Mataleao.z

A paddleboarder had a run-in with an injured giant squid. Video. Here's the real story.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Need to Hack Someone’s Facebook Password? Here’s a Complete Guide on Possible Ways to Hack Facebook! Being one of the most widely accessed social networking sites, Facebook has also become a popular place for many to exchange secret messages and manage illicit relationships. Therefore, it’s no wonder many people make

This is just a summary of the post. To read the complete post, follow the link below:

The post How to Hack a Facebook Password appeared first on GoHacking.

With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access the web version of WhatsApp. So, many people now know what QR code is, but still more are unaware. It is very similar to a bar code we see in products, […]

The post Security Attacks via Malicious QR Codes appeared first on InfoSec Institute.

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of NSA secrets. Since last summer, they've been dumping these secrets on the Internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them. They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble. And they gave the authors of the WannaCry ransomware the exploit they needed to infect hundreds of thousands of computer worldwide this month.

After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools.

Who are these guys? And how did they steal this information? The short answer is: we don't know. But we can make some educated guesses based on the material they've published.

The Shadow Brokers suddenly appeared last August, when they published a series of hacking tools and computer exploits­ -- vulnerabilities in common software -- ­from the NSA. The material was from autumn 2013, and seems to have been collected from an external NSA staging server, a machine that is owned, leased, or otherwise controlled by the US, but with no connection to the agency. NSA hackers find obscure corners of the Internet to hide the tools they need as they go about their work, and it seems the Shadow Brokers successfully hacked one of those caches.

In total, the group has published four sets of NSA material: a set of exploits and hacking tools against routers, the devices that direct data throughout computer networks; a similar collection against mail servers; another collection against Microsoft Windows; and a working directory of an NSA analyst breaking into the SWIFT banking network. Looking at the time stamps on the files and other material, they all come from around 2013. The Windows attack tools, published last month, might be a year or so older, based on which versions of Windows the tools support.

The releases are so different that they're almost certainly from multiple sources at the NSA. The SWIFT files seem to come from an internal NSA computer, albeit one connected to the Internet. The Microsoft files seem different, too; they don't have the same identifying information that the router and mail server files do. The Shadow Brokers have released all the material unredacted, without the care journalists took with the Snowden documents or even the care WikiLeaks has taken with the CIA secrets it's publishing. They also posted anonymous messages in bad English but with American cultural references.

Given all of this, I don't think the agent responsible is a whistleblower. While possible, it seems like a whistleblower wouldn't sit on attack tools for three years before publishing. They would act more like Edward Snowden or Chelsea Manning, collecting for a time and then publishing immediately­ -- and publishing documents that discuss what the US is doing to whom. That's not what we're seeing here; it's simply a bunch of exploit code, which doesn't have the political or ethical implications that a whistleblower would want to highlight. The SWIFT documents are records of an NSA operation, and the other posted files demonstrate that the NSA is hoarding vulnerabilities for attack rather than helping fix them and improve all of our security.

I also don't think that it's random hackers who stumbled on these tools and are just trying to harm the NSA or the US. Again, the three-year wait makes no sense. These documents and tools are cyber-Kryptonite; anyone who is secretly hoarding them is in danger from half the intelligence agencies in the world. Additionally, the publication schedule doesn't make sense for the leakers to be cybercriminals. Criminals would use the hacking tools for themselves, incorporating the exploits into worms and viruses, and generally profiting from the theft.

That leaves a nation state. Whoever got this information years before and is leaking it now has to be both capable of hacking the NSA and willing to publish it all. Countries like Israel and France are capable, but would never publish, because they wouldn't want to incur the wrath of the US. Country like North Korea or Iran probably aren't capable. (Additionally, North Korea is suspected of being behind WannaCry, which was written after the Shadow Brokers released that vulnerability to the public.) As I've written previously, the obvious list of countries who fit my two criteria is small: Russia, China, and­ -- I'm out of ideas. And China is currently trying to make nice with the US.

It was generally believed last August, when the first documents were released and before it became politically controversial to say so, that the Russians were behind the leak, and that it was a warning message to President Barack Obama not to retaliate for the Democratic National Committee hacks. Edward Snowden guessed Russia, too. But the problem with the Russia theory is, why? These leaked tools are much more valuable if kept secret. Russia could use the knowledge to detect NSA hacking in its own country and to attack other countries. By publishing the tools, the Shadow Brokers are signaling that they don't care if the US knows the tools were stolen.

