Specialists of RSA Research found the Trojan GlassRAT program for remote administration (Remote Administration Tool — RAT) with "zero level of detection" signed with the certificate stolen or received from popular Chinese software developer. This malicious application could avoid detection throughout several years. The telemetry and limited reports which are not maintaining any criticism demonstrate that the purpose of GlassRAT were the Chinese citizens connected with multinational corporations. Being completely "transparent" for the majority of anti-virus products, the Trojan of GlassRAT it is possible to find by means of detailed examination, and also by means of final tools for detection of threats, such as RSA Security Analytics and/or RSA ECAT. Evidence that the method of the organization of command infrastructure of the GlassRAT network has much in common with other harmful campaigns which were directed to the Asian organizations of a geopolitical and strategic importance earlier is also produced. It is possible to study this information in more detail here: http://blogs.rsa.com/peering-into-glassrat/.
The IBM corporation the other day made a decision to open access to the analytical platform of safety — IBM Security Radar. This step, according to representatives of the company, will help customers, partners of the company and normal developers to create user applications with use of opportunities of a platform and corresponding data archive on safety. The online site for specialists in information security of IBM Security Exchange is also started. Here developers will be able to create and exchange applications on the basis of technologies of IBM.
Thus, the corporation takes active actions for stimulation of cooperation of the industry and promotion of innovations for fight against cybercrimes. Earlier in 2015 IBM published more than 700 TB of data on threats on the IBM X-Force Exchange platform. Only in April more than 2000 organizations joined a platform. Thanks to open access to an analytical platform of safety and a data archive on threats, the companies will be able to exchange important information that will allow to resist to cybercrimes more effectively.
1 year ago
The Chaos Communication Congress conference became an important event of the end of December. Materials from it can be found on a key word 32c3 where 32 — sequence number of action, since 1984. In Hamburg there were many interesting researches on action. For example, experts Felix Domke and Danielle Lange in detail told about a technical aspect of "dizelgeyt", including features of work of modern managing systems of cars. And here it is possible to look at the monumental 110-page presentation about vulnerability of railway systems and to come to a conclusion that IT in trains is applied widely, much, everywhere differently, and it is frequent using standard software (Windows XP) or standard protocols of a wireless communication (GSM) which shortcomings from the point of view of safety are widely known and are actively operated (fortunately, so far in other places).
And here news (the presentation and the link to research work inside) that unique features of programming style filter even into compiled code. Though this subject also is rather highly specialized, I see in it something bigger: perhaps in the near future the picture will finally lose relevance on the right. Not because all will monitor all, and thanks to the behavioural analysis — the user can be identified how it vzamodeystvut with the website, the application or something else the same as the programmer — how that writes a code. Here by the way Apple purchased the startup specializing in the analysis of human emotions just yesterday. Generally, the 2016th year begins interestingly. And we continue supervision. The previous series are available here.
1 year ago Hello, % %username! Today we will go to study uncountable opportunities of a framework for a reverser — radare2. In the form of experimental I took the first got bomb, it appeared from the website of University Carnegie Mellon.
1 year ago
The europol delayed criminals who devastated ATMs without use of a plastic card — by means of the Tyupkin virus which is in advance loaded into the ATM.
At first, by means of a boot compact disk criminals got access to the computers installed in ATMs under control of one of old versions of Windows and infected them with a malware. This virus had some features: it turned off the set antivirus protection, and also carried out a best part of the week "in hibernation": accepted commands from criminals at night — since Saturday on Sunday and since Sunday on Monday. Also the trojan could disconnect a local network that services of bank could not be connected far off to the ATM and check what happens to it.
All the time, while in Hollywood shot movies about hackers, the utility of nmap was the most popular tool for "cracking". When producers of the movie tried to add a little realness, on the screen of computers nmap output flickered., It seems, Triniti from the movie "Matrix" caused a stir in the first. Also this utility appeared in Elysium, The Bourne Ultimatum, Die Hard 4 and other movie theaters.
The first season of Mr Robot got approval from security experts for attempts of realistic demonstration of work of hackers. In the shown episodes hackers communicated through IRC, used Linux virtual computers, and the main character walked in a sweatshirt with a hood. It is natural as this TV show, to creators was necessary to show a creativity shred. And so far they manage to save quite good balance between the narration and real technical capabilities.
