Archive for March 9, 2018

Canadian Tech Company Fingered In Helping To Suppress Free & Open Access To The Internet In Syria, Egypt & Turkey

Posted in Commentary with tags on March 9, 2018 by itnerd

Do you live in Syria, Egypt or Turkey, or some part of the world where the Internet isn’t a free and open as it should be. If so, you might want to read this story from the CBC that details research from Citizen Lab that shows that using gear sourced from a Canadian company called Sandvine is being used to redirect Internet users in those countries towards spyware and malware, but also keep an eye on the activities of those Internet users and block their access to sites that the countries in question don’t want anyone to see:

Since last fall, Turkish internet users attempting to download one of a handful of popular apps may have been the unwitting targets of a wide-reaching computer surveillance campaign.

And in Egypt, users across the country have, seemingly at random, had their browsing activity mysteriously redirected to online money-making schemes.

Internet filtering equipment sold by technology company Sandvine — founded in Waterloo, Ont. — is believed to have played a significant part in both.

That’s according to new research from the University of Toronto’s Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it’s likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads.

Using network-filtering devices to sneak spyware onto targets’ computers “has long been the stuff of legends” according to the report — a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed.

“When you have this middlebox which is capable of filtering and modifying people’s internet traffic, pretty much the sky’s the limit in terms of what you can do,” said Bill Marczak, one of the authors of the report.

As a Canadian citizen, I have to admit that I am disturbed that Canadian tech (that’s owned by an American company) is being used this way. But at the same time I am not surprised as Sandvine has been used by Comcast to throttle Internet traffic and they’ve tried to argue in front of the CRTC that this is a good thing. Thus it is entirely plausible that their gear is being used for this purpose because from a technical standpoint, it’s not a great leap. Now interestingly Sandvine has disputed the report and threatened to sue those behind it. Which suggests to me that perhaps they got caught with their hand in the cookie jar so to speak. Hopefully the Canadian and/or US Government is watching this and asks Sandvine some really tough questions as to who it sells its gear to and if they are aware what it is being used for.

Advertisements

GrayShift: The Company Who Can Crack iPhones Cheaply

Posted in Commentary with tags on March 9, 2018 by itnerd

Meet GrayShift. This is a new company that promises to crack any iPhone. Even ones running the latest version of iOS for a relatively cheap price. And it’s apparently run by an ex-Apple security engineer. Here’s what Motherboard had to say about this:

In a sign of how hacking technology often trickles down from more well-funded federal agencies to local bodies, at least one regional police department has already signed up for GrayShift’s services, according to documents and emails obtained by Motherboard. As Forbes reported on Monday, GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies. In its marketing materials, GrayShift offers a tool called GrayKey, an offline version of which costs $30,000 and comes with an unlimited number of uses. For $15,000, customers can instead buy the online version, which grants 300 iPhones unlocks.

This is what the Indiana State Police bought, judging by a purchase order obtained by Motherboard. The document, dated February 21, is for one GrayKey unit costing $500, and a “GrayKey annual license — online — 300 uses,” for $14,500. The order, and an accompanying request for quotation, indicate the unlocking service was intended for Indiana State Police’s cybercrime department. A quotation document emblazoned with GrayShift’s logo shows the company gave Indiana State Police a $500 dollar discount for their first year of the service. Importantly, according to the marketing material cited by Forbes, GrayKey can unlock iPhones running modern versions of Apple’s mobile operating system, such as iOS 10 and 11, as well as the most up to date Apple hardware, like the iPhone 8 and X.

It’s an interesting business model which brings this tech to the masses as relatively low prices. But I have to assume that the guy who runs this operation must be violating any employment or non-disclosure agreement that he had with Apple. Thus I wonder how long before Apple sues him and this company out of existence? On top of that, I wonder how you prove that this stuff actually works as advertised, rather than being smoke and mirrors. Besides, Apple is likely to reverse engineer how this works and create countermeasures against it. Thus assuming that this works at all, it may only work for a few months seeing as iPhone users update their OSes far faster than those over on Team Android.

Here’s Why You NEVER Pay Up If You’re Infected With Ransomware….. 50% Of People Who Did Never Got Their Files Back

Posted in Commentary with tags on March 9, 2018 by itnerd

If you get infected with ransomware, you may be tempted to pay the ransom. I can understand why that would be your first instinct. But this study should make you think twice about that and take steps to protect yourself:

A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year’s study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

So, it’s a coin flip as to if you get your data back once you pay the ransom. Which means that you shouldn’t pay the ransom. Instead you need to take steps to ensure that you can deal with a ransomware attack without having to go to the scumbags who did it.

