Monthly Archives: July 2014

USB FUNDAMENTALY BROKEN

Omerta Information Security – Rotterdam The Netherlands  July  31 2014

 

logo_3D

 

 

 

 

—  REUTERS  —

 

USB devices such as keyboards, thumb-drives and mice can be used to hack into personal computers in a potential new class of attacks that evade all known security protections, a top computer researcher revealed on Thursday.

Karsten Nohl, chief scientist with Berlin’s SR Labs, noted that hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.

“You cannot tell where the virus came from. It is almost like a magic trick,” said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.

The finding shows that bugs in software used to run tiny electronics components that are invisible to the average computer user can be extremely dangerous when hackers figure out how to exploit them. Security researchers have increasingly turned their attention to uncovering such flaws.

Nohl said his firm has performed attacks by writing malicious code onto USB control chips used in thumb drives and smartphones. Once the USB device is attached to a computer, the malicious software can log keystrokes, spy on communications and destroy data, he said.

Computers do not detect the infections when tainted devices are inserted because anti-virus programs are only designed to scan for software written onto memory and do not scan the “firmware” that controls the functioning of those devices, he said.

Nohl and Jakob Lell, a security researcher at SR Labs, will describe their attack method at next week’s Black Hat hacking conference in Las Vegas, in a presentation titled: “Bad USB – On Accessories that Turn Evil.”

Thousands of security professionals gather at the annual conference to hear about the latest hacking techniques, including ones that threaten the security of business computers, consumer electronics and critical infrastructure.

Nohl said he would not be surprised if intelligence agencies, like the National Security Agency, have already figured out how to launch attacks using this technique.

Last year, he presented research at Black Hat on breakthrough methods for remotely attacking SIM cards on mobile phones. In December, documents leaked by former NSA contractor Edward Snowden demonstrated that the U.S. spy agency was using a similar technique for surveillance, which it called “Monkey Calendar.”

An NSA spokeswoman declined to comment.

SR Labs tested the technique by infecting controller chips made by major Taiwanese manufacturer, Phison Electronics Corp, and placing them in USB memory drives and smartphones running Google Inc’s Android operating system.

Alex Chiu, an attorney with Phison, told Reuters via email that Nohl had contacted the company about his research in May.

“Mr. Nohl did not offer detailed analysis together with work product to prove his finding,” Chiu said. “Phison does not have ground to comment (on) his allegation.”

Chiu said that “from Phison’s reasonable knowledge and belief, it is hardly possible to rewrite Phison’s controller firmware without accessing our confidential information.”

Similar chips are made by Silicon Motion Technology Corp and Alcor Micro Corp. Nohl said his firm did not test devices with chips from those manufacturers.

Google did not respond to requests for comment. Officials with Silicon Motion and Alcor Micro could not immediately be reached.

Nohl believed hackers would have a “high chance” of corrupting other kinds of controller chips besides those made by Phison, because their manufacturers are not required to secure software. He said those chips, once infected, could be used to infect mice, keyboards and other devices that connect via USB.

“The sky is the limit. You can do anything at all,” he said.

In his tests, Nohl said he was able to gain remote access to a computer by having the USB instruct the computer to download a malicious program with instructions that the PC believed were coming from a keyboard. He was also able to change what are known as DNS network settings on a computer, essentially instructing the machine to route Internet traffic through malicious servers.

Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to it, which would then corrupt machines that they contact.

“Now all of your USB devices are infected. It becomes self-propagating and extremely persistent,” Nohl said. “You can never remove it.”

Christof Paar, a professor of electrical engineering at Germany’s University of Bochum who reviewed the findings, said he believed the new research would prompt others to take a closer look at USB technology, and potentially lead to the discovery of more bugs. He urged manufacturers to improve protection of their chips to thwart attacks.

“The manufacturer should make it much harder to change the software that runs on a USB stick,” Paar said.

 

 

NSA PLAYSET

Omerta Information Security – Rotterdam The Netherlands 31 july 2014

 

jungle-junction-playset-packaging

 

In the coming months and beyond, we will release a series of dead simple, easy to use tools to enable the next generation of security researchers. We, the security community have learned a lot in the past couple decades, yet the general public is still ill equipped to deal with real threats that face them every day, and ill informed as to what is possible.

Inspired by the NSA ANT catalog, we hope the NSA Playset will make cutting edge security tools more accessible, easier to understand, and harder to forget. Now you can play along with the NSA!

 

follow the website here

 

 

DAMN GOOD AUTHENTICATION APP!

