Securit13 Podcast
Первый украинский подкаст об информационной безопасности

Ми тут вирішили згадати найголосніші події року, що вже майже минув. Приєднуйтесь!

Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/
NSA-leaking Shadow Brokers just dumped its most damaging release yet https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/
New ransomware, old techniques: Petya adds worm capabilities https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
The MeDoc Connection http://blog.talosintelligence.com/2017/07/the-medoc-connection.html
Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html
Equifax website hack exposes data for ~143 million US consumers https://arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/
We have broken SHA-1 in practice http://shattered.io/
ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/
KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/53847a/camera-dildo-svakom-siime-eye-hacked-livestream
MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/
Блокування веб-русурсів в Україні
МОН доручило вишам не користуватися сайтами з доменами “.ru” і “.ру” http://life.pravda.com.ua/society/2017/12/29/228234/
Мінінформ оприлюднить доповнення до списку заборонених сайтів http://www.pravda.com.ua/news/2017/12/29/7167028/
#FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight
https://informnapalm.org/uca/
http://usa.mfa.gov.ua/ua/consular-affairs/services/passport


Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 91.mp3
Category:Technology -- posted at: 8:06pm CEST
Comments[0]

Самые громкие новости последних недель. Удивительное яблоко, #FuckResponsibleDisclosure, обновленно обещание от Джона и еще что-то. Не пропустите!

00:00:58 #FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight
https://informnapalm.org/uca/
http://usa.mfa.gov.ua/ua/consular-affairs/services/passport
00:07:26 Apple и все все все
Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html
As Apple fixes macOS root password hole, here's what went wrong http://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/
https://forums.developer.apple.com/thread/79235
https://twitter.com/fristle/status/935670476214378496
Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1 https://support.apple.com/en-us/HT208317
MACOS UPDATE ACCIDENTALLY UNDOES APPLE'S "ROOT" BUG PATCH https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out https://9to5mac.com/2017/12/07/homekit-vulnerability/
00:12:50 John McAfee https://twitter.com/officialmcafee/status/935900326007328768/photo/1
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin https://www.darkreading.com/cloud/bitcoin-miner-nicehash-hacked-possibly-losing-$62-million-in-bitcoin/d/d-id/1330585
Сайт блокчейн-проекта Confido недоступен: все профили команды проекта оказались поддельными https://forklog.com/sajt-blokchejn-proekta-confido-nedostupen-vse-profili-komandy-proekta-okazalis-poddelnymi/
00:15:17 CVE-2017-11937 | Microsoft releases an emergency update to fix a flaw in Malware Protection Engine http://securityaffairs.co/wordpress/66475/hacking/cve-2017-11937-malware-protection-engine.html
00:17:49 Uber Paid Hackers to Delete Stolen Data on 57 Million People https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
00:18:28 Intel Management Engine pwned by buffer overflow https://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/
00:18:52 Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts http://securityaffairs.co/wordpress/66432/hacking/keylogger.html
Websites use your CPU to mine cryptocurrency even when you close your browser https://arstechnica.com/information-technology/2017/11/sneakier-more-persistent-drive-by-cryptomining-comes-to-a-browser-near-you/
00:19:09 Android flaw lets attack code slip into signed apps https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip_into_signed_apps/
00:19:24 Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters http://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 90_1.mp3
Category:Technology -- posted at: 12:20pm CEST
Comments[0]

Немного самых громких новостей последних недель вам в ленту. Тут и кролик, и Алиса, и сладкие истории на ночь.

ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/
Certificate expiry monitoring, KeyChest for HTTPS, TLS, Letsencrypt expiry and server status https://keychest.net/roca
Estonia government locks down ID smartcards: Refresh or else https://www.theregister.co.uk/2017/11/03/estonian_e_id_lockdown/
Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html
BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
Bad Rabbit: Not-Petya is back with improved ransomware https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/
The Shadow Internet – Comae Technologies https://blog.comae.io/the-shadow-internet-d42b7195a118
Fake WhatsApp app in official Google Play Store downloaded by over a million Android users http://securityaffairs.co/wordpress/65159/malware/fake-whatsapp-app.html
Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address http://securityaffairs.co/wordpress/65168/hacking/tor-tormoil-vulnerability.html
Oracle Security Alert CVE-2017-10151 http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
Dangerous liaisons https://securelist.com/dangerous-liaisons/82803/
Equifax execs sold shares before mega-hack reveal. All above board – Equifax probe http://www.theregister.co.uk/2017/11/03/equifax_share_trade_investigation/

 

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 89_1.mp3
Category:Technology -- posted at: 9:06pm CEST
Comments[0]

И снова вместо 300 секунд наши неугомонные ведущие обсуждают новости и события. Присоединяйтесь!

A new Mirai-Like IoT Botnet is growing in a new mysterious campaign http://securityaffairs.co/wordpress/64565/malware/new-iot-botnet-growing.html
Google launched Google Play Security Reward bug bounty program to protect apps in Play Store http://securityaffairs.co/wordpress/64545/mobile-2/google-play-security-reward.html
Equifax website borked again, this time to redirect to fake Flash update https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/?amp=1
New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock https://thehackernews.com/2017/10/android-ransomware-pin.html
PUBLIC SECURITY ALERT: New Facebook attack - watch out for phishy messages that say you’re a “Trusted Contact” - Access Now https://www.accessnow.org/public-security-alert-new-facebook-attack/
KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/
YouTube sin-bins account of KRACK WPA2 researcher https://www.theregister.co.uk/2017/10/19/youtube_krack_down/
Malware hidden in vid app is so nasty, victims should wipe their Macs https://www.theregister.co.uk/2017/10/20/mac_os_reinstall_eltima_elmedia_malware/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 88_1.mp3
Category:Technology -- posted at: 8:46am CEST
Comments[0]

Intro / Outro Art Of Escapism - The Sands of Windhoek http://freemusicarchive.org/music/Artofescapism/Midnight_Caravan/The_Sands_of_Windhoek

В связи с повышением количества атак на цепь поставок (Supply chain), в том числе и обновления, программного обеспечения, наши ведушие Андрей, Алиса, Алексей и Тарас решили разобраться что же это такое и с чем его едят, рассмотреть примеры и варианты, а так же возможные пути защиты и предотвращения.

Supply chain https://en.wikipedia.org/wiki/Supply_chain
What Is a 'Supply Chain Attack?' https://motherboard.vice.com/en_us/article/d3y48v/what-is-a-supply-chain-attack
CCleanup: A Vast Number of Machines at Risk http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Java security plagued by crappy docs, complex APIs, bad advice https://www.theregister.co.uk/2017/09/29/java_security_plagued_stack_overflow/
Apple Mac fans told: Something smells EFI in your firmware https://www.theregister.co.uk/2017/09/29/mac_firmware_insecurity/
Reflections on Trusting Trust https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Direct download: 87_2.mp3
Category:Technology -- posted at: 4:38pm CEST
Comments[0]

В качестве возвращения и начала нового сезона осень-зима 2017-2018, Андрей и Алиса кратенько прошлись по последним новостям

