Friday, July 24, 2015

Ohhh, maybe there WAS classified email on that server after all...

According to WashTimes, there WAS classified material on Hillary's server
http://www.washingtontimes.com/news/2015/jul/1/state-dept-admits-dozens-hillary-clintons-emails-c/?page=all

Isn't it the case that the president is the ultimate classification authority?  So that settles it - it wasn't classified, the president did nothing wrong

"I'm not going to have some reporters pawing through our papers. We are the president."
Quoted in Blood Sport: The President and His Adversaries (p. 368), James B. Stewart, December 1993

Posted by at No comments:

Thursday, July 16, 2015

Intelsecurity analysis of UEFI rootkit from HackingTeam, and a revelation

This is courtesy of Xeno's twitterfeed

 http://www.intelsecurity.com/advanced-threat-research/blog.html


From the paper:
Updating the SPI flash, where system firmware is usually stored, is usually accomplished either through physically attaching a programmer to the chip or through a signed update mechanism built into the firmware. One of the leaked emails contains a presentation (presumably for potential customers) that describes this:

 Explanations:
  1. "Attaching a programmer to the chip" - well known - supply chain attack or "black bag job"
  2. "Signed update mechanism" - presumed, but important since I think this is much more common on enterprise systems over personal or consumer
This  is key - it means it needs a bag job, or an enterprise system.

If you support enterprise systems, you can consider yourself a target.

I'm sorry their email was compromised, but they're doing bad things, and they're not an entertainment company here, trash talking movie stars.  They're targeting me and my clients/sponsors - the contents of the emails and files are fair game for us to protect ourselves.

 How do I protect myself or my clients?

From the paper:

Intel has released CHIPSEC, which contains various tests and tools for platform security assessment, including some forensic capabilities.

They go on to give examples of how to use and what the results mean, and most importantly:
 
Installing [the Hacking Team] firmware rootkit involves rewriting SPI flash. The system firmware is responsible for securely configuring the protections on SPI flash in order to prevent this. CHIPSEC contains configuration checks that users can easily run:
    • python chipsec_main.py -m common.bios_wp
This does not mean that the system is infected, but it would be harder to infect a system that passes this test than one that fails.If this test fails, it may be possible for software running on the system to modify the BIOS in the SPI flash due to insecure configuration of the hardware protections. 

This means to me that you'll need python to run it (go figure, we're on windows, guys) , but I'll spin it up on a couple of machines to see what happens

P
Posted by at No comments:

Sunday, July 12, 2015

Oh. My. God. Flickr made a change on May 7 to upload ALL your photos to themselves, and I missed it

Yes, I only noticed now that Flickr uploads everything from your iphone into their cloud

http://mac.softpedia.com/blog/Yahoo-Releases-Flickr-4-0-for-iOS-with-Instagram-Sharing-Support-New-Look-480407.shtml

I just went to their app and saw all my pictures.

HOW COULD I HAVE MISSED THAT?!
Posted by at No comments:

Thursday, July 9, 2015

Why Yes, legislators in other countries (especially the EU) are idiots too

Updated:  German publishers lost similar cases in 2014 and again in 2015 and are trying again. Basically VG media wants the German government to both require payments from Google for all traffic they send, and to send the traffic too.  Good luck with that!

Like Spain, where in Dec 2014 they passed a law requiring all search engines to pay newspapers for snippets and links, whether the newspapers wanted them to or not.    Google on December 11 2014 responded with:
"it’s with real sadness that on 16 December (before the new law comes into effect in January) we’ll remove Spanish publishers from Google News, and close Google News in Spain."
Techdirt called it the "Nuclear Option", although the rest of us can call it "Duh".  What were they thinking?

Update after reading (more of)  the Forbes article: Well.  My mistake. 6 months later, Google News ES is still closed.  Huh.  I guess they don't have a problem with that.


Hopefully the message wasn't lost on Germany, pushing for the same thing again in July 2015

Oh well, here goes Spain again, going full police state on everyone,  banning demonstrations and taking pictures of police.


Perry

PS. Oh and patch your systems too
Posted by at No comments:
Labels: , , , , , ,

Wednesday, July 8, 2015

It's time to set "click-to-play"

According to the lovely @SwiftonSecurity  there's at least one flash zero day out now, and you can get cryptolocker from malvertising

Instructions to set click-to-play are here:

http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

In a nutshell:
  1. Chrome - Settings-Advanced-Privacy-Content-Plugins-"Let me choose"
  2. Firefox - Tools -> Addons -> Plugins drop-down -> Ask to Activate
  3.  Internet Explorer -> gear icon -> Manage Add-ons -> Toolbars and Extensions -> Shockwave Flash Object plug-in under Adobe Systems Incorporated, right-click it, and select More information ->Remove all sites button
Posted by at No comments:
Subscribe to: Comments (Atom)