Omerta Information Security – Rotterdam The Netherlands Juli 31 2014

 

logo_3D

 

Sometimes you just browse the internet and come across a damn good App, Sometimes you have seen it before but simply didnt had the time to check it out, sometimes you think “yeah just antoher authentication platform bla bla bla.
Well this isn’t!
AUTHY is there to Protect your organization’s most valuable assets with the most powerful Two-Factor Authentication platform. Whether you use certificates, passwords, PAM or LDAP you can easily add a second layer of authentication using Authy.
WordPress, Cloudfare, PC, SSH, Facebook,GMAIL and Enterprise platform, you name they’ve got it.
Check it out and Learn more !
And do not forget to check out their phone intelligence services here
Happy Browsing and Athenticationing into the future!

Obama administration : the world servers are ours!

Omerta Information Security – Rotterdam 16 Juli 2014

logo_3D

US says global reach needed to gut “fraudsters,” “hackers,” and “drug dealers.”

In Amerika zijn ze toch een beetje in de war, alhoewel amerikanen zelf in het geding komen cispa/cisa ( alhoewel dat er ook doorheen gaat komen waarschijnlijk ) wil Amerika toch vooral de grip -lees inzage-  op de rest van de wereld qua data en servers behouden.

 

Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland.

In essence, President Barack Obama’s administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It’s a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.

A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.” Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

In its briefs filed last week, the US government said that content stored online doesn’t enjoy the same type of Fourth Amendment protections as data stored in the physical world. The government cited (PDF) the Stored Communications Act (SCA), a President Ronald Reagan-era regulation:

Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft’s reliance on principles of extra-territoriality and comity falls wide of the mark.

Microsoft said the decision has wide-ranging, global implications. “Congress has not authorized the issuance of warrants that reach outside US territory,” Microsoft’s attorneys wrote. “The government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility.”

The Redmond, Washington-based company said its consumer trust is low in the wake of the Edward Snowden revelations. It told the US judge presiding over the case that “[t]he government’s position in this case further erodes that trust and will ultimately erode the leadership of US technologies in the global market.”

Companies like Apple, AT&T, Cisco, and Verizon agree. Verizon said (PDF) that a decision favoring the US would produce “dramatic conflict with foreign data protection laws.” Apple and Cisco said (PDF) that the tech sector is put “at risk” of being sanctioned by foreign governments and that the US should seek cooperation with foreign nations via treaties, a position the US said is not practical.

The Justice Department said global jurisdiction is necessary in an age when “electronic communications are used extensively by criminals of all types in the United States and abroad, from fraudsters to hackers to drug dealers, in furtherance of violations of US law.”

The e-mail the US authorities are seeking from Microsoft concerns a drug-trafficking investigation. Microsoft often stores e-mail on servers closest to the account holder.

The senior counsel for the Irish Supreme Court wrote in a recent filing that a US-Ireland “Mutual Legal Assistance Treaty” was the “efficient” avenue (PDF) for the US government to obtain the e-mail held on Microsoft’s external servers.

Orin Kerr, a Fourth Amendment expert at George Washington University, said, “The scope of the privacy laws around the world is now a very important question, and this is the beginning of what may be a lot of litigation on the question. So it’s a big case to watch.”

 

 

Dit bericht verscheen eerst op arstechnica

HOSTINGBEDRIJVEN EN INTERNETPROVIDERS KLAGEN BRITSE GEHEIME DIENST (GCHQ) AAN!

OMERTA INFORMATION SECURITY -Rotterdam

 

logo_3D

Webhosts en internetproviders uit verschillende landen, waaronder Nederland, klagen in samenwerking met de Britse organisatie Privacy International de geheime dienst GCHQ aan.

De zeven bedrijven eisen dat de inlichtingendienst zijn aanvallen en spionage op belangrijke internetinfrastructuur stopzet.

Onder de aanklagers is het Nederlandse Greenhost, dat onder meer zorgt voor de hosting van het klokkenluidersplatform Publeaks, dat door veel Nederlandse media wordt gebruikt om anoniem documenten te ontvangen.

Het beschermen van journalistieke infrastructuur is een van de belangrijkste redenen om de aanklacht in te dienen, zegt ceo Sacha van Geffen van Greenhost. “Infiltratie door externe partijen als de GCHQ maakt onze systemen onbetrouwbaar en kwetsbaar en zet de levens van velen op het spel. Het ongericht afluisteren van burgers criminaliseert hen zonder enige rechtsgrond.”

