ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Fraser G

Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup

by Leave a Comment

https://www.theregister.co.uk/2017/12/01/us_voting_machine_security_hearing/

https://oversight.house.gov/wp-content/uploads/2017/11/Blaze-UPenn-Statement-Voting-Machines-11-29.pdf

Last week Matt Blaze gave a presentation before congress related to hacking elections. I have linked both the article and the testimony. The testimony is interesting to read and isn’t very long, here is an interesting tidbit on DRE:

“Electronic voting machines and vote tallies are not the only potential
targets for such attacks. Of particular concern are the back end systems that
manage voter registration, ballot definition, and other election management
tasks. Compromising any of these systems (which are often connected,
directly or indirectly, to the Internet and therefore potentially remotely
accessible) can be sufficient to disrupt an election while the polls are open
or cast doubt on the legitimacy of the reported result”

While everyone in the media is worried about the “glass” or booth, we should be just as concerned about the backend systems. I thought this article was also relevant because Matt Blaze is a professor over at Penn and a Philadelphia local.

 

Facebook and Amazon Authentication

by 1 Comment

This week is all about authentication, and I have two related articles about authentication:

https://www.buzzfeed.com/pranavdixit/amazon-is-asking-indians-to-hand-over-their-aadhaar-indias

and

https://www.wired.com/story/facebooks-new-captcha-test-upload-a-clear-photo-of-your-face/

In short, Facebook is testing a captcha test that requires the user to upload a selfie to authenticate, and in India, Amazon has required that customers use their Aadhaar (biometric unique identifier, similar to our SSN) to authenticate for tracking packages.

Both of these moves are significant because they are huge and growing platforms (FB and AMZN) – a policy move like this signals to other companies and sets industry standards and precedents. We have discussed in other classes how biometrics aren’t accepted as standards for authentication yet, this will no doubt have an impact.

Equifax Hack – SQL Injection Overview

by Leave a Comment

https://blog.cloudflare.com/thwarting-the-tactics-of-the-equifax-attackers/

Another article about Equifax, ho-hum. Except this one is the BEST summary of the attack I have found that is accessible to people who don’t have a lot of technical expertise but know a bit about cybersecurity and SQL injection. It walks the reader through the Apache STRUTS vulnerability, remote code injection, and shows a sample code injection. It’s worth a read now that we understand more of the terminology and context.

Two New Curves Added to NIST SP 800-131A Rev. 1

by 1 Comment

https://csrc.nist.gov/News/2017/Transition-Plans-for-Key-Establishment-Schemes

Curve25519 and Curve448 will be added to the NIST SP 800 this year as new curve schemas for elliptical curve encryption.

Curve25519 is an  elliptic curve Diffie–Hellman and uses the equation: y2 = x3 + 486662x2 + x . You can read more about the curve here. 

I found this was a really interesting example of the theoretical stuff we have been reading about in actual use / public domain. I had no idea different curves had Wikipedia pages and public discussion.

Here is a reference for some of the things that use Curve 25519: https://ianix.com/pub/curve25519-deployment.html

Francisco Partners Acquires Comodo’s Certificate Authority Business

by Leave a Comment

Francisco Partners Acquires Comodo’s Certificate Authority Business

 

Interesting article about security related to CA’s and private equity. It sounds like this industry is a target for consolidation, or at least a shakeup with the private equity guys getting involved. In addition to this Comodo CA carve out, Symantec is selling off it’s CA business to DigiCert in a ~$1BN deal. The current chairman of the newly formed Comodo CA is also CEO of SonicWall (the dell security hardware spinoff). I wonder what implications this will have for hardware and cert business. Does anyone have experience in this industry? Does certain hardware work better with certain CA’s (Does preferential pricing exist?).

 

 

Bitcoin Wallet “hacked” by using information broadcast in interview

by 1 Comment

https://medium.freecodecamp.org/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433

This article is a demonstration of why you should always be very careful when sharing any information publicly. The authors of this article detailed a process of image correction and QR code “hacking” to figure out information on Roger Ver’s bitcoin wallet that was displayed during an interview he gave on a French TV show. Through the use of some very clever thinking and software work, they were able to figure out Roger’s private key. The victim, Roger Ver, actually put this information up knowingly and offered the wallet to anyone who could figure it out. Even so, it is a difficult process, as the authors detail the steps:

  1. Information gathering
  2. Let’s enhance! Image Analysis
  3. QR code standard part 1
  4. QR code reconstruction
  5. QR code standard part 2
  6. QR code decoding
  7. Error Correction Code
  8. Python & Brute force

 

Check it out!

