M32 Security » Government

German Researchers Find “Massive” Flaws In Cloud Security

Kyle — Wed, 26 Oct 2011 18:53:23 +0000

Image via Wikipedia

NetworkWorld has a very interesting writeup about a report that six German Information Security researchers published outlining very massive and highly exploitable flaws in Cloud Computing services; specifically Amazon’s EC2 and S3 as well as Eucalyptus Cloud Computing Software. Old concepts like XSS and what is referred to as XML Signature Wrapping attacks on the SOAP interfaces of the aforementioned cloud services. Very troubling and a large blow to the legitimacy of security in the cloud.

The full PDF of the German researchers’ findings can be found here.

NetworkWorld Article

Researchers Demo Cloud Security Issue With Amazon AWS Attack (pcworld.com)
Researchers demo cloud security issue with Amazon AWS hijacking attack (infoworld.com)
Cloud computing: Gaps in the ‘cloud’ (physorg.com)
Researchers demo cloud security issue with Amazon AWS attack (networkworld.com)

Tags: amazon, attack, aws, computing, ec2, EucalyptusEucalyptus (computing), exploit, information security, network, s3, Security, soap, tw, XML, XSS

Virus targets US Predator and Reaper drones

Kyle — Fri, 07 Oct 2011 21:29:53 +0000

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. The name of the virus is yet to be known, as details are still emerging about how the malicious code got into the systems in the first place. Could this be a belligerent enemy to US forces attacking their main weapon in use for remote regions? Ars Technica has the story after the jump.

Computer virus hits US Predator and Reaper drone fleet.

Tags: attack, Breaches, code, computer virus, cybersecurity, drone, keystroke, malicious code, malware, MQ-9 ReaperMQ-9 Reaper, nist, predator, reaper drones, War on TerrorismWar on Terrorism

Conficker: The Proactive Worm Ahead Of The Curve

Kyle — Sun, 08 Aug 2010 19:26:15 +0000

An interesting article over at The Register shows how the now infamous ~6 million strong Conficker botnet/worm stays ahead of the curve in terms of Information Security by staying proactive and paranoid in how it is managed. Although the classification of the worm only goes from A through E, the botnet itself is ever-evolving; creating a nightmare for researchers world-wide in detection and cleansing of infected machines. It is unknown who runs the botnet, but it is known that the technical skill behind its command is very much on the bleeding-edge of security as well as social engineering. For instance, the worm uses simple exploits to infect Windows machines, but it phones home to domain names which can no longer be predicted and shut-down to receive new instructions and updates to the code that infects the machine. It has used scareware in the past to spread as well, such as bogus security software. It has even gone so far as to actually remove or fix other security threats on an infected machine to avoid detection. It constantly stays up-to-date and often mitigates even the newest anti-malware tools designed to remove it.

What makes it so hard to remove is its inability to be cracked. It has used the MD6 cryptographic hash function that was a candidate for the NIST SHA-3 Hash Competition with a 4096-bit RSA key. Even when a buffer-overflow vulnerability was discovered in MD6, the botnet’s owner corrected the implementation within a matter of days. There is an entire working group called The Conficker Working Group tasked entirely to the botnet, which has yet to break-in and take any sort of control away from whoever runs it.

In-depth article at The Register

Tags: botnet, buffer overflow, Conficker, Conficker Working Group, Downadup, Downup, Kido, MD6, nist, RSA, scareware, SHA-3, worm

CYBERCOM’s Secret Code Demystified

Kyle — Sat, 10 Jul 2010 01:27:36 +0000

As I posted earlier this week, a hexadecimal code was discovered on the gold ring encircling US Cyber Command’s newly released logo. That code was 9ec4c12949a4f31474f299058ce2b22a and it sent the NetSec community on a challenge. To the untrained eye, it looks like just a bunch of numbers and letters. To those in the InfoSec/NetSec field, it looks like a 128-bit MD5-hash. MD5 hashes are derived from an algorithm that “digests” the data into a hexadecimal result like the one here. They are often used in file integrity checks to ensure the data is exactly what it should be without any corruption or tampering.

Around 2004, the MD5 algorithm had started to show vulnerabilities and signs of age. It is now fairly easy to reverse these hashes to reveal the original data. Obviously this is a big security problem. The NIST and DHS has a policy that requires all government agencies to use more complex hashing functions after 2010. Considering US CYBERCOM is one of the most secretive and secured entities of the publicly known US Government and intimately tied to the NSA, I would imagine there may be more than meets the eye to the new logo and we’ll come across more interesting things the geeks over there threw in to challenge us.

CYBERCOM’s Secret Code Demystified.

Tags: cybercom, hash md5, hexadecimal code, infosec, integrity checks, md5 algorithm, md5 hashes, security problem

M32 Security » Government

German Researchers Find “Massive” Flaws In Cloud Security

Related articles

Virus targets US Predator and Reaper drones

Conficker: The Proactive Worm Ahead Of The Curve

CYBERCOM’s Secret Code Demystified