Briefly we will consider the means seen by us in series for cracking.
Several times it is possible to see use of the Kali Linux distribution kit – the OS which is initially supplied with tools for penetration and testing of safety of systems. If the subject of network safety is interesting to you – download it to yourself and begin to try. Naturally, only in the educational purposes. Do not crack someone else's computers – it is illegal!
1 year ago
Google released a security update for Android Nexus Security Bulletin — January 2016 which closes 12 vulnerabilities in this mobile OS. One of the corrected vulnerabilities of CVE-2015-6636 (Remote Code Execution Vulnerability in Mediaserver) belongs to the Remote Code Execution (RCE) type and allows malefactors to perform far off a code with the raised privileges in Android with use of the harmful multimedia file. For delivery of this file the MMS message or a phishing web resource for the browser can be used. Four more critical vulnerabilities belong to the Elevation of Privilege (EoP) type and allow attacking to raise privileges of the code in system to OS kernel level.
Other two vulnerabilities belong to the High type, one of them allows attacking to be connected by CVE-2015-6641 in the Bluetooth component on wireless connection to the device and to get access to personal information of the user. Other vulnerability of CVE-2015-6642 of the Information Disclosure type in a kernel allows to bypass the built-in mechanisms of safety Android and to receive the raised privileges in system.
1 year ago
It is no secret that many software developers open source and not only, for various reasons wish to save the anonymity. Quite recently the group of researchers published work in which methods of de-anonymization of the programmer on its coding style through the analysis of source codes are described. Authors claim that to them the medium accuracy of identification managed to reach in 94%.
By means of creation of abstract syntax trees on the basis of analysis of a source text, they managed to select steady distinguishers when writing a code which are difficult for hiding even purposefully. Using machine learning and a set evristik, it was succeeded to achieve the impressive accuracy of determination of authorship among selection of 1600 Google Code Jam programmers.
In the new work, researchers showed that de-anonymization is possible also through the analysis of already compiled binary files in lack of source codes (video of the presentation of the report). This time for research source codes of 600 participants of Google Code Jam which were compiled in the performed files were used, and then were exposed to analysis. Thanks to the fact that tasks at competitions were identical to all the difference of files consisted substantially in programming style, but not in algorithm. Initially, at assembly of binary files were disconnected optimization of the compiler and the obfuskation of source codes was not applied. But, according to authors of work, some distinguishers remain also at application of these methods of concealment of authorship, reducing de-anonymization accuracy to 65%.
The IBM corporation together with Innovate Finance non-profit organization is going to carry out studying of potential of the Blockchain technology for the purpose of development of new methods of business in modern conditions. On the basis of this technology the system of cryptocurrency Bitcoin which is successfully functioning several years was created. The cryptocurrency turned now into recognized means of payment, virtual monetary unit which is accepted by the large and small enterprises, corporations and services.
Now IBM is going to study additional opportunities of Blockchain, involving own computational and analytical capabilities. The technology about which there is a speech draws now attention of banks and financial structures which study Blockchain for the purpose of implementation of new projects.
At the beginning of the research Miller and Valasek tried to crack the multimedia Jeep system through Wi-Fi. The vendor of the car, the Chrysler company, offers an opportunity of use of Wi-fi on a subscription. It turned out that this wireless communication to crack rather easily because the password on it was generated automatically on the basis of time when the machine and multimedia system turned on for the first time.
Theoretically, measuring time to within seconds, this method is quite reliable, considering a large number of options of time. But if you know at least year of production and will guess month, then search will be limited by 15 million combinations. If to reduce time to a day time, there will be already 7 million combinations. And it is already rather quite good result – it can be probrutforsit for an hour.
The problem is that during the whole hour it is necessary to be near this jeep to remain within reach of Wi-Fi. But researchers found other way. It turned out that the password for Wi-Fi is created before in system are set date and time – that is, default time of counting plus several seconds for that the on-board computer was loaded.
And this time makes exactly January 01 2013 00.00.32 GMT.