Sure, there's a chance the attackers knew that the US knew that the attackers knew -- ­and round and round we go. But the "we don't give a damn" nature of the releases points to an attacker who isn't thinking strategically: a lone hacker or hacking group, which clashes with the nation-state theory.

This is all speculation on my part, based on discussion with others who don't have access to the classified forensic and intelligence analysis. Inside the NSA, they have a lot more information. Many of the files published include operational notes and identifying information. NSA researchers know exactly which servers were compromised, and through that know what other information the attackers would have access to. As with the Snowden documents, though, they only know what the attackers could have taken and not what they did take. But they did alert Microsoft about the Windows vulnerability the Shadow Brokers released months in advance. Did they have eavesdropping capability inside whoever stole the files, as they claimed to when the Russians attacked the State Department? We have no idea.

So, how did the Shadow Brokers do it? Did someone inside the NSA accidentally mount the wrong server on some external network? That's possible, but seems very unlikely for the organization to make that kind of rookie mistake. Did someone hack the NSA itself? Could there be a mole inside the NSA?

If it is a mole, my guess is that the person was arrested before the Shadow Brokers released anything. No country would burn a mole working for it by publishing what that person delivered while he or she was still in danger. Intelligence agencies know that if they betray a source this severely, they'll never get another one.

That points to two possibilities. The first is that the files came from Hal Martin. He's the NSA contractor who was arrested in August for hoarding agency secrets in his house for two years. He can't be the publisher, because the Shadow Brokers are in business even though he is in prison. But maybe the leaker got the documents from his stash, either because Martin gave the documents to them or because he himself was hacked. The dates line up, so it's theoretically possible. There's nothing in the public indictment against Martin that speaks to his selling secrets to a foreign power, but that's just the sort of thing that would be left out. It's not needed for a conviction.

If the source of the documents is Hal Martin, then we can speculate that a random hacker did in fact stumble on it -- ­no need for nation-state cyberattack skills.

The other option is a mysterious second NSA leaker of cyberattack tools. Could this be the person who stole the NSA documents and passed them on to someone else? The only time I have ever heard about this was from a Washington Post story about Martin:

There was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee [a worker in the Office of Tailored Access Operations], one official said. That individual also has been arrested, but his case has not been made public. The individual is not thought to have shared the material with another country, the official said.

Of course, "not thought to have" is not the same as not having done so.

It is interesting that there have been no public arrests of anyone in connection with these hacks. If the NSA knows where the files came from, it knows who had access to them -- ­and it's long since questioned everyone involved and should know if someone deliberately or accidentally lost control of them. I know that many people, both inside the government and out, think there is some sort of domestic involvement; things may be more complicated than I realize.

It's also not over. Last week, the Shadow Brokers were back, with a rambling and taunting message announcing a "Data Dump of the Month" service. They're offering to sell unreleased NSA attack tools­ -- something they also tried last August­ -- with the threat to publish them if no one pays. The group has made good on their previous boasts: In the coming months, we might see new exploits against web browsers, networking equipment, smartphones, and operating systems -- Windows in particular. Even scarier, they're threatening to release raw NSA intercepts: data from the SWIFT network and banks, and "compromised data from Russian, Chinese, Iranian, or North Korean nukes and missile programs."

Whoever the Shadow Brokers are, however they stole these disks full of NSA secrets, and for whatever reason they're releasing them, it's going to be a long summer inside of Fort Meade­ -- as it will be for the rest of us.

This essay previously appeared in the Atlantic, and is an update of this essay from Lawfare.

Dr. Neal Krawetz, self-proclaimed security specialist and forensic researcher, took to his personal blog to publicize three low-level vulnerabilities in the Tor browser bundle. Upon first read of that sentence, one might wonder why Dr. Krawetz used his personal blog instead of the proper channels. That, it seemed, was a majorly frustrating element for the researcher: that “official” channels rarely elicited a response at all.

