The Weekly Ink #41
THE WEEKLY INK
The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture. If you have links that you think would be interesting for inclusion and commentary, send them our way at labs@duosecurity.com.
It Keeps Getting Worse
Two weeks ago, we wrote about the OPM hack and how it was reported that over 4 million records containing personal data were stolen. Unfortunately, initial estimates were slightly off and we are now being told that estimates are closer to 18 million records. The fact that they still don’t even know the complete impact of the breach does not fill us with confidence that we will ever know exactly what happened or what was taken.
In addition, it has become public that a contractor, known as KeyPoint Government Solutions, may have been involved as it is suspected that they were breached almost a year previous to the OPM attack and credentials compromised in that breach may have been used in the OPM breach. Yes, you read that right, one year old and known stolen credentials were still valid and provided access to some very sensitive data. Any of our readers who have ever undergone the security clearance process has had to fill out the dreaded 127 page SF86 form which collects a lot of very personal information.
This One Makes Me Hungry (Pun Alert)
In lighter news, researchers at Tel Aviv University, have published a paper on an attack that involves using a portable radio setup they have named; Portable Instrument for Trace Acquisition (PITA). Their method is a side channel attack on RSA and ElGamal implementations that use the popular sliding-window or fixed-window modular exponentiation algorithms. Apparently, this attack is quite effective and a Windows system running GnuPG had its keys stolen in minutes. Not to worry though, the researchers did report their findings to GnuPG who have made changes to address the issue. It is unknown what other encryption implementations are vulnerable however it is believed that implementations that leverage cipher-text blinding are not.
More Samsung Security Fail
You may remember in last weeks ink we talked about a Samsung phone vulnerability involving the Swift keyboard and how it updates itself. Continuing to raise the bar of security ineptness it was documented that Samsung may be intentionally disabling Windows Update on certain models of their consumer laptops. When a Samsung support representative was asked about this behaviour it was stated that they disable Windows Update in order to prevent the default Windows drivers from being installed as they may not function correctly with the Samsung hardware. Although in a statement provided to ThreatPost Samsung was sure to state; “We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 1-800-SAMSUNG.” Sadly, interfering with the built in Windows Update mechanism is a bit contradictory to that statement.
Smells Like FUD
InfoSecurity Magazine, in an article that reads more like an advertisement for MDM vendor PulseSecure breathlessly states in its large headline that “Android Malware Soars 390% in 2014 - Report”. Of course, once you begin reading the article it states that the increase in malware does not come from the official Google Play Store but from alternative and unofficial app markets. Of course these alternate markets are typically associated with rooted devices and it highlight why it's always a safer bet to remain in the ecosystem provided by your mobile device vendor of choice be it Google, Apple, or even Windows based phones.
It is also important to point out that the more trustworthy and less vendor sales pitch specific Verizon Data Breach Investigation Report (DBIR) states that “Out of tens of millions of mobile devices, the number of ones infected with with truly malicious exploits was negligible.”
Modern Binary Exploitation
The resident computer club and CTF team at Rensselaer Polytechnic Institute have released the complete materials for their Modern Binary Exploitation course which is designed to teach students vulnerability research and exploitation techniques. For those who are interested in this line of research we suggest you check it out.