// API callback
readpostlabels({"version":"1.0","encoding":"UTF-8","feed":{"xmlns":"http://www.w3.org/2005/Atom","xmlns$openSearch":"http://a9.com/-/spec/opensearchrss/1.0/","xmlns$blogger":"http://schemas.google.com/blogger/2008","xmlns$georss":"http://www.georss.org/georss","xmlns$gd":"http://schemas.google.com/g/2005","xmlns$thr":"http://purl.org/syndication/thread/1.0","id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851"},"updated":{"$t":"2021-08-17T22:37:34.909-05:00"},"category":[{"term":"Practical Security"},{"term":"Small Word Security"},{"term":"Digital Forensics"},{"term":"Faith Family \u0026 Fun"},{"term":"Bugs and Vulnerabilities"},{"term":"Cyber Crime"},{"term":"Home Network Security"},{"term":"Internet of Things"},{"term":"Mobile Device Security"},{"term":"Bank and Credit Card Security"},{"term":"Password Management"},{"term":"Hacking"},{"term":"Identity Theft"},{"term":"Financial Fraud"},{"term":"Malware"},{"term":"Privacy"},{"term":"Social Engineering"},{"term":"Parenting"},{"term":"Phishing"},{"term":"Social Networks"},{"term":"Weekend Projects"},{"term":"Encryption"},{"term":"Awana and Kidmin"},{"term":"Asus"},{"term":"CSOonline"},{"term":"Tech Tips"},{"term":"Security Theater"},{"term":"Transportation Authorities"}],"title":{"type":"text","$t":"Security for Real People"},"subtitle":{"type":"html","$t":"A blog by David Longenecker: practical cyber security advice, digital forensics, and parenting in the digital age, with family and faith woven in."},"link":[{"rel":"http://schemas.google.com/g/2005#feed","type":"application/atom+xml","href":"http:\/\/www.securityforrealpeople.com\/feeds\/posts\/default"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/-\/Bugs+and+Vulnerabilities?alt=json-in-script\u0026max-results=50"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/search\/label\/Bugs%20and%20Vulnerabilities"},{"rel":"hub","href":"http://pubsubhubbub.appspot.com/"},{"rel":"next","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/-\/Bugs+and+Vulnerabilities\/-\/Bugs+and+Vulnerabilities?alt=json-in-script\u0026start-index=51\u0026max-results=50"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"generator":{"version":"7.00","uri":"http://www.blogger.com","$t":"Blogger"},"openSearch$totalResults":{"$t":"53"},"openSearch$startIndex":{"$t":"1"},"openSearch$itemsPerPage":{"$t":"50"},"entry":[{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4671422452561798560"},"published":{"$t":"2018-12-27T10:41:00.000-06:00"},"updated":{"$t":"2018-12-31T19:11:39.150-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Identity Theft"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Networks"}],"title":{"type":"text","$t":"A band-aid for Twitter's horribly broken security"},"content":{"type":"html","$t":"\u003Cblockquote class=\"tr_bq\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003EIf you manage a high-value Twitter account, consider creating a second, \u0026quot;burner\u0026quot; account. After enabling multifactor authentication on the high-value account, add the same phone number to the burner account. This will turn off SMS access features for the high-value account, without breaking MFA on the same. \u003C\/i\u003E\u003C\/span\u003E\u003C\/blockquote\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cb\u003EUpdated December 31\u003C\/b\u003E: Added a description of the variations between mobile app, mobile web UI, and desktop web UI, along with a \u003Ca href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1079840403715735552\" target=\"_blank\"\u003Ebug Kevin Beaumont pointed out\u003C\/a\u003E (described at the end of this post).\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EOn Christmas Eve, \u003Ca href=\"https:\/\/twitter.com\/antisocial_eng\" target=\"_blank\"\u003ERichard De Vere\u003C\/a\u003E of The AntiSocial Engineer published a doozie of an article describing \u003Ca href=\"https:\/\/theantisocialengineer.com\/2018\/12\/24\/twitter-is-broken\" target=\"_blank\"\u003Ea serious flaw in Twitter’s security\u003C\/a\u003E. In a nutshell, if a Twitter account has a phone number connected to it, Twitter accepts instructions via SMS from that phone number, with no additional authentication required.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIt gets worse – far worse. Twitter requires a phone number be connected to an account in order to enable \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/03\/do-twofa-2fa.html\" target=\"_blank\"\u003Emultifactor authentication\u003C\/a\u003E. Twitter does support using a mobile security app or a physical key for MFA, and allows you to turn off SMS-based 2FA, but requires a phone number to be connected to the account nonetheless. Removing the phone number also turns off \u0026quot;logon verification\u0026quot; (Twitter\u0026#39;s term for multifactor authentication).\u003C\/span\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/span\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"Removing a phone number from Twitter also turns off multifactor authentication\" border=\"0\" data-original-height=\"333\" data-original-width=\"533\" src=\"https:\/\/2.bp.blogspot.com\/-P5G78IgMFHo\/XCqvdTJbaNI\/AAAAAAAAVGo\/5HwhZgJDDvw3BfvrqXlso92Z_8-ANlqswCLcBGAs\/s1600\/twitter-sms1.png\" title=\"Removing a phone number from Twitter also turns off multifactor authentication\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EMeaning, a user security-aware enough to set up two-factor authentication to protect their Twitter account, is also opening a back door into their account, a back door that allows functions including follow, unfollow, tweet, retweet, like, DM, turn on or off push notifications, or remove the phone number from the account.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAnd since Twitter 2FA requires a phone number, sending a “stop” message to Twitter from (or spoofing) the number associated with an account, will disable 2FA on that account, with no notice to the rightful account owner.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThat\u0026#39;s right: enabling 2FA on Twitter, explicitly enables an SMS back door to Twitter, which can be used to disable 2FA on Twitter, without you knowing that 2FA has been disabled.\u003C\/span\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2018\/12\/a-band-aid-for-twitters-horribly-broken.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4671422452561798560"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4671422452561798560"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2018\/12\/a-band-aid-for-twitters-horribly-broken.html","title":"A band-aid for Twitter's horribly broken security"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-P5G78IgMFHo\/XCqvdTJbaNI\/AAAAAAAAVGo\/5HwhZgJDDvw3BfvrqXlso92Z_8-ANlqswCLcBGAs\/s72-c\/twitter-sms1.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1218583275466807819"},"published":{"$t":"2017-10-10T16:21:00.000-05:00"},"updated":{"$t":"2017-10-20T15:46:57.001-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"}],"title":{"type":"text","$t":"Exploiting Office native functionality: Word DDE edition"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cimg alt=\"Sensepost researchers show a way to exploit DDE to run code from Word, without macros or buffer overflows. Here\u0026#39;s how to detect it.\" border=\"0\" data-original-height=\"406\" data-original-width=\"640\" height=\"406\" src=\"https:\/\/2.bp.blogspot.com\/-CwUAVJkU7R4\/Wd03_v9vhCI\/AAAAAAAAUUk\/Ih0BFLdzANIk5bSrJtxoYCJchJRKI9FkACLcBGAs\/s640\/DDE-main.png\" title=\"Sensepost researchers show a way to exploit DDE to run code from Word, without macros or buffer overflows. Here\u0026#39;s how to detect it.\" width=\"640\"\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 20 October:\u003C\/b\u003E Added a note regarding enabling full command line logging for process creation events; added a note clarifying that \u0026quot;Creator Process Name\u0026quot; is only recorded in Windows 10 and Windows Server 2016. Older versions of Windows record the creator process ID but not the process name; added references to a variety of exploitation techniques found by other researchers or seen in the wild.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 11 October\u003C\/b\u003E: I originally wrote that this exploit technique bypassed both disabled macros, and Protected View. That is incorrect: this technique will work if macros are disabled, but the code does not trigger while in Protected View. Thanks to Matt Nelson (\u003Ca href=\"https:\/\/twitter.com\/enigma0x3\" target=\"_blank\"\u003E@enigma0x3\u003C\/a\u003E) for pointing out my mistake.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EI love reading exploit techniques that rely on native features of the operating system or common applications. As an attacker, I find it diabolically clever to abuse features the target fully expects to be used and cannot turn off without disrupting business. As a defender, I am intrigued by the challenge of detecting malicious use of perfectly legitimate features.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EResearchers Etienne Stalmans and Saif El-Shereisuch of Sensepost wrote of a slick way to execute code on a target computer using Microsoft Word - but \u003Ca href=\"https:\/\/sensepost.com\/blog\/2017\/macro-less-code-exec-in-msword\/\"\u003Ewithout the macros or buffer overflows\u003C\/a\u003E usually exploited to this end. Instead, they use dynamic data exchange, or DDE - an older technology once used for coding and automation within MS Office applications. This is particularly clever because it works even with macros disabled - because it\u0026#39;s not using the macro subsystem.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2017\/10\/exploiting-office-native-functionality.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1218583275466807819"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1218583275466807819"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/10\/exploiting-office-native-functionality.html","title":"Exploiting Office native functionality: Word DDE edition"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-CwUAVJkU7R4\/Wd03_v9vhCI\/AAAAAAAAUUk\/Ih0BFLdzANIk5bSrJtxoYCJchJRKI9FkACLcBGAs\/s72-c\/DDE-main.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6399116428330355817"},"published":{"$t":"2017-06-27T22:12:00.000-05:00"},"updated":{"$t":"2017-06-29T17:37:41.755-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"To Patchnya, or Not to Patchnya"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"355\" data-original-width=\"640\" src=\"https:\/\/3.bp.blogspot.com\/-FIiS-TiEzH0\/WVL3GVX1OVI\/AAAAAAAAUIU\/3ZdAdTyDTAYpciHi9zzXENL31aBTP4YAwCLcBGAs\/s1600\/ee2bab4f-5a5c-4d0c-9436-f7b881afbf15-original.jpeg\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EHeads-up: there\u0026#39;s another \u003Ca href=\"https:\/\/isc.sans.edu\/diary\/Checking+out+the+new+Petya+variant\/22562\" target=\"_blank\"\u003Eransomware\u003C\/a\u003E worm making the rounds. Initially thought to be a variant of the \u003Ca href=\"https:\/\/www.malwaretech.com\/2017\/06\/petya-ransomware-attack-whats-known.html\" target=\"_blank\"\u003EPetya ransomware family\u003C\/a\u003E, it was later determined to be something entirely different, and has been dubbed \u0026quot;NotPetya\u0026quot; in many tweets and reports.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ELike the \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2017\/05\/hit-by-wannacry-it-may-also-be-hipaa.html\" target=\"_blank\"\u003EWannaCry\u003C\/a\u003E worm that made such a splash in May, it exploits a (now-patched) vulnerability in the Windows file sharing protocol known as SMB. Unlike WannaCry, it also harvests credentials from compromised systems, then uses standard Windows administration tools such as WMIC and psexec to spread within an organization.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2017\/06\/to-patchnya-or-not-to-patchnya.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6399116428330355817"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6399116428330355817"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/06\/to-patchnya-or-not-to-patchnya.html","title":"To Patchnya, or Not to Patchnya"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-FIiS-TiEzH0\/WVL3GVX1OVI\/AAAAAAAAUIU\/3ZdAdTyDTAYpciHi9zzXENL31aBTP4YAwCLcBGAs\/s72-c\/ee2bab4f-5a5c-4d0c-9436-f7b881afbf15-original.jpeg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-613420305889049666"},"published":{"$t":"2017-05-24T22:39:00.000-05:00"},"updated":{"$t":"2017-05-25T12:20:25.976-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Samba remote code execution exploit: what you need to know"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis is going to hurt home users with Samba shares mounted on their SoHo routers or NAS, among other things.\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESamba is a file sharing service for Linux, similar to Windows SMB file shares (yes, the same SMB that was exploited in the recent \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2017\/05\/ransomware-now-comes-in-worm-flavor.html\" target=\"_blank\"\u003EWannaCry ransomware worm\u003C\/a\u003E). A \u003Ca href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2017-7494.html\" target=\"_blank\"\u003Evulnerability in Samba\u003C\/a\u003E could enable a similar attack on Linux systems.\u0026nbsp;A malicious actor with access to upload files to a Samba share, can upload malicious code and then use this vulnerability to \u003Ca href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/8450\" target=\"_blank\"\u003Ecause the server to execute it\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUnlike SMB, Samba exists on a wide variety of systems from different makers - servers, laptops, home routers, network storage systems, media servers, and many IoT devices. And unlike Windows, those devices may not automatically install an update - even if the manufacturer provides one.\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EA quick query of Internet scanner Shodan shows that nearly a half million devices running Samba are publicly accessible on the Internet. Interestingly, the large majority of those appear to be in the United Arab Emirates, leading one to wonder if Emirates Telecommunications Corporation is equipping its customers with a gateway router that has Samba enabled by default.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat can you do?\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUpdate Samba\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe best course of action is to update Samba to a non-vulnerable version (4.6.4 or newer; 4.5.10 or newer; or 4.4.14 or newer, according to the Samba Project \u003Ca href=\"https:\/\/www.samba.org\/samba\/security\/CVE-2017-7494.html\" target=\"_blank\"\u003Eadvisory\u003C\/a\u003E).\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EFor most IoT devices, you are likely dependent on the manufacturer to release a firmware update that includes this fix.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDisable writable shares\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis vulnerability can only be exploited using shares that allow uploading or writing files; read-only shares cannot be exploited.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDisable \"named pipe endpoints\" in your Samba config file\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESimilar to the way port numbers allow multiple layer 4 connections to the same layer 3 network address, \u003Ca href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/cc239733.aspx\" target=\"_blank\"\u003Enamed pipes\u003C\/a\u003E allow multiple layer 5 (SMB) connections to the same layer 4 port (TCP 445). This is also the feature that can be exploited due to this vulnerability. Disabling named pipes prevents exploitation, though it may also disable expected functionality in some cases.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ETo disable named pipes, add the parameter:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cbr \/\u003E\u003Cdiv class=\"code\"\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;courier new\u0026quot; , \u0026quot;courier\u0026quot; , monospace;\"\u003Ent pipe support = no\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003Eto the [global] section of your smb.conf file and restart smbd. You can modify smb.conf on a couple of IoT devices as follows:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cbr \/\u003E\u003Cul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/12\/customizing-samba-on-asuswrt-wireless.html\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EASUSWRT wireless routers\u003C\/span\u003E\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2013\/08\/turning-nas-into-halfway-decent-media.html\" target=\"_blank\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESeagate GoFlex network storage devices\u003C\/span\u003E\u003C\/a\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDouble-check that Samba is not exposed to the Internet\u003C\/span\u003E\u003C\/h4\u003E\u003Cbr \/\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EBrowse to\u0026nbsp;\u003Ca href=\"http:\/\/www.ipchicken.com\/\"\u003Ehttp:\/\/www.ipchicken.com\/\u003C\/a\u003E to check your public Internet address\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EBrowse to \u003Ca href=\"https:\/\/shodan.io\/\"\u003Ehttps:\/\/shodan.io\u003C\/a\u003E and search for your address. You do \u003Ci\u003Enot\u003C\/i\u003E\u0026nbsp;want to see the following - if you do, you'll need to check your router or firewall and disable public (or WAN) access to port 445:\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg border=\"0\" data-original-height=\"265\" data-original-width=\"640\" src=\"https:\/\/3.bp.blogspot.com\/-331OADD6QUo\/WSZQZPVux-I\/AAAAAAAAUGQ\/A-8weaKULpALksI0vRnYKSa-ky-T8HoRwCLcB\/s1600\/samba.png\" \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cbr \/\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/613420305889049666"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/613420305889049666"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/05\/samba-remote-code-execution-exploit.html","title":"Samba remote code execution exploit: what you need to know"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-331OADD6QUo\/WSZQZPVux-I\/AAAAAAAAUGQ\/A-8weaKULpALksI0vRnYKSa-ky-T8HoRwCLcB\/s72-c\/samba.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2482357699321989597"},"published":{"$t":"2017-05-12T16:40:00.000-05:00"},"updated":{"$t":"2017-05-12T17:42:40.364-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Ransomware now comes in worm flavor"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIf you have SMBv1 in your enterprise, and haven't completed \u003Ca href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\" target=\"_blank\"\u003Edeploying MS17-010\u003C\/a\u003E (released in March), now would be a good time to expedite that. Multiple news outlets are reporting a widespread outbreak of the \"WannaCry\" ransomware.\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ERansomware is malware that encrypts all the data on a computer, holding it hostage until the victim pays a ransom fee. This particular attack is especially insidious because it acts as a \"worm\" - it spreads from computer to computer on its own, without any interaction from users.