Downclimb

2015.08.30

RSS feed

Downclimb: Summit Route’s Weekly Cyber News Recap
2015.08.23 – 2015.08.30: https://SummitRoute.com

Top stories

Giant bags of mostly water ————————– This great presentation explains how the automotive industry dealt with vehicle safety over time, and it’s parallels with the IT industry.

  • http://kernsec.org/files/lss2015/giant-bags-of-mostly-water.pdf

Business

  • Court Says FTC Can Sue Companies For Sloppy Cybersecurity: The Federal Trade Commission (FTC) was established in 1914 with the primary mission of consumer protection and elimination of monopolies. It has settled 53 cases related to data security, and this latest case involving the Wyndham hotel chain was upheld by the Philadelphia Court of Appeals and thus reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data.
  • grsecurity stopping public availability: Due to repeated GPL violations by businesses using grsecurity, the project will only distribute their updates privately to paid sponsors.

Newspaper News

  • ISIS hacker [recruiter] killed in drone strike: This story is about an ISIS member that was killed in a drone strike. He happened to formerly be part of a hacker group, but the reason for the strike does not appear to have anything to do with that. More discussion here.

Conference materials and publications

  • Linux Security Summit: Conference in Seattle last week.
  • Phrack: “The Art of Exploitation - Self-patching Microsoft XML with misalignments and factorials”

Tools

  • Microsoft Advanced Threat Analytics: This product for security monitoring and anomaly detection in Windows enterprises is now available for download.
  • angr angr is a framework for analyzing binaries via both static and dynamic symbolic (“concolic”) analysis. It is basically a wrapper around a number of projects. It was used by one of the DARPA Cyber Grand Challenge finalists.

Other reads

  • DFIR with Windows Logging Service (WLS): The post shows some interesting Windows host events to alert on.
  • Beware of Windows 10 DNS resolver and DNS Leaks: This post shows how even if you use a VPN, Windows 10 will leak information about what sites you visit. For those that use Tor, this means basically that in order to browse the web anonymously, you must route you traffic through a second device. This has been best practice for a long time for a number of reasons, but it’s unfortunate that even for business users that are trying to use a VPN, that information about their network usage is being leaked through unencrypted channels.
  • AshleyMadison emails suggest exec hacked competitors: The AshleyMadison hack has by and large not been interesting, other than what the target was (a site to assist with extramarital affairs). One new detail from this story though is that in the dump of emails from the compromise, there is discussion that an exec of the company hacked a competitor. Another interesting piece is that the AshleyMadison has put up a $500K bounty for the hackers.
  • Exploring Malware Syscalls with PANDA: PANDA is a tool for recording execution traces. The lead developer recorded the execution of 24K malware samples, and looked at the least used syscalls.