IEEE Computer Society Cipher --- Items from security-related news (E149)

  • Phone Follies: The Midnight Data Dump
    It's the middle of the night. Do you know who your iPhone is talking to?
    The Washington Post
    By Geoffrey A. Fowler
    May 28, 2019

    The technology columnist for the Washington Post decided to seek help in understanding the network traffic emanating from his iPhone during nighttime hours. He found that many of his apps had relationships with multiple third-parties to collect data from his phone. It is hard to believe, but he found 5400 trackers sending 1.5 gigabytes per month. Some of the companies behind the apps were surprised and vowed to remove the trackers, but others said that they employed tracking services to improve their apps and had no particular responsibility for the frequency of data collection or the totality of its eventual uses.

    The trackers are not limited to Apple devices, they also exist on Android phones.

  • Roses are Red, Eternal is Blue. Thank NSA if Ransom is Due
    NSA Hacking Tool Hits Baltimore
    The New York Times
    By Nicole Perlroth and Scott Shane
    May 25, 2019

    Some time ago NSA developed software to infiltrate Windows machines, and it was very successful, perhaps giving the US the ability to monitor the computers of terrorist organizations. With great power comes great responsibility, and somehow NSA blew it. The code was somehow released onto the Internet, and it became the basis for some serious ransomware. The city of Baltimore has been trying to re-establish its computer systems after being seriously damaged by a ransomware attack based on the NSA software.

    The exploit is effective against older versions of Windows that have not been patched. That includes many, many machines that prop up aging IT infrastructure in city, county, and state governments. An unpatched system that is attacked by the ransomware can cause harm to more modern machines that it communicates with.


    GOT PATCHES? - Microsoft practically begs Windows users to fix wormable BlueKeep flaw
    With 1M computers still unpatched, company tries to prevent worldwide wormpocalypse.

    Ars Technica
    Dan Goodin

    The EternalBlue software mentioned above can be patched with free, downloadable software from Microsoft. Yet more than a million machines worldwide remain vulnerable, by some estimates. As a "public health" measure Microsoft strongly urges that Windows 2000 machines be patched immediately.

  • Linux and the Second Stage Wasp's Nest
    UNDER THE RADAR - Advanced Linux backdoor found in the wild escaped AV detection. Fully developed HiddenWasp gives attackers full control of infected machines.
    Ars Technica
    by Dan Goodin

    A zero day exploit of Linux has been found embodied in active malware that evades most anti-virus detectors. Or, at least it did until it was revealed. Some think that the HiddenWasp malware is likely a later stage of software that gets served to targets of interest who have already been infected by an earlier stage.

  • The Big Easy: Public Key
    RED FLAG - Website for storing digital currencies hosted code with a sneaky backdoor and the mystery of the backdoored random number generator.

    Ars Technica
    Dan Goodin

    So you need a way to protect your digital currencies and you find something on github that is just the ticket. There seem to be two links for downloading the software, so you choose the first one on the page. That has a new function, SecureRandomAdvanced, which is an update of the SecureRandom function that is obtained through the other link. SecureRandomAdvanced uses an insecure random number generator that depends on hidden data in downloaded images. Only 120 unique keys can be generated from an image; but there are different images on different sites. Why? Who? No one knows. The code has been reverted, but if you downloaded it late last summer, you might want to replace it.

  • Desperate Plea for Microsoft Hiring Interview?
    WORKING EXPLOIT - Serial publisher of Windows 0-days drops exploits for 2 more unfixed flaws
    SandboxEscaper has published 7 such exploits to date, 3 in the past 24 hours.

    Ars Technica
    Dan Goodin

    A working exploit against a fully patched Windows 10 system is a disturbing discovery, but someone has anonymously revealed 7 such hacks this year. The attacks are serious and allow privilege escalation in some cases.