  1. Back up your data. This is something I keep saying and this is why you should do it. With a back up you simply wipe the computer clean, restore the data and go back to work. For bonus points, you should keep a copy of your data off-site as in the cloud or in a safety deposit box.
  2. Keep your OS and other software up to date. The reason being that ransomware is often spread through exploits that have not been patched. Thus keeping your OS and software up to date is a great defense mechanism.
  3. Run antivirus software. While that comes from the file marked “duh”, you’d be surprised how often I see PC users in this day and age who don’t. And there are Mac users who still think that they aren’t affected by viruses. The fact is that everyone needs antivirus software. And I do mean EVERYONE.

So what happens if you do none of this and you get pwned by ransomware? Well, the first thing you shouldn’t do is pay up. Instead the first thing to do is disconnect your computer from the network so it does not infect other computers on your local network or on the Internet. Then report the crime to law enforcement. Finally, seek help from a technology professional who specializes in data recovery to see what your options might be in terms of recovering those files. Antivirus companies will often release file decryption software to recover files. And there are other ways of getting your files back if the ransomware in question is well known and well studied. But the best deference to ransomware is to do the three steps above. Then you don’t have to worry if you get hit by it.

#PSA: Mac Users Who Didn’t Upgrade To High Sierra Can Now Get Read Only Access To APFS Volumes

Posted in Commentary with tags on March 9, 2018 by itnerd

When macOS High Sierra came out last year, it introduced a new filesystem called Apple File System or APFS. When I looked at the filesystem in detail a while back, I noted that this filesystem could only be used and accessed by Macs running High Sierra. So if you were on an earlier version of macOS and you needed info off a APFS formatted USB stick, you were out of luck.

That has now changed thanks to the folks at Paragon Software. They have now come out with a piece of software called the APFS Retrofit Kit for macOS. It promises to give users of an older version of macOS read only access to an APFS volume. Which means that you can pull a document of a USB stick and save it to the local drive of your Mac for editing. The only catch is that the drive must not be encrypted which is understandable.

The APFS Retrofit Kit for macOS is free and is available for for OS X 10.10 through macOS 10.12. I should also note that Linux and Windows versions are also available. I will be doing a review of this product in the coming weeks, but in the meantime if you try this out, please leave a comment below and share your thoughts on this.

Review: Kingston DataTraveller 100 G3 Pen Drive

Posted in Products with tags on March 9, 2018 by itnerd

You can never have enough USB pen drives around as they come in handy. Case in point the Kingston DataTraveller 100 G3 pen drive.

IMG_1381.jpg

This one is 16GB, but you can get them in sizes from 8GB all the way to 128GB. Though I cannot find the 8GB model in any store that I visited. So expect 16GB to be the floor.

IMG_1382.jpg

It’s a USB 3.0 pen drive made of plastic that uses a cap-less design for convenience and the sliding mechanism works well. The back side of the drive has a loop for lanyards. A key chain won’t fit here which I think would be the more typical use case. It’s physically very small. From a performance standpoint, it’s very average. I measured the drive’s performance at 42 MB/s read and 15 MB/s write. In other words, there are faster drives out there. However, what it has going for it is price. I picked this one up for $8.99 CDN. But you can drop $64.99 on a 128GB drive and there are sizes in between these two extremes. If you need a cheap drive and high performance isn’t a factor, check this drive out.

 

8th Annual Hack In Paris Details Announced

Posted in Commentary with tags on March 9, 2018 by itnerd

Sysdream has announced the 8th edition of Hack in Paris, which will take place from the 25th to the 29th June 2018, in France at the Maison de la Chimie (Paris). Hack in Paris is a unique event composed of 3 days of training and 2 days of conferences, all of which will be given exclusively in English.

Here’s the list of training that will be offered:

Training 1: CORELAN “BOOTCAMP” with Peter Van Eeckhoutte: founder of Corelan Team and author of the well-known tutorials on Win32 Exploit Development Training.

Training 2: PRACTICAL INTERNET OF THINGS (IOT) HACKING with Aseem Jakhar: well known as the founder of Null and Nullcon Security Conference.

Training 3: SMART LOCKPICKING – HANDS-ON EXPLOITING IOT DEVICES BASED ON ELECTRONIC LOCKS AND ACCESS CONTROL SYSTEMS with Slawomir Jasek:  IT security consultant and expert since more than 10 years.

Training 4: HACKING IPV6 NETWORKS V4.0 with Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations from around the world.

Training 5: DESIGNING LINUX ROOTKITS with Himanshu Khokhar : an Information Security Instructor at CTG Security Solutions and the founder of SegFault, an infosec community.

Training 6: INFRASTRUCTURE SECURITY ASSESSMENT with Abhisek Datta and Omair. Abhisek Datta is a Security Researcher and Consultant and Omair has over eight years of experience in penetration testing, vulnerability assessment and network security.

Training 7: HACKING AND SECURING WINDOWS INFRASTRUCTURE with Paula Januszkiewicz: CEO and Founder of CQURE Inc. and CQURE Academy.

