Grant Willcox, a student studying ethical hacking at the University of Northumbria in the UK, is claiming that the Wassenaar Agreement, an arms control treaty that was expanded last year to prohibit the export of various kinds of software exploit, is forcing him to censor his dissertation.
Willcox's research investigates ways in which Microsoft's EMET software can be bypassed. EMET is a security tool that includes a variety of mitigation techniques designed to make exploiting common memory corruption flaws harder. In the continuing game of software exploit cat and mouse, EMET raises the bar, making software bugs harder to take advantage of, but does not outright eliminate the problems. Willcox's paper explored the limitations of the EMET mitigations and looked at ways that malware could bypass them to enable successful exploitation. He also applied these bypass techniques to a number of real exploits.
Typically this kind of dissertation would be published in full. Security researchers routinely explore techniques for bypassing system protections, with this research being one of the things that guides the development of future mitigations. Similarly, publishing the working exploit code (with a safe payload, to prove the concept) is standard within the research community.
On Wednesday, WikiLeaks published two new top-secret National Security Agency briefs that detail American and British espionage conducted against German leaders as they were discussing responses to the Greek economic crisis in 2011.
The organization also published a redacted list of 69 German government telephone numbers that were targeted for snooping. That list includes Oskar Lafontaine, who served as German finance minister from 1998 to 1999, when the German government was still based in Bonn—suggesting that this kind of spying has been going on for over 15 years at least.
As with the recent documents concerning NSA spying against France, WikiLeaks did not explain how it obtained the documents. However, it did share them with Greek, French, and German-language media, which all published them simultaneously on Wednesday evening, Europe time.
Security researchers at ESET in Bratislava have published an analysis of another apparently state-sponsored cyber-espionage tool used to target computers in Iran—and potentially elsewhere. The malware, also recently mentioned by Kaspersky researchers, was named "Dino" by its developers and has been described as a "full featured espionage platform." And this advanced persistent threat malware, according to researchers, might as well come with a "fabriqué en France" stamp on it.
Based on analysis of Dino's code from a sample that infected systems in Iran in 2013, "We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware," ESET's Joan Calvet wrote in a blog post today. The Casper malware was part of a large-scale attack on Syrian computers last fall. "Dino contains interesting technical features, and also a few hints that the developers are French speaking," Calvet noted.
Other members of the "Animal Farm" malware family have been attributed to French intelligence agencies by researchers—including a 2011 analysis by Canada's Communications Security Establishment revealed by documents leaked by former National Security Agency contractor Edward Snowden. Dino shares attributes with the other members of the "Animal Farm" malware family and improves on many of the techniques of "Babar," the previous generation intelligence-gathering software implant.
MIT says it's found a new, more efficient way to blend data mining with the privacy protections of encryption.
The post MIT’s Bitcoin-Inspired ‘Enigma’ Lets Computers Mine Encrypted Data appeared first on WIRED.
The Office of Personnel Management has suspended operation of the Electronic Questionnaires for Investigations Processing (E-QIP) system, the web gateway used to submit materials for background investigations. The agency announced the move today, citing the discovery of a vulnerability in the portal during an ongoing review of the agency's security. "As a result, OPM has temporarily taken the E-QIP system offline for security enhancements," an agency spokesperson said in an official statement to press.
The flaw in E-QIP is reportedly not related to the massive breach of the OPM's systems, which may have exposed up to 18 million individuals' personal information. That information includes everything from social security number and date of birth to records of clearance adjudications, proceedings in which officials discuss reasons why an individual's security clearance may have been removed.
In some cases, adjudication data could include information about financial difficulties, sex lives, substance abuse, and other failings that could be used to potentially blackmail a person or otherwise coerce them into potentially giving up classified information.
Cisco revealed a security vulnerability in a number of the company's network security virtual appliances that could give someone virtually unlimited access to them—default, pre-authorized keys for Secure Shell (SSH) sessions originally intended for "customer support" purposes. As Threatpost's Dennis Fisher reported, Cisco has released software patches that correct the problem, but there's no temporary workaround for systems that can't immediately be patched.
Cisco released an advisory on the vulnerability on June 25. There are two separate SSH key vulnerabilities for the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv).
The first is that these virtual machines, which run on VMware and KVM virtualization platforms, share a default authorized SSH key for remote login. "IP address connectivity to the management interface on the affected platform is the only requirement for the products to be exposed to this vulnerability," Cisco warned. "No additional configuration is required for this vulnerability to be exploited."
A newly released document from the FBI sheds a little more light on the government’s controversial policy around the use of zero-day exploits. Though there is still much we don’t know, the question of when the secretive policy was put into place is finally answered: February, 2010. It wasn’t until last year that the government […]
The post Turns Out the US Launched Its Zero-Day Policy in Feb 2010 appeared first on WIRED.
Pwnie Express, the company that began as a builder of "drop boxes" for penetration testers and white-hat corporate hackers, has been evolving toward a more full-service security auditing platform vendor over the past few years while continuing to refine its hardware and software in ways that appeal to the corporate security set. Now Pwnie has released the third generation of its flagship mobile penetration testing platform, the Pwn Pad, bringing the Android and Kali Linux-based platform a step further away from the rough-hewn penetration testing tools it began with and into the realm of something with a lot more polish—and performance.
Pwnie Express' Mobile Platform Engineer Tim Mossey and Director of Research and Development Rick Farina recently gave Ars a walk-through of the Pwn Pad 3, which has just begun shipping out to pre-order customers. We expect to do a full review of the Pwn Pad 3 soon but wanted to get an early look at what to expect. The biggest visible change is the hardware itself, as Pwnie has left the relative comfort zone of Google's reference platform Nexus tablets and moved to the more powerful Nvidia Shield. But there are some changes behind the scenes as well that make the Pwn Pad 3 act more like an actual flagship commercial product and less like something way off the corporate reservation.
Full disclosure is in order here—Ars bought hardware from Pwnie Express to support our own security testing lab, and we enlisted help from Pwnie Chief Technology Officer Dave Porcello for our joint project with National Public Radio last year. So we've had a bit of experience with Pwnie's platform in many of its incarnations. We've also worked with a number of open source penetration tools, including the Kali Linux-based NetHunter platform for Android.