ContributeBandwidth isn't free you know :) Here's how to help.
Dridex the helpful botnetPosted by Krux on Thursday February 4, 2016 @ 10:26pm
[ 1 reply ]
And in other computer security news....
Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.
Avira reckons the pwnage is down the the work of an unknown white hat hacker.
The Dridex botnet has remains a menace even after a high profile takedown operation in late 2015. Malicious code used to seed Dridex typically comes in the form of spam messages with malicious attachments, often a Word document embedded with malicious macros.
Once the file has been opened, the macros download the payload from a hijacked server, and the computer is infected. Dridex creates a key-logger on infected computers as well as using transparent redirects and webinjects to manipulate banking websites.
But the recent hack means part of the botnet has been requisitioned to quite different ends. "The content behind the malware download URL has been replaced, it's now providing an original, up-to-date Avira web installer instead of the usual Dridex loader," explained Moritz Kroll, a malware expert at Avira.
The end result is that instead of the Dridex malware that they would have received, victims get a valid, signed copy of Avira instead.
Hacker NeededPosted by kodrik on Tuesday August 19, 2014 @ 12:58pm
[ 2 replies ]
I need a security review to be done on a system we run, so we basically need someone to try to hack it anyway possible and to record the methods used and the results. Password stealing and downloading of data, sql injection, server access...
If you know anyone with real hacking skills who would be interested, send him my way
ca at urvenue dot com
Your GPG keys ... I has them.Posted by Krux on Friday December 20, 2013 @ 10:52am
[ 4 replies ]
This is crazy. Apparently it was figured out how to break 4096-bit RSA used in GPG by listening to the CPU, or rather the electrolytic capacitors in the power supply for the CPU, which make noise in response to the voltage fluctuations caused by calculations being performed to decrypt messages.
Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.
Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
The Great Firewall of PornPosted by Krux on Sunday August 18, 2013 @ 03:55pm
[ 1 reply ]
I hear you like porn, so how about a firewall that only lets you go to porn sites.
The current UK government is proposing an Internet porn firewall. Unlike other countries with Internet firewalls, such as North Korea, China, Iran, Saudi Arabia, and Syria, the citizens of the UK are so especially helpful some of them decided to help code the new porn filter. The idea behind the Great Firewall of Porn is simple: if a user wants to visit a NSFW website, let them. If, the user wants to visit the other 19% of the Internet, block it, and forward them to a page with hand drawn cockswains a baubles as the background.
The way the firewall works is actually pretty clever - it checks each request against the OpenDNS FamilyShield filter. If the request is denied, load the page, and if the OpenDNS request is allowed, block the page.
[ more ]
YeahPosted by voltaic on Wednesday August 14, 2013 @ 10:28am
[ 5 replies ]
Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages
The HTTPS cryptographic scheme, which protects millions of websites, is susceptible to a new attack that allows hackers to pluck e-mail addresses and certain types of security credentials out of encrypted pages, often in as little as 30 seconds.
The technique, scheduled to be demonstrated Thursday at the Black Hat security conference in Las Vegas, decodes encrypted data that online banks and e-commerce sites send in responses that are protected by the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols. The attack can extract specific pieces of data, such as social security numbers, e-mail addresses, certain types of security tokens, and password-reset links. It works against all versions of TLS and SSL regardless of the encryption algorithm or cipher that's used.
It requires that the attacker have the ability to passively monitor the traffic traveling between the end user and website. The attack also requires the attacker to force the victim to visit a malicious link. This can be done by injecting an iframe tag in a website the victim normally visits or, alternatively, by tricking the victim into viewing an e-mail with hidden images that automatically download and generate HTTP requests. The malicious link causes the victim's computer to make multiple requests to the HTTPS server that's being targeted. These requests are used to make "probing guesses" that will be explained shortly.
"We're not decrypting the entire channel, but only extracting the secrets we care about," Yoel Gluck, one of three researchers who developed the attack, told Ars. "It's a very targeted attack. We just need to find one corner [of a website response] that has the token or password change and go after that page to extract the secret. In general, any secret that's relevant [and] located in the body, whether it be on a webpage or an Ajax response, we have the ability to extract that secret in under 30 seconds, typically."
So, after 2 years.. a new version of putty is outPosted by Stealth on Tuesday August 6, 2013 @ 09:10pm
[ more ]
0.63 just got released.. fixes 4 recently dropped bugs (one described here - http://packetstormsecurity.com/files/122693/putty-overflow.txt)
BackupsPosted by Krux on Thursday August 30, 2012 @ 07:38pm
[ 25 replies ]
So this is more for Stealth, since he has like all of the TBs at home. But I was looking for a decent backup solution that offered unlimited storage and handled Linux without having to mount a samba share or some shit.. So my co-worker suggested Crash Plan, as that's what he was using. Seems they have a family unlimited plan which lets you do up to 10 computers. And most important for those paranoid security types, you have the option to encrypt your data using a 448-bit encryption key that they don't have. It's also pretty inexpensive considering what you get. And with about 4TB of data I need to backup, I figured it's worth at least trying out for a year to see how I like it.
Here's the bitch of course, 4TB of data is going to take a VERY long time to upload. Backed up the servers quickly enough since they have bandwidth, and considerably less data. But the bulk of it is on the machines at home, so that means being bottle necked by the cable modem upload speed. Looks like it'll take about 6 months to upload the data at the current rate. I could upgrade my cable modem speed, but to get at the level where the upload speed changes from what I have now it's an additional $70 a month. That's out of my price range at the moment.
Cert QuestionPosted by unicron on Thursday November 3, 2011 @ 06:41pm
[ 6 replies ]
What do you guys think of the Certified Ethical Hacker cert? Trendy BS or something worth having? Has Anyone here ever seen it give someone the leg up in a job search? Just seems like a cool cert to have, something different.
Rub breaks XML encryptionPosted by Krux on Saturday October 22, 2011 @ 01:25pm
[ 5 replies ]
I had no idea Rub was also doing computer security research.
RUB researchers break W3C standard
XML encryption is insecure: Large companies affected
On the topic of CA's and SSL trafficPosted by Stealth on Wednesday August 31, 2011 @ 10:52pm
[ 3 replies ]
Check out this plugin for Firefox - http://convergence.io/ There's an article about it here - http://www.esecurityplanet.com/news/article.php/3938211/Who-Do-You-Trust-with-SSL.htm and it was mentioned at BlackHat '11 and in the back 10 minutes of this video - http://www.youtube.com/watch?v=Z7Wl2FW2TcA
It's a very cool concept and idea and seems to be well thought out. I think we should start playing with this and seeing what it takes to make a run a Notary so we can 'trust' what THC sees. It's pretty dope.
Chinese government hacking tool shown on TVPosted by rub on Wednesday August 24, 2011 @ 02:11am
[ 3 replies ]
Krux and I were just talking about this last night at Crown & Anchor...