Igor Delovski Board

[Harry Callahan]

Race conditions in security dialogs, by Jesse Ruderman

"Another form of the attack involves convincing the user to double-click a
certain spot on the screen. This spot happens to be the location where the
'Yes' button will appear. The first click triggers the dialog; the second click
lands on the 'Yes' button. I made a demo of this attack for Firefox and
Mozilla."

[Ike]

Raymond Chen: We know it's insecure, but we want to do it anyway

"Suppose you find yourself some workaround and are willing to
concede that your technique is living on borrowed time. It's still a bad
idea. One of the aspects of security that doesn't get much attention is
repudiation. Responding to the user's actions from a secure screen saver
to do anything other than unlock the workstation gives the user plausible
deniability."

[Guest]

How a Malformed Installer Package Can Crack Mac OS X

"There exists a pretty significant interface problem with the Apple
Installer program such that any package requesting admin access via the
AdminAuthorization key, when run in an admin user account, is given full
root-level access without providing the user with a password prompt
during the install."

[Ike]

MSDN: Maintaining a Security Checklist

"As a developer, it is recommended that you maintain a list of security
issues that you can update as you gain experience in writing secure
applications. The following table is meant to provide a starting point for
your own list."

[Andrej]

Security identifier

"I thought I'd make it write down some security identity data of the
computer. (called SID) I'd want to get the SID data, write it as a binary file.
And then when you execute a program, that program reads that data and
only runs when the SID-s match."

[Andrej]

If you don't trust your administrators, you've already lost

Rather, you take the things that you do want them to be able to do and
delegate that permission and only that permission to them (discretionary
access control).

For more information, check out this column on trustworthy
administrators (based, I am told, on a TechEd presentation)
by Steve Riley (and his uncredited co-presenter Jesper Johansson).

[delovski]

mvps.org - Privileges

"Privileges are what you can never have enough of. Here is a sample
that will tell you which privileges you have for your current account, and
just for fun, it then tries to enable SeTcbPrivilege ("Act as part of the
operating system" in User Manager). For info on getting the privilege list for
any account, check out the samples for LsaEnumerateAccountRights() and
LsaEnumerateAccountsWithUserRight() on the LSA pages."

[delovski]

Digg: Windows XP Privilege Escalation Exploit

"Using simple command line tools on a machine running Windows XP we
will obtain system level privileges, and run the entire explorer process
(Desktop), and all processes that run from it have system privileges. The
system run level is higher than administrator, and has full control of the
operating system and it’s kernel."

Power User to Administrator escalation is far more interesting:
http://www.sysinternals.com/blog/2006/05/power-in-power-users.html

[delovski]

JoS: Firewalls

"All this software is cheap as in no cost to download and use but
expensive as in takes a bit of expertise/experience to set it all up.

I sell a firewall to corporations that does all this and more. The more part is
for things like VPNs between offices and road warrior type configurations. I
typically sell a maintenance & support contract and give the hardware away
at wholesale."

[Guest]

Nuclear plant powers up on real-time OS

"The real-time operating system is used where software failure can
lead to catastrophic consequences, even death - from high-speed trains
to air traffic control towers to highway toll systems. It's also used in more
than 100 different types of cars on the road.

For Atomic Energy of Canada Ltd., which operates nuclear power plants in
Canada, China and Slovenia, downtime just isn't an option. About 15 to
20 years ago, the Mississauga, Ont.-based company turned to QNX's real-
time operating system to keep its plants running. Since then, it's
upgraded to version 4.0 and is now rolling out 6.0 - and that's it."

[XNote]

Better Windows security keeps Apple safer: Gartner

"Research group Gartner has said that Mac OS X users are now safer
from a mass attack -- such as Blaster on Windows -- than they were two
years ago, partly because Microsoft has closed so many holes in its
ubiquitous platform."

[delovski]

Slashdot: Targeted Trojan Attacks Causing Concern

Bill Andad writes to point out a surprise trend emerging from the Virus
Bulletin Conference 2006 in Montreal this week. From the article on Daniweb:
"It is the smallest of Trojan attacks that are causing the biggest headache
in the world of corporate security right now. By targeting individuals within
individual companies with individually constructed infected messages, the
new-age industrial spy is slipping under the security radar." News.com has
more in-depth coverage.

[Maradonna]

Digg: Microsoft Now Decides to Accept Outside Security for Vista

"Microsoft did an about-face yesterday, agreeing to make it easier for
customers of its forthcoming Vista OS to use outside security vendors,
such as those who make popular antivirus and anti-spyware programs.
Until now, Microsoft had planned to block those companies from installing
their products in the deepest levels of the new OS."

