Hack iOS 9 and get $1 million, cybersecurity firm says

The market for unpatched vulnerabilities has grown so much that an exploit reseller is willing to pay US$1 million dollars for an attack that can compromise iOS 9 devices.Zerodium, an exploit acquisition company, promises to pay $1 million to researchers who can provide it with an "exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices."In the context of iOS devices, jailbreaking refers to bypassing the security restrictions enforced by the mobile operating system in order to install applications that haven't been authorized by Apple and are not distributed through the official app store.To read this article in full or to leave a comment, please click here

Cisco Intelligent WAN (IWAN)

cisco-logo

When I made a stab at defining SD WAN recently, I noted that Cisco’s IWAN solution had provided a bit of a contrast to some of the other Software Defined WAN solutions I’d seen; not in a bad way, but I was certainly interested in the approach.

SD WAN Definition

I’m going to “do a Joe Onisick” here and quote myself as a reference for what I might be hoping for from the Cisco IWAN solution:

“SD WAN is a solution that uses real time WAN link performance monitoring and data packet inspection to autonomously manage the distribution of network traffic across multiple, likely heterogenous, WAN links with the aim of improving and optimizing WAN performance in alignment with the business requirements.” – John Herbert

One thing my definition doesn’t mention is how these systems get deployed, and since that’s interesting, perhaps let’s start there.

IWAN Zero Touch Deployment

It seems to me that ZTD has become a checkbox requirement for all the SD WAN solutions, and perhaps it’s about time. Zero Touch Deployment in the context of SD WAN means being able to ship a box to a spoke site, have ‘Dumb Hands’ on site plug in the Continue reading

US, China appear close on cyber economic espionage deal

China and the U.S. appear close to a ground-breaking agreement on cyber espionage that could be signed later this week when President Xi and President Obama meet in Washington.On the eve of the state visit, both countries have expressed a desire to stop cyber espionage for economic gain and agreed it's illegal.But the two countries are still in disagreement over whether China's government plays any part in trans-national cyber hacking for economic purposes.On Monday, U.S. National Security Advisor Susan Rice said "cyber-enabled economic espionage must stop."During a speech in Washington, D.C., she said the issue was more than an irritation and "puts enormous strain on our bilateral relationship and it is a critical factor in determining the future trajectory of U.S.-China ties."To read this article in full or to leave a comment, please click here

Catalyst 3750 IPv6 ACL Limitations

I recently ran into some limitations of IPv6 ACLs on the Catalyst 3750 platform. I had developed an ACL to protect from receiving traffic from unwanted address ranges such as ::, ::1, ::FFFF:0:0/96. The first address is the unspecified address, the second one is the loopback address and the last one is IPv4 mapped traffic. The ACL also contained an entry to deny traffic with routing-type 0.

Note that no error is output when adding the entries in the ACL, only when applying the ACL to an interface.

% This ACL contains following unsupported entries.
% Remove those entries and try again.
    deny ipv6 any any routing-type 0 sequence 20
    deny ipv6 host ::1 any sequence 290
    deny ipv6 host :: any sequence 310
    deny ipv6 ::FFFF:0.0.0.0/96 any sequence 330
% This ACL can not be attached to the interface.
SW1(config-if)#
%PARSE_RC-4-PRC_NON_COMPLIANCE: `ipv6 traffic-filter v6-ACL-IN in'

From the configuration guide, the following limitations apply to the Catalyst 3750 platform.

Cat3750

What this means is that we can’t match on flowlabel, routing-header and undetermined transport upper layer protocol. We also need to match on networks ranging from /0 to /64 and host addresses that are belonging to global unicast Continue reading

Memo to Carly: HP is shifting more work offshore

Carly Fiorina, surging in the polls thanks to her performance in the Republican presidential debate last week, is not to be underestimated or believed.Fiorina was crisp, sharp and quick in the debate -- all characteristics that helped her become Hewlett-Packard's CEO from 1999 to 2005. But she also used her opportunity before a national audience to distort her history at HP by omitting key facts.[ Get the latest tech news with Computerworld's daily newsletters ] "Yes, we had to make tough choices, and in doing so, we saved 80,000 jobs, went on to grow to 160,000 jobs. And now Hewlett Packard is almost 300,000 jobs," said Fiorina, during the debate.To read this article in full or to leave a comment, please click here

