Follow Slashdot stories on Twitter


Forgot your password?

Submission Summary: 1 pending, 120 declined, 79 accepted (200 total, 39.50% accepted)

Submission + - Disclosed Netgear Flaws Under Attack (

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited.

Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately disclosed that it addressed the problem adequately.

The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300- The flaw allows an attacker, without knowing the router password, to access the administration interface.

Submission + - Stagefright 2.0 Vulnerabilities Affect 1 Billion Android Devices (

msm1267 writes: Security researcher Joshua Drake today disclosed two more flaws in Stagefright, one that dates back to the first version of Android, and a second dependent vulnerability that was introduced in Android 5.0. The bugs affect more than one billion Android devices, essentially all of them in circulation.

One of the vulnerabilities was found in a core Android library called libutils; it has been in the Android OS since it was first released and before there were even Android mobile devices. The second vulnerability was introduced into libstagefright in Android 5.0; it calls into libutils in a vulnerable way. An attacker would use a specially crafted MP3 or MP4 file in this case to exploit the vulnerabilities.

Google has released patches into the Android Open Source Project tree, but public patches are not yet available.

Submission + - New Attack Bypasses Mac OS X Gatekeeper (

msm1267 writes: Mac OS X's Gatekeeper security service is supposed to protect Apple computers from executing code that's not signed by Apple or downloaded from its App Store. A researcher, however, has built an exploit that uses a signed binary to execute malicious code.

Patrick Wardle, a longtime Apple hacker, said Gatekeeper performs only an initial check on an application to determine whether it came from an untrusted source and should not be executed. Using a signed binary that passes the initial check and then loads a malicious library or app from the same or relative directory, however, will get an advanced attacker onto an OS X machine.

Wardle disclosed his research and proof of concept to Apple, which said it is working on a patch, and may push out a short-term mitigation in the meantime.

Submission + - Google Explains Dependencies in Cybercrime Food Chain (

msm1267 writes: A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime. Instead, the focus, they says, should be on attacking the criminal infrastructure.

The report outs a number of soft spots and inter-dependencies in the criminal underground that could be leveraged to cut into the efficacy of cybercrime.

“Commoditization directly influences the kinds of business structures and labor agreements that drive recent cybercrime,” the researchers write. While shutting down the black market is easier said than done, the paper notes a few ways to deter the behavior of attackers, if not fully break the chain.

Submission + - Million-Dollar iOS 9 Bug Bounty Launches (

msm1267 writes: Zerodium, an exploit vendor founded by VUPEN CEO Chaouki Bekrar, today announced it will host a million-dollar bug bounty looking for iOS 9 zero-days.

Bekrar has put up a $3 million pool and has given researchers until Oct. 31 to find previously unknown, unreported and unpublished vulnerabilities in the latest version of Apple's mobile OS.

Payoffs are made for vulnerabilities that bypass native iOS 9 exploit mitigations, including the sandbox, ASLR and bootchain. Attacks must be silent, and triggered only by visiting a website or reading a SMS or MMS message.

Zerodium launched in July, and unlike VUPEN, will purchase zero days from outside sources and will provide vulnerability data and exploits in a feed to its customers.

Submission + - Turla APT Group Abusing Satellite Internet Links (

msm1267 writes: Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today.

Active for close to a decade, Turla’s activities were exposed last year; the Russian-speaking gang has carried out espionage campaigns against more than 500 victims in 45 countries, most of those victims in critical areas such as government agencies, diplomatic and military targets, and others.

Its use of hijacked downstream-only links is a cheap ($1,000 a year to maintain) and simple means of moving malware and communicating with compromised machines, Kaspersky researchers wrote in a report. Those connections, albeit slow, are a beacon for hackers because links are not encrypted and ripe for abuse.

Submission + - Netflix Open Sources Sleepy Puppy XSS Hunter (

msm1267 writes: Netflix has released a tool it calls Sleepy Puppy to open source. The tool injects cross-site scripting payloads into a target app that may not be vulnerable, but could be stored in a database and and tracks the payload if it's reflected to a secondary application that makes use of the data in the same field.

“We were looking for a way to provide coverage on applications that come from different origins or may not be publicly accessible,” said co-developer Scott Behrens, a senior application security engineer at Netflix. “We also wanted to observe where stored data gets reflected back, and how data that may be stored publicly could also be reflected in a large number of internal applications.”

Sleepy Puppy is available on Netflix's Github repository and is one of a slew of security tools its engineers have released to open source.

Submission + - Browser Makers to Sever RC4 Support in Early 2016 (

msm1267 writes: Google, Microsoft and Mozilla today announced they’ve settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers.

Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 and Microsoft Edge respectively will also do so in the January-February timeframe.

Practical attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.

