Tor Bots, Android Bots, and NSA Hacking
Another week, another InfoSec video. If you’d like to hear my quick take on the security news from the week, this video’s for you.
Today, I cover an FTC settlement that could have security repercussions for all software vendors, two unique new botnets affecting Tor users and mobile devices, and breaking news that the NSA is trying to crack our encryption. Watch the video for details, and check out the Reference section for links to other stories.
(Episode Runtime: 11:19)
Direct YouTube Link: http://www.youtube.com/watch?v=nQNjVrdR8lk
Episode References:
- FTC puts TRENDnet on 20 year security audit probation – Forbes
- Tor maintainers believe botnet is responsible for increased traffic – Tor Blog
- Fox-IT confirms Tor botnet, and traffic increase – Fox-IT Blog
- Kaspersky uncovers Obad mobile botnet – Securelist
- The Guardian on NSA attacking encryption – The Guardian
- Bruce Schneier NSA encrption OpEd 1 – The Guardian
- Bruce Schneier NSA encrption OpEd 2 – The Guardian
- NYT piece on NSA foiling encryption – NYTimes
- CALM DOWN: The NSA hasn’t cracked encryption – Business Insider
Extras:
- Facebook almost mishandles another vulnerability report – The Register
- SSL BREACH attack test tool released – Github
- Nettraveler exploiting a new Java flaw – Threatpost
- Flaw disclosed in proprietary Army auth system – Buzzfeed
- Public exploit released for old Safari flaw – Packet Storm
- MegaPwn proves local attackers can access private keys – Github
- Microsoft plans fourteen security updates next week – Computer World
— Corey Nachreiner, CISSP (@SecAdept)
TRENDnet cameras hacking: The most common security-related errors in the code – are the most wide spreaded errors. Trivial directory traversal, which leads to authentication traversal, exploited only with a knowledge on exact URL to target CGI module (and some previous research of firmware)…Simply, looks like this is “children’s mistake” related to Web-server security.