[XNote]

Guide to Keeping Your Identity Safe

"Sad but you're absolutely right. Until there are strong government
regulations for how corporations must secure personal, private information,
this will just keep getting worse, and insurance premiums will continue to
rise and the losses/burden will continue to be pushed back on all consumers.
After all, you don't really expect the entities that are (ir)responsible for
this problem to actually pay the price."

[delovski]

Joel Spolsky: What's a SQL Injection Bug?

"Unfortunately it's a gigantic security hole called SQL injection.

The user, if malicious, can close the string that you opened, finish your
select statement, put in a semicolon (the SQL statement separator), and
then type any SQL code they want, and it will run."

[Ike]

Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security

"Botnets consisting of 100,000 and 200,000 nodes are not uncommon.
There's even a case where a real botnet was found with about 1.5 million
machines under one person's control.

You don't even have to participate - armies of coders are available to
code custom spyware for money, or perform denial of service attacks for
hire such as the one a CEO of a web-based satellite T.V. retailer ordered
against his competitors which caused outages as long as two weeks at a
time and $2 million in losses."

[Ike]

Security specialist leaves PHP security team

"Stefan Esser, PHP security specialist and member of the official PHP Security
Response Team has, he says, had enough - in his blog he has announced
his immediate resignation from the PHP Security Response Team. He states
that he has various reasons for doing so, the most important of which is that
his attempt to make PHP safer "from the inside" is futile. According"

[delovski]

How Skype & Co. get round firewalls

"Peer-to-peer software applications are a network administrator's
nightmare. In order to be able to exchange packets with their counterpart
as directly as possible they use subtle tricks to punch holes in firewalls,
which shouldn't actually be letting in packets from the outside world."

[Ike]

Digg: How to hack network passwords in 13 steps

"This instructional tutorial shows how easy it is to sniff people's passwords
in plain-text form on a wired network. Common applications for this would
be on a university, school or otherwise large network. This tutorial is for
educational purposes only and should only be used to demonstrate the security
weaknesses of common networking systems."

[delovski]

How about a rootkit FAQ for the forums?

"So you want to know where to start? Well, first off, if you've come here
looking for a ready-made solution to hack your friend's box, you've come to
the wrong place! Rootkit.com is primarily a knowledge based site intended
to provide information about rootkit development and related programming
issues. On the other hand, if you're a newbie with a desire to learn how to
write your own rootkit and you need some idea of where to begin, please
read on."

"Get a book like:
a. Undocumented Windows 2000 Secrets by Sven Schreiber
b. Undocumented Windows NT by Prasad Dabak, Milind Borate, and Sandeep Phadke.
c. Windows NT/2000 Native API Reference by Gary Nebbett is a must have!

Additionally, there are quite a few books on the subject including:
a. The Windows 2000 Device Driver Book by Art Baker and Jerry Lozano
b. Windows NT Device Driver Development by Viscarola and Mason
c. Programming The Microsoft Windows Driver Model by Walter Oney.
d. Developing Windows NT Device Drivers: A Programmer's Handbook
by Dekker and Newcomer (The Bible of reference materials)"

[delovski]

SecurityFocus : Windows rootkits come of age

Interview with Greg Hoglund and Jamie Butler:

"One of the tools that an administrator might use to find evidence of a
rootkit such as hidden files, Registry keys, and processes is Rootkit Revealer
from Sysinternals. However, this tool does not identify processes hidden
using data manipulation, which is what the FU rootkit uses. To detect the
FU rootkit types of attacks, an administrator can use Blacklight by F-Secure.
These are probably two of the more widely uses tools to detect rootkits in
Windows."

[Ike]

Reddit: Acer installs ActiveX backdoor on all their computers

Tan Chew Keong: "Recently, I noticed that my Acer TravelMate 4150 notebook
contains the LunchApp.APlunch ActiveX control, which is marked as "safe for
scripting" and "safe for initializing from persistent data"."

[XNote]

Digg: How the US National Security Agency access was built into Windows

"A careless mistake by Microsoft programmers had revealed that special
access codes prepared by the US NSA have been secretly built into Windows.
The NSA access system was built into every version of the Windows operating
system in use."

