Categories
privacy security

FROST: Forensic Recovery Of Scrambled Telephones

Recovering contents directly from physical RAM of devices has been known for quite some time – it involves esoteric measures such as freezing the device using liquid nitrogen or by putting it in the freezer. It is interesting to see this technique being used to attack Android phones to recover disk encryption keys. Potentially this might defeat on-disk encryption for Android devices, though there are quite some caveats in the technique discussed on the website.

To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung.

FROST: Forensic Recovery Of Scrambled Telephones

Categories
privacy security

Unauthorized code in Juniper ScreenOS allows for administrative access

This is bad. Juniper is a major network equipment provider and a backdoor like this could lead to huge security compromise.

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

Source: Important Announcement about ScreenOS® – J-Net Community

Update (2015-12-20): It could be a state-sponsored attack.

Categories
security sysadmin

Let’s Encrypt – Entering Public Beta

Let’s Encrypt goes public beta. No more paying of ridiculous amounts for a simple SSL certificate. Yearly.

The process is still somewhat rough on the edges now. I expect it to get better when it goes 1.0. There’s another important thing to note when you’re using using certificates from Let’s Encrypt. In the interest of transparency, they publish the list of certificates issued by them. So if you’re uncomfortable about your domain appearing in a public website, you may want to reconsider.

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.

Source: Entering Public Beta

Categories
security

w00tsec: ARRIS Cable Modem has a Backdoor in the Backdoor

Yet another reason why device firmware must be made open source. This could create a botnet of potentially 600,000 nodes.

Source: w00tsec: ARRIS Cable Modem has a Backdoor in the Backdoor

Categories
Uncategorized

Germany is about to start up a monster machine that could revolutionize the way we use energy – Business Insider

The world is waiting with bated breath for this monster. Not quite Mr. Fusion yet, but hopefully it works as expected.

For more than 60 years, scientists have dreamed of a clean, inexhaustible energy source in the form of nuclear fusion.

It took 19 years to build this monster and this video shows just how complex the whole thing is.

Source: Germany is about to start up a monster machine that could revolutionize the way we use energy – Business Insider

Categories
3D

Turning 8-Bit Sprites into Printable 3D Models | 0 FPS

This is a really cool idea – a good mashup of old retro game artwork and 3D printing. The author of this website has written an editor that takes in 8-bit sprites from various directions, and produce a working file that can be used for 3D printing.

There’s just something tangible about physical objects that makes them so appealing.

Source: Turning 8-Bit Sprites into Printable 3D Models | 0 FPS

PS: the online editor appears to be down at the moment

Categories
sysadmin

Setting up DD-WRT on D-Link DIR-868L

Just got the great looking D-Link DIR-868L free recently from a broadband package that I signed up.
DIR-868L-A1-Image-L-Side-Left-

It’s an amazing router that has great features and performance. It also has great hardware specs, which makes it a perfect candidate for trying custom firmware like dd-wrt or OpenWrt. My preference would be to go for OpenWrt, unfortunately at this point of writing it is not supported. So it’s on to dd-wrt.

Installation of dd-wrt firmware can be done by following this wiki. Try it at your own risk, and always have the stock firmware on hand in case it doesn’t work.

Assuming you got this far, what’s next? Packages, naturally! To do that you have to first enable JFFS at the dd-wrt Administration tab. Next, let’s install something.

root@xxxxxxxx:/jffs/tmp# ipkg update
mkdir: can't create directory '//usr/local/lib/': Read-only file system

root@xxxxxxxx:~# ipkg install nano
root@xxxxxxxx:~# nano
-sh: nano: not found

Uh oh. Turns out ipkg is broken on this firmware and a search turns up other users facing the same issue. Someone on the forums suggested opkg instead and that’s where I went. There are many forum posts, blog posts and wikis on this topic. The one that I’m using is this. However, it doesn’t work out of the box else there won’t be this blog post :-).

Following the instructions, you should reach a step that tells you to download a script and execute it. Going for the “not so brave people” approach,

root@xxxxxxxx:/jffs/tmp# wget -q -O- http://debian.keithdunnett.net/ddwrt/optware_setup > optware_setup
root@xxxxxxxx:/jffs/tmp# chmod 700 optware_setup
root@xxxxxxxx:/jffs/tmp# ./optware_setup
Checking we can reach the repository...
./optware_setup: line 15: can't create /opt/usr/bin/optware_boottime: nonexistent directory
chmod: /opt/usr/bin/optware_boottime: No such file or directory
Making sure we have an initial opkg
Connecting to downloads.openwrt.org (78.24.191.177:443)
wget: server returned error: HTTP/1.1 404 Not Found
Connecting to dev.openwrt.org (217.115.15.26:443)
wget: can't open '/opt/lib/functions.sh': Read-only file system
tar: can't open 'opkg.ipk': No such file or directory
tar: can't open 'data.tar.gz': No such file or directory

Delving into the script, there are 2 problems. First, bind /opt to /jffs/opt. Then change line 32 of the script to the updated link (look up the latest link here).

root@xxxxxxxx:/jffs/tmp# mount -o bind /jffs/opt /opt
root@xxxxxxxx:/jffs/tmp# vi optware_setup
change to line 32:
`/usr/bin/wget https://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/base/opkg_9c97d5ecd795709c8584e972bfdf3aee3a5b846d-10_bcm53xx.ipk -O opkg.ipk` \

Let’s try again.

root@xxxxxxxx:/jffs/tmp# ./optware_setup
Checking we can reach the repository...
Making sure we have an initial opkg
Connecting to downloads.openwrt.org (78.24.191.177:443)
opkg.ipk 100% |***********************************************************************************************************************| 59159 0:00:00 ETA
Connecting to dev.openwrt.org (217.115.15.26:443)
functions.sh 100% |***********************************************************************************************************************| 7274 0:00:00 ETA
Creating the opkg config file in /opt/etc/opkg
You are now ready to install packages using opkg (this session only).
I've installed a script, optware_boottime, to run on boot and make the opkg settings persistent.
I'll add this to the end of rc_startup in nvram for you.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/base/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_base.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/packages/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/routing/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_routing.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/telephony/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_telephony.
Minimal setup is complete. You should now have a working opkg.
We have created some aliases in your ~/.profile to make everything work.
Please either 'source .profile' or LOG OUT and LOG IN AGAIN before proceeding.

Success!

PS: Note that you’ll need to add /jffs/opt to your fstab or something in order to mount /opt on startup.
Disclaimer: I’m a vim user. nano is just an example 🙂

Categories
Uncategorized

Apple’s iOS App Store suffers first major attack | Reuters

It has taken a long time but it finally happened. Malware in iOS apps. Instead of compromising the App Store, it’s the app developers that are getting compromised via an unauthorized Xcode.

Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

Source: Apple’s iOS App Store suffers first major attack | Reuters

Categories
security

Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones

Another reason to be wary of cheap mobile phones, especially those from dubious physical or online shops. See full report in the PDF.

These permissions enable extensive misuse: location detection, listening to and recording telephone calls or conversations, making purchases, bank fraud or sending premium SMS. The possibilities are almost endless.

Source: G DATA Whitepaper Vorlage – G_DATA_MobileMWR_Q2_2015_EN.pdf

Categories
privacy security

Who Hacked Ashley Madison? — Krebs on Security

Well, can we say schadenfreude? The hunter becomes the hunted.

Source: Who Hacked Ashley Madison? — Krebs on Security