Downclimb: Summit Route’s Weekly Cyber News Recap
2015.06.28 – 2015.07.05: https://SummitRoute.com
Quotes
“Cryptographers are rewarded for solving the hardest problems–not the most important problems.” Matt Blaze
“PSA: There is a 19bn industry that sells security products that largely have net negative effect on security.” @halvarflake
“I realized today that probably my #1 indicator that I should hire an analyst is his or her passion for sharing info and techniques.” David J. Bianco
“‘Zero day’ is an assertion about human ignorance, not an assertion about a property of software.” Allen Householder
Top stories
Reversing Prince Harming’s kiss of death
Following up on the suspend/resume EFI issue in Apple from May that allows firmware passwords to be bypassed, osxreverser dug deeper into the root cause of the problem and shows his reversing.
- https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/
Injection Attacks on 802.11n MAC Frame Aggregation
Shows the ability to inject packets into an 802.11n wireless network without the need for physical proximity by using a Packet-in-Packet technique.
- https://github.com/rpp0/aggr-inject
Business
- Cisco acquiring OpenDNS: Cisco announced its intent to acquire OpenDNS for $635M. OpenDNS provides DNS services that, among other things, will block DNS requests to malicious sites.
Conference materials and publications
- A New Encryption Standard of Ukraine: The Kalyna Block Cipher: Different countries tend to develop their encryption schemes. You can leverage this fact to increase your own security by encrypting your data multiple times using the crypto of different countries. Encrypting your data multiple times with different encryption algorithms can ensure some additional security if one algorithm happens to be back-doored. This is much like TOR’s onion routing. Using this technique it is best to select encryption algorithms advocated by different countries. Understand though that the algorithms chosen are only a small part in maintaining encryption security. Generating good random and key management are likely each of more importance than the encryption algorithm chosen.
Tools
- StableLib: Common development practices suffer a number of security concerns including grabbing random libraries from random sites over unencrypted protocols with no checks to ensure the library received is not backdoor’ed or other issues. Once in use, developers should stay up to date on any vulnerabilities found in these libraries. There are a number of other concerns regarding not just security, and a new service (requires payments from commercial companies) helps solve many of these problems for Go packages (it’s libraries).
- s2n: Amazon has open-sourced a replacement for part of OpenSSL. OpenSSL provides “libssl”, which implements TLS, and “libcrypto” which is a general-purpose cryptography library. s2n replaces libssl, so s2n is still dependent on parts of OpenSSL. The best part of this is I think it is the first time Amazon has open-sourced code that isn’t specific to helping people use AWS! Good work Amazon, and I hope you do this more!
- Dharma: Mozilla has released an updated version of their generation-based, context-free grammar fuzzer. This has no test harness, but what it does is, given a grammar, it will generate output samples based on that grammar. This ensures better samples for use in fuzzing things like browsers than simply flipping bits.
Other reads
- Follow-up on Exploiting “BadIRET” vulnerability (CVE-2014-9322): Discusses Linux kernel exploitation.
- NutShell of Kernel Security: Cracks by Design?: k33nteam posted their slides and some discussion from their talk at RECon about Windows kernel exploitation.
- Three New Masque Attacks against iOS: Demolishing, Breaking and Hijacking: iOS issue that allows a malicious app to do some things it shouldn’t be able to.