[Ike]

Slashdot: "Very Severe Hole" In Vista UAC Design

"Hacker Joanna Rutkowska has flagged a "very severe hole" in the design
of Windows Vista's User Account Controls (UAC) feature. The issue is that
Vista automatically assumes that all setup programs (application installers)
should be run with administrator privileges — and gives the user no option
to let them run without elevated privileges. This means that a freeware
Tetris installer would be allowed to load kernel drivers. Microsoft's Mark
Russinovich acknowledges the risk factor but says it was a 'design choice'
to balance security with ease of use."

[delovski]

MB’s Windows Security: The Program.exe Problem

"Suppose that you want to run the following command:

C:\Program Files\Internet Explorer\iexplore

But how does Windows know where the program path ends and the
program’s command line parameters begin? How does it know that the
user isn’t trying to run a program named “C:\Program.exe” with the
parameter “Files\Internet Explorer\iexplore?”

The problem is that it doesn’t know. It just starts at the beginning and
tries finding an executable until it finds a match."

[Ike]

Slashdot: MacBook Wi-Fi Hijack Details Finally Released

"Hacker David Maynor attempted to put the strange tale of the Macbook Wifi
hack to rest, and offered an apology for mistakes made. All this and a live
demo of the takeover exploit was made at a Black Hat DC event yesterday.
Maynor promised to release e-mail exchanges, crash/panic logs and exploit
code in an effort to clear his tarnished name. Said Maynor: 'I screwed up a
bit [at last year's Black Hat in Las Vegas]. I probably shouldn't have used
an Apple machine in the video demo and I definitely should not have
discussed it a journalist ahead of time ... I made mistakes, I screwed up.
You can blame me for a lot of things but don't say we didn't find this and
give all the information to Apple.'"

[delovski]

msdn: Sign Tool (SignTool.exe)

"The Sign Tool is a command-line tool that digitally signs files, verifies
signatures in files, or time stamps files."

[delovski]

Lack of Mac malware baffles experts

"Apple's Mac OS X remains almost completely free of any sort of malware
threat despite several years of availability, a significant market share, and
even an entire month dedicated to pointing out its flaws.

And security experts are not exactly sure why. In an article for the McAfee
Avert Labs blog, security researcher Marius van Oers pointed out that Mac
malware is 'pretty much non-existent at the moment'."

[Samuel Brown]

Digg: Why there aren't viruses for Macs — it's not because of low market share.

"Apple haters love to claim that there are no viruses for Macs because there
are so few compared to Windows machines. Virus creators are in the business
because of ego. And what would be a bigger ego boost than being the first to
create a widespread OS X virus?"

[Ike]

JoS: Poll : Which Anti Virus are you using

"AVG Free, ... Norton, ... Panda, ... Kaspersky, ... Nod32, ..."

[Ike]

How We Learned to Cheat at Online Poker: A Study in Software Security,
by Brad Arkin, Frank Hill, Scott Marks, Matt Schmid and Thomas John Walls

"If we know that the current value of RandSeed is 12345, then the next
integer produced will be 1655067934 and the value returned will be 20. The
same thing happens every time (which should not be surprising to anyone
since computers are completely deterministic).



Here's the kicker though; after finding a correct seed once, it is possible
to synchronize our exploit program with the server to within a few seconds.
This post facto synchronization allows our program to determine the seed
being used by the random number generator, and to identify the shuffle being
used during all future games in less than one second!"

[delovski]

Tech-industry experts tell how they avoid ID theft and other
online threats

His story was the basis for the 2002 movie "Catch Me If You Can" starring
Leonardo DiCaprio.

"Everything I did 40 years ago, when I was a teenager, is thousands of times
easier to do today. Technology has made it so much easier to commit these
crimes," he said.

[delovski]

Computer Security Articles by Bruce Schneier

Communications of the ACM Columns, CNET News.com Articles, eWeek
Articles, Computerworld Articles, Network World Op-Eds, Information Security
Magazine Columns, IEEE Security & Privacy Columns, Point-Counterpoints
with Marcus Ranum, ... and Why Terrorism Doesn't Work:

"This study analyzes the political plights of twenty-eight terrorist groups --
the complete list of foreign terrorist organizations (FTOs) as designated by
the U.S. Department of State since 2001. The data yield two unexpected
findings. First, the groups accomplished their forty-two policy objectives
only 7 percent of the time."

[delovski]

Slashdot: Cracked Linux Boxes Used to Wield Windows Botnets

"Dave Cullinane, eBay's chief information and security officer] noticed an
unusual trend when taking down phishing sites. 'The vast majority of the
threats we saw were rootkitted Linux boxes, which was rather startling. We
expected Microsoft boxes,' he said. Rootkit software covers the tracks of
the attackers and can be extremely difficult to detect.

