Downclimb: Summit Route's Weekly Infosec News Recap
2014.10.17 – 2014.10.24: https://SummitRoute.com
Binaries downloaded over Tor being trojaned
Josh Pitts from Leviathan Security discusses some examples he has found where downloaded binaries are being trojaned in transit. This is one of the threats that Summit Route is going to protect against.
FIDO: 2-Factor Authentication
Google has announced it's support for the Fast IDenity Online Universal 2-Factor (FIDO U2F) Authentication. Membership in FIDO includes Mastercard, Visa, Microsoft, Alibaba, Bank of America, PayPal, and many others. The goal is to log into websites using a USB key. Two-factor authentication, or most anything beyond our current password schemes, is a welcome improvement. However, this has been met with some criticism for requiring the use of of the P-256 NIST elliptic curve. Some suspect the points on this curve were chosen specifically to make it possible for some people to break the crypto.
An alternative password replacement scheme was also announced called EasyAuth from scriptjunkie.
Sandworm not fully patched
Microsoft's round of patches last week failed to fully protect against the exploit CVE-2014-4114, known as Sandworm. A Fixit and EMET guidance is available.
- j00ru discusses the vulns he found in IDA Pro
- Operation Pawn Storm: Trend Micro reports on an operation that has been active since 2007. Uses spear-phishing and watering holes.
- Did the "Man With No Name" Feel Insecure?: Technical discussion of a bug in Windows related to trying to do sandboxing there.
- Analysis of POS malware Dexter and Decebal
- Windows 10 security features