Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Google Confirms' Backdoor Is In Motion...

June 07, 2019 by Marc Handelman in Evil Appears Before Us, Vulnerable Systems, Vulnerabilities, Information Security

via Dan Goodin, reporting at Ars Technica, and focusing on recently discovered Android device backdoors. Apparently, said backdoors were installed at currently unidentified manufacturer's factories prior to sale (confirmed by Google Security Engineers). Bad news for Android users... Currently, Google, Inc. (Nasdaq: GOOG) remediation plans are unclear.

June 07, 2019 /Marc Handelman
Evil Appears Before Us, Vulnerable Systems, Vulnerabilities, Information Security

DoD Report: Stryker Vehicles Hacked During NATO Exercises

February 14, 2019 by Marc Handelman in Vulnerable Systems, Warfighting Platforms, US Army, Information Security

The Department of Defense's (DoD) Office of the Director of Test and Evaluation (DOT&E) has issued a report detailing vulnerabilities in the Stryker Dragoon warfighting platform. Recommendations from the DOT&E are to 'Correct or mitigate cyber vulnerabilities for the platform and government-furnished equipment.'

Recommendation: Immediately remove all affected rolling stock from active utility until the requisite. contemplated investigation is completed along with full remediation and/or mitigation (Call in the DoD OIG as well). Thoroughly investigate all systems with or without connectivity, and test for vulnerabilities ranging from standalone sabotage to electronic warfare perspectives (including 'cyberattacks', network attacks, physical attacks, radio-telephony attacks and coherent light incursion, inclusive of stand-alone, one-off opportunistic aggressor-delivered attacks) utilizing both automated and non-automated code review, network packet analysis, operating system examination, et cetera. All of this accomplished with the full rigor that can be brought to bear on this problematic deployment by the most powerful defense organization on Earth. Time to get this platform squared-away before letting our Nation's most valueable assets (our warfighters) loose on these lethal machines - of which, may prove to be significantly more lethal to us than to any particular aggressor enemy. - MH

February 14, 2019 /Marc Handelman
Vulnerable Systems, Warfighting Platforms, US Army, Information Security

US District Court Judge To State of Georgia: Bad, Bad, Double-Bad

September 18, 2018 by Marc Handelman in Vulnerable Systems, Vulnerabilities, Malware, Malware Detection, Elections, Election Security, Election Manipulation, Election Fraud, Electioneering

via Cyrus Farivar, writing at Ars Technica, of the apparent displeasure noted by United States District Court Judge Amy Totenberg, whilst Her Honor viewed the shenanigans being perpertrated by the State of Georgia's voting commision. Suprised? Don't be.. The centuries lomg tradition of election manipulations is coming to the fore, as the aft begins sinking under it's own weight of corruption, down south, that is. That said, the North, West and East aren't exactly doing that much better. Read Cyrus's superb reportage and weep for free, unfettered elections.

September 18, 2018 /Marc Handelman
Vulnerable Systems, Vulnerabilities, Malware, Malware Detection, Elections, Election Security, Election Manipulation, Election Fraud, Electioneering

Illustration from the Kaspersky Labs Document.

Six Years The Lurker →

March 12, 2018 by Marc Handelman in Vulnerable Systems, Vulnerability Research, Vulnerabilities, Attack Analysis, APT

Dan Goodin, writing at ArsTechnica, provides us with the surreptitious history of the malice-filled code-miscreant APT monikered Slingshot; of which, is apparently an alternatative mwthod of describing the devil's offspring in code-complete form. More, here.

"The researchers still don't know precisely how Slingshot initially infected all its targets. In several cases, however, Slingshot operators got access to routers made by Latvian manufacturer MikroTik and planted a malicious code in it." - via Dan Goodin, slaving away over a sizziling keyboard at ArsTechica

March 12, 2018 /Marc Handelman
Vulnerable Systems, Vulnerability Research, Vulnerabilities, Attack Analysis, APT

Another Flawed Bit of Intel Corp Nonsense, The Active Management Technology Vector →

January 17, 2018 by Marc Handelman in Bombast, Blatant Incompetence, Vulnerabilities, Vulnerability Research, Vulnerable Systems, Information Security, Hardware Security, Hardware Flaws

Reportedly, Harry Sintonen, empolyed at F-Secure as a security researcher, discovered during the course of his labors - a flaw in Intel's Active Management Technology (AMT) firmware. Ooops.

As is typical of Intel Corporation (Nasdaq: INTC) the firm is attempting to shirk responsability for this attack and transfer the blame onto the company's vendors, not to mention the glad-handing exhibited by the company's CEO at CES.

It's time to rein in Intel Corporation's significantly flawed software development practice (as evidenced by the output), as the ramifications for the company's vulnerability touch many - if not all - systems worldwide. Further, what else is flawed in the company's other products (for example, automotive chips, medical device systems where the firm's hardware and software reside)?

'But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).' - via Sean Gallagher - writing at Ars Technica

January 17, 2018 /Marc Handelman
Bombast, Blatant Incompetence, Vulnerabilities, Vulnerability Research, Vulnerable Systems, Information Security, Hardware Security, Hardware Flaws

33c3, Karsten Nohl and Nemanja Nikodijevic's 'Where in the World Is Carmen Sandiego?' →

January 21, 2017 by Marc Handelman in All is Information, Conferences, Vulnerable Systems, Information Security
January 21, 2017 /Marc Handelman
All is Information, Conferences, Vulnerable Systems, Information Security