Downclimb

2014.12.26

RSS feed

Downclimb: Summit Route's Weekly Infosec News Recap
2014.12.19 – 2014.12.26: https://SummitRoute.com

Quotes

"Sorry, I'm stupid but how is attribution really going to help you improve your defenses? You are still blind as before to attacks." ‏@osxreverser

 

"when your attribution is based exclusively on forensic artifacts, you're using only adversarial controlled data" @thegrugq

 

"20 years ago today I was sitting in a hotel room in Denver hacking into Tsutomu Shimomura's SunOS boxes as he was skiing. How time flies :-)" @kevinmitnick

 

"Reality: The things that keep our lights on and water clean are built to lesser security specifications than the DRM in our game consoles." @halvarflake

Top stories

Elcomsoft Phone Breaker

The Russian company Elcomsoft is an old name in the infosec world. Back in 2001, at Defcon 9, an Elcomsoft employee named Dmitry Sklyarov was arrested by the FBI just after his presentation about Adobe eBook security. Elcomsoft primarily makes products to provide access to forensic investigators for all sorts of encrypted and locked files and devices. Their recent product Phone Breaker can get access to the password protected backups of Blackberry and iOS devices including the Apple iPhone 6. It can get access to iCloud and Windows Live. It can bypass 2-factor authentication.

NTP vuln

(CVE-2014-9295) A couple of vulnerabilities have been found in the Network Time Protocol (NTP) project NTP daemon (ntpd)[1]. The most critical is a buffer overflow[2]. Apple released it's first ever automatic security update in response to this (no reboot was needed). The issue affects various Linux distributions and many systems use NTP clients and servers to keep their time in sync.

  1. CERT announcement: http://www.kb.cert.org/vuls/id/852879
  2. The code change for the buffer overflow fix: http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g

Tools

  • SwishDbgExt: Matt Suiche's extension for windbg is now open-source. This tool can be used to to identify and understand Windows kernel rootkits when doing incident response, and is also a great tool for Windows debugging in general. The source code itself is also a great read for anyone interested in reading clean, modern real-world Windows Visual Studio C code.

Other news