jm + exploits   43

SECURITY ALERT - Critical bug in Parity's MultiSig-Wallet
'Together, we were able to determine that malicious actors had exploited a flaw in the Parity Multisig code, which allowed a known party to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.'

by leaving "internal" (a visibility restricting keyword) off of the wallet contract, it was possible for attackers to steal millions from a "secure" multi-sig wallet in Ethereum: https://press.swarm.city/parity-multisig-wallet-exploit-hits-swarm-city-funds-statement-by-the-swarm-city-core-team-d1f3929b4e4e

https://twitter.com/ncweaver/status/887821804038873088 : 'Time from "OMFG there is a bug" to "geez, someone steal $16M"? 2 hours. Gotta love JavaScript FunBukx, err Ethereum'
ethereum  fail  security  exploits  javascript  parity 
3 days ago by jm
Capturing all the flags in BSidesSF CTF by pwning Kubernetes/Google Cloud
good exploration of the issues with running a CTF challenge (or any other secure infrastructure!) atop Kubernetes and a cloud platform like GCE
gce  google-cloud  kubernetes  security  docker  containers  gke  ctf  hacking  exploits 
12 weeks ago by jm
NVD - CVE-2016-10229
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
udp  security  cve  linux  msg_peek  exploits 
april 2017 by jm
Smart TV hack embeds attack code into broadcast signal—no access required | Ars Technica
Awesome.
The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue [DVB-T] signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
dvb-t  tv  security  exploits  samsung  smart-tvs  broadcast 
april 2017 by jm
That thing about pwning N26
Whitehat CCC hacker thoroughly pwns N26 bank -- there's a lot of small leaks and insecurities here. Sounds like N26 are dealing with them though
ccc  hacks  exploits  n26  banks  banking  security 
march 2017 by jm
St. Petersburg team operated a PRNG hack against Vegas slots
According to Willy Allison, a Las Vegas–based casino security consultant who has been tracking the Russian scam for years, the operatives use their phones to record about two dozen spins on a game they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.

“The normal reaction time for a human is about a quarter of a second, which is why they do that,” says Allison, who is also the founder of the annual World Game Protection Conference. The timed spins are not always successful, but they result in far more payouts than a machine normally awards: Individual scammers typically win more than $10,000 per day. (Allison notes that those operatives try to keep their winnings on each machine to less than $1,000, to avoid arousing suspicion.) A four-person team working multiple casinos can earn upwards of $250,000 in a single week.
prng  hacking  security  exploits  randomness  gambling  las-vegas  casinos  slot-machines 
february 2017 by jm
How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica
In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls. The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic.
nsa  hacks  exploits  pix  cisco  security 
august 2016 by jm
Exclusive: SWIFT bank network says aware of multiple cyber fraud incidents
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters.


Ouch. They seem to be indicating that they're all phishing/impersonation-based attacks.
phishing  swift  banking  hacks  exploits  banks  security 
april 2016 by jm
How I Hacked Facebook, and Found Someone's Backdoor Script
Great writeup of a practical pen test. Those crappy proprietary appliances that get set up "so the CEO can read his email on the road" etc. are always a weak spot
facebook  hacking  security  exploits  pen-tests  backdoors 
april 2016 by jm
Neutered RNG let man rig million dollar lotteries | Ars Technica
A forensic examination found that the generator had code that was installed after the machine had been audited by a security firm that directed the generator not to produce random numbers on three particular days of the year if two other conditions were met. Numbers on those days would be drawn by an algorithm that Tipton could predict [...] All six prizes linked to Tipton were drawn on either Nov. 23 or Dec. 29 between 2005 and 2011.
prng  randomness  security  hacks  exploits  lottery  us  audits  holes 
april 2016 by jm
SNES Code Injection -- Flappy Bird in Super Mario World
hand-injecting an entirely different game into Super Mario World on the SNES by exploiting buffer overflows BY HAND. this is legendary behaviour
games  hacks  exploits  buffer-overflow  snes  code-injection  amazing  flappy-bird  seth-bling  video  youtube 
march 2016 by jm
US Lottery insider accused of stealing millions by hacking lottery machines across the US
Prosecutors believe that Tipton, 52, used his access to the machines to surreptitiously install software programs that let him know the winning numbers in advance before disappearing without a trace. They say he worked with associates such as his brother Tommy Tipton — a Texas judge — and Texas businessman Robert Rhodes to play those numbers and collect prizes dating back to 2005.
us  lotteries  prng  randomness  exploits  hacking  insider-attacks  lottery 
january 2016 by jm
ImperialViolet - Juniper: recording some Twitter conversations
Adam Langley on the Juniper VPN-snooping security hole:
... if it wasn't the NSA who did this, we have a case where a US gov­ern­ment back­door ef­fort (Dual-EC) laid the ground­work for some­one else to at­tack US in­ter­ests. Cer­tainly this at­tack would be a lot eas­ier given the pres­ence of a back­door-friendly RNG al­ready in place. And I've not even dis­cussed the SSH back­door. [...]
primes  ecc  security  juniper  holes  exploits  dual-ec-drbg  vpn  networking  crypto  prngs 
december 2015 by jm
Malware infecting jailbroken iPhones stole 225,000 Apple account logins | Ars Technica

KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia, which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts.


Ouch. Not a good sign for Cydia
cydia  apple  security  exploits  jailbreaking  ios  iphone  malware  keyraider  china 
september 2015 by jm
Analysis of PS4's security and the state of hacking
FreeBSD jails and Return-Oriented Programming:
Think of [Return-Oriented Programming] as writing a new chapter to a book, using only words that have appeared at the end of sentences in the previous chapters.
ps4  freebsd  jails  security  exploits  hacking  sony  rop  return-oriented-programming 
august 2015 by jm
background doc on the Jeep hack
"Remote Exploitation of an Unaltered Passenger Vehicle", by Dr. Charlie Miller (cmiller@openrce.org) and Chris Valasek (cvalasek@gmail.com). QNX, unauthenticated D-Bus, etc.

'Since a vehicle can scan for other vulnerable vehicles and the exploit doesn’t require any user interaction, it would be possible to write a worm. This worm would scan for vulnerable vehicles, exploit them with their payload which would scan for other vulnerable vehicles, etc. This is really interesting and scary. Please don’t do this. Please.'
jeep  hacks  exploits  d-bus  qnx  cars  safety  risks 
august 2015 by jm
DRUG PUMP’S SECURITY FLAW LETS HACKERS RAISE DOSE LIMITS
The Hospira drug pump vulnerabilities described here sound pretty horrific
drugs  drug-pumps  hospira  exploits  vulnerabilities  security  root  dosage  limits 
may 2015 by jm
Race conditions on Facebook, DigitalOcean and others
good trick -- exploit eventual consistency and a lack of distributed transactions by launching race-condition-based attacks
attacks  exploits  race-conditions  bugs  eventual-consistency  distributed-transactions  http  facebook  digitalocean  via:aphyr 
april 2015 by jm
New South Wales Attacks Researchers Who Found Internet Voting Vulnerabilities | Electronic Frontier Foundation
'NSW officials seemed more interested in protecting their reputations than the integrity of elections. They sharply criticized Halderman and Teague, rather than commending them, for their discovery of the FREAK attack vulnerability. The Chief Information Officer of the Electoral Commission, Ian Brightwell, claimed Halderman and Teague’s discovery was part of efforts by “well-funded, well-managed anti-internet voting lobby groups,” an apparent reference to our friends at VerifiedVoting.org, where Halderman and Teague are voluntary Advisory Board members.1 Yet at the same time, Brightwell concluded that it was indeed possible that votes were manipulated.'
freak  security  vulnerabilities  exploits  nsw  australia  internet-voting  vvat  voting  online-voting  eff 
april 2015 by jm
Anatomy of a Hack
Authy doesn't come off well here:

'Authy should have been harder to break. It's an app, like Authenticator, and it never left Davis' phone. But Eve simply reset the app on her phone using a mail.com address and a new confirmation code, again sent by a voice call. A few minutes after 3AM, the Authy account moved under Eve's control.'
authy  security  hacking  mfa  authentication  google  apps  exploits 
march 2015 by jm
Wired on "Regin"
The researchers have no doubt that Regin is a nation-state tool and are calling it the most sophisticated espionage machine uncovered to date—more complex even than the massive Flame platform, uncovered by Kaspersky and Symantec in 2012 and crafted by the same team who created Stuxnet.

“In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless,” writes Symantec in its report about Regin.

Though no one is willing to speculate on the record about Regin’s source, news reports about the Belgacom and Quisquater hacks pointed a finger at GCHQ and the NSA. Kaspersky confirms that Quisqater was infected with Regin, and other researchers familiar with the Belgacom attack have told WIRED that the description of Regin fits the malware that targeted the telecom, though the malicious files used in that attack were given a different name, based on something investigators found inside the platform’s main file.
regin  malware  security  hacking  exploits  nsa  gchq  symantec  espionage 
november 2014 by jm
Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback
Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.


ouch.
ssl3  ssl  tls  security  exploits  google  crypto 
october 2014 by jm
Shellshock
An _extremely_ detailed resource about the bash bug
bash  hacking  security  shell  exploits  reference  shellshock 
october 2014 by jm
oss-sec: Re: CVE-2014-6271: remote code execution through bash
this is truly heinous. Given that any CGI which invokes popen()/system() on a Linux system where /bin/sh is a link to bash is vulnerable, there will be a lot of vulnerable services out there (via Elliot)
via:elliottucker  cgi  security  bash  sh  exploits  linux  popen  unix 
september 2014 by jm
Nik Cubrilovic - Notes on the Celebrity Data Theft
tl;dr: a lot of people are spending a lot of time stealing nudie pics from celebrities. See also http://www.zdziarski.com/blog/?p=3783 for more details on the probable approaches used. Grim.
apple  privacy  security  celebrities  pics  hacking  iphone  ipad  ios  exploits  brute-force  passwords  2fa  mfa  find-my-iphone  icloud  backups 
september 2014 by jm
The poisoned NUL byte, 2014 edition
A successful exploit of Fedora glibc via a single NUL overflow (via Tony Finch)
via:fanf  buffer-overflows  security  nul  byte  exploits  google  project-zero 
august 2014 by jm
Syria's 2012 internet disconnection wasn't on purpose
According to Edward Snowden, it was a side-effect of the NSA attempting to install an exploit in one of the core routers at a major Syrian ISP, and accidentally bricking the router
routers  exploits  hacking  software  tao  nsa  edward-snowden  syria  internet  privacy 
august 2014 by jm
Nanex: "The stock market is rigged" [by HFTs]
All this evidence points to one inescapable conclusion: the order cancellations and trade executions just before, and during the trader's order were not a coincidence. This is premeditated, programmed theft, plain and simple. Michael Lewis probably said it best when he told 60 Minutes that the stock market is rigged.


Nanex have had enough, basically. Mad stuff.
hft  stocks  finance  market  trading  nanex  60-minutes  michael-lewis  scams  sec  regulation  low-latency  exploits  hacks 
july 2014 by jm
Cloudflare demonstrate Heartbleed key extraction
from nginx. 'Based on the findings, we recommend everyone reissue + revoke their private keys.'
security  nginx  heartbleed  ssl  tls  exploits  private-keys 
april 2014 by jm
Does the heartbleed vulnerability affect clients as severely?
'Yes, clients are vulnerable to attack. A malicious server can use the Heartbleed vulnerability to compromise an affected client.'