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe saving grace is that the vulnerability it exploits to spread, was fixed by Microsoft in March. Most home users are safe because Windows Updates apply automatically (yes, it's annoying to have a computer reboot when you do not want it to, but today you are thanking your lucky stars).\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ESome reports of note:\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ECCN-CERT, the computer emergency response team for Spain, first \u003Ca href=\"https:\/\/www.ccn-cert.cni.es\/seguridad-al-dia\/comunicados-ccn-cert\/4464-ataque-masivo-de-ransomware-que-afecta-a-un-elevado-numero-de-organizaciones-espanolas\" target=\"_blank\"\u003Eissued a warning\u003C\/a\u003E\u0026nbsp;(in Spanish) of this outbreak Friday morning.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ESpanish telecommunications company Telefónica \u003Ca href=\"https:\/\/www.telefonica.com\/es\/web\/sala-de-prensa\/-\/incidencia-ciberseguridad\" target=\"_blank\"\u003Ereported\u003C\/a\u003E\u0026nbsp;(in Spanish) that they too have been affected.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe British Broadcasting Company has a \u003Ca href=\"http:\/\/www.bbc.com\/news\/live\/39901370\" target=\"_blank\"\u003Erunning commentary\u003C\/a\u003E on effects in the UK, and specifically the effects on the National Heathcare Service of the UK.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Register reports that UK hospitals have \u003Ca href=\"https:\/\/www.theregister.co.uk\/2017\/05\/12\/nhs_hospital_shut_down_due_to_cyber_attack\/\" target=\"_blank\"\u003Eeffectively shutdown\u003C\/a\u003E, and are not accepting new patients.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EGlobal delivery company \u003Ca href=\"http:\/\/www.businessinsider.com\/r-fedex-reports-malware-interference-in-global-cyberattack-statement-2017-5\" target=\"_blank\"\u003EFedEx reported\u003C\/a\u003E that it has been affected, but has not specified what locations or if deliveries have been interrupted. At least one FedEx customer reported Customer Service being \u003Ca href=\"https:\/\/twitter.com\/MMegan79\/status\/863052965573210113\"\u003Eunable to provide support\u003C\/a\u003E due to server outages.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWhat can you do:\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EHome users by and large are not affected by this. If you follow the basic steps I recommend in \u003Ca href=\"https:\/\/securityforrealpeople.com\/cybertips\"\u003Ehttps:\/\/securityforrealpeople.com\/cybertips\u003C\/a\u003E\u0026nbsp;(in particular, setting Windows to automatically install updates), Windows lomng ago installed the patch to protect you from this worm.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor corporate and small business readers:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBlock TCP 445 and 135 inbound from the Internet\u003Cbr \/\u003E\u0026nbsp;\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\" target=\"_blank\"\u003EInstall MS17-010\u003C\/a\u003E everywhere. Note that the April and May cumulative updates for Windows include this patch\u003Cbr \/\u003E\u0026nbsp;\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ca href=\"https:\/\/support.microsoft.com\/en-us\/help\/2696547\" target=\"_blank\"\u003EKill off SMBv1\u003C\/a\u003E. SMB version 1 is a 30-year-old protocol that has outlived its usefulness. Every modern operating system - including all supported Windows variants, MacOS and OS X, and the Samba product for Linux file sharing, supports the newer v2 and v3 versions.\u003Cbr \/\u003E\u003Cbr \/\u003ESMBv1 can be disabled by creating or editing the following value in the Windows Registry:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cbr \/\u003E\u003Cdiv class=\"code\"\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Courier New, Courier, monospace;\"\u003EHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\u003Cbr \/\u003EName: SMB1\u003Cbr \/\u003EType: DWORD\u003Cbr \/\u003EValue: 0\u003Cbr \/\u003E\u003Cbr \/\u003E\u003C\/div\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThen run the following command to disable SMBv1 on the client side:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cbr \/\u003E\u003Cdiv class=\"code\"\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Courier New, Courier, monospace;\"\u003Esc.exe config lanmanworkstation depend= bowser\/mrxsmb20\/nsi\u003Cbr \/\u003Esc.exe config mrxsmb10 start= disabled\u003Cbr \/\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cbr \/\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBlock client-to-client SMB (TCP 445) traffic. Generally speaking, laptops don't need to map file shares of other laptops. Blocing lateral SMB traffic prevents this malware from spreading laptop-to-laptop. Then focus on patching your domain controllers and enterprise file servers - which genuinely do need to share services on TCP 445.\u003Cbr \/\u003E\u0026nbsp;\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ERun Windows Firewall and block inbound TCP 445 connections when on an untrusted network (public WiFi, for example).\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2482357699321989597"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2482357699321989597"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/05\/ransomware-now-comes-in-worm-flavor.html","title":"Ransomware now comes in worm flavor"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2069505748378353828"},"published":{"$t":"2017-03-21T13:22:00.002-05:00"},"updated":{"$t":"2017-03-21T13:23:30.079-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"}],"title":{"type":"text","$t":"Cisco's CIA Vault7 exploit in context"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ECisco issued a \u003Ca href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20170317-cmp\" target=\"_blank\"\u003Esecurity bulletin\u003C\/a\u003E on March 17, disclosing a remote code execution vulnerability in the Cluster Management Protocol function of IOS and IOS XE software, affecting over 300 Cisco switches and routers. Through this vulnerability, remote attackers can take complete control of a network device.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ECisco discovered the flaw while going through the WikiLeaks \"Vault7\" documents believed to have come from the CIA, suggesting that the flaw has been actively exploited. Naturally, every \u003Ca href=\"https:\/\/threatpost.com\/cisco-warns-of-critical-vulnerability-revealed-in-vault-7-data-dump\/124414\/\" target=\"_blank\"\u003Etech\u003C\/a\u003E \u003Ca href=\"https:\/\/arstechnica.com\/security\/2017\/03\/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches\/\" target=\"_blank\"\u003Ewriter\u003C\/a\u003E \u003Ca href=\"http:\/\/www.tomshardware.com\/news\/cisco-finds-vulnerability-wikileaks-docs,33941.html\" target=\"_blank\"\u003Eon\u003C\/a\u003E \u003Ca href=\"http:\/\/www.zdnet.com\/article\/cisco-warns-of-critical-security-flaw-found-buried-in-wikileaks-vault-7-disclosure\/\" target=\"_blank\"\u003Ethe\u003C\/a\u003E \u003Ca href=\"http:\/\/www.networkworld.com\/article\/3182871\/security\/cisco-issues-critical-warning-after-cia-wikileaks-dump-bares-ios-security-weakness.html\" target=\"_blank\"\u003Eplanet\u003C\/a\u003E has rushed in to write doom and gloom stories of mass exploitation.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESlow down just a bit.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThose following long-standing best practices for securing infrastructure hardware are not at risk. The vulnerability can only be exploited through the Telnet protocol, and requires access to the management interface of a switch.\u0026nbsp;\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ETelnet communicates with a remote device unencrypted - transmitting usernames and passwords, as well as commands and configuration details, in the clear where anyone listening can intercept them. All modern switches and routers support SSH, which serves the same purpose but with an encrypted connection.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EDisable the Telnet service on your Cisco switches, restrict management to an isolated management network, and update the OS as soon as practical once Cisco issues a fix.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ECarry on.\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2069505748378353828"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2069505748378353828"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2017\/03\/ciscos-cia-vault7-exploit-in-context.html","title":"Cisco's CIA Vault7 exploit in context"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6220190842982655685"},"published":{"$t":"2016-09-23T22:10:00.001-05:00"},"updated":{"$t":"2016-09-23T22:11:32.158-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Networks"}],"title":{"type":"text","$t":"Monster DDoS, Yahoo woes, malware by mail - the week in review"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg border=\"0\" height=\"456\" src=\"https:\/\/3.bp.blogspot.com\/--A9OlcOlbpc\/V-XoCqJwSQI\/AAAAAAAARyY\/FTfcJT2sRagXRVRGlVlSanwtvGxdwG6CwCLcB\/s640\/fire.jpg\" width=\"640\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EHere is a recap of some more notable cyber security stories this week, along with short and simple things you can do.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/09\/monster-ddos-yahoo-woes-malware-by-mail.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6220190842982655685"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6220190842982655685"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/09\/monster-ddos-yahoo-woes-malware-by-mail.html","title":"Monster DDoS, Yahoo woes, malware by mail - the week in review"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/--A9OlcOlbpc\/V-XoCqJwSQI\/AAAAAAAARyY\/FTfcJT2sRagXRVRGlVlSanwtvGxdwG6CwCLcB\/s72-c\/fire.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-504146438587945412"},"published":{"$t":"2016-08-25T12:49:00.001-05:00"},"updated":{"$t":"2016-09-02T10:40:08.798-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Apple releases iOS 9.3.5 to block a sophisticated iPhone spy technique"},"content":{"type":"html","$t":"\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cb\u003EUpdated 2 September:\u003C\/b\u003E\u0026nbsp;It turns out that the same vulnerabilities exist in OS X for MacBooks and iMacs, and can be used to run malicious programs with kernel (i.e. the highest level)\u0026nbsp;\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003Eprivileges. Apple released updates for OS X Yosemite and OS X El Capital on September 1.\u0026nbsp;\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/i\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor El Capitan, the fix is Security Update 2016-001.\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor Yosemite, the fix is Security Update 2016-005.\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/i\u003E\u003Ci\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ETo check for Mac software updates, open the App Store app on your Mac, then click Updates in the toolbar. If updates are available, click the Update button to download and install them. If you don't have the App Store on your Mac, get OS X updates by choosing Software Update from the Apple menu.\u003C\/span\u003E\u003C\/i\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003E\u003Cbr \/\u003E\u003C\/b\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdated 26 August: \u003C\/b\u003EBrief update - here is a link to the original (and in-depth) \u003Ca href=\"https:\/\/citizenlab.org\/2016\/08\/million-dollar-dissident-iphone-zero-day-nso-group-uae\/\" target=\"_blank\"\u003Ereport by Citizen Lab\u003C\/a\u003E, the firm that identified the vulnerabilities and ferreted out the origin of the attack.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhen a mobile phone provider sends you an update for your phone, it's usually a good idea to install it. Sometimes it's a better idea than others.\u003Cbr \/\u003E\u003Cbr \/\u003EThis is one of those times: Apple just released an update for iPhones, fixing three very serious bugs that together have been exploited in secret to spy on apparent Middle Eastern targets. Through the flaws, merely clicking on a link can \"jailbreak\" an iPhone - defeating the security measures Apple has built in and giving the attacker complete control of the device (and any private information on the device).\u003Cbr \/\u003E\u003Cbr \/\u003EYour iPhone will prompt you to update to iOS 9.3.5 very shortly. Do it.\u003Cbr \/\u003E\u003Cbr \/\u003EMotherboard has an article describing how the flaw was discovered and how it was being \u003Ca href=\"https:\/\/motherboard.vice.com\/read\/government-hackers-iphone-hacking-jailbreak-nso-group\" target=\"_blank\"\u003Eused to spy on individuals\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe SANS Internet Storm Center has a \u003Ca href=\"https:\/\/isc.sans.edu\/forums\/diary\/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities\/21409\/\" target=\"_blank\"\u003Econcise description of the three flaws\u003C\/a\u003E and how they work together to compromise a device.\u003Cbr \/\u003E\u003Cbr \/\u003EHere is Apple's\u0026nbsp;\u003Ca href=\"https:\/\/support.apple.com\/en-us\/HT207107\" target=\"_blank\"\u003Erelease bulletin for iOS\u003C\/a\u003E,\u0026nbsp;and Apple's \u003Ca href=\"https:\/\/support.apple.com\/en-us\/HT207130\" target=\"_blank\"\u003Erelease bulletin for OS X\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat do you need to do?\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EOpen your iPhone or iPad's Settings tool and go to General -\u0026gt; Software Update in your device's Settings app, or connect to iTunes on your Mac or PC. If you are running \u003Cb\u003EiOS 9.3.5\u003C\/b\u003E (the latest update as of this writing), your device will show that it is up-to-date. If you are running an older version, your device will show an update is available. Install it!\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/504146438587945412"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/504146438587945412"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/08\/ios-935-install-it-now-to-block.html","title":"Apple releases iOS 9.3.5 to block a sophisticated iPhone spy technique"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6138336792733100991"},"published":{"$t":"2016-07-21T08:46:00.002-05:00"},"updated":{"$t":"2016-07-24T20:01:21.167-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"iOS 9.3.3 for iPhone and iPad: update sooner rather than later"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EUpdate 24-July: to date I am not aware of any public exploits for these vulnerabilities. The only exploits I am aware of reside with the discoverer at Talos, and will not be publicly released. Still, the damage that could be done if a criminal hacker worked out an exploit is significant enough that this is a must-install update. \u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EApple \u003Ca href=\"https:\/\/support.apple.com\/en-us\/HT201222\" target=\"_blank\"\u003Ereleased software updates\u003C\/a\u003E for many of its products this week - iOS iPhones, iPads and iPods; OS X for Mac laptops, watchOS for Apple Watch; tvOS for Apple TV; iTunes for Windows; and Safari web browser. This is a case where you might want to update sooner rather than later, at least if you use an iPhone or iPad.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAbout a year ago, an Austin researcher found a flaw in a core component of Android, which became known as the StageFright vulnerability. This component was responsible for processing images and videos, and could be exploited by merely sending a maliciously-designed MMS message. The recipient did not have to view the message - the phone would process the image automatically once it was received.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis Spring, a researcher with Cisco\u0026#39;s Talos team \u003Ca href=\"http:\/\/www.talosintelligence.com\/reports\/TALOS-2016-0171\/\" target=\"_blank\"\u003Efound a very similar flaw in ImageIO\u003C\/a\u003E, a component of the operating system that is used for all image handling. Just like StageFright, ImageIO has what the security profession calls a Remote Code Execution, or RCE flaw. A hacker can design a malicious image file that exploits this flaw to run any program or instructions they want. All they have to do is get you to open the image - which is as easy as sending the image via MMS message so that your phone automatically loads the image and has it ready for you to see.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/07\/ios-933-for-iphone-and-ipad-update.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6138336792733100991"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6138336792733100991"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/07\/ios-933-for-iphone-and-ipad-update.html","title":"iOS 9.3.3 for iPhone and iPad: update sooner rather than later"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8970249339828844394"},"published":{"$t":"2016-05-06T11:07:00.000-05:00"},"updated":{"$t":"2017-01-18T22:34:59.228-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Financial Fraud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Identity Theft"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Email hacks, cute pet scams, and payroll fraud - the week in review"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003EHere is a recap of some more notable cyber security stories this week, along with short and simple things you can do.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E270 million email accounts hacked!\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe story: many news outlets are reporting that a Russian hacker \u003Ca href=\"http:\/\/phandroid.com\/2016\/05\/04\/gmail-accounts-compromised\/\" target=\"_blank\"\u003Estole passwords to over 270 million\u003C\/a\u003E GMail, Yahoo! Mail, Hotmail, and Mail.ru email accounts. The origin of the story is a company with a dubious track record, known for making a big deal out of questionable information. Most likely, the hacker does have 270 million passwords - but not necessarily accurate, current, or associated with email accounts. This seems to be a repackaging of a story from the same source 2 years ago - at that time claiming a \u003Ci\u003Ebillion \u003C\/i\u003Epasswords. In reality, these passwords came from many smaller breaches, over a period of many years, and many were not even to email accounts. Instead, perhaps a news website was compromised and the attacker stole the email address and password used to log in; the attacker makes an assumption that you used the same password for your email account as you used for the news website.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cb\u003EWhat you should do:\u003C\/b\u003E Don't panic. Do change your email account passwords just to be safe. Do use unique and long passwords for every account (or at least for any important accounts). Do set up \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/grog-and-narg-teach-two-factor.html\" target=\"_blank\"\u003Etwo-factor authentication\u003C\/a\u003E (which requires a code sent to you via SMS\/text message, or an authentication app on your phone, to log in from any new location) for your email accounts.