Downclimb: Summit Route’s Weekly Infosec News Recap
2014.10.31 – 2014.11.07: https://SummitRoute.com

Top stories

WireLurker

A new malware family for Apple OS X and iOS malware has been discovered named WireLurker. OS X applications on a Chinese app store were trojaned, and any iOS device that was connected to one of these OS X computers could then be infected (whether or not that iOS device was jailbroken).

• https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf
• Samples: http://contagiodump.blogspot.com/2014/11/wirelurker-for-osx-ios-part-i-and.html

Generating MD5 collisions costs $0.65

The MD5 hashing algorithm is still used in a variety of crypto applications, but it’s so cheap to generate collisions now that it definitely should no longer be used for crypto purposes or ensuring integrity. This post explains how a collision can be created in just 10 hours on an AWS large GPU instance.

• http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-same-md5.html

Mobile is Eating the World

Not security related, but it’s important to see where our industry is heading as the security of things is directed by what things are used. The main point is simply that we will soon get to a point where people no longer have laptops (or desktops) and just use their phones for all their tasks.

• Slides: http://a16z.com/2014/10/28/mobile-is-eating-the-world/
• Podcast: http://a16z.com/2014/10/31/a16z-podcast-selling-tech-to-everyone-changes-everything/

Business

• Accuvant and FishNet Security merging: Both companies do similar work by providing various cyber security services. Terms are undisclosed. WSJ article here.

Tools

• Massive Improvements to Cuckoo Sandbox: Spender (aka Brad Spengler, the guy behind grsecurity) made some large improvements to Cuckoo Sandbox and described them in a blog post on Accuvant. Cuckoo Sandbox is a mess for anyone that has tried to use it. It doesn’t have a release cycle so it’s very difficult to install and getting it’s different components working together or maintain updates for.
• Volatility plugin contest winners

Other reads

• Drupal vulnerability: Drupal is a popular CMS, like Wordpress, that runs between 2%-5% of the websites on the Internet. Up to 12M sites are estimated to have been vulnerable at the time of the announcement of this vulnerability and it’s assumed many are compromised.
• Silk Road 2, along with many other Tor sites, have been taken down: http://www.wired.com/2014/11/operation-onymous-dark-web-arrests/