WPA2 Cracked

by 4 Comments

https://www.krackattacks.com/

 

WPA2 encryption has been compromised. KRACK Attacks or Key Reinsallation Attack allows hackers to decrypt packets in Wifi traffic and … “use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.”

 

Things to note:

  • The entire WPA protocol is vulnerable, meaning that this isnt specific to a certain product or implementation
  • According to Wigle.net – a Wifi wardriving analysis site, there are >390M Wifi Networks in the US (that have been found) with nearly 60% of them using WPA2 – as of Jan 2017.
  • This vulnerability CAN be fixed but you must patch

 

I wonder if this will speed up the adoption of a new protocol.

 

 

 

FORMBOOK MALWARE TARGETS US DEFENSE CONTRACTORS, AEROSPACE AND MANUFACTURING SECTORS

by 1 Comment

FormBook Malware Targets US Defense Contractors, Aerospace and Manufacturing Sectors

This article from Threatpost.com details Formbook, a malware that can be spread in PDFs, DOCS and XLS files. The malware has been on sale since July for the low price of $29/week. It is primarily a data stealing tool, and can be used as for keylogging, stealing info from HTTP sessions and saving clipboard contents.  FireEye has a report on it here.  The report states that the malware isnt unique in the way it operates, howevber,  “its relative ease of use, affordable pricing structure, and open availability make FormBook an attractive option for cyber criminals.”

The FireEye report includes a list of Formbook targets, wherein 33% of attacks were targeting Aerospace and Defense contractors:

 

I thought this was an interesting story and report due to the apparent “script kiddie” nature of Formbook. It would be interesting to hear from industry veterans about their experiences with increased accessibility of malware like Formbook, how serious these threats are, and where the world is headed as more people are able to find and use these tools.

 

 

HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon

by Leave a Comment

http://www.reuters.com/article/us-usa-cyber-russia-hpe-specialreport/special-report-hp-enterprise-let-russia-scrutinize-cyberdefense-system-used-by-pentagon-idUSKCN1C716M?utm_source=twitter&utm_medium=Social

Russia have been given the source code to ArcSight, a cyberdefense system used by the Pentagon and US intelligence. Experts and former employees say the source code review is a huge security blunder:

“Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack.

“It’s a huge security vulnerability,“ said Greg Martin, a former security architect for ArcSight. ”You are definitely giving inner access and potential exploits to an adversary.”

Arcsight, which has been around since 2000, is a big data analytics firm that was acquired by Hewlett Packard. The software scans activity from users, firewalls and other sources and then aggregates it and looks for suspicious activity – such as multiple failed login attempts.

The security firm that ran the code review state that they find vulnerabilities in 50% of US/International Software – and are required to report these to the government. The Russian government justifies this code review as a check on foreign software that may be compromised – by other States, malicious actors etc. That is a hard policy to argue against, however it raises the question as to whether US firms should be selling this software at all. I was told by another professor that cryptographic software is considered a weapon and as such subject to the same kinds of restrictions that selling ammunition or firearms would have. Shouldnt this apply more broadly to include cyber defense software?

Deloitte Hacked

by 3 Comments

http://www.reuters.com/article/us-deloitte-cyber/deloitte-hacked-says-very-few-clients-affected-idUSKCN1C01PB

Deloitte hacked, says ‘very few’ clients affected

Deloitte was hacked as early as last year, according to sources quoted by Reuters.  The consulting company – a “big 4” – serves 80% of the Fortune 500, including consulting services for cyber security. The attack was targeted at email servers at Deloitte. It is unknown right now what kind of information they got, but based on my experience working in consulting, it is likely that these emails include high level communications between Deloitte and its clients. Very embarrassing to say the least, and has some big ramifications beyond Deloitte’s bottom line. Sensitive financial data could have been compromised, as well as strategy discussion that could be used in any number of ways – and possibly information regarding enterprise security. Deloitte hired lawyers in the spring of this year and had been very tight lipped about the breach.