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ERead this post for \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/07\/your-password-isnt-as-strong-as-you.html\" target=\"_blank\"\u003Emore password advice\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFraudsters steal tax, salary data from ADP!\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe story: ADP provides payroll and benefits services for over a half million businesses. Cyber crime investigator Brian Krebs wrote of an \u003Ca href=\"http:\/\/krebsonsecurity.com\/2016\/05\/fraudsters-steal-tax-salary-data-from-adp\/\" target=\"_blank\"\u003Eincident affecting some ADP clients\u003C\/a\u003E. Client companies have the option of either pre-creating accounts for every employee, or of having employees create accounts themselves. In the latter case, the employee provides some information that presumably only the actual employee would know (social security number, date of birth, and a code provided by the employer). In some cases, employers evidently posted the company-specific code on a public website to make it easy for employees to sign up; if an attacker were able to obtain someone's social security number and date of birth, they could then create an account pretending to be that employee, and access all of the tax and salary information ADP holds for that employee - useful for tax return fraud among other schemes.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cb\u003EWhat you should do:\u003C\/b\u003E This only affects ADP client companies that require their employees to sign up for online payroll and benefits services. The simplest defense is to create your online account with your payroll service immediately upon starting a new job - if you do it first, a hacker cannot pretend to be you.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E10 year old kid gets $10,000 for hacking Instagram!\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003EThe story: this is actually a great positive story. Facebook awarded a 10-year-old Finnish student with the equivalent of $10,000 USD for finding and reporting a flaw in Instagram (which Facebook owns). Under the flaw, a hacker could \u003Ca href=\"http:\/\/arstechnica.co.uk\/security\/2016\/05\/facebook-schoolboy-bug-bounty-justin-bieber-instragram-hack\/\" target=\"_blank\"\u003Edelete any other people's comments\u003C\/a\u003E. Thanks to this young researcher, Facebook fixed the flaw so it cannot be exploited by those with nefarious intention. I've seen other companies disqualify bug bounty reports from underage submitters. Kudos to Facebook for giving young ones incentive to not go to the Dark Side!\u003Cbr \/\u003E\u003Cbr \/\u003E\u003Cb\u003EWhat you should do\u003C\/b\u003E: Nothing! The flaw has already been fixed by Facebook.\u003Cbr \/\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWi-Fi network named \"mobile detonation device\" freaks out passengers!\u003C\/span\u003E\u003C\/h4\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe story: Passengers on an Australian airline turned on their wireless devices to connect to the in-flight movie system, and freaked when they saw a hotspot named \"mobile detonation device.\" The airline quickly ushered passengers off the plane while they investigated. As far as has been stated publicly, the device advertising that name was never identified, and eventually the flight did go on.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cb\u003EWhat you should do\u003C\/b\u003E: How about not naming your mobile phone wi-fi hotspot something that will cause panic and possibly get you arrested?\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ECute puppies and kittens lead to online scams!\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe story: UK fraud and cyber crime reporting center ActionFraud writes of an \u003Ca href=\"http:\/\/www.actionfraud.police.uk\/news\/alert-fake-puppies-and-kittens-for-sale-online-apr16\" target=\"_blank\"\u003Eincrease in pets offered for sale\u003C\/a\u003E through online auction websites. Often, the animal comes with a sad story about how it is in a faraway location and needs a new home, along with transportation to that new home. The unsuspecting buyer wins the auction, pays for the animal, and then is asked to pay more vet, boarding, or transportation fees. The buyer though never actually gets the animal - the pet for sale is usually merely a picture taken off a public social media post, of a happily homed pet.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cb\u003EWhat you should do\u003C\/b\u003E: Don't buy a pet through an online auction. Your local animal rescue or SPCA no doubt has plenty of sweet animals looking for new homes.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Ch4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThousands of WordPress blogs redirect readers to malware!\u003C\/span\u003E\u003C\/h4\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe story: Security research firm Sucuri found a clever malware campaign that exploits WordPress blog sites whose operators haven't paid attention to security updates. The attackers compromise the blog sites, and add a piece of code that randomly redirects some but not all users to a website controlled by the attacker. If you are one of the unlucky few, the attacker's website attempts to trick you into downloading a fake software update that is actually malware.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cb\u003EWhat you should do\u003C\/b\u003E: Two things. First, if a website asks you to install a software update, be very skeptical. Most modern software will automatically update in the background, and may display a notice in your system tray; a website popup with a software update is usually fake. Second, I am a huge fan of OpenDNS, a service that simply doesn't let your browser go to known bad sites. Read this post for a simple, \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/dns-simple-way-to-stop-malicious-web.html\" target=\"_blank\"\u003Estep-by-step guide to setting up OpenDNS.\u003C\/a\u003E It's not as hard as you think.\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8970249339828844394"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8970249339828844394"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/05\/email-hacks-cute-pet-scams-and-payroll.html","title":"Email hacks, cute pet scams, and payroll fraud - the week in review"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4873964256406632084"},"published":{"$t":"2016-04-01T00:00:00.000-05:00"},"updated":{"$t":"2017-03-30T15:16:04.977-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"ARRIS (Motorola) SURFboard modem unauthenticated reboot flaw"},"content":{"type":"html","$t":"\u003Ctable align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"margin-left: auto; margin-right: auto; text-align: center;\"\u003E\u003Ctbody\u003E\u003Ctr\u003E\u003Ctd style=\"text-align: center;\"\u003E\u003Ca href=\"https:\/\/www.flickr.com\/photos\/dannyboymalinga\/5164496759\" target=\"_blank\"\u003E\u003Cimg alt=\"The world\u0026#39;s most popular cable modem can be rebooted with no authentication required.\" border=\"0\" src=\"https:\/\/1.bp.blogspot.com\/-hT4FNl_Zejg\/Vvv9ra8kRKI\/AAAAAAAAPGI\/fBFpf2tDJ_Qz2tSmRx49CDkskaFSelYcQ\/s1600\/wipeout-main.jpg\" style=\"margin-left: auto; margin-right: auto;\" title=\"The world\u0026#39;s most popular cable modem can be rebooted with no authentication required.\"\u003E\u003C\/a\u003E\u003C\/td\u003E\u003C\/tr\u003E\u003Ctr\u003E\u003Ctd class=\"tr-caption\" style=\"text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u0026quot;Wipeout\u0026quot; by Dan Davison, used under license \u003Ca href=\"https:\/\/creativecommons.org\/licenses\/by\/2.0\/\" target=\"_blank\"\u003ECC BY 2.0\u003C\/a\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/td\u003E\u003C\/tr\u003E\u003C\/tbody\u003E\u003C\/table\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cb\u003EUpdate April 8:\u003C\/b\u003E \u003Ci\u003E\u003Ca href=\"http:\/\/www.tomsguide.com\/us\/arris-surfboard-cable-modem-vulnerable,news-22522.html\" target=\"_blank\"\u003ETom\u0026#39;s Guide\u003C\/a\u003E and \u003Ca href=\"http:\/\/thewirecutter.com\/reviews\/best-cable-modem\/\" target=\"_blank\"\u003EThe Wire Cutter\u003C\/a\u003E both report having received a statement from ARRIS that they have updated the SB6141 firmware and are in the process of making it available to service providers. As cable modems are not consumer-updateable, it is up to Internet Service Providers to deliver the update to modems. \u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdate April 10: \u003C\/b\u003EThe original post was based on first-hand testing with the SURFboard 6141 modem. It turns out the \u003Ca href=\"http:\/\/www.kb.cert.org\/vuls\/id\/643049\" target=\"_blank\"\u003Esame flaw\u003C\/a\u003E existed in the older SURFboard 5100 model at least as early as 2008. Multiple individuals have also contacted me both publicly and privately to confirm the same flaw exists in the popular but dated 6121 model. In addition, Michael Horowitz wrote for Computerworld about this very issue in February 2015, and described blocking LAN access to the cable modem \u003Ca href=\"http:\/\/www.computerworld.com\/article\/2887243\/using-a-router-to-block-a-modem.html\" target=\"_blank\"\u003Eusing router settings\u003C\/a\u003E. If you do not use a router model that Michael demonstrates, the iptables rules at the end of the original post below will work on any Linux-based router that allows command line access.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EUpdate April 11:\u003C\/b\u003E \u003C\/i\u003E\u003C\/span\u003E\u003Ci style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EARRIS \u003Ca href=\"http:\/\/www.arriseverywhere.com\/2016\/04\/update-on-our-surfboard-sb6141-modem\/\" target=\"_blank\"\u003Epublished a note\u003C\/a\u003E stating that contrary to their box markings and SURFboard 6141 product page claims, 135 million referred to the total number of all SURFboard modems in production, not the number of SB6141 units. A subset of this number are affected by this flaw.\u003C\/i\u003E\u003Cbr\u003E\u003Ci style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/i\u003E\u003Ci style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003E\u003Cb\u003EUpdate March 30, 2017:\u003C\/b\u003E Most ISPs have now pushed an updated firmware that eliminates the reboot and reset features (but doesn\u0026#39;t actually secure the UI). I left the proof of concept online for a year but have now taken it down.\u003C\/i\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cb\u003EOriginal post:\u003C\/b\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWant to annoy some friends? Ask them to visit this website:\u003C\/span\u003E\u003Cbr\u003E\u003Cblockquote class=\"tr_bq\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ca href=\"http:\/\/rebootmymodem.net\/\"\u003ERebootMyModem.net\u003C\/a\u003E\u003C\/span\u003E\u003C\/blockquote\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EActually, don\u0026#39;t ask them to do that until explaining that it is a proof of concept example that may in fact interrupt their Internet connection.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EARRIS (formerly Motorola) SURFboard modems are highly popular broadband cable modems with a reputation for reliability. The SB6141 model in particular can be found for around $70 US, is capable of supporting well over 150 megabit speeds, and works with all the major US Internet providers. According to ARRIS\u0026#39; documentation, the SB6141 is the world\u0026#39;s most popular cable modem with \u003Ca href=\"http:\/\/www.surfboard.com\/products\/sb6141\/\" target=\"_blank\"\u003Eover 135 million\u003C\/a\u003E in production. \u003Ci\u003E[See April 11 update above for a disclaimer about the number of units affected.]\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ERebooting one remotely is so easy, it doesn\u0026#39;t even require a password.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ECertain SURFboard modems have an unauthenticated cross site request forgery flaw. The modems have a static IP address that is not consumer-changeable, and the web UI does not require authentication - no username or password is required to access the administration web interface.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/04\/arris-motorola-surfboard-modem.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4873964256406632084"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4873964256406632084"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/04\/arris-motorola-surfboard-modem.html","title":"ARRIS (Motorola) SURFboard modem unauthenticated reboot flaw"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-hT4FNl_Zejg\/Vvv9ra8kRKI\/AAAAAAAAPGI\/fBFpf2tDJ_Qz2tSmRx49CDkskaFSelYcQ\/s72-c\/wipeout-main.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1165291965776288161"},"published":{"$t":"2016-03-10T08:20:00.000-06:00"},"updated":{"$t":"2017-01-18T22:47:48.355-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"A positive step for insecure home routers?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/3.bp.blogspot.com\/-NcrLvP9kqN0\/VsyxzL6D3CI\/AAAAAAAAODA\/02mFFiE2s8A\/s1600\/AC87U.jpg\"\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIt is gratifying to see one\u0026#39;s passion result in a positive change that could benefit many people. On February 23 the Federal Trade Commission issued a press release saying \u003C\/span\u003E\u003Ca href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2016\/02\/asus-settles-ftc-charges-insecure-home-routers-cloud-services-put\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\" target=\"_blank\"\u003EASUS Settles FTC Charges That Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy At Risk\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E. \u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIn the settlement, ASUS agreed to some terms, including one that I have suggested many times: a way for consumers to receive automated notifications by email or text message when new updates are available that improve the security of the devices.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/03\/a-positive-step-for-insecure-home.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1165291965776288161"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1165291965776288161"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/03\/a-positive-step-for-insecure-home.html","title":"A positive step for insecure home routers?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-NcrLvP9kqN0\/VsyxzL6D3CI\/AAAAAAAAODA\/02mFFiE2s8A\/s72-c\/AC87U.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6480107684043875466"},"published":{"$t":"2016-02-18T10:35:00.002-06:00"},"updated":{"$t":"2017-01-18T22:49:09.743-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"glibc buffer overflow in DNS resolution (CVE-2015-754)"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EThere is a serious bug in a commonly-used software library that can lead to a Linux computer being completely taken over by a malicious attacker. However, most consumers are not affected. Android is not vulnerable; the most common implementation for home routers and IoT devices is not vulnerable; and Apple iOS is unconfirmed as of this writing. Businesses and home users running full-fledged Linux distributions should patch quickly.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThere are some functions that are so frequently used, it doesn't make sense for each software developer to write their own code. Reading files, downloading web pages, drawing a red circle on the screen, and looking up Internet addresses are a few examples. Instead of every developer writing their own way to handle these operations, they are written once and stored in a library for reuse by anyone.\u003Cbr \/\u003E\u003Cbr \/\u003EGNU C Library, aka glibc, is such a library of commonly-used functions for software written in the C language to run in Linux. Its \"getaddrinfo()\" function is used by the client side DNS resolver, a service that \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/10\/dns-simple-way-to-stop-malicious-web.html\"\u003Etranslates human-friendly websites names into computer-friendly network addresses\u003C\/a\u003E.\u003Cbr \/\u003E\u003Cbr \/\u003EThis function has a flaw: when making a DNS request, it allocates 2048 bytes of memory for the answer, but does not check that the answer it receives fits in that buffer. A malicious DNS server or a man-in-the-middle attacker could provide a DNS answer that is larger than 2048 bytes, overflowing the buffer and potentially allowing the attacker to execute malicious commands.\u003Cbr \/\u003E\u003Cbr \/\u003EHere's the rub: glibc isn't just one program: it's a library used by untold numbers of programs. Depending on the developer's choices it may be embedded in the compiled program, or the program may make use of the library installed on the operating system. In the latter case, patches are available for many Linux distributions to fix the bug. In the former case however, the software developer must patch the library themselves and recompile the software.\u003Cbr \/\u003E\u003Cbr \/\u003EThe saving grace is, most consumers may not be affected. Most home routers, Blu-ray players, media streaming devices, and other Internet of Things devices are built on Linux - but often a tiny distribution such as BusyBox designed for embedded operating systems. These distributions use alternatives to glibc that may not be affected. Specifically, the \u003Ca href=\"https:\/\/dev.openwrt.org\/ticket\/6886\"\u003EuClibc library popular in embedded devices was fixed in 2010\u003C\/a\u003E. \u003Ca href=\"https:\/\/twitter.com\/kennwhite\/status\/699790773684826113\"\u003EAndroid is not affected as it uses the non-vulnerable Bionic library\u003C\/a\u003E. iOS uses yet another library (BSD running libc rather than glibc); as of this writing I have not found confirmation that iOS is or is not vulnerable.\u003Cbr \/\u003E\u003Cbr \/\u003ELinks:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/googleonlinesecurity.blogspot.ca\/2016\/02\/cve-2015-7547-glibc-getaddrinfo-stack.html\"\u003EGoogle Project Zero\u003C\/a\u003E (initial discovery)\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/github.com\/fjserna\/CVE-2015-7547\"\u003EProof of Concept exploit\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/arstechnica.com\/security\/2016\/02\/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable\/\"\u003EARS Technica coverage\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/threatpost.com\/critical-glibc-vulnerability-puts-all-linux-machines-at-risk\/116261\/\"\u003EThreatpost coverage\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/www.darknet.org.uk\/2016\/02\/the-linux-glibc-exploit-what-you-need-to-know\/\" target=\"_blank\"\u003EDarknet coverage\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/sourceware.org\/ml\/libc-alpha\/2016-02\/msg00416.html\" target=\"_blank\"\u003Eglibc patch details\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"http:\/\/www.ubuntu.com\/usn\/usn-2900-1\/\" target=\"_blank\"\u003EUbuntu security notice and patches\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/access.redhat.com\/errata\/RHSA-2016:0175\" target=\"_blank\"\u003ERedHat Linux advisory and patch details\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.debian.org\/security\/2016\/dsa-3481\" target=\"_blank\"\u003EDebian security advisory\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/aws.amazon.com\/security\/security-bulletins\/cve-2015-7547-advisory\/\" target=\"_blank\"\u003EAmazon Linux (AWS) security advisory\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2015-7547.html\" target=\"_blank\"\u003ESUSE Linux security advisory\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/dev.openwrt.org\/ticket\/6886\" target=\"_blank\"\u003EuClibc patch details\u003C\/a\u003E (from 2010)\u003C\/li\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cbr \/\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cb\u003EUpdate\u003C\/b\u003E: since the vulnerability exists when maliciously large DNS answers are provided by an attacker, one way to prevent exploit is to block those malicious DNS answers. There are several ways to do this, but perhaps the simplest is to limit DNS to a known provider, and block anything else.