ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Burp Suite Analysis – Cabelas

Tor Users Targeted With Firefox Zero-Day Exploit

by Leave a Comment

Since we had a brief discussion about TOR last class I thought this article was interesting. It talks about a Zero-Day exploit that propagated on the TOR network. It took advantage of a FireFox exploit and was very similar to one that the FBI has used in the past. Unfortunately these are older vulnerabilities that have still not been patched up. But the point is that TOR is a probably not ideal for people seeking privacy or secure web browsing.

 

http://www.securityweek.com/tor-users-targeted-firefox-zero-day-exploit

 

“Researchers Demo Method For Turning A PC Into An Eavesdropping Device”

by Leave a Comment

 

Recently, researchers at Israel’s Ben-Gurion University have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones. This is made possible by reconfiguring an audio jacks from line-out to line-in. The malware takes advantage of the manner that some audio chipsets in motherboards and soundcards support a little-used jack re-mapping or a jack re-tasking option for changing the function of the audio ports from line-in to line-out via software. The fact that audio jacks can be programmatically switched from output only to input jacks creates a vulnerability that allows attackers be able to turn any computer into an eavesdropping device. A good news is that researchers also said that this was not easy to conduct this attack using the malware because it requires attackers to have full access to the computer and anti-malware tools would also likely spot and block the malware from working. However, to a company, the vulnerability on headphones should be paid attention as an important security risk. In this case, external attacks would be hard, but internal attacks are not. A resentful employee may get physical access to a manager’s computer and thus be able to install the malware that turns the computer into an eavesdropping device for monetary reason or revenge.

 

Link: http://www.darkreading.com/attacks-breaches/researchers-demo-method-for-turning-a-pc-into-an-eavesdropping-device-/d/d-id/1327567

Over-the-Air Update Mechanism Exposes Millions of Android Devices

by 1 Comment

The insecure implementation of the OTA (Over-the-air) update mechanism used by numerous Android phone models exposes nearly 3 million phones to Man-in-the-Middle (MitM) attacks and allows adversaries to execute arbitrary commands with root privileges.

The vulnerable OTA update mechanism is associated with Chinese software company Ragentek Group, which didn’t use an encrypted channel for transactions from the binary to the third-party endpoint. According to security researchers at AnubisNetworks, this bug not only exposes user-specific information to attackers, but also creates a rootkit, allowing an adversary to issue commands that could be executed on affected systems.The code from Ragentek contains a privileged binary for OTA update checks as well as multiple techniques to hide its execution. Located at /system/bin/debugs, the binary runs with root privileges and communicates over unencrypted channels with three hosts. Responses from the remote server include functionalities to execute arbitrary commands as root, install apps, or update configurations.

The issue, tracked as CVE-2016-6564, is that a remote, unauthenticated attacker capable of performing a MitM attack could replace the server responses with their own and execute arbitrary commands as root on the affected devices.

http://www.securityweek.com/over-air-update-mechanism-exposes-millions-android-devices

Putin brings China’s Great Firewall to Russia in cybersecurity pact

by 2 Comments

Russia has been trying to incorporate elements from China’s great Fire Wall. Due to “Yarovaya’s Law”, which requires Russia’s telecom companies to store users’ data for six months and metadata for three years, Russia has been pushed to seek China’s help. Russia wants Chinese technology, as it will provide them with handling vast amount of data, and due to sanctions against Russia, they cannot go to the West for help. China is willing to help them, sending high ranking officials to Russia to discuss this issue. This is a very interesting, as it shows Russia asking for help from one of the most censored countries in the world. Makes you think that Russia might be moving toward this path. I am also surprised that these two countries are working on cyber security related issues, many countries around the world would probably be too paranoid to discuss such matters.

Article: https://www.theguardian.com/world/2016/nov/29/putin-china-internet-great-firewall-russia-cybersecurity-pact

Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System

by 4 Comments

Hackers successfully encrypted over 2,000 servers and PCs that are used to run San Francisco’s Light Rail Transit system.  The hackers demanded 100 bitcoin (~ $73,000 USD) for the key to decrypt the data.  The attack mainly impacted e-mail and payroll systems, but agency shutdown their ticket vending machine as a precaution and allowed traveler to ride for free on the light rail system for most of the day Friday and all day Saturday.  This was one of the biggest travel days of the season.

The attack was conducted using malware called HDDCryptor.  It does not appear the the attackers were targeting the agency.  They cast a wide net and found success in the vulnerable environment.

Although it may have taken the agency more time to get the systems back up and running and they probably lost more than $73,000 in ticket sales, I think it was the right move to resolve the issue without paying the ransom.  They probably learned a lot about weaknesses in their environment and sent a strong message that they will not submit to the demands of these criminals.

 

link – http://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/#158b80fe54dd

http://www.wsj.com/articles/after-ransomware-san-francisco-offers-free-light-rail-rides-1480366454