03 December 2016

Hackers Steal $31 Million at Russia's Central Bank

The Bank of Russia has confirmed Friday that hackers have stolen 2 billion rubles ($31 million) from correspondent accounts at the Russian central bank. Central bank security executive Artiom Sychev said it could've been much worse as hackers tried to steal 5 billion rubles, but the central banking authority managed to stop them. CNNMoney reports: Hackers also targeted the private banks and stole cash from their clients, the central bank reported. The central bank did not say when the heist occurred or how hackers moved the funds. But so far, the attack bears some similarity to a recent string of heists that has targeted the worldwide financial system. Researchers at the cybersecurity firm Symantec have concluded that the global banking system has been under sustained attack from a sophisticated group -- dubbed "Lazarus" -- that has been linked to North Korea. But it's unclear who has attacked Russian banks this time around. Earlier Friday, the Russian government claimed it had foiled an attempt to erode public confidence in its financial system. Russian's top law enforcement agency, the FSB, said hackers were planning to use a collection of computer servers in the Netherlands to attack Russian banks. Typically, hackers use this kind of infrastructure to launch a "denial of service" attack, which disrupts websites and business operations by flooding a target with data. The FSB said hackers also planned to spread fake news about Russian banks, sending mass text messages and publishing stories on social media questioning their financial stability and licenses to operate.

02 December 2016

AWS introduces free and premium Shield DDoS mitigation services

 At its re:Invent user conference in Las Vegas yesterday, public cloud infrastructure provider Amazon Web Services (AWS) said that it has turned on distributed denial of service (DDoS) attack mitigation technology, called AWS Shield Standard, for all of its customers, free of charge.

It “protects you from 96 percent of the most common attacks today, including SYN/ACK floods, Reflection attacks, and HTTP slow reads,” AWS chief evangelist Jeff Barr wrote in a blog postWhen AWS detects attacks, “we will work together with DDoS protection teams to create the right level of protection using WAF [web application firewall]."

28 October 2016

Password Management using Apple's TouchBar

AgileBits, creator of 1Password, was so excited about Apple's MacBook Pro event that it has created some mockups of how 1Password could work with the Touch Bar. 1Password users will be able to unlock the app with Touch ID, for example, while Touch Bar will make it easy to switch between password vaults, select new item types, and create website logins. 1Password also anticipates allowing users to slide their fingers across the Touch Bar to generate a strong password.

27 October 2016

Best security control finally arrives in desktop computing with Secure Enclave in new Apple's Macbook Pro

Onstage at the company’s Fall event, Apple’s Phil Schiller revealed a new T1 chip, manufactured by Apple, that will bring the Secure Enclave on the new generation of laptops. iPhones and iPads have included Secure Enclave hardware for years, but this is the first instance of those protections on an Apple laptop.

The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It uses encrypted memory and includes a hardware random number generator.  The Secure Enclave provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data buffers.

The Secure Enclave runs an Apple-customized version of the L4 microkernel family. The
Secure Enclave utilizes its own secure boot and can be updated using a personalized software update process that is separate from the application processor. Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space. Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key entangled with the UID and an anti-replay counter.

The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor, determining if there is a match against registered fingerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s
shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

 The T1 isn’t the main processor, and most functions will still rely on Intel’s Core i5 or i7chips, but including an Apple-made chip enables a number of important security features. Apple’s A7 chip — included in iPhones and iPads — is encoded with an inextractible private key at the factory, as part of the A7’s Secure Enclave. That private key is then used for a number of security functions, including decrypting iMessages. Previous MacBooks have typically stored private keys in software-accessible memory, a less secure alternative made necessary by reliance on third-party chips.

Those features are particularly important for TouchID, which is built into the new MacBook Pro’s Touch Bar. That TouchID sensor, included on a MacBook for the first time, enables a single machine to switch between user accounts immediately after recognizing a registered print.

The Secure Enclave’s protections are central to TouchID, ensuring that attackers can’t extract fingerprint information from the device, an attack that has been demonstrated on some Android phones.

The darker side of machine learning

While machine learning is introducing innovation and change to many sectors, it also is bringing trouble and worries to others. One of the most worrying aspects of emerging machine learning technologies is their invasiveness on user privacy.

From rooting out your intimate and embarrassing secrets to imitating you, machine learning is making it hard to not only hide your identity but also keep ownership of it and prevent from being attributed to you words you haven’t uttered and actions you haven’t taken.
Here are some of the technologies that might have been created with good-natured intent, but can also be used for evil deeds when put into the wrong hands. This is a reminder that while we further delve into the seemingly countless possibilities of this exciting new technology, we should keep our eyes open for the repercussions and unwanted side-effects.

full article: https://techcrunch.com/2016/10/26/the-darker-side-of-machine-learning/

How to stop the Mirai IoT botnet - idea 1

Some have put forth a perhaps desperate -- and certainly illegal -- solution to stop massive internet outages, like the one on Friday, from happening: Have white-hat vigilante hackers take over the insecure Internet of Things that the Mirai malware targets and take them away from the criminals. Several hackers and security researchers agree that taking over the zombies in the Mirai botnet would be relatively easy. After all, if the "bad guys" Mirai can do it, a "good guys" Mirai -- perhaps even controlled by the FBI -- could do the same. The biggest technical hurdle to this plan, as F-Secure chief research officer Mikko Hypponen put it, is that once it infects a device, Mirai "closes the barn door behind it." Mirai spreads by scanning the internet for devices that have the old-fashioned remote access telnet protocol enabled and have easy to guess passwords such as "123456" or "passwords." Then, once it infects them, it disables telnet access, theoretically stopping others from doing the same. 

The good news is that the code that controls this function actually doesn't at times work very well, according to Darren Martyn, a security researcher who has been analyzing the malware and who said he's seen some infected devices that still have telnet enabled and thus can be hacked again. Also, Mirai disappears once an infected device is rebooted, which likely happens often as owners of infected cameras and DVRs try to fix their devices that suddenly have their bandwidth saturated. The bad news is that the Mirai spreads so fast that a rebooted, clean, device gets re-infected in five minutes, according to the estimates of researchers who've been tracking the botnets. So a vigilante hacker has a small window before the bad guys come back. The other problem is what a do-gooder hacker could do once they took over the botnet. 

The options are: brick the devices, making them completely unusable; change the default passwords, locking out even their legitimate owners; or try to fix their firmware to make them more resistant to future hack attempts, and also still perfectly functioning. The real challenge of this whole scenario, however, is that despite being for good, this is still illegal. "No one has any real motivation to do so. Anyone with the desire to do so, is probably afraid of the potential jail time. Anyone not afraid of the potential jail time...can think of better uses for the devices," Martyn told Motherboard, referring to criminals who can monetize the Mirai botnet.

Source: http://motherboard.vice.com/read/how-vigilante-hackers-could-stop-the-internet-of-things-botnet

26 October 2016

Nuclear Plants Leak Critical Alerts In Unencrypted Pager Messages

A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" includes:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage

Full report: "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments"