Chernobyl’s radiation monitoring system has been hit by the attack with its sensors shut down while UK advertising giant WPP, the largest agency in the world, among dozens of firms affected.

The ransomware appears to have been spread through popular accounting software and specifically targeted at bringing down business IT systems.

The outage began in Ukraine as the country’s power grid, airport, national bank and communications firms were first to report problems, before it spread rapidly throughout Europe.

Companies in the US, Germany, Norway, Russia, Denmark and France are among those to have confirmed issues so far

Users are being shown a message saying their data has been encrypted, with some asking for £300 in anonymous currency Bitcoin to retrieve it (pictured, an ATM in Ukraine)

More than 200,000 victims in 150 countries were infected by that software, which originated in the UK and Spain last month, before spreading globally.

But cyber security experts have warned that this time the virus is much more dangerous because it has no ‘kill switch’ and is designed to spread rapidly though networks.

Marcus Hutchins, who foiled the previous WannaCry attack by discovering a way to stop it from infecting new computers, told MailOnline that even if users pay the fee their files could now be lost forever.

He said: ‘The company that hosts the email account which the ransomware asks you to contact has closed the account. There’s no way to get files back.

‘It’s early days – we don’t know if we can find a fix yet. But if it’s decryptable we will find a way.’

Hutchins, 22, continued: ‘Everyone’s looking at this right now and I’m working with other researchers.

‘I was just praying it wasn’t the Wannacry exploit again. Ideally we’ll have to find a way to decrypt the files or else people are not going to get them back.’

The ransomware targets computers using the Windows XP operating system which have not installed the latest security updates released by Microsoft.

24/06/2017

KALI Linux – Promiscous Mode – Wireless hacking

Six Modes of Wireless

Monitor
Managed
Ad hoc
Master
Managed
Mesh
Repeater

23/06/2017

A Cyberattack ‘the World Isn’t Ready For’

idt

idt1

idt2

Reference NYTIMES

21/06/2017

Qubes OS – Privacy

https://www.qubes-os.org/

qubes os

https://www.qubes-os.org/downloads/

21/06/2017

The OpenVPN post-audit bug bonanza

https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

I love OpenVPN, and wish them the best of luck, in resolving these issues.

*****

Summary

I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find mostly technical information about the vulnerabilities and about how I found them, but also some commentary on why commissioning code audits isn’t always the best way to find vulnerabilities.

Here you can find the latest version of OpenVPN: https://openvpn.net/index.php/open-source/downloads.html

This was a labor of love. Nobody paid me to do this. If you appreciate this effort, please donate BTC to 1D5vYkiLwRptKP1LCnt4V1TPUgk7cxvVtg.

Introduction

After a hardening of the OpenVPN code (as commissioned by the Dutch intelligence service AIVD) and two recent audits 1 2, I thought it was now time for some real action ;).

Most of this issues were found through fuzzing. I hate admitting it, but my chops in the arcane art of reviewing code manually, acquired through grueling practice, are dwarfed by the fuzzer in one fell swoop; the mortal’s mind can only retain and comprehend so much information at a time, and for programs that perform long cycles of complex, deeply nested operations it is simply not feasible to expect a human to perform an encompassing and reliable verification.

End users and companies who want to invest in validating the security of an application written in an “unsafe” language like C, such as those who crowd-funded the OpenVPN audit, should not request a manual source code audit, but rather task the experts with the goal of ensuring intended operation and finding vulnerabilities, using that strategy that provides the optimal yield for a given funding window.

Upon first thought you’d assume both endeavors boil down to the same thing, but my fuzzing-based strategy is evidently more effective. What’s more, once a set of fuzzers has been written, these can be integrated into a continuous integration environment for permanent protection henceforth, whereas a code review only provides a “snapshot” security assessment of a particular software version.