Взлом сайтів в доменій зоні *.gov.ua та помилка у CERT-UA https://goo.gl/A6kJve
4G/5G Wireless Networks as Vulnerable as WiFi and putting SmartCities at Risk http://securityaffairs.co/wordpress/64098/hacking/4g5g-wireless-networks-flaws.html
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold https://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/
FIN7 hacking group is switched to new techniques to evade detection http://securityaffairs.co/wordpress/64083/apt/fin7-new-techniques.html
VPN logs helped unmask alleged 'net stalker, say feds http://www.theregister.co.uk/2017/10/08/vpn_logs_helped_unmask_alleged_net_stalker_say_feds/
Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim http://www.theregister.co.uk/2017/10/05/anonymous_report_russian_spies_used_kaspersky_lab_software_to_steal_nsa_secrets/
Sri Lanka police arrest two men over cyber theft at the Taiwan Bank http://securityaffairs.co/wordpress/64034/cyber-crime/taiwan-bank-cyber-heist.html
Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter https://thehackernews.com/2017/10/cortana-for-skype.html
Warning: Millions Of P0rnHub Users Hit With Malvertising Attack https://thehackernews.com/2017/10/online-malvertising-attack.html
Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach https://thehackernews.com/2017/10/disqus-comment-system-hacked.html
The iPhone's Constant Password Popups Are a Hacker's Dream https://motherboard.vice.com/en_us/article/ne7gxz/ios-iphone-password-phishing-app-popups

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 87_1.mp3
Category:Technology -- posted at: 5:39pm CEST
Comments[0]

Intro / Outro Finest Cockles by Blah Blah Blah http://freemusicarchive.org/music/Blah_Blah_Blah/MOONRAKER_5317_1904/Finest_Cockles

Интервью с Максимом Тульевым о блокировках и будущем украинского интернета

Direct download: 83.mp3
Category:Technology -- posted at: 8:15am CEST
Comments[0]

Intro / Outro I Do Believe I've Had Enough by Zephaniah And The 18 Wheelers http://freemusicarchive.org/music/Zephaniah_And_The_18_Wheelers/Live_On_WFMUs_Honky_Tonk_Radio_Girl_Program_with_Becky_11316/Zephaniah_And_The_18_Wheelers_02_I_Do_Believe_Ive_Had_Enough

Big 4 of the top security and privacy conferences: S&P ("Oakland"), NDSS, CCS and USENIX Security.

Наука не делается самостоятельно, a нужно учиться у передовых исследований, как они интегрируются с практикой, понимать их уровень, и себя показывать. По-этому, для того кто первый с украинским affiliation опубликует статью на этих конференциях - с меня можно пообещать "коньяк" :)

The Network and Distributed System Security Symposium (NDSS) 2017 by Internet Society - http://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017

> From the keynote speech by J. Alex Halderman:
"Want to Know if the Election was Hacked? Look at the Ballots" - https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba
"Securing Digital Democracy" course - https://www.coursera.org/learn/digital-democracy
Video - https://www.youtube.com/watch?v=Snoo6CXiyWU&feature=youtu.be


> Web Security section:
"(Cross-)Browser Fingerprinting via OS and Hardware Level Features" by Yinzhi Cao et al. - https://www.internetsociety.org/doc/cross-browser-fingerprinting-os-and-hardware-level-features
Websites to test your browser and device fingerprint:
https://panopticlick.eff.org
https://amiunique.org
http://uniquemachine.org (now, cross-browser!)
"Fake Co-visitation Injection Attacks to Recommender Systems" by Guolei Yang et al. - https://www.internetsociety.org/doc/fake-co-visitation-injection-attacks-recommender-systems

> User Authentication section:
"Cracking Android Pattern Lock in Five Attempts" by Guixin Ye at el. - https://www.internetsociety.org/doc/cracking-android-pattern-lock-five-attempts
"Towards Implicit Visual Memory-Based Authentication" by  - https://www.internetsociety.org/doc/towards-implicit-visual-memory-based-authentication

> TLS et al. (several papers on Diffie-Hellman and more)
"The Security Impact of HTTPS Interception" by Zakir Durumeric et al. - https://www.internetsociety.org/doc/security-impact-https-interception
"WireGuard: Next Generation Kernel Network Tunnel" by Claude Castelluccia et al. - https://www.internetsociety.org/doc/wireguard-next-generation-kernel-network-tunnel  (by a single author, Jason Donenfeld!)
More on WireGuard:
https://fosdem.org/2017/schedule/event/wireguard/
https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-2016
https://www.wireguard.io

> On Tor:
"The Effect of DNS on Tor's Anonymity" by Benjamin Greschbach et al. - https://www.internetsociety.org/doc/e-effect-dns-tors-anonymity
"Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection" by Aaron Johnson et al.  - https://www.internetsociety.org/doc/avoding-man-wire-improving-tors-security-trust-aware-path-selection  (more on proper path selection for Tor, possible attacks on Astoria).