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EI prefer OpenDNS' Family Shield product - it lets me block known malicious content as well as other categories I don't want myself of my family exposed to (pornography, nudity, sexuality, and \"tasteless\" content (which OpenDNS describes as sites that contain torture, mutilation, horror, or the grotesque, as well as pro-suicide and pro-anorexia content).\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ca href=\"https:\/\/engineering.opendns.com\/2016\/02\/17\/2980\/\" target=\"_blank\"\u003EOpenDNS has publicly stated\u003C\/a\u003E that their DNS software does not use the vulnerable glibc library, and that they have validity checks that prevent them from passing malicious DNS responses from a third party back to you.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe following iptables rules will allow DNS traffic to and from the OpenDNS server, while blocking anything else using TCP or UDP 53 (the network port corresponding to DNS requests and answers).\u0026nbsp;\u003C\/span\u003E\u003C\/div\u003E\u003Cbr \/\u003E\u003Cdiv class=\"code\"\u003E\u003Cbr \/\u003Eiptables -I FORWARD -p udp --dport 53 -j DROP\u003Cbr \/\u003Eiptables -I FORWARD -p udp --sport 53 -j DROP\u003Cbr \/\u003Eiptables -I FORWARD -p tcp --dport 53 -j DROP\u003Cbr \/\u003Eiptables -I FORWARD -p tcp --sport 53 -j DROP\u003Cbr \/\u003Eiptables -I FORWARD -d 208.67.220.123 -p udp --dport 53 -j ACCEPT\u003Cbr \/\u003Eiptables -I FORWARD -d 208.67.222.123 -p udp --dport 53 -j ACCEPT\u003Cbr \/\u003Eiptables -I FORWARD -s 208.67.220.123 -p udp --sport 53 -j ACCEPT\u003Cbr \/\u003Eiptables -I FORWARD -s 208.67.222.123 -p udp --sport 53 -j ACCEPT\u003Cbr \/\u003E\u003Cbr \/\u003E\u003C\/div\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6480107684043875466"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6480107684043875466"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/02\/glibc-buffer-overflow-in-dns-resolution.html","title":"glibc buffer overflow in DNS resolution (CVE-2015-754)"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8959096609636373946"},"published":{"$t":"2016-02-07T21:28:00.000-06:00"},"updated":{"$t":"2017-01-13T22:38:41.728-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Poor UX leads to poorly secured SoHo routers"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-jYDVYHKs6VI\/VrFdxn7qigI\/AAAAAAAANwg\/5eA6kLGtLQM\/s1600\/shodan-banner.jpg\"\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EI typically do not disclose vulnerabilities when I know the vendor is working on a solution. In this case however, there is a very easy and reliable workaround available: enable the firewall \u003Cu\u003Ein addition to\u003C\/u\u003E disabling web access from the WAN.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAsus makes consumer wireless routers - so-called \u0026quot;SoHo\u0026quot; or Small Office \/ Home Office devices. The intended purchasers are homeowners and small businesses that don\u0026#39;t want to invest in commercial-grade equipment or the professional IT staff to manage it, but still want higher-end features and reasonable security.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAlas Asus goofed in their design, making it easy for owners to think they have properly secured their router and yet still be vulnerable to an Internet attacker. In fact, over 135,000 Asus wireless routers can be logged into from the Internet - over 15,000 of which the owners took the time to secure properly (or so they thought).\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/02\/poor-ux-leads-to-poorly-secured-soho.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8959096609636373946"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8959096609636373946"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/02\/poor-ux-leads-to-poorly-secured-soho.html","title":"Poor UX leads to poorly secured SoHo routers"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-jYDVYHKs6VI\/VrFdxn7qigI\/AAAAAAAANwg\/5eA6kLGtLQM\/s72-c\/shodan-banner.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4211471254115558212"},"published":{"$t":"2016-01-21T08:18:00.000-06:00"},"updated":{"$t":"2016-01-21T08:28:52.997-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"CSOonline"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Putting the Comcast Vulnerability in Context"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EExploitable vulnerabilities are attention-grabbing, but need to be considered in proper context. Just because a design decision can be abused for ill gain doesn\u0026#39;t always mean it was the wrong design decision.\u003Cbr\u003E\u003Cbr\u003EIn the news this month were numerous stories about \u003Ca href=\"http:\/\/www.csoonline.com\/article\/3019101\/physical-security\/comcasts-xfinity-home-security-vulnerable-fail-open-flaw-leaves-homes-exposed.html\"\u003Evulnerabilities in Comcast\u0026#39;s Xfinity home security system\u003C\/a\u003E. The systems use wireless sensors to detect opened doors and windows, and to detect motion when a home is expected to be vacant. Some of the stories made it sound as though owners of Xfinity security systems were now a burglary waiting to happen.\u003Cbr\u003E\u003Cbr\u003EWireless sensors make installing a security system very easy. At the same time, wireless sensors are vulnerable to radio frequency interference - whether incidental or intentional. \u003Cbr\u003E\u003Cbr\u003ESecurity products by necessity walk an often-grey line between function and usability. On the one hand, elaborate, multi-layer controls can provide a high degree of security, but at a high financial as well as usability cost. As an extreme example, Jake Williams writes of the Australian government resorting to \u003Ca href=\"http:\/\/malwarejake.blogspot.com\/2016\/01\/submarine-plans-and-communications-hand.html\"\u003Ehand-delivering submarine plans and communications\u003C\/a\u003E, to eliminate entirely the chances of communication being intercepted electronically.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/putting-comcast-vulnerability-in-context.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4211471254115558212"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4211471254115558212"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/putting-comcast-vulnerability-in-context.html","title":"Putting the Comcast Vulnerability in Context"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1908187931386688317"},"published":{"$t":"2016-01-12T08:09:00.000-06:00"},"updated":{"$t":"2017-01-16T20:33:50.034-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Conclusion: Meet the Villain"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is the last of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5: \u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Cb\u003EPart Five: Meet the Villain\u003C\/b\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: small;\"\u003EPart Five: Sinister Plot and Attribution\u003C\/span\u003E\u003C\/h3\u003E\u003C\/div\u003E\u003Col start=\"9\"\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBased on evidence you recover from the SuperGnomes’ packet capture ZIP files and any staticky images you find, what is the nefarious plot of ATNAS Corporation?\u003Cbr\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWho is the villain behind the nefarious plot.\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPrior to launching the challenge in early December, the website showed a clue: \u0026quot;1957 was only the beginning.\u0026quot; This being a Christmas-themed event, something immediately came to mind. Dr. Seuss wrote \u0026quot;How the Grinch Stole Christmas\u0026quot; in 1957, so through the first couple of SuperGnomes, I was pretty sure the villain was The Grinch. Upon cracking SuperGnome 04 though, I busted up laughing when the real villain appeared.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1908187931386688317"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1908187931386688317"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html","title":"Gnome in Your Home Conclusion: Meet the Villain"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8719223089515334098"},"published":{"$t":"2016-01-11T07:23:00.000-06:00"},"updated":{"$t":"2017-01-16T20:31:01.467-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part Four: Pwning the SuperGnomes"},"content":{"type":"html","$t":"\u003Cdiv\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"Pwning each of the SuperGnomes in the 2015 SANS Holiday Hack challenge.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart Four: Global Pwnage\u003C\/b\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/h3\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EPart Four: Gnomage Pwnage\u003C\/span\u003E\u003C\/h3\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EChallenges:\u003C\/span\u003E\u003Cbr\u003E\u003Col start=\"7\"\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPlease describe the vulnerabilities you discovered in the Gnome firmware.\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAttempt to remotely exploit each of the SuperGnomes. Describe the technique you used to gain access to each SuperGnome’s gnome.conf file.\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EUseful tools: \u003Ca href=\"https:\/\/portswigger.net\/burp\/\" target=\"_blank\"\u003EBurp Suite\u003C\/a\u003E, \u003Ca href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\"\u003EWireshark\u003C\/a\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EEach superGnome had a different vulnerability to exploit, and a different way to obtain the gnome.conf flag file. The first four required manipulating web form inputs to make use of foolish design decisions in the web interface. The last one took a different sort of expertise.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8719223089515334098"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8719223089515334098"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html","title":"Gnome in Your Home Part Four: Pwning the SuperGnomes"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-188984184277829678"},"published":{"$t":"2016-01-08T08:10:00.000-06:00"},"updated":{"$t":"2017-01-16T20:23:55.335-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part Three: Hunting Gnomes with Shodan"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Part Three of the SANS Holiday Hack challenges is best solved using Shodan: a search engine for Internet-connected devices.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"Part Three of the SANS Holiday Hack challenges is best solved using Shodan: a search engine for Internet-connected devices.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart Three: Hunting Gnomes with Shodan\u003C\/b\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EPart Three: Internet-Wide Scavenger Hunt\u003C\/span\u003E\u003C\/h3\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EChallenges:\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cdiv\u003E\u003Col start=\"5\"\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cli\u003EWhat are the IP addresses of the five SuperGnomes scattered around the world, as verified by Tom Hessman in the Dosis neighborhood?\u003C\/li\u003E\u003Cli\u003EWhere is each SuperGnome located geographically?\u003C\/li\u003E\u003C\/span\u003E\u003C\/ol\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUseful tools: \u003Ca href=\"https:\/\/shodan.io\/\" target=\"_blank\"\u003EShodan\u003C\/a\u003E, \u003Ca href=\"https:\/\/portswigger.net\/burp\/\" target=\"_blank\"\u003EBurp Proxy\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESummary: Using Shodan and a unique HTTP header found on the first SuperGnome, finding all five is a snap.\u003C\/span\u003E\u003C\/div\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/188984184277829678"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/188984184277829678"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html","title":"Gnome in Your Home Part Three: Hunting Gnomes with Shodan"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3970077656731780246"},"published":{"$t":"2016-01-07T07:13:00.002-06:00"},"updated":{"$t":"2019-01-26T16:43:31.593-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part Two: Firmware Analysis"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\" target=\"_blank\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart Two: Firmware Analysis\u003C\/b\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: small;\"\u003EPart Two: Firmware Analysis for Fun and Profit\u003C\/span\u003E\u003C\/h3\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EChallenges:\u003C\/span\u003E\u003Cbr\u003E\u003Col start=\"3\"\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat operating system and CPU type are used in the Gnome? What type of web framework is the Gnome web interface built in?\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat kind of a database engine is used to support the Gnome web interface? What is the plaintext password stored in the Gnome database?\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EFirmware image: \u003Ca href=\"https:\/\/www.holidayhackchallenge.com\/2015\/giyh-firmware-dump.bin\"\u003Egiyh-firmware-dump.bin\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EUseful tool: \u003Ca href=\"https:\/\/github.com\/ReFirmLabs\/binwalk\"\u003Ebinwalk\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003ESummary: Use binwalk to extract the filesystem from a firmware image, explore the web interface, and view the contents of a NoSQL database, which includes a table with cleartext usernames and passwords.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3970077656731780246"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3970077656731780246"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html","title":"Gnome in Your Home Part Two: Firmware Analysis"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4565227744552751929"},"published":{"$t":"2016-01-06T07:05:00.000-06:00"},"updated":{"$t":"2017-01-16T20:15:43.396-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Weekend Projects"}],"title":{"type":"text","$t":"Gnome in Your Home Part One: Wireless Packet Analysis"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" title=\"The first challenges in the 2015 SANS Holiday Hack involve network packet analysis to discover a botnet communicating over DNS.\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurityForRealPeople.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html\"\u003EPrelude: The Quest\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cb\u003EPart One: Wireless Packet Analysis\u003C\/b\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003EPart Four: Global Pwnage\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Ch3\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EPart One Challenges:\u003C\/span\u003E\u003C\/h3\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Col\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhich commands are sent across the Gnome’s command-and-control channel?\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EWhat image appears in the photo the Gnome sent across the channel from the Dosis home?\u003C\/span\u003E\u003C\/li\u003E\u003C\/ol\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EPacket capture file: \u003Ca href=\"https:\/\/www.holidayhackchallenge.com\/2015\/giyh-capture.pcap\"\u003Egiyh-capture.pcap\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EUseful tools: \u003Ca href=\"http:\/\/www.secdev.org\/projects\/scapy\/\" target=\"_blank\"\u003EScapy\u003C\/a\u003E, \u003Ca href=\"https:\/\/www.wireshark.org\/\" target=\"_blank\"\u003EWireshark\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ESummary: The gnomes communicate with a Command and Control server using covert DNS traffic; the DNS traffic contains base64-encoded commands from the server to the gnome, and a base64-encoded JPG image is sent from the gnome to the server.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4565227744552751929"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4565227744552751929"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html","title":"Gnome in Your Home Part One: Wireless Packet Analysis"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3917979318768939942"},"published":{"$t":"2016-01-05T07:13:00.000-06:00"},"updated":{"$t":"2017-01-16T19:20:39.676-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Faith Family \u0026 Fun"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"}],"title":{"type":"text","$t":"Gnome in Your Home Prelude: The Quest"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s1600\/logo7.png\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"309\" src=\"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s640\/logo7.png\" width=\"640\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003EThis is one of a multi-part series describing my approach to solving the 2015 SANS Holiday Hacking Challenge; watch \u003Ca href=\"https:\/\/securityforrealpeople.com\/\"\u003ESecurity For Real People.com\u003C\/a\u003E over the next few days as solutions for each challenge are published. After reading, try your hand at the challenges at \u003Ca href=\"https:\/\/holidayhackchallenge.com\/\"\u003EHolidayHackChallenge.com\u003C\/a\u003E!