Samsung teams with Sectra to secure mobile phones for governments

Sectra Communications is working with Samsung Electronics to integrate its Tiger/R end-to-end hardware encryption system with the phone maker's Knox mobile security platform to create smartphones secure enough to carry government secrets. The market is a lucrative one: Another company, Secusmart, has won over several government organizations in recent years with a BlackBerry smartphone equipped with a microSD encryption module. The combination, costing around €2,000 (US$2,250), is approved by the German government to carry Restricted-level voice and data traffic. Restricted is one of the lowest ratings for government secrets. Sectra and Secusmart both use additional hardware in the form of a microSD card to assist in the encryption process and to protect encryption keys. While Secusmart's system will encrypt calls and data stored on the phone, Sectra's encrypts only voice traffic and text messages.To read this article in full or to leave a comment, please click here

Peeking at Pkybot

For the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware. This post will take a peek at some of the bits and pieces of […]

Peeking at Pkybot

For the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware.

This post will take a peek at some of the bits and pieces of Pkybot and the campaign using it. The visibility provided can help organizations better understand, detect, and protect against this current threat.

Sample

One of the recent samples analyzed by ASERT has the following hashes:

MD5: 9028d9b64a226b750129b41fbc43ed5e

SHA256: 38eb7625caf209ca2eff3fa46b8528827b7289f1

At the time of this writing it has a VirusTotal detection ratio of 16/57 with just about all the detections being generic in nature. One positive for reverse engineers though is that this sample comes unpacked.

Pkybot

While there’s been some research into the malware already [1] [2], a review and fleshing out never hurts.

Encrypted Bits

Pkybot contains a number of interesting items that are encrypted with the XTEA encryption algorithm. The key used is generated at runtime from a hardcoded seed value (DWORD):

key_gen

It can also be generated using this Python code snippet. Along with the generated XTEA key, this IDA Continue reading

India withdraws draft encryption policy following controversy

The Indian government has withdrawn a controversial draft encryption policy, with a minister stating that the document was not the final view of the government.Under the policy, consumers would have been required to store the plain texts of encrypted information for 90 days from the date of a transaction and provide the text to law enforcement agencies when required under the laws of the country. The government would have also specified the algorithms and the length of the encryption keys used by different categories of people.The policy was largely seen as meeting the need for access to information by law enforcement agencies, and included similar restrictions on business users as well. It also called for Internet services providers to enter into unspecified agreements with the government.To read this article in full or to leave a comment, please click here

Twistlock

Twistlock is the first ever security suite that focuses on vulnerability management and policy enforcement of containers (i.e. Docker, runc, rkt) and container host environments. Twistlock provides tools and analytics that make it easier for developers, infrastructure teams, and security professionals to deploy and run containers securely. Here with more is CTO, John Morello.

US Congress members urged to communicate using encrypted apps

Congress members and staff are being urged by a civil rights group to use encrypted smartphone apps such as WhatsApp and Signal rather than traditional cellular networks.Unlike cellular networks which use weak and outdated encryption, some of the newer apps use strong and modern encryption to protect their customers' communications, the American Civil Liberties Union has written in a letter Tuesday to officials in the U.S. Senate and House of Representatives.The move is not going to cost a lot. Many members of Congress already have smartphones and the apps like Signal and WhatsApp are free and can be easily downloaded from app stores. Besides, Apple’s FaceTime and iMessage apps are already built into Apple’s iOS mobile operating system and thus are available to every member or staffer with an iPhone, according to ACLU's letter to Frank J. Larkin, Senate Sergeant at Arms and Paul D. Irving, House Sergeant at Arms.To read this article in full or to leave a comment, please click here

US legislation requiring tech industry to report terrorist activity dropped

The U.S. Senate Intelligence Committee has dropped a provision that would have required Internet companies to report on vaguely-defined terrorist activity on their platforms, a move that was strongly opposed by the industry and civil rights groups.The controversial section 603 was included in the Intelligence Authorization Act for Fiscal Year 2016 but Senator Ron Wyden, a Democrat from Oregon, had put a hold on the bill, stating that he wanted to work with colleagues to revise or remove the provision so that the rest of the bill could move forward.On Monday, Wyden said that the "vague & dangerous" provision had been removed from the bill and he would now be lifting the hold on it.To read this article in full or to leave a comment, please click here