According to Cullinane, none of the Linux operators whose machines had
been compromised were even aware they'd been infected. Because Linux
is highly reliable and a great platform for running server software, Linux
machines are desired by phishers, who set up fake websites, hoping to lure
victims into disclosing their passwords."

[delovski]

How Hackers Use Backdoors to Control Your Computer

"There is a common misconception about security today, and it isn’t pretty.
Most users would love to believe that their pricey consumer firewalls shield
them from anything obscene. The sad part is they couldn’t be more wrong.
We seek to prove this with three separate programs that can compromise
your computers security ..."

1. Back Orifice / Back Orifice 2000
2. NetBus / Netbus 2.0 Pro
3. SubSeven / Sub7

[delovski]

Slashdot: Inside The Twisted Mind of Bruce Schneier

"Bruce Schneier has an essay on the mind of security professionals like
himself, and why it's something that can't easily be taught. Many people
simply don't see security threats or the potential ways in which things can
be abused because they don't intend to abuse them. But security pros,
even those who don't abuse what they find, have a different way of looking
at things.

They always try to figure out all the angles or how someone could beat the
system. In one of his examples, Bruce talks about how, after buying one of
Uncle Milton's Ant Farms, he was enamored with the idea that they would
mail a tube of live ants to anyone you asked them to."

[Ike]

ars/digg - 5 Important Security Apps for Linux, Mac, and Windows

"We've got you covered with five freeware or shareware security tools for
Linux boxes, Macs, and Windows machines, all recommended by Ars staffers."

[delovski]

Google - Google Chrome, Sandboxing, and Mac OS X

"On Windows, getting a process sandboxed in a way that's useful to us is a
pretty complicated affair. ... Fortunately, on Mac OS X, the OS APIs for sand-
boxing a process are easy to use and straightforward."

[Ike]

Slashdot - The iPhone SMS Hack Explained

"Tom's Hardware just interviewed Charlie Miller, the man behind the iPhone
remote exploit hack and winner of Pwn2Own 2009. He explains the (now pa-
tched) bug in the iPhone which allowed him to remotely exploit the iPhone in
detail, explaining how the string concatenation code was flawed.

The most surprising thing was that the bug could be traced back to several
previous generation of the iPhone OS (he stopped testing at version 2.2). He
also talks about the failures of other devices, such as crashing HTC's Touch
by sending a SMS with '%n' in the text."

[delovski]

slashdot - The Story of a Simple and Dangerous OS X Kernel Bug

"At the beginning of this month the Mac OS X 10.5.8 closed a kernel vulne-
rability that lasted more than 4 years, covering all the 10.4 and (almost all)
10.5 Mac OS X releases. This article presents some twitter-size programs
that trigger the bug. The mechanics are so simple that can be easily expla-
ined to anybody possessing some minimal knowledge about how operating
systems works. Beside being a good educational example this is also a scary
proof that very mature code can still be vulnerable in rather unsophisticated
ways."

[delovski]

so - What is the best practice to store username and password on
the iPhone?

"Is there a best practice way to store username and password on the iPho-
ne? I am looking for something that is obviously secure but will also keep
the info between app updates."

[delovski]

news.cnet.com - Marc Maiffret--the quick rise of a teen hacker

"[Apple has] really only begun in the last six months or so taking security
seriously and understanding that it impacts their business in a serious way.

[Computer security is] one of the only industries in the world where you're
pretty much set up for constant failure and a race that never ends. You
never really have a victory because as soon as you do the bad guys have
moved on to something else."

[delovski]

Slashdot - Android Rootkit Is Just a Phone Call Away

"Hoping to understand what a new generation of mobile malware could
resemble, security researchers will demonstrate a malicious 'rootkit'
program they've written for Google's Android phone next month at the
Defcon hacking conference in Las Vegas. Once it's installed on the And-
roid phone, the rootkit can be activated via a phone call or SMS mes-
sage, giving attackers a stealthy and hard-to-detect tool for siphoning
data from the phone or misdirecting the user. 'You call the phone, the
phone doesn't ring, and when the phone realizes that it's being called by
an attacker's phone number, it sends him back a shell [program],' said
Christian Papathanasiou, a security consultant with Chicago's Trustwave,
the company that did the research."