\u003Cbr\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Cli style=\"display: inline !important;\"\u003E\u003Ci\u003E\u003Cb\u003EPrelude: The Quest\u003C\/b\u003E\u003C\/i\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-one-wireless.html\"\u003EPart One: Wireless Packet Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-two-firmware.html\" target=\"_blank\"\u003EPart Two: Firmware Analysis\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-three-hunting.html\" target=\"_blank\"\u003EPart Three: Hunting Gnomes with Shodan\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-part-four-pwning.html\" target=\"_blank\"\u003EPart Four: Global Pwnage\u003C\/a\u003E\u003C\/li\u003E\u003Cul\u003E\u003Cli\u003ESuperGnome 1: Password Reuse\u003C\/li\u003E\u003Cli\u003ESuperGnome 2: Local File Inclusion, Path Traversal\u003C\/li\u003E\u003Cli\u003ESuperGnome 3: NoSQL Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 4: Server-Side JavaScript Injection\u003C\/li\u003E\u003Cli\u003ESuperGnome 5:\u003C\/li\u003E\u003C\/ul\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-conclusion-meet.html\" target=\"_blank\"\u003EPart Five: Meet the Villain\u003C\/a\u003E\u003C\/li\u003E\u003Cli\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/p\/gnome-in-your-home-complete-solution.html\" target=\"_blank\"\u003EOr read the entire solution in one LONG page\u003C\/a\u003E\u003C\/li\u003E\u003C\/i\u003E\u003C\/span\u003E\u003C\/ul\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;helvetica neue\u0026#39;, arial, helvetica, sans-serif;\"\u003EEach December, security training and certification company SANS puts together a highly anticipated hacking challenge. These challenges are a variation on Capture the Flag – digital puzzles designed to test our skills (and in many cases, excuses to learn new techniques). In addition to being a fun way to compete with peers, learning new attack techniques is a great first step toward learning how to detect and defend against the same attacks.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis was very much a learning experience for me. By trade, I am skilled in defensive arts - network controls, incident response, forensic analysis and malware analysis. While I am by nature a hacker (in the puzzle-solving tinkerer sense of the word) with a few CVEs to my credit, attack techniques are a very small part of my repertoire. But thanks to challenges such as these, they are a growing part of my toolkit.\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe \u003Ca href=\"https:\/\/www.holidayhackchallenge.com\/\" target=\"_blank\"\u003E2015 SANS Holiday Hack Challenge\u003C\/a\u003E begins with a throwback quest-style video game, complete with awesomely cheesy 8-bit Christmas music. Themed “Gnome in Your Home,” the premise is a play on “elf on the shelf,” Santa’s diminutive spy with the impish grin.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe Gnomes are wildly popular electronic toys that just happen to be spying on the families (oddly reminiscent of a Washington Post story suggesting that Elf on the Shelf teaches kids to \u003Ca href=\"https:\/\/www.washingtonpost.com\/news\/arts-and-entertainment\/wp\/2014\/12\/16\/the-elf-on-the-shelf-is-preparing-your-child-to-live-in-a-future-police-state-professor-says\/\" target=\"_blank\"\u003Eexpect a world of constant surveillance\u003C\/a\u003E). I am sure it is no coincidence that the gnomes evoke thoughts of Hello Barbie, Mattel\u0026#39;s Internet-connected talking doll that has \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/12\/your-childs-privacy-is-eroding.html\" target=\"_blank\"\u003Esparked considerable privacy worries\u003C\/a\u003E this year.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThe quest takes place in the imaginary neighborhood of Josh and Jessica Dosis, tech-savvy kids that did what any good hacker would do: they hacked their new Internet-connected toy to see what it was really doing. In the course of the quest, players talk to Josh and Jessica, as well as numerous SANS experts who offer tips on how to help the Dosis kids interpret what they find.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3917979318768939942"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3917979318768939942"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2016\/01\/gnome-in-your-home-prelude-quest.html","title":"Gnome in Your Home Prelude: The Quest"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-OTrGRM31PtA\/VoWcfGCDohI\/AAAAAAAANCY\/ZiQpUx0U4y8\/s72-c\/logo7.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-927286704284502225"},"published":{"$t":"2015-09-22T07:31:00.000-05:00"},"updated":{"$t":"2017-01-13T22:20:33.413-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Engineering"}],"title":{"type":"text","$t":"Exploiting iOS backups for fun and profit"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ERecently I looked at an iPhone \/ iPad \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/09\/whats-hiding-in-your-childs-calculator.html\" target=\"_blank\"\u003Eapp designed to hide documents and pictures\u003C\/a\u003E from snooping friends (or parents). By day the app was a calculator, but upon entering a secret code, it unlocked the hidden files. In exploring the app (and in particular, answering the question of whether I could access the hidden files without knowing the passcode), I came across an interesting oversight in the iOS security model.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/09\/exploiting-ios-backups-for-fun-and.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/927286704284502225"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/927286704284502225"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/09\/exploiting-ios-backups-for-fun-and.html","title":"Exploiting iOS backups for fun and profit"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-Iwuqrdo7uMA\/Ve5NGZGVjWI\/AAAAAAAAILY\/Y0YiXjjn28Y\/s72-c\/iTunes-trust.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7933566131561505666"},"published":{"$t":"2015-08-13T15:28:00.000-05:00"},"updated":{"$t":"2016-09-22T19:10:34.335-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Android StageFright patches are out - here's how to update"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-94tSzRCSxEY\/Vcz82_gf6WI\/AAAAAAAAIBc\/tcCATMI2GSE\/s1600\/640_this_stagefright.jpg\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"The \u0026quot;StageFright\u0026quot; vulnerabilities could allow someone to take control of your Android device merely by sending a multimedia message. Here is how to check for and apply updates.\" border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-94tSzRCSxEY\/Vcz82_gf6WI\/AAAAAAAAIBc\/tcCATMI2GSE\/s1600\/640_this_stagefright.jpg\" title=\"The \u0026quot;StageFright\u0026quot; vulnerabilities could allow someone to take control of your Android device merely by sending a multimedia message. Here is how to check for and apply updates.\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EA couple of weeks ago, an Austin researcher spoke at the security conference Blackhat on flaws he had found in Android software. Commonly called \u0026quot;StageFright,\u0026quot; the flaws could allow a malicious hacker to take control of a phone or tablet by simply sending a specially crafted multimedia message. The device would automatically download the message and have it ready for you to view, thus compromising the device without you having to even view the message.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAt the time, there was no fix available, so I wrote a description of how to minimize the risk by \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/08\/avoid-stagefright-by-turning-off-auto.html\" target=\"_blank\"\u003Edisabling auto-retrieve for multimedia messages\u003C\/a\u003E. Various phone makers and cellular carriers are beginning to roll out an update to fix* the flaw. Following are step-by-step instructions for checking to see if an update is available for your phone. I demonstrated the update using a Samsung Galaxy S5 running Android 5.1 (aka \u0026quot;Lollipop\u0026quot;); the screens and menus for other phones and versions will differ somewhat but the menu selections should be essentially the same.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/08\/android-stagefright-patches-are-out.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7933566131561505666"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7933566131561505666"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/08\/android-stagefright-patches-are-out.html","title":"Android StageFright patches are out - here's how to update"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-94tSzRCSxEY\/Vcz82_gf6WI\/AAAAAAAAIBc\/tcCATMI2GSE\/s72-c\/640_this_stagefright.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2523130264283497781"},"published":{"$t":"2015-08-05T18:36:00.003-05:00"},"updated":{"$t":"2017-01-13T22:19:18.564-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Avoid StageFright by turning off auto retrieve for multimedia messages"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-FeaujJh4XYs\/VcKdMrvoh4I\/AAAAAAAAH-c\/5VP_ordXQ4s\/s1600\/640_stagefright.jpg\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"An Austin hacker discovered a major flaw in Android\u0026#39;s StageFright library. While waiting for your device maker to provide a fix, turn off automatic downloads for MMS.\" border=\"0\" height=\"427\" src=\"https:\/\/3.bp.blogspot.com\/-FeaujJh4XYs\/VcKdMrvoh4I\/AAAAAAAAH-c\/5VP_ordXQ4s\/s640\/640_stagefright.jpg\" title=\"An Austin hacker discovered a major flaw in Android\u0026#39;s StageFright library. While waiting for your device maker to provide a fix, turn off automatic downloads for MMS.\" width=\"640\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003Ci\u003E\u003Cb\u003EUpdate August 13:\u003C\/b\u003E Phone makers and cellular carriers are beginning to roll out updates to fix this vulnerability; see step-by-step \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/08\/android-stagefright-patches-are-out.html\" target=\"_blank\"\u003Einstructions for checking for and installing updates\u003C\/a\u003E.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ELast week, Austin hacker \/ researcher Joshua Drake disclosed a fairly significant flaw in all versions of Android, whereby a malicious multimedia message (aka a video text) could take control of the phone. This is a hacker\u0026#39;s dream in that it does not require the victim to do anything. Simply \u003Ci\u003Ereceiving\u003C\/i\u003E a message can trigger the flaw, because most messaging apps will automatically download the message and have it ready to display. This is very similar to the \u003Ca href=\"http:\/\/www.theregister.co.uk\/2015\/05\/27\/text_message_unicode_ios_osx_vulnerability\/\" target=\"_blank\"\u003E\u0026quot;text of death\u0026quot; that affected iPhone users\u003C\/a\u003E a couple of months ago, but with the potential to actually take control of devices rather than merely crash them.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003ETonight he is presenting his findings at BlackHat, a major security conference in Las Vegas. He will release details of his findings, including proof of concept code demonstrating the flaw, at the end of his talk. With the demonstration code, any software developer could reproduce his research.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/08\/avoid-stagefright-by-turning-off-auto.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2523130264283497781"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2523130264283497781"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/08\/avoid-stagefright-by-turning-off-auto.html","title":"Avoid StageFright by turning off auto retrieve for multimedia messages"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-FeaujJh4XYs\/VcKdMrvoh4I\/AAAAAAAAH-c\/5VP_ordXQ4s\/s72-c\/640_stagefright.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4870292533065020888"},"published":{"$t":"2015-07-20T21:53:00.000-05:00"},"updated":{"$t":"2017-01-21T15:13:11.558-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"}],"title":{"type":"text","$t":"Commentary on the BIS proposal regarding the Wassenaar Arrangement"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Bureau of Industry and Security (BIS) has proposed rules related to the Wassenaar Arrangement, a set of agreements intended to limit the exchange of weapons and related research. As Cyber security gains attention, the WA has been expanded to cover cyber research. Specifically, the BIS proposes to require export licenses for products and documentation related to network and software vulnerabilities. These rules have the potential to severely restrict the sort of work I and my peers in the industry do. The BIS is taking public comment through today. Below are my comments to the BIS taken in large part from a previous post on \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2015\/02\/shades-of-grey.html\" target=\"_blank\"\u003ESecurity Shades of Grey\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/07\/commentary-on-bis-proposal-regarding.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4870292533065020888"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4870292533065020888"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/07\/commentary-on-bis-proposal-regarding.html","title":"Commentary on the BIS proposal regarding the Wassenaar Arrangement"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5118591454340343399"},"published":{"$t":"2015-07-08T11:06:00.003-05:00"},"updated":{"$t":"2017-01-20T21:13:40.595-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Time to patch Adobe Flash Player. Now."},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-VfJbWz0z8mY\/VZ1MDCHkkGI\/AAAAAAAAH3Y\/p-qLniH5IJw\/s1600\/adobe-flash-logo-250.jpg\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cimg alt=\"An exploit for Adobe Flash Player is being actively used to infect computers with ransomware. Here is action you need to take NOW.\" border=\"0\" src=\"https:\/\/3.bp.blogspot.com\/-VfJbWz0z8mY\/VZ1MDCHkkGI\/AAAAAAAAH3Y\/p-qLniH5IJw\/s1600\/adobe-flash-logo-250.jpg\" title=\"An exploit for Adobe Flash Player is being actively used to infect computers with ransomware. Here is action you need to take NOW.\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003EThis article was written about a specific incident the first week of July 2015, but the instructions are what I have recommended for at least a year - and will continue to be appropriate into the future. Also of note, the recommendation to make browser plug-ins \u0026quot;Click to Play\u0026quot; is effective against exploits in all sorts of plug-ins, including Flash, Java, Silverlight, Adobe Reader, Windows Media Player, and more.\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Ci\u003ELast updated \u003Cb\u003EDecember 8, 2016\u003C\/b\u003E. Current latest version is \u003Cb\u003E23.0.0.207.\u003C\/b\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EEarly this week, the security firm Hacking Team was the victim of a massive network breach in which a large amount of company data was stolen and made public. This data included among other things a previously-unknown exploit against Adobe Flash Player. \u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EThis exploit was quickly added to popular crimeware exploit kits (products that make it easy for an amateur criminal to create and deploy malware). It is actively being used to deliver \u0026quot;Cryptolocker,\u0026quot; a form of malware known as ransomware - malicious software that encrypts all your files and then demands a ransom payment to return the files to you.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIn short, a fully-patched PC could be completely owned simply by browsing to a web site carrying a malicious Flash object. Since Flash videos are a common type of advertisement, you do not even need to browse anywhere unusual - a malicious ad slipped into the rotation at your favorite news site would be enough.\u003C\/span\u003E\u003Cbr\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EAdobe released an update this morning to fix the vulnerability. Here is what you need to do.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/07\/time-to-patch-adobe-flash-player-now.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5118591454340343399"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5118591454340343399"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/07\/time-to-patch-adobe-flash-player-now.html","title":"Time to patch Adobe Flash Player. Now."}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-VfJbWz0z8mY\/VZ1MDCHkkGI\/AAAAAAAAH3Y\/p-qLniH5IJw\/s72-c\/adobe-flash-logo-250.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-4496885283335138720"},"published":{"$t":"2015-06-18T13:15:00.000-05:00"},"updated":{"$t":"2017-01-19T21:43:12.156-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Stranger than fiction: the week's security news"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EI love science fiction. I enjoy sarcastic fictional news such as \u0026quot;The Onion.\u0026quot; I even enjoy \u003Ca href=\"https:\/\/securityforrealpeople.com\/2015\/04\/lessons-from-csicyber.html\" target=\"_blank\"\u003Ewatching CSI:Cyber\u003C\/a\u003E despite its far-fetched depiction of security. But when reality exceeds even the wildest imaginable fictional scenarios, wow. The US government outsourcing administration of sensitive databases to China; professional sports teams hacking one another; security tools themselves turning into risks; and a ruling that websites may be held liable for things that anonymous readers have to say? I can\u0026#39;t make this stuff up. Some highlights from this week\u0026#39;s news:\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/06\/stranger-than-fiction-weeks-security.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4496885283335138720"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/4496885283335138720"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/06\/stranger-than-fiction-weeks-security.html","title":"Stranger than fiction: the week's security news"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6901602201498651096"},"published":{"$t":"2015-06-15T08:45:00.002-05:00"},"updated":{"$t":"2015-08-25T17:41:26.870-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Social Engineering"}],"title":{"type":"text","$t":"Ten security lessons from the NBA finals"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe NBA Finals between the Cleveland Cavaliers and the Golden State Warriors provided an entertaining example of some lessons that apply equally to basketball and to security preparation and incident response. Would you believe that? Without further ado, a tweet storm from last night:\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cblockquote class=\"twitter-tweet\" lang=\"en\"\u003E\u003Cdiv dir=\"ltr\" lang=\"en\"\u003ETime to watch the \u003Ca href=\"https:\/\/twitter.com\/hashtag\/NBAFinals?src=hash\"\u003E#NBAFinals\u003C\/a\u003E while I see what \u003Ca href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash\"\u003E#infosec\u003C\/a\u003E snark demands to be shared.\u003C\/div\u003E— David Longenecker (@dnlongen) \u003Ca href=\"https:\/\/twitter.com\/dnlongen\/status\/610238211588124672\"\u003EJune 15, 2015\u003C\/a\u003E\u003C\/blockquote\u003E\u003Cscript async=\"\" charset=\"utf-8\" src=\"\/\/platform.twitter.com\/widgets.js\"\u003E\u003C\/script\u003E \u003Cbr\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/06\/ten-security-lessons-from-nba-finals.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6901602201498651096"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6901602201498651096"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/06\/ten-security-lessons-from-nba-finals.html","title":"Ten security lessons from the NBA finals"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2902705236438423064"},"published":{"$t":"2015-06-09T18:05:00.003-05:00"},"updated":{"$t":"2017-01-19T21:47:07.198-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Patch Week: time to update Windows, Flash, and VMWare"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-4vTXAMd59II\/VXdm6iX9QBI\/AAAAAAAAHv8\/bvH1PSf56FA\/s1600\/250px-Alarm_Clocks_20101107a.