Ouch.
openssl  ssl  security  heartbleed  exploits  tls  https 
april 2014 by jm
Mark McLoughlin on Heartbleed
An excellent list of aspects of the Heartbleed OpenSSL bug which need to be thought about/talked about/considered
heartbleed  openssl  bugs  exploits  security  ssl  tls  web  https 
april 2014 by jm
Evasi0n Jailbreak's Userland Component
Good writeup of the exploit techniques used in the new iOS jailbreak.
Evasi0n is interesting because it escalates privileges and has full access to the system partition all without any memory corruption.  It does this by exploiting the /var/db/timezone vulnerability to gain access to the root user’s launchd socket.  It then abuses launchd to load MobileFileIntegrity with an inserted codeless library, which is overriding MISValidateSignature to always return 0.
jailbreak  ios  iphone  ipad  exploits  evasi0n  via:nelson 
february 2013 by jm
Detecting Certificate Authority compromises and web browser collusion | The Tor Blog
'If I had to make a bet, I'd wager that an attacker was able to issue high value [SSL] certificates, probably by compromising [the USERTRUST SSL certificate authority] in some manner, this was discovered sometime before the revocation date, each certificate was revoked, the vendors notified, the patches were written, and binary builds kicked off - end users are probably still updating and thus many people are vulnerable to the failure that is the CRL and OCSP method for revocation.' It seems addons.mozilla.org was one of the bogus certs acquired. Major ouch. Thanks to EFF/Tor et al for investigating this -- SSL cert revocation is a shambles
security  ssl  tls  certificates  ca  revocation  crypto  exploits  eff  tor  comodo  usertrust  from delicious
march 2011 by jm
Why did annon attack the FG website? : ireland
all signs point to 'they didn't.'  also, interesting comment in the Reddit thread: 'From a source close to the situation; the forms [on the FG site] were not being sanitised [against SQL injection attacks] at all.'  incredibly amateurish, if true
reddit  anonymous  4chan  hacks  fine-gael  fghack  ireland  politics  security  sql  exploits  from delicious
january 2011 by jm
good investigation into an Android WebKit exploit
already fixed in Froyo, but still -- interesting write-up from Sophos. good to see Google have chosen to separate all apps into individual uids, too
froyo  google  apps  phones  smartphones  android  webkit  exploits  security  from delicious
november 2010 by jm
Cache on Delivery
Mind-boggling presentation; a load of sites are exposing memcacheds to the public internet, with no auth, and full of juicy data (samples included). iptables is hard
memcached  security  hacks  exploits  from delicious
august 2010 by jm
SSL trick certificate published
ioerror published the '\00' wild-card SSL cert for any domain (for affected SSL client libs at least)
ssl  tls  security  nul  ioerror  bugs  exploits  from delicious
november 2009 by jm

related tags

2fa  4chan  60-minutes  amazing  android  anonymous  apple  apps  assembly  attacks  audits  australia  authentication  authy  backdoors  backups  banking  banks  bash  broadcast  brute-force  buffer-overflow  buffer-overflows  bugs  byte  ca  cars  casinos  ccc  celebrities  certificates  cgi  china  cisco  code-injection  coding  comodo  consoles  containers  crypto  cryptography  ctf  cve  cydia  d-bus  digitalocean  distributed-transactions  docker  dosage  drug-pumps  drugs  dual-ec-drbg  dual_ec_drbg  dvb-t  ecc  edward-snowden  eff  espionage  ethereum  evasi0n  eventual-consistency  exploits  facebook  fail  fghack  finance  find-my-iphone  fine-gael  flappy-bird  freak  freebsd  froyo  gambling  games  gce  gchq  gke  google  google-cloud  hacking  hacks  han  hax  heartbleed  hft  holes  home  homeplug  hospira  http  https  hypervisor  icloud  insider-attacks  internet  internet-voting  ioerror  ios  ipad  iphone  ireland  jailbreak  jailbreaking  jails  java  javascript  jeep  jenkins  juniper  keyraider  kubernetes  las-vegas  lastpass  limits  linux  lotteries  lottery  low-latency  malware  market  memcached  mfa  michael-lewis  mod-chips  msg_peek  n26  nanex  networking  nginx  nsa  nsw  nul  online-voting  openssl  parity  passwords  pen-tests  phishing  phones  pics  pix  plcs  politics  popen  power  powerline-networking  primes  printf  privacy  private-keys  prng  prngs  project-zero  ps3  ps4  qnx  qualcomm  race-conditions  randomness  reddit  reference  regin  regulation  return-oriented-programming  reversing  revocation  risks  root  rop  routers  rsa  safety  samsung  scams  sec  security  serialization  seth-bling  sh  shell  shellcode  shellshock  slot-machines  smart-tvs  smartphones  snes  software  sony  sql  ssl  ssl3  stocks  swift  symantec  syria  tao  tls  tor  trading  tv  udp  unix  us  usertrust  via:aphyr  via:elliottucker  via:fanf  via:nelson  via:securitay  video  voting  vpn  vulnerabilities  vvat  web  webkit  youtube 

Copy this bookmark:



description:


tags: