Downclimb: Summit Route’s Weekly Infosec News Recap
2016.02.21 – 2016.02.28: https://SummitRoute.com
To receive a weekly email notification of this newsletter, email scott@summitroute.com

Quotes

“security engineering is political, & not just obvious cases like apple v FBI. do we build X? what’s our threat model? which bugs do we fix?” Adrienne Porter Felt‏

 

“not all software quality issues are security issues, but all software security issues are software quality issues” Sherif Mansour‏

 

“That marketing cycles around major conferences dictate when research is released tells you everything you need to know about infosec.” ‏the grugq

 

“Conclusions: First, it’s Friday night and I’m analyzing malware. I think the biggest takeaway is that I need to get out more :|” Patrick Wardle‏

 

Top stories

Operation Blockbuster

A coalition of 13 security companies, including Blue Coat Labs, Kaspersky Lab, AlienVault Labs, and more, released coordinated reports this week on the hackers behind the Sony breach. In a new twist, they made a single website at operationblockbuster.com for this research. This cyber archaeology project ties together the Sony hack, DarkSeoul, and other mostly South Korean hacks. It attributes these back to North Korea. The research itself was’t that interesting to me. More interesting is the marketing of creating a coalition of researchers.

Business

• Signal Sciences Announces Public Launch: Signal Science provides what they call a next generation web application firewall (WAF).
• IBM Security to Acquire Resilient Systems for $100M+: Resilient Systems is a workflow system for incident responders, or put another way, it’s a ticketing system with some words changed for security.
• Cyber security startups face funding drought: Despite private investors investing $3.3B into 229 cyber security deals last year, and cyber M&A activity doubling to $27B from $10B, this article makes the claim that funding is drying up for cyber security start-ups.

Newspaper News

• I got hacked mid-air while writing an Apple-FBI story: This story is about how a reporter had his email read by another person on the flight, supposedly because he was using Gogo inflight Wi-Fi, but the real technical reason this happened is because the journalist is using Earthlink for his email which doesn’t support encryption and Gogo is no different than any other public wifi.

Conference materials and publications

• Changing the physics of defense: Keynote by John Lambert for the Kaspersky SAS conference keynote from early February.

Other reads

• Exploiting SMM callout vulnerabilities in Lenovo firmware: Firmware exploiting from Cr4sh against Lenovo and and the Russian security product Secret Net.
• CVE-2015-8277: This vulnerability is in Flexera’s FlexNet Publisher, which is used by Hexray’s for IDA Pro licenses.
• Bulk ASLR Data Analysis: Post from Leviathan Security about ASLR data observed from real-world networks and crashes.
• HackingTeam Reborn; A Brief Analysis of the RCS Implant Installer: Patrick Wardle shows how to reverse Apple encrypted binaries used by Hacking Team on OSX.
• CVE-2016-2384: To be honest, there is nothing interesting about this vuln (a double-free in usb-audio triggered by invalid USB descriptor), but I like that the author mentioned that it was found by using vUSBf (a USB fuzzer) and kasan (a fast memory error detector for the Linux kernel). I think people often assume that various bug finding tools are open-sourced because the author exhausted all the bugs that could be found with it, but it’s often the case that people just need to apply these tools in new places or combine them.