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg border=\"0\" height=\"200\" src=\"https:\/\/1.bp.blogspot.com\/-4vTXAMd59II\/VXdm6iX9QBI\/AAAAAAAAHv8\/bvH1PSf56FA\/s200\/250px-Alarm_Clocks_20101107a.jpg\" width=\"150\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIt\u0026#39;s that time of the month again: the time when several software makers unload their latest software updates to address vulnerabilities discovered in their software. This time, Microsoft blesses us with 8 updates covering the Windows operating system, Internet Explorer, Windows Media Player, and Exchange Server. Adobe delivers the latest update for Flash Player; and VMWare issues updates for their popular virtualization software.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAt least two of the vulnerabilities are exploited through a browser plug-in (Flash Player, and Windows Media Player). Google and Mozilla make it simple to \u003Ca href=\"https:\/\/securityforrealpeople.com\/2015\/02\/dont-get-flashed-by-flash.html\" target=\"_blank\"\u003Emake plug-ins be \u0026quot;click-to-play\u0026quot;\u003C\/a\u003E in Chrome and Firefox, which prevents a malicious media file from compromising your computer simply by browsing to a website. Internet Explorer, alas, has no such option. Keep in mind that click-to-play simply prevents malicious content from playing immediately upon browsing to a site - if you choose to let the content play, it can still exploit the vulnerability.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/06\/patch-week-time-to-update-windows-flash.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2902705236438423064"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2902705236438423064"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/06\/patch-week-time-to-update-windows-flash.html","title":"Patch Week: time to update Windows, Flash, and VMWare"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-4vTXAMd59II\/VXdm6iX9QBI\/AAAAAAAAHv8\/bvH1PSf56FA\/s72-c\/250px-Alarm_Clocks_20101107a.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2316700466793494690"},"published":{"$t":"2015-05-28T09:52:00.001-05:00"},"updated":{"$t":"2017-01-13T22:06:12.017-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"A text message to reboot your iPhone"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-zm0-s_tLT_Y\/VWcrhxWLOAI\/AAAAAAAAHpw\/TFeMbG-UEJY\/s1600\/rotten-apple.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Got an iPhone? Have friends (or kids) with a prankster streak? You might want to disable notification previews for SMS messages. \" border=\"0\" height=\"200\" src=\"https:\/\/2.bp.blogspot.com\/-zm0-s_tLT_Y\/VWcrhxWLOAI\/AAAAAAAAHpw\/TFeMbG-UEJY\/s200\/rotten-apple.jpg\" title=\"Got an iPhone? Have friends (or kids) with a prankster streak? You might want to disable notification previews for SMS messages. \" width=\"133\" \/\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EGot an iPhone? Have friends (or kids) with a prankster streak? You might want to disable notification previews for SMS messages.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAn individual noticed on Tuesday that his iPhone rebooted after receiving an unusual text message. He posted a question about it on Reddit, and word quickly spread. The British technology publication The Register has a nice \u003Ca href=\"http:\/\/www.theregister.co.uk\/2015\/05\/27\/text_message_unicode_ios_osx_vulnerability\" target=\"_blank\"\u003Ewrite-up on what it actually happening\u003C\/a\u003E; the simple description is this:\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWhen your iPhone attempts to display certain Unicode text (i.e. text using some international character sets), it triggers a flaw in the text processing library, causing the active app to crash. If that app is a core part of the operating system, that crashes the phone, causing a reboot.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EReceiving an SMS message, or possibly a Twitter DM, causes the message to be shown in a \"notification,\" a message preview on the lock screen or the top of the screen. Notifications are part of the operating system core, thus crashing the phone.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIt doesn't damage the phone permanently, and it doesn't give an attacker control over your phone, so in the long run it's a pretty mild problem. In the short term though, lots of middle school kids (and middle schoolers at heart!) are pranking one another or their parents by sending an SMS message.\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EApple has not released an update to fix this, though they have acknowledged the problem. A temporary solution is to disable notification previews. From the iOS \"Settings\" menu, select \"Notifications\", then \"Messages,\" and set \"Show Previews\" to \"Off.\"\u003C\/span\u003E\u003Cbr \/\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr \/\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThis will prevent iMessages from displaying SMS messages previews in the notifications panel or lock screen and crashing the phone. It won't keep the iMessages app itself from crashing if you open a pranked message though. For that, you'll need the offending sender to send you another message, pushing the exploit string off the top of the list; or send yourself a message from another device or app (i.e. send yourself an image using the photo app instead of the iMessage app).\u003C\/span\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2316700466793494690"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2316700466793494690"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/05\/a-text-message-to-reboot-your-iphone.html","title":"A text message to reboot your iPhone"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-zm0-s_tLT_Y\/VWcrhxWLOAI\/AAAAAAAAHpw\/TFeMbG-UEJY\/s72-c\/rotten-apple.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7593086649825001744"},"published":{"$t":"2015-05-19T11:20:00.002-05:00"},"updated":{"$t":"2017-01-14T19:58:26.403-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Planes, Trains, and Ethical Dilemmas"},"content":{"type":"html","$t":"\u003Cdiv class=\"MsoNormal\" style=\"background-color: white; color: #333333; font-family: \u0026#39;Helvetica Neue Light\u0026#39;, HelveticaNeue-Light, \u0026#39;Helvetica Neue\u0026#39;, Helvetica, Arial, sans-serif; font-size: 13.63636302947998px; line-height: 17.81818199157715px; margin: 0px; outline: none; padding: 0px; text-align: justify;\"\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003C\/div\u003E\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-9MOFHd3Aw0E\/VVs1shfhRgI\/AAAAAAAAHl8\/nNF6UFzvlTc\/s1600\/Skyview_600.jpg\" imageanchor=\"1\" style=\"margin-left: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"Ethical lessons in research and disclosure, from the Internet of Flying Things.\" border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-9MOFHd3Aw0E\/VVs1shfhRgI\/AAAAAAAAHl8\/nNF6UFzvlTc\/s1600\/Skyview_600.jpg\" title=\"Ethical lessons in research and disclosure, from the Internet of Flying Things.\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EWhen I started out in the systems administration and hacking worlds a couple of decades ago - and even when I first moved into information security as a profession nearly 15 years ago - the dominant incentive was the ego trip: what can I get away with? Truth be told, that\u0026#39;s the original (and to many, myself included, the \u0026quot;real\u0026quot;) meaning of hacking: to take something and make it do what I want, rather than necessarily what the creator intended. A hacker is someone who is highly interested in a subject (often technology), and pushes the boundaries of their chosen field.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EThat culture has nothing to do with malicious use of computers - nay nothing to do with malice at all. It is all about solving puzzles: \u0026quot;here\u0026#39;s an interesting \u0026lt;insert favorite item\u0026gt;; now what can I do with it?\u0026quot; The hacking ethos brought about automotive performance shops and the motorcycle customization industry glamorized by West Coast Choppers for two examples. A hacker could be known less controversially as a \u003Ca href=\"http:\/\/en.wikipedia.org\/wiki\/Maker_subculture\" style=\"-webkit-transition: color 0.3s; color: #009eb8; display: inline; font-family: \u0026#39;Helvetica Neue Light\u0026#39;, HelveticaNeue-Light, \u0026#39;Helvetica Neue\u0026#39;, Helvetica, Arial, sans-serif; outline: none; text-decoration: none; transition: color 0.3s;\" target=\"_blank\"\u003EMaker\u003C\/a\u003E, or a tinkerer, or a modder - or an engineer.\u003Co:p\u003E\u003C\/o:p\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv class=\"MsoNormal\" style=\"background-color: white; color: #333333; font-family: \u0026#39;Helvetica Neue Light\u0026#39;, HelveticaNeue-Light, \u0026#39;Helvetica Neue\u0026#39;, Helvetica, Arial, sans-serif; font-size: 13.63636302947998px; line-height: 17.81818199157715px; margin: 0px; outline: none; padding: 0px; text-align: justify;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv class=\"MsoNormal\" style=\"background-color: white; color: #333333; font-family: \u0026#39;Helvetica Neue Light\u0026#39;, HelveticaNeue-Light, \u0026#39;Helvetica Neue\u0026#39;, Helvetica, Arial, sans-serif; font-size: 13.63636302947998px; line-height: 17.81818199157715px; margin: 0px; outline: none; padding: 0px; text-align: justify;\"\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EHacking in its purest form is perfectly legitimate. If I own a computer, or a phone, or a network router, or a TV, or a printer, or a programmable thermostat, or an Internet-connected toy, or a vehicle, or (the list could go on forever), I have every right to explore its capabilities and flaws. Within reasonable limits (various transportation authorities may have something to say if I add flashing red and blue lights to my car and start driving down the highway), it is mine to do with as I please. Where it becomes ethically and legally questionable is when I stop tinkering with things I own, and begin tinkering with something you own, without your permission.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/05\/planes-trains-and-ethical-dilemmas.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7593086649825001744"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7593086649825001744"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/05\/planes-trains-and-ethical-dilemmas.html","title":"Planes, Trains, and Ethical Dilemmas"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-9MOFHd3Aw0E\/VVs1shfhRgI\/AAAAAAAAHl8\/nNF6UFzvlTc\/s72-c\/Skyview_600.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7761835035247419248"},"published":{"$t":"2015-05-14T08:37:00.001-05:00"},"updated":{"$t":"2017-01-13T21:42:47.730-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"VENOM: What you need to know (CVE-2015-3456)"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-LOxgmISY3YM\/VVSiMImUCXI\/AAAAAAAAHlI\/z2wxrHszLmQ\/s1600\/venom-logo-250.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Researchers at CrowdStrike discovered a flaw in the Floppy Disk Controller emulation component of QEMU virtualization software. If an adversary has administrative access to a virtual server, they can potentially exploit this to gain access to every other virtual server on the same physical host. Here is a moderately non-technical explanation.\" border=\"0\" height=\"138\" src=\"https:\/\/2.bp.blogspot.com\/-LOxgmISY3YM\/VVSiMImUCXI\/AAAAAAAAHlI\/z2wxrHszLmQ\/s200\/venom-logo-250.png\" title=\"Researchers at CrowdStrike discovered a flaw in the Floppy Disk Controller emulation component of QEMU virtualization software. If an adversary has administrative access to a virtual server, they can potentially exploit this to gain access to every other virtual server on the same physical host. Here is a moderately non-technical explanation.\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EVenom is a fictional comic character and occasional nemesis of Spider-Man... wait, that\u0026#39;s not the Venom you meant.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EResearchers at CrowdStrike \u003C\/span\u003E\u003Ca href=\"http:\/\/venom.crowdstrike.com\/\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\" target=\"_blank\"\u003Ediscovered a flaw\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E in the Floppy Disk Controller emulation component of QEMU virtualization software, which they dubbed \u0026quot;Virtualized Environment Neglected Operations Manipulation\u0026quot; or “VENOM” for short. If an adversary has administrative access to a virtual server, they can potentially exploit this to gain root access on the virtualization host (the physical box), and from there read memory and do anything else with other virtual servers on the same box. This vulnerability was given the identifier \u003Ca href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-3456\" target=\"_blank\"\u003ECVE-2015-3456\u003C\/a\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/05\/venom-what-you-need-to-know.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7761835035247419248"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7761835035247419248"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/05\/venom-what-you-need-to-know.html","title":"VENOM: What you need to know (CVE-2015-3456)"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-LOxgmISY3YM\/VVSiMImUCXI\/AAAAAAAAHlI\/z2wxrHszLmQ\/s72-c\/venom-logo-250.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2590437504980511336"},"published":{"$t":"2015-04-30T10:14:00.002-05:00"},"updated":{"$t":"2017-01-13T22:13:51.485-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bank and Credit Card Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Cyber Crime"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Financial Fraud"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Transportation Authorities"}],"title":{"type":"text","$t":"Lessons from CSI:Cyber"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-LIL_e5PwMDk\/VUJFk58KuPI\/AAAAAAAAHWE\/BqiR2A-mTvM\/s1600\/csi-cyber.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Unrealistic scenarios aside, CSI: cyber is doing some good by bringing attention to real issues (albeit in far-fetched ways), and perhaps inspiring future digital forensic analysts.\" border=\"0\" height=\"158\" src=\"https:\/\/3.bp.blogspot.com\/-LIL_e5PwMDk\/VUJFk58KuPI\/AAAAAAAAHWE\/BqiR2A-mTvM\/s1600\/csi-cyber.jpg\" title=\"Unrealistic scenarios aside, CSI: cyber is doing some good by bringing attention to real issues (albeit in far-fetched ways), and perhaps inspiring future digital forensic analysts.\" width=\"200\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe CSI: franchise has been a very successful television endeavor, combining entertainment with a view into how forensic science is used to identify and prosecute criminals. Needless to say, creative liberty is taken to fit a story into a 42 minute episode, but it never pretended to be instructional. It\u0026#39;s TV, not a college class. I have no training in pathology or chemical analysis, and only a basic background in the physics of force and motion, but I\u0026#39;ve been involved in cyber technologies since before \u0026quot;cyber\u0026quot; was a household term.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThere has been considerable complaint from my industry over the way CSI: Cyber sensationalizes real events, and invents wholly unrealistic threats, for the sake of entertainment. I get it - I really do. The daily grind of a real cyber expert is not nearly as exciting as an action-packed TV episode. Hours of digging through logs or interpreting a pcap (a record of network traffic) wouldn\u0026#39;t make for very exciting television. As researcher\/hacker Charlie Miller recently said on Twitter, real hacking doesn\u0026#39;t happen in the span of a 42-minute made-for-TV episode. It is the result of days, weeks, or even years of research, learning, and poking at a topic.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/04\/lessons-from-csicyber.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2590437504980511336"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2590437504980511336"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/04\/lessons-from-csicyber.html","title":"Lessons from CSI:Cyber"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-LIL_e5PwMDk\/VUJFk58KuPI\/AAAAAAAAHWE\/BqiR2A-mTvM\/s72-c\/csi-cyber.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-2550800135998583164"},"published":{"$t":"2015-03-10T10:19:00.002-05:00"},"updated":{"$t":"2015-08-25T17:33:55.492-05:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"The week in tech news"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EMonday seemed to be \u0026quot;the day\u0026quot; for big technology and security news. Several big stories broke yesterday, so rather than dive deep into a topic this week, I am going to summarize what you need to know: Rowhammer, FREAK, IOS 8.2, Apple Watch, and [added Tuesday] Microsoft\u0026#39;s massive Patch Tuesday.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/03\/the-week-in-tech-news.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2550800135998583164"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/2550800135998583164"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/03\/the-week-in-tech-news.html","title":"The week in tech news"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7225606092935334890"},"published":{"$t":"2015-02-12T14:06:00.001-06:00"},"updated":{"$t":"2017-01-16T22:43:55.149-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Shades of Grey"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-I4M9pSsWsdE\/VNz29f_4o-I\/AAAAAAAAGcc\/WZKn9lzN07k\/s1600\/shadesofgrey-banner.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"It may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey. \" border=\"0\" src=\"https:\/\/3.bp.blogspot.com\/-1jS044vPmww\/VNz29Y7rqEI\/AAAAAAAAGcY\/KADHAh004rU\/s1600\/shadesofgrey-banner-200.jpg\" title=\"It may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey. \"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003EI frequently write about malware, spam, credit card fraud, and various computer crimes. In my and others\u0026#39; writing it may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/02\/shades-of-grey.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7225606092935334890"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7225606092935334890"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/02\/shades-of-grey.html","title":"Shades of Grey"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-1jS044vPmww\/VNz29Y7rqEI\/AAAAAAAAGcY\/KADHAh004rU\/s72-c\/shadesofgrey-banner-200.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1878053754038805126"},"published":{"$t":"2015-02-01T12:00:00.000-06:00"},"updated":{"$t":"2017-01-21T19:50:58.571-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"Don't get flashed by Flash"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-eIHFKxcgfl0\/VM_Iq188J2I\/AAAAAAAAGVI\/Q9khkH0W_Ww\/s1600\/flash-logo.