Daily Archives: January 17, 2018

Lenovo inherited a switch authentication bypass

Posted on by

Lenovo has patched an ancient vulnerability in switches that it acquired along with IBM’s hardware businesses and which Big Blue itself acquired when it slurped parts of Nortel.

The bug, which Lenovo refers to as “HP backdoor”, for reasons it has not explained, has been in present in ENOS (Enterprise network operating system) since at least 2004 – when ENOS was still under the hand of Nortel.

Lenovo’s advisory says the issue “was discovered during a Lenovo security audit in the Telnet and Serial Console management interfaces, as well as the SSH and Web management interfaces under certain limited and unlikely conditions”.

There are three vulnerable scenarios, the advisory said:

Authentication via the Telnet or serial consoles, if used for local authentication, “or a combination of RADIUS, TACACS+, or LDAP and local authentication under specific circumstances”;
The Web management interface is vulnerable when the user is authenticating via “a combination of RADIUS or TACACS+ and local authentication”, and then only in “an unlikely condition”; and
“SSH for certain firmware released in May 2004 through June 2004”, again with a combination of RADIUS or TACACS+.

The “unlikely conditions” Lenovo referred to depend on which interface is potentially being attacked.

For SSH access, the management interface is only vulnerable if the system is running firmware created between May and June 2004; RADIUS and/or TACACS+ is enable; the related “backdoor / secure backdoor” local authentication fallback is enabled (in this case, “backdoor” refers to a RADIUS configuration setting); and finally, a RADIUS or TACACS+ timeout occurs.

Source: Lenovo inherited a switch authentication bypass – from Nortel • The Register

Asus Bezel-Free Kit uses illusion to hide bezels in multimonitor setups

Posted on by

The concept is simple. Thin lenses are placed along the seams where screens meet; they contain optical micro-structures that refract light, bending it inward to hide the bezels underneath.
[…]
The kit’s optical obfuscation is designed to work at a specific angle. We selected 130° because it offered the best balance of comfort and immersion in internal testing. Proper fit and alignment are extremely important, so the lenses and associated mounting hardware are made for specific monitors.

Source: Bezel-Free Kit makes multi-monitor setups seamless | ROG – Republic of Gamers Global

OnePlus suspends credit card transactions after fraud

Posted on by

Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated.
[…]
As a precaution, we are temporarily disabling credit card payments at oneplus.net. PayPal is still available, and we are exploring alternative secure payment options with our service providers.

Source: An Update on Credit Card Security – OnePlus Forums

With the camera problems and data being sent quietly to a Chinese server, OnePlus is not exactly inspiring confidence, which is a shame after such succesful and valuable launch products in the Android space

Skygofree: Serious offensive Android malware, since 2014

Posted on by

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.
[…]
The implant provides the ability to grab a lot of exfiltrated data, like call records, text messages, geolocation, surrounding audio, calendar events, and other memory information stored on the device.
[…]
In the latest implant versions there are 48 different commands. You can find a full list with short descriptions in the Appendix. Here are some of the most notable:

‘geofence’ – this command adds a specified location to the implant’s internal database and when it matches a device’s current location the malware triggers and begins to record surrounding audio.

”social” – this command that starts the ‘AndroidMDMSupport’ service – this allows the files of any other installed application to be grabbed.

‘wifi’ – this command creates a new Wi-Fi connection with specified configurations from the command and enable Wi-Fi if it is disabled.

‘camera’ – this command records a video/capture a photo using the front-facing camera when someone next unlocks the device.

Source: Skygofree: Following in the footsteps of HackingTeam – Securelist

Hospital injects $60,000 into crims’ coffers to cure malware infection

Posted on by

The crooks had infected the network of Hancock Health, in Indiana, with the Samsam software nasty, which scrambled files and demanded payment to recover the documents. The criminals broke in around 9.30pm on January 11 after finding a box with an exploitable Remote Desktop Protocol (RDP) server, and inject their ransomware into connected computers.

Medical IT teams were alerted in early 2016 that hospitals were being targeted by Samsam, although it appears the warnings weren’t heeded in this case.

According to the hospital, the malware spread over the network and was able to encrypt “a number of the hospital’s information systems,” reducing staff to scratching out patient notes on pieces of dead tree.
[…]
The ransomware’s masters accepted the payment, and sent over the decryption keys to unlock the data. As of Monday this week, the hospital said critical systems were up and running and normal services have been resumed.

This doesn’t appear to be a data heist. The hospital claimed no digital patient records were taken from its computers, just made inaccessible. “The life-sustaining and support systems of the hospital remained unaffected during the ordeal, and patient safety was never at risk,” the healthcare provider argued.
[…]
It’s one thing to keep an offline store of sensitive data to prevent ransomware on the network from attacking it. It’s another to keep those backups somewhere so out of reach, they can’t be recovered during a crisis, effectively rendering them useless.

It just proves that when planning disaster recovery, you must consider time-to-restoration as well as the provisioning of backup hardware.

Source: Hospital injects $60,000 into crims’ coffers to cure malware infection • The Register

300 Dutch customers fell for fake popular website ring. Perps picked up and given a few months of prison time.

Posted on by

BCC and MediaMarkt are large electronics stores in NL. Ziggo is a large internet ISP. By linking to fake pages through marktplaats.nl (the Dutch ebay / Craigslist equivalent) people were able to shop for products on the fake sites, which were never delivered. Using a chat interface, the crims tried to gain access to the bank accounts of the marks. It very much surprises me that this kind of fraud only results in a few months in jail.

Een aantal mannen heeft voor grootschalige internetoplichting elk diverse maanden gevangenisstraf gekregen. Zij verdienden vooral aan namaakwebshops van onder meer BCC, MediaMarkt en Ziggo.

Source: Gevangenisstraf voor internetoplichting – Emerce

Microsoft wants to patent mind control – show how stupid the patent system really is

Posted on by

Microsoft has applied to patent a brain control interface, so you’ll be able to “think” your way around a computer device, hands free.Last year, Facebook claimed to have 60 engineers engaged in BCI [brain computer interface] but Microsoft isn’t going to take this sitting down. It’s erm, sitting down and thinking really hard.The application Changing an application state using neurological data was filed last year, and published last week. The inventors recently filed a related patent for a continuous motion controller powered by the brain. (US 2017/0329392: Continuous Motion Controls Operable Using Neurological Data).

Source: Microsoft wants to patent mind control • The Register


The problem is that the actual technology to do this doesn’t exist and they have nothing like a working prototype. Considering brain control has existed for some time, it’s a bit silly that this kind of conceptual work can actually be patented by someone with money. I can come up with loads of patentable ideas, but the bridge to creating some sort of working product is one too far for me. And the costs of patenting all my imaginations are far too high. This system basically puts small inventors at a huge disadvantage, but also pushes out innovation by small companies as they find that technologies they have invented and worked out are suddenly patented after the fact by large companies.