Manual reviews may still be part of the effort, but only there where automation (fuzzing) is not adequate. Some examples:

verify cryptographic operations
other application-level logic, like path traversal (though a fuzzer may help if you’re clever)
determine the extent to which timing discrepancies divulge sensitive information
determine the extent to which size of (encrypted) transmitted data divulges sensitive information (see also). Beyond the sphere of cryptanalysis, I think this is an underappreciated way of looking at security.
applications that contain a lot of pointer comparisons (not a very good practice to begin with — OpenVPN is very clean in this regard, by the way) may require manual inspection to see if behavior relies on pointer values (example)
can memory leaks (which may be considered a vulnerability themselves) can lead to more severe vulnerabilities? (eg. will memory corruption take place if the system is drained of memory?)
can very large inputs (say megabytes, gigabytes, which would be very slow to fuzz) cause problems?
does the software rely on the behavior of certain library versions/flavors? (eg. a libc function that behaves a certain way with glibc may behave differently with the BSD libc — I’ve tried making a case around the use of ctime() in OpenVPN)

So doing a code audit to find memory vulnerabilities in a C program is a little like asking car wash employees to clean your car with a makeup brush. A very noble pursuit indeed, and if you manage to complete it, the overall results may be even better than automated water blasting, but unless you have infinite funds and time, resources are better spent on cleaning the exterior with a machine, vacuuming the interior followed by an evaluation of the overall cleanliness, and acting where necessary.

19/06/2017

The CIA has been hacking dozens of Wi-Fi routers and using them as covert listening points for at least a DECADE, leaked documents reveal

http://www.dailymail.co.uk/sciencetech/article-4617244/Leaked-documents-reveal-CIA-hacked-Wi-Fi-routers.html

Leaked CIA documents have revealed the agency has been hacking people’s Wi-Fi routers and using them as covert listening points.

Infected routers are used to spy on the activity of internet-connected device, according to decade-old secret documents leaked on Thursday by Wikileaks.

Home routers from 10 US manufacturers, including Linksys, DLink, and Belkin, have been used by the CIA to monitor internet traffic.

Wikileaks released the entire 175-page CIA user manual for the implant, which is codenamed ‘CherryBlossom’.

In total, the manual says that the firmware runs on 25 router models, but could run on more than 100 with minor modifications.

‘The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest,’ the document reads.

‘In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points (APs), to achieve these goals.’

The firmware is especially effective against some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even if they have a strong administrator password.

An exploit codenamed ‘tomato’ can extract passwords from these routers if a default feature known as universal plug and play is left on.

Missions tasks include copying some or all of the user’s internet traffic, email exchanges and private chat usernames.

All exchanges between the Flytrap and device and the CIA’s CherryTree server are encrypted and and cryptographically authenticated.

The documents date back to 2007, meaning the agency has been using the Wi-Fi hack for at least a decade.

Reference:

http://www.dailymail.co.uk/sciencetech/article-4617244/Leaked-documents-reveal-CIA-hacked-Wi-Fi-routers.html

https://wikileaks.org/vault7/document/SRI-SLO-FF-2012-177-CherryBlossom_UsersManual_CDRL-12_SLO-FF-2012-171/page-7/#pagination

08/06/2017

Theresa May’s repeated calls to ban encryption still won’t work

In the wake of Saturday’s terrorist attack in London, the Prime Minister Theresa May has again called for new laws to regulate the internet, demanding that internet companies do more to stamp out spaces where terrorists can communicate freely.

The arguments against banning encryption are well rehearsed, but worth repeating. Encryption is not just a tool used by terrorists. Anyone who uses the internet uses encryption. Messaging apps, online banking, e-commerce, government websites, or your local hospital all use encryption.

A ban on encryption would make it impossible to do anything online that relies on keeping things private, like sending your credit card details or messaging your doctor.