US drops effort to make tech industry report terrorist activity

The U.S. Senate Intelligence Committee has dropped a provision that would have required Internet companies to report on vaguely-defined terrorist activity on their platforms, a move that was strongly opposed by the industry and civil rights groups. The controversial section 603 was included in the Intelligence Authorization Act for Fiscal Year 2016 but Senator Ron Wyden, a Democrat from Oregon, had put a hold on the bill, stating that he wanted to work with colleagues to revise or remove the provision so that the rest of the bill could move forward. On Monday, Wyden said that the "vague & dangerous" provision had been removed from the bill and he would now be lifting the hold on it.To read this article in full or to leave a comment, please click here

Open Virtual Network (OVN)


Open Virtual Network (OVN) is an open source network virtualization solution built as part of the Open vSwitch (OVS) project. OVN provides layer 2/3 virtual networking and firewall services for connecting virtual machines and Linux containers.

OVN is built on the same architectural principles as VMware's commercial NSX and offers the same core network virtualization capability — providing a free alternative that is likely to see rapid adoption in open source orchestration systems, Mirantis: Why the Open Virtual Network (OVN) matters to OpenStack.

This article uses OVN as an example, describing a testbed which demonstrates how the standard sFlow instrumentation build into the physical and virtual switches provides the end-to-end visibility required to manage large scale network virtualization and deliver reliable services.

Open Virtual Network


The Northbound DB provides a way to describe the logical networks that are required. The database abstracts away implementation details which are handled by the ovn-northd and ovn-controllers and presents an easily consumable network virtualization service to orchestration tools like OpenStack.


The purple tables on the left describe a simple logical switch LS1 that has two logical ports LP1 and LP2 with MAC addresses AA and BB respectively. The green tables on the right show Continue reading

Using POX components to create a software defined networking application

When network engineers are learning the concepts of software defined networking and SDN controllers, they may want to experiment with SDN network scenarios before learning to write programs to be used by the SDN controllers.

POX is a simple-to-use SDN controller that is bundled with the Mininet SDN network emulator and is used in education and research as a learning and prototyping tool. POX components are Python programs that implement networking functions and can be invoked when POX is started. POX comes with a few stock components ready to use.

POX-comp-204b

In this tutorial, we will use stock POX components to implement basic switching functionality with loop prevention in a software defined network, without writing any code. Then, we will explore how the SDN controller programs the OpenFlow-enabled switched in a network created using the Mininet network emulator.

Prerequisite knowledge required

This tutorial assumes you already have the the prerequisite knowledge defined in the list below. If you need to understand more about any of the topics listed below, the list provides links to resources that offer enough information to prepare you to work through this tutorial.

Spousetivities at VMworld EMEA

Spousetivities returns to VMworld EMEA this year with a new set of activities. If you haven’t registered yet, here’s a quick look at the pretty impressive set of tours and activities that are planned.

  • Montserrat and Wine Country: The famous Monastery of Montserrat, one of the black Madonnas of Europe, Santa Cova, a fantastic lunch of local Catalan country cuisine, and wine tasting. What more could one want?
  • Costa Brava and Medieval Girona: It’s not every day you get the opportunity to tour a medieval walled city founded by the Romans in the 1st century.
  • Wines of Catalunya: Personal tours with local, resident wine makers arranged exclusively for Spousetivities participants.
  • Medieval mountain village and panoramic trails: Cobblestone streets and stone houses in a medieval mountain village, then a four-course lunch in a traditional Catalan country restaurant followed by a light hike to some great look-outs, streams, rivers, and waterfalls.

For more detailed descriptions of the activities, I encourage you to visit the Spousetivities site. When you’re ready to get signed up, head on over to the registration page. These are some pretty great activities!