[delovski]

Wired - Secure Your Mac Against Fraudulent SSL Certificates

"Dutch SSL certificate authority (CA) Diginotar issued a fraudulent certificate
for *google.com in August 2011. This means that hackers can, and have
been, impersonating Gmail with a "man in the middle" attack. The certificate
is believed to have been issued by Iranian agents after they hack Diginotar.
The exploit may have been used to spy on Iranian citizens' e-mail."

[Ike]

http://queue.acm.org/detail.cfm?id=2673311

Security Collapse in the HTTPS Market

Assessing legal and technical solutions to secure HTTPS

[delovski]

ars - Asus lawsuit puts entire industry on notice over shoddy router security

"According to the FTC, the vulnerabilities allowed attackers to gain
unauthorized access to 12,900 Asus routers in February 2014. At least
one user whose router was hacked reported being the victim of identity
fraud after hackers accessed personal data attached to the device, the
complaint alleged."

[delovski]

Symantec - Common loading points for viruses, worms, and Trojan horse programs on a Mac

In the dialog box that appears, type the location of the folders exactly as
they appear in the list, and click Go.

/System/Library/LaunchAgents
/System/Library/LaunchDaemons
/System/Library/StartupItems
/Library/LaunchAgents
/Library/LaunchDaemons
/Library/StartupItems
~/Library/LaunchAgents
~/Library/LaunchDaemons

[delovski]

MW - How to remove Mac malware, viruses and ransomware for free

"Mac malware is rare, but it does exist. Our guide to removing malware is
vital reading for Mac OS X users - and now covers the KeRanger BitTorrent
infection. Discover how to stop malicious software infecting your Mac, and
how to remove it safely for free if you get caught out."

[delovski]

HN - Mac Malware Can Secretly Spy On Your Webcam and Mic - Here's How to Stay Safe

"Patrick Wardle, an ex-NSA staffer who heads up research at security intelli-
gence firm Synack, discovered a way for Mac malware to tap into your live
feeds from Mac's built-in webcam and microphone to locally record you even
without detection.

Wardle is the same researcher who has discovered a number of security
weaknesses in Apple products, including ways to bypass the Gatekeeper
protections in OS X.

Wardle also released a free tool called RansomWhere? earlier this year that
has generic detection capabilities for Mac OS X ransomware variants."

[Ike]

mjg59 - Fixing the IoT isn't going to be easy

"We can't easily fix the already broken devices, we can't easily stop more
broken devices from being shipped and we can't easily guarantee that we
can fix future devices that end up broken. The only solution I see working
at all is to require ISPs to cut people off, and that's going to involve a great
deal of pain. The harsh reality is that this is almost certainly just the tip of
the iceberg, and things are going to get much worse before they get any
better."

[delovski]

x1622 - cipher check with check-ciphers.com

"SSLLABS is good to check ciphers, but for IP adresses and non 443 ports,
it does not work. check-ciphers.com orders the ciphers for each protocol
(ssl.x, tls.x) in server prefered sort order. (the red ones are weak)"

[delovski]

Mark Russinovich's - Analyzing a Stuxnet Infection with the Sysinternals Tools

"I forwarded the file to the Microsoft antimalware and security research teams
and our internal review into what became the Stuxnet saga began to unfold,
quickly making the driver I had received become one of the most infamous
pieces of malware ever created."

[Ike]

https://www.reddit.com/r/security/comments/5eedra/great_now_even_your_headphones_can_spy_on_you/

Great. Now Even Your Headphones Can Spy on You wired.com

[Ike]

https://www.reddit.com/r/apple/comments/5fud1i/a_practical_guide_to_securing_mac_os/

A practical guide to securing Mac OS (github.com)

[delovski]

r - Why I Built my Own Hacking Network

"As of this writing, one Raspberry Pi is already running Mutillidae. I strongly
recommend the Mutillidae project. It's very easy to set up, filled with instruct-
ions and tutorial links and gives you the opportunity to learn in a private
setting with repeatable hacks that will help to solidify the fundamentals. I have
plans to add other vulnerable web applications such as OWASP Security
Shepherd as well as a well-known CMS or two, possibly even an open source
IoT OS."

[delovski]

Kaspersky - Generic OS X Malware Detection Method Explained

"In an academic paper published by Virus Bulletin on Monday, Vincent
Van Mieghem, a former student at the Delft University of Technology in
the Netherlands, describes how a recurring pattern he observed in OS X
system calls can be used to indicate the presence of malware. "

[delovski]

themerkle.com - Tesco Bank May Have Facilitated Their Own Heist By Using Sequential Debit Card Numbers

"A few weeks ago, news broke about Tesco Bank falling victim to a
massive fraud attack. As it turns out, the institution brought this upon
themselves, as they issued debit cards with sequential numbers. This
is perhaps one of the worst examples of financial malpractice to hit the
banking sector in quite some time."