 

Bewijs

Woordvoerder Douwe Schmidt licht tegenover NU.nl toe dat Greenhost geen bewijs heeft voor infiltratie in zijn servers door de GCHQ. “Het probleem bij dit soort dingen is dat je dat over het algemeen niet weet.”

Omdat in documenten van klokkenluider Edward Snowden wel vergelijkbare doelwitten van GCHQ worden genoemd, zien Greenhost en de andere aanklagers voldoende reden om zich toch te wenden tot het Investigatory Powers Tribunal, een speciale Britse rechtbank die spionagezaken behandelt.

Privacy International startte in mei ook al een zaak bij die rechtbank. Toen richtte de aanklacht zich tegen het infecteren van miljoenen computers en mobiele apparaten met malware.

dit bericht werd gepost door nu.nl

MICROSOFT ERKENT FOUT BIJ OFFLINE HALEN VAN MILJOENEN WEBSITES (DYNAMIC DNS )

logo_3DMicrosoft heeft bekend dat het een fout heeft gemaakt bij de actie tegen het bedrijf No-IP.com, waardoor miljoenen websites offline gingen. No-IP biedt Dynamische DNS (DDNS), waar gebruikers gratis allerlei subdomeinen kunnen aanmaken en aan een IP-adres koppelen.

Volgens Microsoft werd No-IP op grote schaal door de Bladabindi en Jenxcus-malware gebruikt. De rechter oordeelde dat Microsoft het DNS-beheer van 22 No-IP-domeinen kreeg toegewezen, waardoor het verkeer naar deze subdomeinen op de servers van Microsoft uitkwam. Volgens No-IP kon Microsoft het verkeer niet aan, waardoor miljoenen websites offline gingen.

“Door een technische fout kregen sommige klanten van wie de apparaten niet door de malware waren besmet met een tijdelijk verlies van service te maken”, zegt Microsofts David Finn tegenover ZDnet. Hij merkt op dat alle diensten inmiddels zijn hersteld en dat Microsoft het ongemak betreurt.

Kritiek

Verschillende beveiligingsonderzoekers zijn kritisch over de actie van de softwaregigant. “Het in beslag nemen van domeinen is een veelgebruikte strategie die uit de hand aan het lopen is”, zegt botnetonderzoeker Claudio Guarnieri tegen ThreatPost. Volgens hem gaat het om een controversiële strategie die al langer onder vuur ligt.

“Het feit dat we bedrijven zoals Microsoft zien die de middelen van legitieme bedrijven in beslag nemen heeft voor grote verbazing in de gemeenschap gezorgd.” De onderzoeker merkt op dat Microsoft een andere aanpak had moeten kiezen. “Elke andere manier was beter geweest. Microsoft werkt aan een juridisch precedent om ongestoord en naar eigen inzicht de politie op internet uit te hangen.”

Guarnieri noemt het onacceptabel dat Microsoft de middelen van andere bedrijven zo maar afneemt, zonder eerst andere mogelijke oplossingen te onderzoeken. “Microsofts Digital Crime Unit was bij veel recente operaties respectloos en dwars en ik weet zeker dat de gemeenschap hier tegen zal protesteren en niet meer met ze in de toekomst zal willen samenwerken.”

Ondanks de woorden van Microsoft dat de dienstverlening zou zijn hersteld zijn de domeinen van No-IP.com nog steeds niet bereikbaar, zo laat het bedrijf weten. Gebruikers krijgen dan ook het advies om een nieuw subdomein aan te maken via verschillende domeinen die niet door Microsoft in beslag zijn genomen.

Dit berciht verscheen oorspronkelijk op security.nl

NSA MOCHT VAN FISA RECHTBANK WERELDWIJD ALLE LANDEN BESPIONEREN (op 4 na)

“A court permitted the NSA to collect information about governments in 193 countries and foreign institutions like the World Bank, according to a secret document the Washington Post published Monday. The certification issued by a Foreign Intelligence Surveillance Court in 2010 shows the NSA has the authority to “intercept through U.S. companies not just the communications of its overseas targets, but any communications about its targets as well,” logo_3DOnly four countries in the worldd — Britain, Canada, Australia and New Zealand — were exempt from the agreement, due to existing no-spying agreements that the Post highlights in this document about the group of countries, known as “Five Eyes” with the U.S.

Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents.

The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.

The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowdenlists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency.

The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States.”

 

A copy of the court order can be found here!