Zerodium’s million dollar iOS9 bounty

Zerodium is offering a $1 million bounty for a browser-based jailbreak. I have a few comments about this. The two keywords to pick up on are "browser-based" and "untethered". The word "jailbreak" is a red-herring.

It's not about jailbreaks. Sure, the jailbreak market is huge. It's really popular in China, and there are reports of $1 million being spent on jailbreaks. But still, actually getting a return on such an investment is hard. Once you have such a jailbreak, others will start reverse engineering it, so it's an extremely high risk. You may get your money back, but there's a good chance you'll be reverse-engineered before you can.

The bigger money is in the intelligence market or 0days. A "browser-based" jailbreak is the same as a "browser-based" 0day. Intelligence organizations around the world, from China, to Europe, and most especially the NSA, have honed their tactics, techniques, and procedures around iPhone 0days. Terrorist leaders are like everyone else, blinging themselves out with status displays like iPhones. Also, iPhone is a lot more secure than Android, so it's actually a good decision (intelligence organizations have hacked Android even more).

Every time Apple comes out with a new version (like iOS9), they Continue reading

How Rapid Spanning Tree Protocol (RSTP) Handles Topology Changes

For this exploration I'm using Arista's Virtual Extensible Operating System (vEOS) version 4.15.0F running in GNS3(Which is pretty awesome).  The virtual switches have been configured in rapid-pvst mode.

Here is the topology:


EtherSwitches have been added only to capture traffic off monitoring sessions set up on Switch1 and Switch2 to look at in Wireshark.  The Ubuntu server can be ignored for the purposes of this blog entry.

Only VLAN 1 is present on all switches and Switch1 is configured to be the primary root, while Switch2 is configured to be the secondary. Here's the current state of the network:


First it's important to note that only a single thing will trigger a topology change event - the transition of a non-Edge port from a non-Forwarding to a Forwarding state. Why?  Because this newly Forwarding port could possibly provide a better path to a given destination MAC address than there was before, and the CAM table will need to be updated to reflect that and prevent the same MAC being displayed on more than one port.  It sounds strange that a loss of a Forwarding port doesn't trigger a topology change event, but think about it - in a Continue reading

Volkswagen has a technology problem: It fixes things by hiding them

Volkswagen is in a lot of trouble for installing software on some of its diesel cars that figures out when they are undergoing emissions tests so it can adjust the cars to put out nitrogen oxide at acceptable levels.That’s likely to win the company billions of dollars in fines, but it’s not the first time the company has hidden problems rather than fix them.Just last month, security researchers delivered a paper that showed three ways to get around the Volkswagen lockout system that prevents its cars from being started unless the correct key with the correct chip embedded is used to crank it over.The paper was noteworthy for the ingenuity of the three attacks it outlines but also for the length of time it sat on the shelf before being delivered to the public. It was ready to go back in 2013 but Volkswagen got a court order to block it then, and that was nearly a year after the researchers had told the manufacturers of the hardware about it under the principle of responsible disclosure.To read this article in full or to leave a comment, please click here

Adding a Full API to PicOS

Pica8′s PicOS is a Linux network OS based on Debian. This makes it easy for our customers to integrate their own tools or applications within PicOS. We are compatible with all the leading DevOps tools, such as Puppet, Chef, and Salt; and of course, we support OpenFlow.

But what if you would like to have an application on the switch itself to manipulate its data path? This is beyond the standard DevOps model and is not aligned with the traditional OpenFlow model, which uses a centralized controller.

Typically the requirement for such an application would be:
- A switch using traditional L2/L3, as well as an API to override those L2/L3 forwarding decisions.
- The API could be called on the switch itself while the application is running on the switch (that requirement would forbid a centralized OpenFlow controller).

For this use case, most network equipment vendors have an SDK (Software Development Kit) to program native applications running directly on the switch. A good example would be the Arista EOSSdk.

One big issue with those SDKs is that they are “sticky.” Once you develop your application, it only runs on the SDK provided by your vendor, so you Continue reading

1 3,169 3,170 3,171 3,172 3,173 3,696