Samsung teams with Sectra to secure mobile phones for governments

Sectra Communications is working with Samsung Electronics to integrate its Tiger/R end-to-end hardware encryption system with the phone maker's Knox mobile security platform to create smartphones secure enough to carry government secrets. The market is a lucrative one: Another company, Secusmart, has won over several government organizations in recent years with a BlackBerry smartphone equipped with a microSD encryption module. The combination, costing around €2,000 (US$2,250), is approved by the German government to carry Restricted-level voice and data traffic. Restricted is one of the lowest ratings for government secrets. Sectra and Secusmart both use additional hardware in the form of a microSD card to assist in the encryption process and to protect encryption keys. While Secusmart's system will encrypt calls and data stored on the phone, Sectra's encrypts only voice traffic and text messages.To read this article in full or to leave a comment, please click here

Peeking at Pkybot

For the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware. This post will take a peek at some of the bits and pieces of […]

Peeking at Pkybot

For the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware.

This post will take a peek at some of the bits and pieces of Pkybot and the campaign using it. The visibility provided can help organizations better understand, detect, and protect against this current threat.

Sample

One of the recent samples analyzed by ASERT has the following hashes:

MD5: 9028d9b64a226b750129b41fbc43ed5e

SHA256: 38eb7625caf209ca2eff3fa46b8528827b7289f1

At the time of this writing it has a VirusTotal detection ratio of 16/57 with just about all the detections being generic in nature. One positive for reverse engineers though is that this sample comes unpacked.

Pkybot

While there’s been some research into the malware already [1] [2], a review and fleshing out never hurts.

Encrypted Bits

Pkybot contains a number of interesting items that are encrypted with the XTEA encryption algorithm. The key used is generated at runtime from a hardcoded seed value (DWORD):

key_gen

It can also be generated using this Python code snippet. Along with the generated XTEA key, this IDA Continue reading

India withdraws draft encryption policy following controversy

The Indian government has withdrawn a controversial draft encryption policy, with a minister stating that the document was not the final view of the government.Under the policy, consumers would have been required to store the plain texts of encrypted information for 90 days from the date of a transaction and provide the text to law enforcement agencies when required under the laws of the country. The government would have also specified the algorithms and the length of the encryption keys used by different categories of people.The policy was largely seen as meeting the need for access to information by law enforcement agencies, and included similar restrictions on business users as well. It also called for Internet services providers to enter into unspecified agreements with the government.To read this article in full or to leave a comment, please click here

Twistlock

Twistlock is the first ever security suite that focuses on vulnerability management and policy enforcement of containers (i.e. Docker, runc, rkt) and container host environments. Twistlock provides tools and analytics that make it easier for developers, infrastructure teams, and security professionals to deploy and run containers securely. Here with more is CTO, John Morello.

US Congress members urged to communicate using encrypted apps

Congress members and staff are being urged by a civil rights group to use encrypted smartphone apps such as WhatsApp and Signal rather than traditional cellular networks.Unlike cellular networks which use weak and outdated encryption, some of the newer apps use strong and modern encryption to protect their customers' communications, the American Civil Liberties Union has written in a letter Tuesday to officials in the U.S. Senate and House of Representatives.The move is not going to cost a lot. Many members of Congress already have smartphones and the apps like Signal and WhatsApp are free and can be easily downloaded from app stores. Besides, Apple’s FaceTime and iMessage apps are already built into Apple’s iOS mobile operating system and thus are available to every member or staffer with an iPhone, according to ACLU's letter to Frank J. Larkin, Senate Sergeant at Arms and Paul D. Irving, House Sergeant at Arms.To read this article in full or to leave a comment, please click here

US legislation requiring tech industry to report terrorist activity dropped

The U.S. Senate Intelligence Committee has dropped a provision that would have required Internet companies to report on vaguely-defined terrorist activity on their platforms, a move that was strongly opposed by the industry and civil rights groups.The controversial section 603 was included in the Intelligence Authorization Act for Fiscal Year 2016 but Senator Ron Wyden, a Democrat from Oregon, had put a hold on the bill, stating that he wanted to work with colleagues to revise or remove the provision so that the rest of the bill could move forward.On Monday, Wyden said that the "vague & dangerous" provision had been removed from the bill and he would now be lifting the hold on it.To read this article in full or to leave a comment, please click here