A take on the security news, week 47 2015
Monday
Lets encrypt public beta to launch in desember
The Lets encrypt project is going to open their public beta 3.desember 2015. Lets encrypt is going to provide a free and easy to implement SSL service. The limited beta that has been running since 12.september 2015 has already issued 11.000 free SSL-certificates.
https://letsencrypt.org/2015/11/12/public-beta-timing.html
Cloudflare to offer free DNSSEC for customers
Cloudflare is launching what they call Universal DNSSEC, which should make it easier for domainowners to protect their domain.
If you are a Cloudflare customer there should be an option in your dashboard to turn on DNSSEC.
https://www.cloudflare.com/dnssec/universal-dnssec/
Vulnerability in libPNG
Multiple buffer overflow vulnerabilities are found in the common libPNG library.
http://www.openwall.com/lists/oss-security/2015/11/12/2
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126#VulnChangeHistoryDiv
Police bodycamera delievered with virus
The 6 year old win32/conficker worm is found to be preinstalled on a range of bodycameras intended for use by official police forces.
http://www.goipower.com/?pageId=40
Tuesday
Bad barcode
Leveraging the fact that many barcodescanners are emulating keyboard devices, and that some of the involved protocols ( i.e Code 128) supports ASCII control characters it is shown how to open dialogboxes by just scan a barcode.
http://www.slideshare.net/PacSecJP/hyperchem-ma-badbarcode-en1109nocommentfinal
A breakdown of FDE on mobile devices
NCC group presented a paper on the challenges that mobile app developers face in securing data stored on devices.
Wednesday
Thursday
First beta of NTPSec
The NTPSec project is announcing the first beta of NTPSec, "a secure, hardened, and improved implementation of Network Time Protocol derived from NTP Classic".
So far the project has focused on removing obsolete code, hardening the code to prevent buffer overruns, fixed bugs and other modern development best practices.
DNSCat2 now supports encrypted communication
The dnscat2 tool is used by malware command & control centers, or other that wants to communicate stealthy. The tool now supports encrypted communication (encrypted by default) to make it even harder to detect and analyze the traffic.
The tool creates a DNS tunnel which is an effective way to pass through most firewalls.
https://blog.skullsecurity.org/2015/dnscat2-now-with-crypto
https://github.com/iagox86/dnscat2
Malware using steganography to hide data
A breakdown of advances in malware using covert communcation channels.
Friday
Python honeypot
HoneyPy a honeypot writtein in python is intended to be easy: to deploy, to extenden and to apply custom configurations. It depends on twisted, and a twitter plugin (if you want alerts sent to twitter).
If you want to see what is going out there on the Internet, you could try this on one of your test appliances.
https://github.com/foospidy/HoneyPy/blob/master/README.md
Amazon now offers 2FA
It seems that Amazon quietly have enabled the possibility to use two-factor authentication.
SiverPush, a sneaky system to target ads to users
Silverpush uses a system that consist of inaudible audio signals to target users across pc, phone, tv and tablets. This sounds a bit like badBIOS where researcher claimed that his comuputer was infected through ultrasonic sounds.