Based on his post that summarized three vulnerabilities in the Tor browser, one might consider lack of communication between the Tor Project and (at least in this case) security researchers a vulnerability of its own. A quick read of some of his posts revealed that the researcher had a complicated relationship with the Tor project and the Tor Browser itself. But, it also showed that he was not in experienced in the world of anonymity and privacy on the internet. Despite some of the fundamental differences between his blog, The Hacker Factor (Blog) and DeepDotWeb, Dr. Krawetz raised concerns that were undeniably relevant to any Tor user.

Here, he explained the difficulties he faced when he attempted contact with anyone (other than the official Twitter account users) at the Tor Project.

“Over the last few years, I’ve tried to report some of these profiling methods (and solutions) to the Tor Project, but each time has resulted in failure. Often, my attempts to report a vulnerability or profiling risk has been met with silence. However, I’ll take silence over intentional ignorance. For example, exposing a risk on the TOR channel on Reddit often ends with people attempting to explain to me how a risk isn’t a risk. Here’s a helpful hint: if I can identify anything about you — beyond “you’re using the TOR browser”, then it’s a risk to your privacy. Any information disclosure defeats the purpose of trying to look like everyone else.”

The privacy concerns outlined by Dr. Krawetz fell under the “fingerprinting” section of de-anonymity. A brief explanation: the Tor browser, first and foremost, protects an IP address from being used (against you) as an identifying measure. Everybody using Tor should look the same as someone else using Tor. More on that in our Security Tutorials. Fingerprinting, if you will, usually translates into a seemingly non-critical data leak that, over time, can single out a user amongst hordes of others—even if they all look the same. Even Mozilla worked on Tor-like fingerprinting countermeasures in Firefox itself

Security enthusiast Jose Carlos Norte explained the term far better than I could:

“One common problem that tor browser tries to address is user fingerprinting. If a website is able to generate a unique fingerprint that identifies each user that enters the page, then it is possible to track the activity of this user in time, for example, correlate visits of the user during an entire year, knowing that it’s the same user.” (Norte, 2016)

The first of the fingerprinting issues outlined by Dr. Krawetz was about window and screen size. Since computers and mobile devices come with screens of all sizes, the Tor browser reports a fake value: that the screen and window are the same size. If a window size and a screen size are the same, “JavaScript can immediately detect the TOR-Browser.”

Dr. Krawetz’s fix: make the Tor browser always report that the client uses a screen with a size larger than that of the open window.

The second problem, another screen issue, only impacted MacOS users. (Or mainly MacOS.) The browser sometimes incorrectly calculated the screen size and thus recalculated the standard window size—a consistent 1000×1000. “[I]f the screen is smaller than that, then it will choose a width that is a multiple of 200 pixels, and a height that is a multiple of 100 pixels.”

He explained that this issue was inconsistent but was “fixed” upon removal of the dock. And therefore, the researcher explained, the Tor browser revealed whether or not a user ran Tor on Mac OS.

​

Dr. Krawetz’s fix: correctly calculate the screen size.

And the third issue is with the scrollbar. Different operating systems use different width scrollbars. The Tor browser makes attempts to keep everybody looking the same with respect to the screen and/or window size. But, “if scrollbars are displayed, then the Viewport Size can be subtracted from the Window Size in order to find the thickness of the scrollbars.”

Thanks to his research, we know the specifics:

• Tor on Mac OS uses 15 pixels of the window size.
• Tor on modern Windows uses 17 pixels.
• Tor on Linux allows an even more specific identification. “The thickness depends on the Linux variant and desktop platform, like Gnome or KDE.” 10 pixels on Linux Mint with Gtk-3.0. 13 for Ubuntu 16.04 with Gnome.
• And unofficial Tor browsers for mobile use zero pixels.

Dr. Krawetz’s fix: instead of pulling the true scrollbar value, have the Tor browser report a fake one. He suggested a value of 17 pixels—the size from the most prevalent operating system in existence, Windows.

For DeepDotWeb readers, the fix, not from Dr. Krawetz: turn off JavaScript.

The post Three More Reasons to Keep JavaScript off in Tor appeared first on Deep Dot Web.

Let’s face it, Information Security has about a bazillion possible questions at any given interview across a wide variety of possible topics. On top of that, InfoSec means a lot of different things to a lot of different people. For example, Information Security covers everyone from the guy at Best Buy running a copy of […]

The post Top 50 Information Security Interview Questions [Updated for 2017] appeared first on InfoSec Resources.