Submission + - WordPress Hacks Behind Surging Neutrino EK Traffic (

msm1267 writes: More than 2,000 websites running WordPress have been compromised and are responsible for a surge this week in traffic from the Neutrino Exploit Kit.

Attacks against sites running older versions of the content management system, 4.2 and earlier, were spotted by Zscaler. Those sites are backdoored and redirect a victim’s browser through iframes to a landing page hosting the exploit kit where a Flash exploit awaits. The exploits generally target Internet Explorer, Zscaler said, and victims’ computers are eventually infected with CryptoWall 3.0 ransomware.

This analysis is in line with a similar report from the SANS Institute, which pointed the finger at a particular cybercrime group that had steered away from using the prolific Angler Exploit Kit and moved operations to Neutrino.

Submission + - Reflection DDoS Attacks Abusing RPC Portmapper (

msm1267 writes: Attackers have figured out how to use Portmapper, or RPC Portmapper, in reflection attacks where victims are sent copious amounts of responses from Portmapper servers, saturating bandwidth and keeping websites and web-based services unreachable.

Telecommunications and Internet service provider Level 3 Communications of Colorado spotted anomalous traffic on its backbone starting in mid-June almost as beta runs of attacks that were carried out Aug. 10-12 against a handful of targets in the gaming and web hosting industries.

There are 1.1 million Portmapper servers accessible online, and those open servers can be abused to similar effect as NTP servers were two years ago in amplification attacks.

Submission + - Stagefright Patch Incomplete, Android Devices Still Vulnerable (

msm1267 writes: A patch distributed by Google for the infamous Stagefright vulnerability found in 950 million Android devices is incomplete and users remain exposed to simple attacks targeting the flaw.

Researchers at Exodus Intelligence discovered the issue in one of the patches submitted by Zimperium zLabs researcher Joshua Drake. Google responded today by releasing a new patch to open source and promising to distribute it next month in a scheduled OTA update for Nexus devices and to its partners.

Drake's original patch failed to account for an integer discrepancy between 32- and 64-bit, Exodus Intelligence said. By inputting a specific 64-bit value, researchers were able to bypass the patch.

Exodus, which submitted a bug fix of its own to Google, said it decided to go public with its findings for several reasons, including the fact that the vulnerability was widely publicized by Zimperium before and during Black Hat, not to mention that Google has had the original bug report since April, yet neither party noticed the discrepancy in the patch.

Submission + - Manipulating Microsoft WSUS to Own Enterprises (

msm1267 writes: Microsoft's enterprise-grade Windows Server Update Services (WSUS), used to download and distribute security and driver updates,poses a significant weak spot if not configured properly.

Researchers Paul Stone and Alex Chapman during last week's Black Hat conference presented research on the the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL.

While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could, with some work, tamper with the unencrypted communication and inject a malicious homegrown update.

Submission + - Latest Samy Kamkar Hack Unlocks Most Cars (

msm1267 writes: Samy Kamkar has built a new device called Rolljam that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on her key or remote, the device grabs the unique code sent by the remote and stores it for later use.

The device takes advantage of an issue with the way that vehicles that use rolling codes for unlocking produce and receive those codes. Kamkar said that the device works on most vehicles and garage doors that use rolling, rather than fixed codes.

Submission + - Samy Kamkar's ProxyGambit Picks Up for Defunct ProxyHam (

msm1267 writes: Hardware hacker Samy Kamkar has picked up where anonymity device ProxyHam left off. After a DEF CON talk on ProxyHam was mysteriously called off, Kamkar went to work on developing ProxyGambit, a similar device that allows a user to access the Internet from anywhere without revealing their physical location.

A description on Kamkar’s site says ProxyGambit fractures traffic from the Internet through long distance radio links or reverse-tunneled GSM bridges that connects and exits the Internet through wireless networks far from the user’s physical location.

ProxyHam did not put as much distance between the user and device as ProxyGambit, and routed its signal over Wi-Fi and radio connections. Kamkar said his approach makes it several times more difficult to determine where the original traffic is coming from.

Submission + - New RC4 Encryption Attacks Reduces Plaintext Recovery Time (

msm1267 writes: Two Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm. A published paper, expected to be delivered at the upcoming USENIX Security Symposium next month in Washington, D.C., describes new attacks against RC4 that allow an attacker to capture a victim’s cookie and decrypt it in a much shorter amount of time than was previously possible.

The paper “All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS,” written by Mathy Vanhoef and Frank Piessens, explains the discovery of new biases in the algorithm that led to attacks breaking encryption on websites running TLS with RC4, as well as the WPA-TKIP, the Wi-Fi Protected Access Temporal Key Integrity Protocol.

If in any problem you find yourself doing an immense amount of work, the answer can be obtained by simple inspection.