> Malware:
"Dial One for Scam: A Large-Scale Analysis of Technical Support Scams" - наша статья, получившая Distinguished Paper Award!
https://www.internetsociety.org/doc/dial-one-scam-large-scale-analysis-technical-support-scams
"MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models" by Enrico Mariconti et al. - https://www.internetsociety.org/doc/mamadroid-detecting-android-malware-building-markov-chains-behavioral-models
"A Broad View of the Ecosystem of Socially Engineered Exploit Documents" by Stevens Le Blond et al. - https://www.internetsociety.org/doc/broad-view-ecosystem-socially-engineered-exploit-document s (можно проводить много интересных исследований на базе данных из VirusTotal).

... and much more interesting works on SGX, virtualization, and binary reassembly, etc.

Plus, a DNS Privacy Workshop program - https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme

Direct download: 82.mp3
Category:Technology -- posted at: 8:13am CEST
Comments[0]

Intro / Outro Semme Automatic Stay the Course https://www.jamendo.com/track/1421989/stay-the-course

00:00:34 Слухи про блокировки в интернетах ДО их официальной блокировки
00:04:52 Давайте поговорим про фищинг
00:07:40 Google Docs users hit with sophisticated phishing attack https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam
00:08:44 Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails https://www.theregister.co.uk/2017/03/30/github_devs_malware_mails/
00:09:47 Получили письмо из налоговой?
00:11:08 __blank в Edge
Researcher pwns Charles Darwin to demonstrate Microsoft Edge exploit https://www.scmagazine.com/researcher-pwns-charles-darwin-to-demonstrate-microsoft-edge-exploit/article/652807/
00:13:16 Захист від фішингу від Британської податкової
00:14:27 https://en.wikipedia.org/wiki/Phishing
00:24:45 В Тернополе в торговом центре мужчина при свидетелях открыл банкомат и похитил оттуда полмиллиона (видео) https://www.unian.net/incidents/1893219-v-ternopole-v-torgovom-torgovom-tsentre-mujchina-pri-svidetelyah-otkryil-bankomat-i-pohitil-ottuda-polmilliona-video.html
00:29:06 Prevent & report phishing attacks https://support.google.com/websearch/answer/106318?hl=en
00:31:53 Киберполиция Украины помогла ликвидировать киберсеть "Аваланш" (Avalanche), которая с 2009 года использовалась для распространения вредоносных программ, спама и фишинга - ITC.ua http://itc.ua/news/kiberpolitsiya-ukrainyi-likvidirovali-kiberset-avalansh-avalanche-kotoraya-s-2009-goda-ispolzovalas-dlya-rasprostraneniya-vredonosnyih-programm-i-spama-a-takzhe-fishinga-i-otmyivaniya-deneg/

Direct download: 81.mp3
Category:Technology -- posted at: 12:28am CEST
Comments[0]

Intro / Outro Lady We Knew by Cullah http://freemusicarchive.org/music/MC_Cullah/Cullahmity/03_-_Lady_We_Knew
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/camera-dildo-svakom-siime-eye-hacked-livestream?utm_source=mbtwitter
Teampass http://teampass.net/
Squid: Optimising Web Delivery http://www.squid-cache.org/
SNORT https://www.snort.org/
Suricata https://suricata-ids.org/
pfSense https://www.pfsense.org/
Life and death for Windows: Vista support ends as Creators Update starts to roll out https://www.geekwire.com/2017/microsoft-makes-april-11-a-day-of-life-and-death-for-versions-of-windows-and-office/

Direct download: 80.mp3
Category:Technology -- posted at: 8:05pm CEST
Comments[2]