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"Flash Player is a common browser plug-in for rich content, but is also a common method of \u0026quot;drive-by\u0026quot; infection. Here are some security tips.\" border=\"0\" height=\"195\" src=\"https:\/\/4.bp.blogspot.com\/-eIHFKxcgfl0\/VM_Iq188J2I\/AAAAAAAAGVI\/Q9khkH0W_Ww\/s1600\/flash-logo.jpg\" title=\"Flash Player is a common browser plug-in for rich content, but is also a common method of \u0026quot;drive-by\u0026quot; infection. Here are some security tips.\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cb\u003EThis article was written in the context of a series of Flash exploits in early 2015, but in Chrome the same technique of making plug-ins click-to-play will stop exploits against any plug-ins, including Windows Media Player.\u003C\/b\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EAdobe Flash Player is a common browser enhancement that enables so-called \u0026quot;rich web content\u0026quot; - animations, video, in-browser games, interactive advertisements, and more. It\u0026#39;s also a top target for malicious hacks - a bogus Flash program that automatically launches when you open a web page can take over your computer. Over the last few weeks, there have been a \u003Ca href=\"https:\/\/www.f-secure.com\/weblog\/archives\/00002785.html\" target=\"_blank\"\u003Eseries of malware outbreaks\u003C\/a\u003E exploiting vulnerabilities in Flash to infect unsuspecting people\u0026#39;s computers.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EWith Flash installed, all it takes is browsing to a compromised website to become infected yourself. There\u0026#39;s no way of knowing in advance if a site is compromised: in fact, a common infection method lately is to insert a malicious Flash file into an advertising network, which may be used by hundreds if not thousands of otherwise benign websites. Visit a normally-safe site whose ad network has been compromised, and your PC can become infected as soon as the page loads.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/02\/dont-get-flashed-by-flash.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1878053754038805126"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1878053754038805126"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/02\/dont-get-flashed-by-flash.html","title":"Don't get flashed by Flash"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-eIHFKxcgfl0\/VM_Iq188J2I\/AAAAAAAAGVI\/Q9khkH0W_Ww\/s72-c\/flash-logo.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5232123349923048844"},"published":{"$t":"2015-01-20T21:50:00.000-06:00"},"updated":{"$t":"2017-01-17T19:06:31.959-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Mobile Device Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Privacy"}],"title":{"type":"text","$t":"(CVE-2015-1314) USAA mobile app gives away your account numbers and balances"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-lCSF6HFSlPI\/VL8g8zAkKKI\/AAAAAAAAGEk\/AMf_wKJOdTQ\/s1600\/USAA-banking3.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"If you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.\" border=\"0\" src=\"https:\/\/1.bp.blogspot.com\/-lCSF6HFSlPI\/VL8g8zAkKKI\/AAAAAAAAGEk\/AMf_wKJOdTQ\/s1600\/USAA-banking3.jpg\" title=\"If you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIf you use the USAA Mobile Banking app for Android, take a moment to ensure it automatically updated to version 7.10.1, released January 19.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EUSAA typically shines when it comes to security. A considerable proportion of their membership are active duty military and their families - a clientele that certain malicious actors might find great value in distracting from their sworn duties. Financial fraud can be a very effective distraction, and USAA is well aware of this. Generally they do a great job in both providing members with advanced security features as well as education.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EEven the best make mistakes though. In using the app recently, I noticed something unusual: at times I would launch the app and briefly see private information \u003Ci\u003Ebefore\u003C\/i\u003E I was prompted to log in.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/01\/usaa-mobile-app-gives-away-your-account.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5232123349923048844"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5232123349923048844"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/01\/usaa-mobile-app-gives-away-your-account.html","title":"(CVE-2015-1314) USAA mobile app gives away your account numbers and balances"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-lCSF6HFSlPI\/VL8g8zAkKKI\/AAAAAAAAGEk\/AMf_wKJOdTQ\/s72-c\/USAA-banking3.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-1472141309549843226"},"published":{"$t":"2015-01-08T22:22:00.002-06:00"},"updated":{"$t":"2016-01-05T22:30:13.871-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"}],"title":{"type":"text","$t":"ASUS bug lets those on your local network own your wireless router"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EA few months ago, researcher Joshua Drake (better known as jduck) \u003Ca href=\"https:\/\/github.com\/jduck\/asus-cmd\"\u003Efound a flaw\u003C\/a\u003E in his ASUS RT-N66U. The flaw is documented as CVE-2014-9583. This week, proof of concept code (i.e. working example code) to exploit this flaw was published.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EBy sending a specially-crafted packet to udp port 9999, he was able to execute any commands (well, almost any ... the exploit is limited to 237 characters or it will overrun a buffer, likely crashing the router). This does not require being logged into the router - no need for an attacker to learn the administrator password\u003C\/span\u003E\u003Cspan style=\"background-color: white; color: #292f33; font-family: Arial, sans-serif; font-size: 16px; line-height: 22px; white-space: pre-wrap;\"\u003E.\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EJoshua found this on the RT-N66U, with firmware 3.0.0.376.2524-g0013f52 (current as of October); \u003Ci\u003EI\u0026#39;ve confirmed it also on the newest model RT-AC87U, running the latest 3.0.0.4.378_3754 firmware (released December 31).\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2015\/01\/asus-bug-lets-those-on-your-local.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1472141309549843226"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/1472141309549843226"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2015\/01\/asus-bug-lets-those-on-your-local.html","title":"ASUS bug lets those on your local network own your wireless router"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3087866515124010266"},"published":{"$t":"2014-12-19T16:05:00.000-06:00"},"updated":{"$t":"2017-01-17T22:05:59.629-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Time to patch again. This time it's ntpd"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-KFGDxXnODGI\/VJSaj3x_AZI\/AAAAAAAAFyw\/bSDuVvkOLdI\/s1600\/ntp_clock.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"Ntpd, the network time protocol service, has a flaw that can be used to compromise a server or network router\" border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-KFGDxXnODGI\/VJSaj3x_AZI\/AAAAAAAAFyw\/bSDuVvkOLdI\/s1600\/ntp_clock.jpg\" title=\"Ntpd, the network time protocol service, has a flaw that can be used to compromise a server or network router\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIt\u0026#39;s late on a Friday, coming up on a holiday week. In other words, the perfect time to drop a major bug announcement, right? Someone seemed to think so. Alas this will mean much churn over the next few days for a great many IT shops.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe theme this year has been big vulnerabilities in common services or shared libraries - places where one bug might affect lots and lots of programs and devices. First it was a \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/04\/openssl-heartbleed-what-does-broken.html\"\u003Eflaw in OpenSSL\u003C\/a\u003E, the library that enables secure communication with websites around the world. Next came a \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/09\/a-shell-of-bash-shellshock-in-lay-terms.html\"\u003Eflaw in Bash shell\u003C\/a\u003E, a widely used Unix shell much like the Windows command line. Now it\u0026#39;s ntpd, the Network Time Protocol service.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/12\/time-to-patch-again-this-time-its-ntpd.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3087866515124010266"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3087866515124010266"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/12\/time-to-patch-again-this-time-its-ntpd.html","title":"Time to patch again. This time it's ntpd"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-KFGDxXnODGI\/VJSaj3x_AZI\/AAAAAAAAFyw\/bSDuVvkOLdI\/s72-c\/ntp_clock.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5767648973724468385"},"published":{"$t":"2014-10-28T06:00:00.000-05:00"},"updated":{"$t":"2017-01-15T17:44:41.663-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"}],"title":{"type":"text","$t":"(CVE-2014-2718) ASUS wireless router updates vulnerable to a Man in the Middle attack"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-3Y9QE4MkRgU\/VE-N8orNrFI\/AAAAAAAAFM4\/f5SIPoaFRJQ\/s1600\/RT-AC68.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-3Y9QE4MkRgU\/VE-N8orNrFI\/AAAAAAAAFM4\/f5SIPoaFRJQ\/s1600\/RT-AC68.jpg\" title=\"The ASUS RT- series of routers rely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file. An attacker can exploit this to provide a fraudulent firmware update. ASUS included an undocumented fix in firmware 3.0.0.4.376.1123 to resolve this.\" width=\"192\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EOver the past few months I have come across a couple of significant issues with ASUS wireless routers (which to their credit the company has been quick to resolve).\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn mid February, I wrote that a substantial portion of ASUS wireless routers would \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/02\/breaking-down-asus-router-bug.html\"\u003Efail to update their firmware\u003C\/a\u003E. In fact, the \u0026quot;check for update\u0026quot; function would inform the administrator that the router was fully up-to-date, even though it was not. The timing could not have been worse, coming right on the heels of an exploit for a bug in which USB hard drives connected to the router could be accessed from the public Internet, with no login required.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn April I wrote that the same line of routers \u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/04\/CVE-2014-2719-Asus-RT-Password-Disclosure.html\"\u003Eexposed the administrator username and password\u003C\/a\u003E in clear text. Anyone that could access a PC that had logged into the router could retrieve the admin credentials. Since the admin session would never time out, this could be exploited even without the administrator having a window open on the router.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EToday I am disclosing one additional vulnerability, submitted as \u003C\/span\u003E\u003Ca href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-2718\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\" target=\"_blank\"\u003ECVE-2014-2718\u003C\/a\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E. The ASUS RT- series of routers \u003C\/span\u003E\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003Erely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file. In short, the router downloads via clear-text a file from http:\/\/dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/CVE-2014-2718-Asus-RT-MITM.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5767648973724468385"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5767648973724468385"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/CVE-2014-2718-Asus-RT-MITM.html","title":"(CVE-2014-2718) ASUS wireless router updates vulnerable to a Man in the Middle attack"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-3Y9QE4MkRgU\/VE-N8orNrFI\/AAAAAAAAFM4\/f5SIPoaFRJQ\/s72-c\/RT-AC68.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3032251180905151235"},"published":{"$t":"2014-10-24T20:13:00.000-05:00"},"updated":{"$t":"2017-01-22T19:21:05.292-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"}],"title":{"type":"text","$t":"Would you know if your email server were attacked?"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003E\u003Ci\u003E\u003Cspan style=\"font-size: x-small;\"\u003EThis is a continuation of a series investigating a piece of malware.\u003C\/span\u003E\u003C\/i\u003E\u003C\/span\u003E\u003Cbr\u003E\u003Cul\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/from-click-to-pwned.html\" target=\"_blank\"\u003EPart 1\u003C\/a\u003E looks at how the malware is delivered. It and part 2 were originally a single post, later separated since they look at distinct phases in the attack.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/an-introduction-to-malware-forensics.html\" target=\"_blank\"\u003EPart 2\u003C\/a\u003E analyzes the bot - the agent which turns your computer into a remotely-controlled robot doing the attacker\u0026#39;s bidding.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003Cli\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-small;\"\u003E\u003Ci\u003E\u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/10\/where-does-all-spam-come-from.html\" target=\"_blank\"\u003EPart 3\u003C\/a\u003E dives into the first payload: code to test 30,000 addresses at 5,000 domains, to see if they could be used to send additional spam.\u003C\/i\u003E\u003C\/span\u003E\u003C\/li\u003E\u003C\/ul\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EI had thought part 3 was the end of the story, but there is now more to tell. Last week I received a relatively typical spam message containing a link to view an \u0026quot;invoice\u0026quot; for something I had supposedly purchased. The link instead downloaded a botnet agent - software that would turn my PC into a bot that an attacker could remotely control to do his bidding. Nothing unusual about that approach. The attacker then gave my bot instructions to probe 5,000 domains, looking for mail servers that could be used to relay yet more spam.\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003C\/div\u003E\u003Cdiv\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EDiscovering and writing about criminal mischief is great, but if that\u0026#39;s where I stopped, I\u0026#39;m just one more source of noise on the Internet. I research with two purposes: to teach, and to fix. Writing this blog series was the teaching part; as for the fixing part, that is where today\u0026#39;s story picks up.\u003C\/span\u003E\u003Cbr\u003E\u003C\/div\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/10\/would-you-know-if-your-email-server.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3032251180905151235"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3032251180905151235"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/10\/would-you-know-if-your-email-server.html","title":"Would you know if your email server were attacked?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8788233127928203246"},"published":{"$t":"2014-09-28T22:10:00.000-05:00"},"updated":{"$t":"2017-01-21T15:05:07.040-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"A Shell of a Bash: Shellshock in Lay Terms"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-1E7hLls3Ok4\/VCXsrrXEB-I\/AAAAAAAAEy8\/56gI4qVVNEk\/s1600\/shellshock_turtle.png\" imageanchor=\"1\" style=\"clear: right; float: right; margin-bottom: 1em; margin-left: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-1E7hLls3Ok4\/VCXsrrXEB-I\/AAAAAAAAEy8\/56gI4qVVNEk\/s1600\/shellshock_turtle.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"172\" src=\"https:\/\/1.bp.blogspot.com\/-1E7hLls3Ok4\/VCXsrrXEB-I\/AAAAAAAAEy8\/56gI4qVVNEk\/s1600\/shellshock_turtle.png\" title=\"A few days ago, researchers revealed a software vulnerability that quickly became known as \u0026quot;shellshock.\u0026quot; It\u0026#39;s a bug - an error in the software code - in a core piece of many Unix operating system flavors, and it can be used by an attacker to gain control of Unix computers. You don\u0026#39;t use Unix, you say? I\u0026#39;ll bet you do: a great many Internet-connected devices run on Unix because it can run on a minimal computer.\" width=\"200\"\u003E\u003C\/a\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EA few days ago, researchers revealed a software vulnerability that quickly became known as \u0026quot;shellshock.\u0026quot; It\u0026#39;s a bug - an error in the software code - in a core piece of many Unix operating system flavors, and it can be used by an attacker to gain control of Unix computers. You don\u0026#39;t use Unix, you say? I\u0026#39;ll bet you do: a great many Internet-connected devices run on Unix because it can run on a minimal computer.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor those of us that make a living in the security field, it has been a pretty exciting week. Bash (the vulnerable shell program) is everywhere. Not \u003Ci\u003Eeverywhere\u003C\/i\u003E everywhere, but it turns up in many unexpected places. Think robotic toys, DVRs, wireless routers, smart televisions, enterprise web servers, cloud storage servers, printers, network equipment, the list goes on.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/09\/a-shell-of-bash-shellshock-in-lay-terms.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8788233127928203246"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8788233127928203246"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/09\/a-shell-of-bash-shellshock-in-lay-terms.html","title":"A Shell of a Bash: Shellshock in Lay Terms"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-1E7hLls3Ok4\/VCXsrrXEB-I\/AAAAAAAAEy8\/56gI4qVVNEk\/s72-c\/shellshock_turtle.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-7336261719051391748"},"published":{"$t":"2014-09-25T22:42:00.000-05:00"},"updated":{"$t":"2017-01-21T15:02:57.242-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Shellshocked: what is the bug in Bash?"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Internet has been awash with information and misinformation about a bug in GNU bash, a common system shell in many Unix variants. Here are some initial thoughts about what it is, and what it is not.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EA shell is a way of giving a computer commands, that it in turn executes. The Windows CMD shell (aka \u0026quot;DOS Prompt\u0026quot;) is one example of a shell. Unix has many different shells, but a common one is bash, or \u0026quot;Bourne Again SHell.\u0026quot; It is common in Unix and Linux variants ... which happen to be the operating system of choice for a great many non-PC Internet devices. Think wireless routers, Blu-Ray players, network hard drives, printers, Internet TVs, etc. Not all run bash - as I said there are a number of different shells - but many do.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/09\/shellshocked-what-is-bug-in-bash.