[delovski]

github.com - Awesome Malware Analysis

"A curated list of awesome malware analysis tools and resources"

"Malware Collection, Anonymizers, Honeypots, Malware Corpora, Open
Source Threat Intelligence, Detection and Classification, Online Scanners
and Sandboxes, Domain Analysis, Browser Malware, Documents and Shell-
code, File Carving, Deobfuscation, Debugging and Reverse Engineering,
Memory Forensics, Windows Artifacts, Storage and Workflow, Miscellaneous
Resources..."

[delovski]

r - Careers in security, ethical hacking and advice on where to get started

"I've (almost) always been a web developer. I started writing software in
'95 whilst at university and from day one, it was software for the web. There
were a few years before that where I made pocket money working in various
part time PC support roles but for the most part, it's always been about
building software. I spent a decade and a half doing that before I really
began to think seriously about specialising in security."

[delovski]

appcanary.com - Everything you need to know about HTTP security headers

"This article explains what secure headers are and how to implement these
headers in Rails, Django, Express.js, Go, Nginx, and Apache."

[delovski]

r - Malvertising Increased by 132% in 2016

"According to New Report it's a direct attack on the lifeblood of the internet as we know it."

[delovski]

Hack - Secure Operating System released for IoT and Embedded Systems

"Russian cyber security and antivirus vendor Kaspersky Lab has made
available the much awaited KasperskyOS, a secure-by-design operating
system based on Microkernel architecture which is specially designed for
network devices, industrial control systems and the Internet of Things."

[Ike]

r - Cloudflare have been leaking customer HTTPS sessions for months.
Uber, 1Password, FitBit, OKCupid, etc.

"The examples we're finding are so bad, I cancelled some weekend plans
to go into the office on Sunday to help build some tools to cleanup. I've
informed cloudflare what I'm working on. I'm finding private messages
from major dating sites, full messages from a well-known chat service,
online password manager data, frames from adult video sites, hotel bo-
okings. We're talking full https requests, client IP addresses, full respon-
ses, cookies, passwords, keys, data, everything."

[Ike]

https://www.youtube.com/watch?v=BLGFriOKz6U&feature=youtu.be

Published on Aug 16, 2016
by Ivan Krstic

With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10.

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data ? controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.

Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.

[Ike]

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

https://www.reddit.com/r/apple/comments/61j1qz/ios_10_security_white_paper/

[delovski]

r - Hacker documents show NSA tools for breaching global money
transfer system

"Documents and computer files released by hackers provide a blueprint
for how the U.S. National Security Agency likely used weaknesses in
commercially available software to gain access to the global system for
transferring money between banks, a review of the data showed."

[Ike]

https://www.reddit.com/r/apple/comments/67hsy2/for_the_love_of_jobs_will_you_people_stop/

for the love of Jobs will you people stop installing MacKeeper. it's total crap.

[Ike]

LR - macOS Sierra and (legacy) smart card login

"It is easy to configure a user account to use a smartcard to login with macOS
Sierra. Some steps are not easy to guess so I wrote this documentation for me
to remember."

[XNote]

https://www.reddit.com/r/IAmA/comments/6cmmdf/iama_the_accidental_hero_who_helped_stop_the/

[delovski]

git - Secure iOS application development

"This guide is a collection of the most common vulnerabilities found in iOS
applications. The focus is on vulnerabilities in the applications' code and only
marginally covers general iOS system security, Darwin security, C/ObjC/C++
memory safety, or high-level application security."

[delovski]

so - How to create a self-signed certificate with openssl?

"You can also add -nodes if you don't want to protect your private key with
a passphrase, otherwise it will prompt you for "at least a 4 character" pass-
word. The days parameter (365) you can replace with any number to affect
expiration date. It will then prompt you for things like "Country Name" but
you can just hit enter and accept defaults."

[delovski]

blog.acolyer.org - IoT goes nuclear: creating a ZigBee chain reaction

"What we demonstrate in this paper is that even IoT devices made by big
companies with deep knowledge of security, which are protected by industry-
standard cryptographic techniques, can be misused by hackers can rapidly
cause city-wide disruptions which are very difficult to stop and investigate."

