cyber criminals are likely operating out of Spain and Eastern Europe. They currently operate an underground website for selling stolen credit and debit card data from 639 banks in 41 countries via phishing attacks. They offer about 10,000 cards for sale, which is relatively small comparing to other carder business. One interesting thing is that how the brothers operated to scale their criminal business. They diversified their business using legitimate business tactics like outsourcing. One tactic is that they partnered with hacker without malware to obtain card data but have gained access to POS terminals remotely or physically. The brothers have the hackers to di the dirty work and so they can focus on higher-level planning. One thing I’m surprised is that the data of 10,000 stolen cards is still considered as small carder business. If 100,000 cards are considered as a large business and there are 10 carder businesses exist, 0.1% of world’s credit card information may be stolen, since the number of world’s credit cards is around 1 billion in 2015. Another thing is that even hackers now are able to use business tactics to mange and scale their operations. They use legitimate tactics to do illegal business. It makes me think about one of the largest criminal organization, Yamaguchi-gumi in Japan. It operates more like a company rather than a criminal organization. It does have criminal activities like arms trafficking and bank fraud, but it also does legitimate business.

Link: http://www.darkreading.com/vulnerabilities—threats/how-a-pair-of-cybercriminals-scales-its-carder-business/d/d-id/1327066

Cisco forgot to remove an internal testing interface from software releases for email security appliances. This vulnerability allows the attacker to gain full access to the affected device with root privileges. To remedy this, the user must reboot the device more than once, which would disable the vulnerable interface. Cisco has also released a patch for a couple of the device versions that have this problem.

It goes to show that a hacker doesn’t even need to do a lot of work in order to find vulnerabilities. Sometimes, they just fall into your lap. Reminds me of what the Professor was explaining during ‘scanning for vulnerabilities’ lectures, how sometimes devices have default (factory) user and passwords set so that a simple Nessus scan will display vulnerabilities.

link to the article: http://www.securityweek.com/cisco-forgets-remove-testing-interface-security-appliance

In this article Samuel Visner & Beth Musumeci discuss that the management of cyber security in organizations today are not able to keep up with zero-day vulnerabilities that can cripple them. With the increase of devices on the internet today more of an organization’s customer information is available to hackers to infiltrate. Over the past six years cyber terrorism has increased with hacks that included organizations like JPMorgan Chase, Adobe, Target and Walgreens. According to Gartner research “44% of reference customers for endpoint protection solutions have been successfully compromised.” This shows that even though security is present on an organization that new vulnerabilities play a major role. Visner & Musumeci propose that a new approach is the only way to prevent these vulnerabilities. They propose that white-listing certain “known good” applications is the only way to effectively protect against malware. Any untrusted or unknown applications are put in an isolated container away from the network and tested before being allowed on the network. A new model like this needs to be proposed among organizations to prevent such attacks from happening in the future.

Article: http://www.darkreading.com/vulnerabilities—threats/todays-cybersecurity-management-requires-a-new-approach/a/d-id/1327011

Link:http://www.techtimes.com/articles/180357/20161001/bug-bounty-hunters-can-earn-1-5-million-for-a-successful-jailbreak-of-ios-10.htm

An American Information Security Company, Zerodium, is offering up to $1.5 million “for original and unreported vulnerabilities with fully functional exploits on major operating systems, software and/or devices.”  With iOS 10 recently released, this OS can offer the biggest chance of payouts.  Zerodium’s main business focuses on “acquiring zero-day vulnerabilities and exploits and creating protective security measures and recommendations for them.” The biggest bounty paid by the company was to a team of Zerodium researchers who “successfully made a remote browser-based untethered iOS 9.1/9.2b jailbreak.”

This is an interesting concept that is taking biometrics to the next level.  This article describes an authentication mechanism that uses fingerprint sensors to generate signals that travel through the users’ body to authenticate the user.  There is no need to send this signal over a network to authenticate the user.

It sounds like this mechanism is more complex and more difficult to hack than a normal fingerprint scan, but I would call it a stretch to say it is hack-proof.  As with any authentication mechanism, an algorithm is still required to perform the logic to authenticate the user and make a decision as to whether the user is who they say they are.  This feature may make that algorithm more complex, but hack-proof  Probably not.

link: http://www.vocativ.com/363636/hack-proof-password/