Close ups of my much coveted badge. Some hardware and base stations of the wifi village. Both Information Society and Berlin played on Saturday night! Shot a video of an amazing demo from the Car Hacking Village. A car modified to play games instead of driving. Also, the best of my flight home. Some great pictures of Hoover dam and some of the solar farms and mesas as we few home.
A little disappointed about the electronic badges selling out. Already met some amazing people. Enjoyed some great talks. Watched some live social engineering and a bomb defusal contest. Tons of great hardware hacking. An arduino powered robot poured me a shot!
Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone. I was bored and playing with Forest when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long. It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak). Honestly I find this kind of thing in a lot in applications not designed specifically for security. Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security. Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea. I am certainly not the only one to figure this out. It seems that the basics of this method have been known for at least a year.
UPDATE (6-15-16): Tested again with newest Snapchat app. still working.
I just got off a very strange call. Apparently, a complete stranger received a FaceTime request from me. “Butt Dial” right? no big deal. Not this time. At the time, i was in the middle of a FaceTime call with my dad. I am almost certain I know exactly when it happened because i noticed a call-waiting style interruption on our call. The first strange thing i noticed was that the incoming caller was my dad. The same dad, I was presently talking to. I rejected the call, thinking it was my dad accidentally calling from a different device. Then, moments later I get a mobile call from another LA number. This time from an irate husband demanding to know why I would FaceTime his wife. Unfortunately, I may have given them the wrong impression by asking questions of them. The IT guy inside me wanted to figure out what just happened. Needless to say, they didn’t enjoy being grilled. I barely had time to get out a few apologies, i don’t think they even realized that I hadn’t actually even called them. I did get some answers. They were not on a call at the time. They were not even on the device. My call history shows no outgoing calls save my dad. my dad’s history doesn’t show the missed call on my history from him. I am almost certain I will never know what actually happened. I am guessing that Apple FaceTime system might be a bit more duct tape and spit then we were lead to believe.
Digital locks != physical locks
https://letsencrypt.org/ Has opened up their beta to anyone. Sign up and get your cert today.
Brought to you buy:
Today TiaG released a new jailbreak for iOS 8.1.3-8.3! Finally I am jailbroken again! As usual, lots of apps will need to be updated to work and Mobile Substrate isn’t compatible yet. Please be patient as Saurik and others get things updated. That is not to say that there isn’t piles of useful stuff already in Cydia. It will probably be a few days (or maybe weeks) before we see activator and similar tweaks or themes up on 8.3. Presently, TiaG jailbreak is only windows, but it works fine with virtualization. Also, 8.4 should be coming soon. I know Pangu allegedly already has a working jailbreak that they are waiting to release. If that is true and nothing TiaG releases gets in the way, it should be great. However, it is probably a good idea to upgrade to 8.3 before the signing window closes. Apple usually leaves the old iOS open for a few hours or days after a new version is released.
The security community went into a frenzy this weekend over Apple’s latest iOS security update. On Friday, Apple quietly released iOS 7.0.6 and 6.1.6 to patch a bug in its SSL implementation. This particular bug nicknamed “goto fail” for the actual contents of its source code behind the error. Basically, one too many goto fail causes the fail not to be conditional, but absolute. This failure allows Apple’s SSL framework (the technology that secures web transmissions) to be easily bypassed. In other words, Safari, Mail, Calendar, Software Update, as well as any 3rd party applications who take advantage of Apple’s SSL libraries could potentially have their communications intercepted by an unscrupulous individual. Apple claims that it is a type-o, but many wonder if this might be a deliberate backdoor (one that has lasted over a year).
The real tragedy of this issue is that it effects Mavericks (Mac OS 10.9.x) as well as iOS, but there is yet no official fix for Apple Computers. Update Published by Apple! Apple desktops, laptops, and iMacs are now were left in a very dangerous position: unprotected to a known threat. I am sure that the bad guys are already configuring their sslstrip, sslsniff, or similar tools. Accounts will be compromised, communications will be intercepted or manipulated, or in the case of software updates, malware could even be introduced.
What can we do? First off, run the 7.0.6 update on any iOS devices not yet up to date. Do this from a trusted wifi, not a public one. With your mac, avoid public wifi until this is resolved. Avoid Apple Mail except when absolutely necessary and only from trusted networks. Only use Google Chrome for secure web browsing (it uses its own SSL framework). Optional: Install @i0n1c’s binary patch. @i0n1c’s patch fixes the bug, but may break other things. Run Apple 10.9.2 update!
links:
Test your system: https://gotofail.com/
Great Writeup: https://www.imperialviolet.org/2014/02/22/applebug.html
Quick & Dirty Patch: http://www.sektioneins.de/en/blog/14-02-22-Apple-SSL-BUG.html
Official Apple Fix http://support.apple.com/kb/HT6150
Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.
Apple Info:
http://support.apple.com/kb/HT5228
More info (including a AppleScript test for infection):
http://mashable.com/2012/04/05/mac-flashback-trojan-check/
This is Deja Vu of an attack from years ago where RAM was accessed from the firewire buss. This study published back in Sept 2011 (that i am late to discover) revisits this attack on Lion. Security researchers from frameloss published the specifics on an attack and how to avoid it. Learn how your password could be extracted from your computer’s memory via your firewire port. Even when you thought it was locked! Even with FileVault!
Mostly you must turn off fast user switching, and activate a feature that dumps the password for added security. read all about it here. . .