[XNote]

https://www.reddit.com/r/apple/comments/6kpm4t/macos_terminal_alternative_to_antivirus/

[Ike]

https://itsecuritycentral.teramind.co/2017/07/07/technology-developments-in-data-security-say-goodbye-to-the-firewall/

Technology Developments in Data Security, Say Goodbye to the Firewall

[delovski]

fortune.com - How Equifax Turned Its Massive Hack Into an Even Worse 'Dumpster Fire'

"On Thursday, consumer credit rating agency Equifax announced what may
become the most economically damaging hack in U.S. history, exposing the
personal data of nearly half of all Americans."

[Ike]

ars - Millions of high-security crypto keys crippled by newly discovered flaw

"The researchers examined keys used in electronic identity cards issued by
four countries and quickly found two - Estonia and Slovakia - were issuing
documents with fingerprinted keys, both of which were 2048 bits in length,
making them practically factorizable."

[Ike]

How I Socially Engineer Myself Into High Security Facilities

[delovski]

r - All my Ethereum stolen right out of my wallet

"In that case, the user tried to check his Bitcoin Gold balance on the site
https://mybtgwallet.com/. The site now looks innocent, but it looked very
different yesterday. It was asking users for their 12-word recovery seed...

It's an open source site, but you can see that the code is brand new, all the
files have been uploaded to GitHub 20 hours ago.

We suspect this site has been hacked."

[Ike]

https://www.reddit.com/r/security/comments/7g73j9/login_as_root_with_empty_password_after_a_few/

Login as 'root' with empty password after a few tries on MacOS High Sierra twitter.com

[Ike]

r - Evidence some bitcoin address generation code is using discoverable private keys

"Nobody should be using Blockchain.info to store any amount of value.
The entire ecosystem needs to shift away from relying on Blockchain.info
for anything at all, including the block explorer itself. There are plenty of
alternatives available."

[Ike]

iOS 11 Horror Story: The Rise And Fall Of IOS Security

"The release of iOS 11, which we praised in the past for the new S.O.S. mode
and the requirement to enter a passcode in order to establish trust with a new
computer, also made a number of other changes under the hood that we have
recently discovered. Each and every one of these changes was aimed at making
the user's life easier (as in 'more convenience'), and each came with a small
trade off in security. Combined together, these seemingly small changes made
devastating synergy, effectively stripping each and every protection layer off
the previously secure system."

[Ike]

wired - How Email Open Tracking Quietly Took Over the Web

"I wrote Cook a lengthy email detailing the reasons he should join me for an
interview. When I didn't hear back, I drafted a brief follow-up, enabled Streak,
hit send. Hours later, I got the notification: My email had been read. Yet one
glaring detail looked off. According to Streak, the email had been read on a
Windows Desktop computer."

[delovski]

Y - Get ready for a 2018 cryptocurrency crime wave

"After all, cryptocurrency cyber heists are now extremely lucrative, with the
opportunity to make tens of millions of dollars from a single attack. This will
likely entice more hacking groups to expand their operations beyond traditi-
onal revenue streams -- 'banking Trojans,' 'ransomware,' 'carding,' etc. -- to
take on cryptocurrency investors as well. Cybercriminals go where the money
is and right now the money is definitely in bitcoin."

[Ike]

https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

KEEPING SPECTRE SECRET
How an industry-breaking bug stayed secret for seven months ? and then leaked out

[delovski]

sploitspren.com - Windows Privilege Escalation Guide

"This guide is influenced by g0tm1lk's Basic Linux Privilege Escalation, which
at some point you should have already seen and used. I wanted to try to mir-
ror his guide, except for Windows. So this guide will mostly focus on the enu-
meration aspect."

[delovski]

ssllabs.com - SSL/TLS Capabilities of Your Browser

"Protocol Support, Logjam Vulnerability, FREAK Vulnerability, ..."

[delovski]

Hardcoded Password Found in Cisco Enterprise Software, Again

"The company discovered these flaws following as part of its massive series
of internal audits it started back in December 2015.

At the time, security researchers found a backdoor account in Juniper software
that could decrypt VPN traffic, and Cisco decided to hunt and root out any
similar backdoors before attackers found them first."

[delovski]

r - Has your MacBook battery life become much worse in the last week or two? New Zero-Day Mac CPU virus

"The bad news is that it's currently uncertain what it's using the CPU for
(though let's be reasonable, it's probably cryptocurrency mining or something).
The good news is that is probably all it's doing and not stealing/encrypting any
of your files."