Even if governments were willing to sacrifice their citizen’s online privacy, any sort of ban would be futile anyway. Anyone with a little technical know-how could write their own code to encrypt and decrypt data. In fact, the code to do so is so small it easily fits on a t-shirt. http://www.cypherspace.org/rsa/

Another way to get rid of May’s “safe spaces” that has been mooted is to give security services special access to encrypted messages, so-called back doors. Again this is impractical.

If a “master key” was created that allowed security services to bypass encryption it would immediately become a target for hackers. Anyone feeling hostile could focus their efforts on cracking the master key, and in doing so would not just get access to one person’s data, but everyone’s.

Last month New Scientist called for a greater understanding of technology among politicians.

****

Thoughts. The New Scientist has rightly called for a greater understanding amongst politicians.

What Teresa May is actually saying is:

We ban internet banking (as that relies on encryption for security).
We ban internet shopping (as Amazon relies on encryption too).
We ban basically, all transactions on the Internet.

Do you agree with her?

The Internet and Encryption go hand in hand, you cannot use one safely without the other. I don’t see where she’s going with this argument, as it is a non starter.

However, it does show her lack of understanding of how the Internet relies upon encryption to function.

Reference:

https://www.newscientist.com/article/2133644-theresa-mays-repeated-calls-to-ban-encryption-still-wont-work/

02/06/2017

KALI – How to hack WIFI – WPS Pixie Dust Attack

WPS Pixie Dust Attack

A bit of background first. The Pixie Dust Attack is a WPS attack aimed to crack the PIN offline, exploiting the non-existing or low entropy of some APs. This vulnerability was discovered by Dominique Bongard. All credits for the research go to him.

Sources:

The roles of the devices in a common WPS transaction are:
– Registrar: client/attacker
– Enrollee: access point

Let’s have a look at part of the information exchanged between the two (|| means concatenation):
– Enrollee -> Registrar: M1 (E-Nonce || description || PKE)
– Registrar -> Enrollee: M2 (E-Nonce || R-Nonce || description || PKR)
– Enrollee -> Registrar: M3 (R-Nonce || E-Hash1 || E-Hash2)

PKE: Public Key Enrollee (g^A mod p)
PKR: Public Key Registrar (g^B mod p)
E-Nonce: Enrollee Nonce
R-Nonce: Registrar Nonce

And now comes the interesting part:
– E-Hash1: HMAC{AuthKey}(ES-1 || PSK1 || PKE || PKR)
– E-Hash2: HMAC{AuthKey}(ES-2 || PSK2 || PKE || PKR)

PSK1 is a truncated hash of the first 4 digits of the WPS pin
PSK2 is a truncated hash of the last 4 digits of the WPS pin

On M3 packet the AP is proving us that it knows the first half of the pin (with E-Hash1) and the second half (with E-Hash2). Of those two hashes we know everything except PSK1 and ES-1 and PSK2 and ES-2 respectivly.
– PSK1 and PSK2 needs only 10,000 + 1,000 guesses to find (if the last digit is used as checksum or 20,000 if not).
– ES-1 and ES-2 are two 128 bits random nonces, which would be impossible to bruteforce, right?

The question now is how are they generated? Are they truly random? No, not for every AP/manufacturer at least. Bongard looked up at two implementation: Ralink and Broadcom.
– The former uses ES-1 = ES-2 = 0 (constant) so we just need to bruteforce the PIN with 11000 guesses.
– The latter has the code of its random function publicy hosted online on GitHub (lol). It will work only for some old devices, though (probably those ones shipped from 2011 – 2013).

It uses the r_rand() function from C (wich is not secure) that uses a Linear Congruential Generator and its entropy is of 25 bits only (instant to bruteforce).
The ES-1 is calculated after the E-Nonce so you just need to guess the seed (25 bits of entropy) until you find the same sequence that leads to the E-Nonce. That’s it.

Now aside for those two manufacturers, it is also importat to mention that the majority of APs (if not all) use random pseudo-namber generators of 32 bits and have low entropy at boot. So more vulnerabilities are out there just need to be discovered by someone.