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7336261719051391748"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/7336261719051391748"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/09\/shellshocked-what-is-bug-in-bash.html","title":"Shellshocked: what is the bug in Bash?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-rB8zjHRxDHU\/VCWKl4bMMbI\/AAAAAAAAEys\/B0IG2j55u2I\/s72-c\/shellshocked.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-6734969565000467472"},"published":{"$t":"2014-07-09T14:53:00.000-05:00"},"updated":{"$t":"2017-01-21T19:19:10.212-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Transportation Authorities"}],"title":{"type":"text","$t":"TxDOT fixes security issues with txtag.org"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-lFly8V9C1BA\/U72csegr8RI\/AAAAAAAACX0\/MnyptSH75F0\/s1600\/txtag.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" src=\"https:\/\/4.bp.blogspot.com\/-lFly8V9C1BA\/U72csegr8RI\/AAAAAAAACX0\/MnyptSH75F0\/s1600\/txtag.png\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIn April, I reported \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/04\/credit-cards-for-12-million-drivers.html\" target=\"_blank\"\u003Eseveral security concerns\u003C\/a\u003E to the Texas Department of Transportation, which is responsible for among other things toll roads throughout the state. The concerns had to do with the billing and management website for \u003Ca href=\"http:\/\/www.txtag.org\/\" target=\"_blank\"\u003ETXTAG\u003C\/a\u003E, one of several tolling systems in the state. Specifically, the login design made it easy for someone with ill intent to gain unauthorized access to a substantial portion of driver accounts, and having gained access, to acquire complete credit card numbers along with the collateral necessary to use them (expiration date, mailing address, cardholder name).\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/07\/txdot-fixes-security-issues-with.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6734969565000467472"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/6734969565000467472"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/07\/txdot-fixes-security-issues-with.html","title":"TxDOT fixes security issues with txtag.org"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-lFly8V9C1BA\/U72csegr8RI\/AAAAAAAACX0\/MnyptSH75F0\/s72-c\/txtag.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8320090454055337745"},"published":{"$t":"2014-06-16T16:44:00.000-05:00"},"updated":{"$t":"2017-01-14T20:05:46.125-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Transportation Authorities"}],"title":{"type":"text","$t":"Godzilla, zombies, and more thanks to highway sign security flaws"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/3.bp.blogspot.com\/-PD221oz_kF8\/U5C9qA5c0qI\/AAAAAAAACS4\/q-vzWTY_76w\/s1600\/zombies.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg border=\"0\" height=\"162\" src=\"https:\/\/3.bp.blogspot.com\/-PD221oz_kF8\/U5C9qA5c0qI\/AAAAAAAACS4\/q-vzWTY_76w\/s1600\/zombies.jpg\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EOne Friday in May, drivers in several North Carolina cities saw \u003Ca href=\"http:\/\/myfox8.com\/2014\/05\/30\/dot-electronic-billboards-hacked-across-nc-including-winston-salem-and-mount-airy\/\" target=\"_blank\"\u003Esomething unexpected\u003C\/a\u003E on their morning commute. Electronic signs above several highways – which normally displayed traffic alerts or safety reminders – instead read “HACK BY SUN HACKER.” In one case the sign also included an invitation to connect with the hacker on Twitter.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThis isn’t the first case of “unofficial alerts” showing up on street signs. Earlier in May, a sign in San Francisco warned of a \u003Ca href=\"http:\/\/blog.sfgate.com\/stew\/2014\/05\/15\/see-what-a-prankster-put-on-an-s-f-billboard\/\" target=\"_blank\"\u003EGodzilla Attack\u003C\/a\u003E. In this case, the sign was owned by an equipment rental business that had rented the sign to the city for the annual Bay to Breakers race, and was apparently not Internet-connected. Rather, it was a matter of obtaining the combination to or physically breaking the lock, and reprogramming the message in person. Five years ago, signs in Austin warned of an \u003Ca href=\"http:\/\/www.wired.com\/2009\/02\/austin-road-sig\/\" target=\"_blank\"\u003Eimpending zombie attack\u003C\/a\u003E, while signs in Indiana alerted motorists to \u003Ca href=\"http:\/\/www.theindychannel.com\/news\/-raptors-ahead-sign-gets-stares-chuckles\" target=\"_blank\"\u003Edinosaurs\u003C\/a\u003E. Again, the signs were reprogrammed in person – a trivial activity as long as one can get past the (often flimsy) lock and follow.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/06\/GodzillaZombiesDOTSigns.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8320090454055337745"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8320090454055337745"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/06\/GodzillaZombiesDOTSigns.html","title":"Godzilla, zombies, and more thanks to highway sign security flaws"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/3.bp.blogspot.com\/-PD221oz_kF8\/U5C9qA5c0qI\/AAAAAAAACS4\/q-vzWTY_76w\/s72-c\/zombies.jpg","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-560802075937133805"},"published":{"$t":"2014-04-29T19:12:00.000-05:00"},"updated":{"$t":"2017-01-21T19:28:40.347-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Got Internet Explorer? Get Pwned!"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/2.bp.blogspot.com\/-iiwSTrIT0Dk\/U2A9KDsoUUI\/AAAAAAAACMo\/qlzhm7kS_rI\/s1600\/ie_symbol_clr_70x70.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg alt=\"\" border=\"0\" src=\"https:\/\/2.bp.blogspot.com\/-iiwSTrIT0Dk\/U2A9KDsoUUI\/AAAAAAAACMo\/qlzhm7kS_rI\/s1600\/ie_symbol_clr_70x70.png\" title=\"The first of what will likely be many never-to-be-fixed bugs has turned up, and it\u0026#39;s a doozy. If you use Internet Explorer (on any OS) and open up an affected web page, the attacker now owns your PC. The moral? Don\u0026#39;t use IE until a patch is available, and consider installing EMET.\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EFor Windows XP users, the grace period lasted about 3 weeks longer than expected, but it\u0026#39;s over now. The first of what will likely be many never-to-be-fixed bugs has turned up, and it\u0026#39;s a doozy.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003ESecurity firm FireEye this weekend reported a serious flaw in versions of Internet Explorer from IE6 through the latest and greatest IE11. Thus far active exploit in the wild has focused on IE 9 though 11 (which will not run on Windows XP), but this will surely change now that it is public. For a mind-bendingly thorough discussion of how the vulnerability is exploited, see \u003Ca href=\"http:\/\/www.fireeye.com\/blog\/uncategorized\/2014\/04\/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html\" target=\"_blank\"\u003EFireEye\u0026#39;s write-up\u003C\/a\u003E. The Cliff Notes version is this: the attacker makes use of an Adobe Flash Player technique that bypasses some IE security measures, drops its own code into a certain point in memory, and then through the newly-discovered bug executes that code.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe even simpler version is this: if you use Internet Explorer and open up an affected web page (whether a bad site, or a legitimate site that has been compromised, or a malicious email message), the attacker now owns your PC. The truly nasty thing about this sort of bug is that you don\u0026#39;t have to do anything unseemly to be hit. Similar vulnerabilities in the past have been exploited through clever advertisements submitted to popular and legitimate web sites.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/04\/got-internet-explorer-get-pwned.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/560802075937133805"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/560802075937133805"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/04\/got-internet-explorer-get-pwned.html","title":"Got Internet Explorer? Get Pwned!"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-iiwSTrIT0Dk\/U2A9KDsoUUI\/AAAAAAAACMo\/qlzhm7kS_rI\/s72-c\/ie_symbol_clr_70x70.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8035294252565006954"},"published":{"$t":"2014-04-24T12:53:00.004-05:00"},"updated":{"$t":"2017-01-22T19:22:36.752-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"Password Lessons from Heartbleed"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EIt\u0026#39;s been a little over two weeks since the web security bug known as \u0026quot;Heartbleed\u0026quot; was publicly reported (see my earlier post for a \u003Ca href=\"https:\/\/securityforrealpeople.com\/2014\/04\/openssl-heartbleed-what-does-broken.html\"\u003Edescription of the bug\u003C\/a\u003E). For businesses it has meant a lot of scrambling to update servers and to update network intrusion sensors to detect attempts to exploit the bug. Thus far though there have not been widespread reports of data breaches affecting consumers. There was the case of a teenager who was arrested for \u003Ca href=\"http:\/\/www.christianpost.com\/news\/man-charged-in-heartbleed-attack-virus-compromised-canadian-irs-118121\/\" target=\"_blank\"\u003Enabbing 900 social insurance numbers from the Canada Tax Agency\u003C\/a\u003E (the equivalent of social security numbers and the US IRS) ... note to self: hacking a government agency and then presenting said agency with proof of your hack is not the best way to go about reporting a vulnerability. But I digress...\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/04\/password-lessons-from-heartbleed.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8035294252565006954"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8035294252565006954"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/04\/password-lessons-from-heartbleed.html","title":"Password Lessons from Heartbleed"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}]},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-3189449781014209118"},"published":{"$t":"2014-04-14T08:00:00.000-05:00"},"updated":{"$t":"2017-01-12T13:48:00.688-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Asus"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Digital Forensics"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Internet of Things"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Password Management"}],"title":{"type":"text","$t":"(CVE-2014-2719) More fun with wireless routers: ASUS wireless routers reveal admin password"},"content":{"type":"html","$t":"\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIf you use an ASUS RT-XXXX wireless router, you should update to firmware \u003Cb\u003E\u003Cstrike\u003E3.0.0.4.374.5517\u003C\/strike\u003E 3.0.0.374.5656\u003C\/b\u003E, released April 24, 2014 (or any newer firmware).\u003C\/span\u003E\u003Cbr\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003EIn mid February, I wrote that a substantial portion of ASUS wireless routers would \u003C\/span\u003E\u003Ca href=\"https:\/\/www.securityforrealpeople.com\/2014\/02\/breaking-down-asus-router-bug.html\" style=\"font-family: \u0026#39;Helvetica Neue\u0026#39;, Arial, Helvetica, sans-serif;\"\u003Efail to update their firmware\u003C\/a\u003E\u003Cspan style=\"font-family: \u0026quot;helvetica neue\u0026quot; , \u0026quot;arial\u0026quot; , \u0026quot;helvetica\u0026quot; , sans-serif;\"\u003E. In fact, the \u0026quot;check for update\u0026quot; function would inform the administrator that the router was fully up-to-date, even though it was not. The server tables that identify the correct latest firmware revision for each model of router had not been updated in about 4 months, though there had been two releases in the interim. This was a significant problem because it came right on the heels of an exploit for a bug in which hard drives connected to the router could be \u003Ca href=\"http:\/\/arstechnica.com\/security\/2014\/02\/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw\/\" target=\"_blank\"\u003Eaccessed from the public Internet\u003C\/a\u003E, with no login credentials required.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/04\/CVE-2014-2719-Asus-RT-Password-Disclosure.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3189449781014209118"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/3189449781014209118"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/04\/CVE-2014-2719-Asus-RT-Password-Disclosure.html","title":"(CVE-2014-2719) More fun with wireless routers: ASUS wireless routers reveal admin password"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/2.bp.blogspot.com\/-obb6pA2J_lM\/Uz2nprymsqI\/AAAAAAAACIE\/Odo3kNgPi2I\/s72-c\/password1.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-5306546932448159838"},"published":{"$t":"2014-04-09T08:00:00.000-05:00"},"updated":{"$t":"2017-01-14T20:02:38.521-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Encryption"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Small Word Security"}],"title":{"type":"text","$t":"OpenSSL Heartbleed: What does broken encryption actually mean?"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/4.bp.blogspot.com\/-awHwy1EF6qQ\/U0TJAXmsXfI\/AAAAAAAACKg\/DkvsQGxQml8\/s1600\/heartbleed.png\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cimg border=\"0\" height=\"200\" src=\"https:\/\/4.bp.blogspot.com\/-awHwy1EF6qQ\/U0TJAXmsXfI\/AAAAAAAACKg\/DkvsQGxQml8\/s1600\/heartbleed.png\" width=\"165\"\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThe Internet is full of hyperbole, exaggerations, \u0026quot;the sky is falling tales\u0026quot; and the like. To be fair, there are lots of ways bad actors can cause trouble, but in most cases reality falls a bit short of the hype.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003E\u003C\/span\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EThat may not be true in this case. Researchers Monday night published a report on the so-called \u0026quot;\u003Ca href=\"http:\/\/heartbleed.com\/\" target=\"_blank\"\u003EHeartbleed\u003C\/a\u003E\u0026quot; bug, named for the heartbeat function it affects in the popular OpenSSL library. OpenSSL is used by many, many websites to enable encrypted communication between you and the web site. When you see the \u0026quot;padlock\u0026quot; icon in your browser window, it means your communication is encrypted - more often than not, that is OpenSSL at work.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/04\/openssl-heartbleed-what-does-broken.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5306546932448159838"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/5306546932448159838"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/04\/openssl-heartbleed-what-does-broken.html","title":"OpenSSL Heartbleed: What does broken encryption actually mean?"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/4.bp.blogspot.com\/-awHwy1EF6qQ\/U0TJAXmsXfI\/AAAAAAAACKg\/DkvsQGxQml8\/s72-c\/heartbleed.png","height":"72","width":"72"}},{"id":{"$t":"tag:blogger.com,1999:blog-3911105790299130851.post-8400001916258100158"},"published":{"$t":"2014-04-08T08:00:00.000-05:00"},"updated":{"$t":"2017-01-16T22:40:44.247-06:00"},"category":[{"scheme":"http://www.blogger.com/atom/ns#","term":"Bugs and Vulnerabilities"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Hacking"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Home Network Security"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Malware"},{"scheme":"http://www.blogger.com/atom/ns#","term":"Practical Security"}],"title":{"type":"text","$t":"10 things to do with an old Windows XP PC"},"content":{"type":"html","$t":"\u003Cdiv class=\"separator\" style=\"clear: both; text-align: center;\"\u003E\u003Ca href=\"https:\/\/1.bp.blogspot.com\/-R-PdvXJdNdw\/U0NfnNM4ApI\/AAAAAAAACKQ\/U4rjZND8wDw\/s1600\/wxp.jpg\" imageanchor=\"1\" style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\"\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cimg alt=\"\" border=\"0\" height=\"160\" src=\"https:\/\/1.bp.blogspot.com\/-R-PdvXJdNdw\/U0NfnNM4ApI\/AAAAAAAACKQ\/U4rjZND8wDw\/s1600\/wxp.jpg\" title=\"Today Microsoft will release the final updates for Windows XP, the once-novel, oft-maligned, and persistently enduring operating system. Microsoft has provided stability and security updates for 12 years but will no longer do so after today. Read on for some ideas of what to do with an old Windows XP PC.\" width=\"200\"\u003E\u003C\/span\u003E\u003C\/a\u003E\u003C\/div\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003EToday Microsoft will release the final updates for Windows XP, the once-novel, oft-maligned, and persistently enduring operating system. Microsoft has provided stability and security updates for 12 years but \u003Ca href=\"http:\/\/windows.microsoft.com\/en-us\/windows\/end-support-help\" target=\"_blank\"\u003Ewill no longer do so after today\u003C\/a\u003E.\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EWhat does this mean to you? If you have a PC bought in about the past 5 years or so, nothing. Most if not all PCs bought since late 2009 came with Windows 7, which according to the current \u003Ca href=\"http:\/\/support.microsoft.com\/lifecycle\/?c2=14019\" target=\"_blank\"\u003Eroadmap\u003C\/a\u003E will be supported through 2020. (If you bought between early 2007 and late 2009, and did not manage to upgrade, you may have been stuck with the quite unpopular Windows Vista, but still have a few years of Microsoft support left).\u003C\/span\u003E\u003Cbr\u003E\u003Cspan style=\"font-family: Helvetica Neue, Arial, Helvetica, sans-serif;\"\u003E\u003Cbr\u003EBut for the millions still running Windows XP at home (and even more importantly, for the operators of millions of ATMs and point-of-sale registers running embedded Windows XP) there are some very real implications. 12 years of updates have resulted in a pretty stable operating system, and the most egregious security flaws have been fixed (at least the known ones). In its early years, Windows XP was riddled with holes that lead to such malware fiascoes as Code Red and Nimda, Internet worms that crashed millions of PCs and brought businesses to their knees for days or even weeks. That has not been the case lately.\u003C\/span\u003E\u003Cbr\u003E\u003Ca href=\"http:\/\/www.securityforrealpeople.com\/2014\/04\/10-things-to-do-with-old-windows-xp-pc.html#more\"\u003ERead more »\u003C\/a\u003E"},"link":[{"rel":"edit","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8400001916258100158"},{"rel":"self","type":"application/atom+xml","href":"http:\/\/www.blogger.com\/feeds\/3911105790299130851\/posts\/default\/8400001916258100158"},{"rel":"alternate","type":"text/html","href":"http:\/\/www.securityforrealpeople.com\/2014\/04\/10-things-to-do-with-old-windows-xp-pc.html","title":"10 things to do with an old Windows XP PC"}],"author":[{"name":{"$t":"David"},"uri":{"$t":"http:\/\/www.blogger.com\/profile\/10169777669998745001"},"email":{"$t":"noreply@blogger.com"},"gd$image":{"rel":"http://schemas.google.com/g/2005#thumbnail","width":"16","height":"16","src":"https:\/\/img1.blogblog.com\/img\/b16-rounded.gif"}}],"media$thumbnail":{"xmlns$media":"http://search.yahoo.com/mrss/","url":"https:\/\/1.bp.blogspot.com\/-R-PdvXJdNdw\/U0NfnNM4ApI\/AAAAAAAACKQ\/U4rjZND8wDw\/s72-c\/wxp.jpg","height":"72","width":"72"}}]}});