/Library/LaunchDaemons/com.pplauncher.plist
/Library/Application Support/pplauncher/pplauncher

[delovski]

tls.ulfheim.net - The Illustrated TLS Connection

"In this demonstration a client has connection to a server, negotiated a TLS
1.2 session, sent "ping", received "pong", and then terminated the session.
Click below to begin exploring."

[delovski]

g - Reverse Engineering iOS Applications

"All the vulnerabilities that I'll show you here are real, they've been found in
production applications by security researchers, including myself, as part of
bug bounty programs or just regular research. One of the reasons why you
don't often see writeups with these types of vulnerabilities is because most
of the companies prohibit the publication of such content.

We've helped these companies by reporting them these issues and we've
been rewarded with bounties for that, but no one other than the researchers
and the company's engineering team will learn from those experiences. This
is part of the reason I decided to create this course, by creating a fake iOS
application that contains all the vulnerabilities I've encountered in my own
research or in the very few publications from other researchers.
Even though
there are already some projects[^1] aimed to teach you common issues on
iOS applications, I felt like we needed one that showed the kind of vulnerabi-
lities we've seen on applications downloaded from the App Store."

[Ike]

https://old.reddit.com/r/theinternetofshit/

[delovski]

ars - Study shows which messengers leak your data, drain your battery, and more

"Among the worst offenders, according to research published on Monday, were
messengers from Facebook, Instagram, LinkedIn, and Line. More about that
shortly. First a brief discussion of previews."

[Ike]

r - I Was the Homeland Security Adviser to Trump. We're Being Hacked.

"It was reported several years ago that Russia has access to the U.S. power grid.

The GOP just attempted a coup, openly, after denying assistance to and
ensuring a shaky existence for much of the U.S. populace for a year during
a pandemic. If you thought that was callous, just wait until those major GOP
donors who would profit from evictions and property sales reap a windfall.

Things may get really weird."

[Ike]

Get Alerted If Your Computer Gets Infected

https://jacobsalmela.com/2014/10/02/roll-defense-mac-backdoor-iworm/

"So, really, you will probably just need to monitor the LaunchDaemons and /private/var/root folders. You will notice in the screenshot that I have other folders listed, this is because I have used this trick to block other types of malware."

plus

OS X: Roll-your-own Malware Detection

https://jacobsalmela.com/2014/05/19/roll-your-own-malware-detection/

[Ike]

Objective-See - The Art of Mac Malware

"Mac Malware Resources:

All about Mac antivirus"
The Safe Mac Malware Catalog
OS X Incident Response: Scripting and Analysis
OS Internals

I'm writing a (free) book: The Art of Mac Malware ...have a read, it's free"

Plus: https://github.com/objective-see

[Ike]

windows10forums.com - Windows Defender false threat on Windows 10

"Windows Defender - It claims in its "Threat Blocked" report that the file has
'Trojan:Script/Wacatac.B!ml'. Most amazingly when I run a custom scan on this
file it says "0 threats found", but it will still remove the file periodically when I
try to use it even if this removal does not happen each time I use it.

Windows Security > Virus & threat protection > Manage settings > Add
or remove exclusions"

[Ike]

git - Mobile Verification Toolkit

"Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and
automate the process of gathering forensic traces helpful to identify a potential
compromise of Android and iOS devices."

[Ike]

Objective-See - The Art of Mac Malware

"Mac Malware Resources:

All about Mac antivirus"
The Safe Mac Malware Catalog
OS X Incident Response: Scripting and Analysis
OS Internals

I'm writing a (free) book: The Art of Mac Malware ...have a read, it's free"

Plus: https://github.com/objective-see

[Ike]

git - Sloth

"Sloth is a native Mac app that shows all open files, directories, sockets, pipes,
and devices in use by all running processes on your system. This makes it easy
to inspect which apps are using which files, etc."

[Ike]

git - kr : a simple file encryption/decryption tool.

"kr is a simple file encryption/decryption program based on Monocypher.
Under the hood, it uses the incremental AEAD interface of Monocypher to
encrypt/decrypt files using XChaCha20-Poly1305.

kr offers two modes of operation:

Keyfile-based: a private key is stored on the user's machine and is used to
encrypt and decrypt files.

Passphrase-based: an encryption/decryption key is generated, on the fly,
using Argon2i (with a random salt).

When using keyfiles, kr can help you generate either random or
deterministic keyfiles (based on a passphrase and a uid). See Keyfiles
Management below."