Training 8: LOW-LEVEL HARDWARE PENETRATION TESTING with Henrik Ferdinand Noelscher and Javier Vazquez: both working at NIO as a product security engineer.

Training 9: BUG HUNTING MILLIONAIRE: MASTERING WEB ATTACKS WITH FULL-STACK EXPLOITATION with Dawid Czagan: an internationally recognized security researcher and trainer / a founder and CEO at Silesia Security Lab.

Training 10: WINDOWS POST-EXPLOITATION SUBVERTING THE CORE with Ruben Boonen: a senior security consultant.

Training 11: ANALOGUE NETWORK SECURITY ARCHITECTURE & DESIGN with Winn Schwartau and Mark Carney. Mark works for Security Research Labs in Berlin and Winn is the Founder of The Security Awareness Company and in 2009 was named one of the Top-¬?20 security industry pioneers by SC Magazine.

Training 12: MOBILE APP ATTACK with Sneha Rajguru: active member of Null, senior consultant with Payatu software labs.

Training 13: PENTESTING THE MODERN APPLICATION STACK with Bharadwaj Machiraju, Francis Alexander: respectively OWASP project leader, and security engineer at Envestnet/Yodlee.

Training 14: REVERSE CODE ENGINEERING IN WIN32 APPS PROTECTING YOURSELF IN THE WILD with Ricardo Rodriguez: an Assistant Professor at Centro Universitario de la Defensa, General Military Academy, Zaragoza, Spain.

Training 15: SMASHING THE SSL/TLS PROTOCOL WITH PRACTICAL CRYPTO ATTACKS with Marco Ortisi: both an international speaker and independant penetration tester.

Training 16: PRACTICAL INDUSTRIAL CONTROL SYSTEM (ICS) HACKING with Arun Mane: a Hardware, IOT and ICS Security Researcher, working with Payatu Software Labs as Sr. Security Researcher.

Training 17: PENTESTING INDUSTRIAL CONTROL SYSTEMS with Arnaud Soullié, manager at Wavestone and specialist in Industrial Control Systems and Active Directory security.

Training 18: CCISO with Jeroen Van Der Vlies: Expert in the area of information security since more than 10 years.

More details available at: https://hackinparis.com/trainings/

 

Hack in Paris also offers 15 conferences including a debate, with world-renowned speakers.
Thursday, June 28th 2018 : (in chronological order)

Talk 1: DRONES THE NEW WEAPON OF CHOICE – ALSO FOR HACKERS by Dominique BRACK

Talk 2: BUILDING SYSTEMS ON SHAKY GROUNDS: 10 TACTICS TO MANAGE THE MODERN SUPPLY CHAIN by Robert WOOD

Talk 3: SILENT WIRE HACKING by Erwan BROQUAIRE & Pierre-Yves TANNIOU

Talk 4: AUDITD FOR THE MASSES by Philipp KRENN

Talk 5: FROM PRINTED CIRCUIT BOARDS TO EXPLOITS:  PWNING IOT DEVICES LIKE A BOSS by Damien CAUQUIL

Talk 6: MOBILE OPERATORS VS. HACKERS: NEW SECURITY MEASURES FOR NEW BYPASSING TECHNIQUES by Sergey PUZANKOV

Talk 7: THE OBFUSCATION TOOLKIT (OTK) & PRACTICAL APPROACHES TO SECURITY RESEARCH by Daniel BOHANNON

Debate: TO SERVE MAN : AI, MACHINE LEARNING & DEEP LEARNING IN SECURITY by Winn SCHWARTAU, Gregory CARPENTER & Michael MASUCCI

 

 

Friday, June 29th 2018 :

Talk 8: THE INSECURE SOFTWARE DEVELOPMENT LIFECYCLE: HOW TO FIND, FIX, AND MANAGE DEFICIENCIES WITHIN AN EXISTING METHODOLOGY by April WRIGHT

Talk 9: KNOCKIN’ ON IPV6’S DOORS by Fernando GONT

Talk 10: THE BICHO: AN ADVANCED CAR BACKDOOR MAKER by Sheila BERTA

Talk 11: THE PAST, PRESENT & FUTURE OF ENTERPRISE SECURITY: THE ‘GOLDEN AGE’ OF ATTACK AUTOMATION by Marcello SALVATI

Talk 12: HUNTING PBX FOR VULNERABILITIES by Sachin WAGH

Talk 13: NO WIN32_PROCESS NEEDED: EXPANDING THE WMI LATERAL MOVEMENT ARSENAL by Philip TSUKERMAN

Talk 14: HOW TO BRING HID ATTACKS TO THE NEXT LEVEL by Luca BONGIORNI

Talk 15: NFC PAYMENTS: THE ART OF RELAY & REPLAY ATTACKS by Salvador MENDOZA & Leigh-Anne GALLOWAY
Explore the detailed programme at : https://hackinparis.com/talks/

Tickets available at: https://hackinparis.com/store/