HP’s Backdoor | TechSNAP 116

HP’s Backdoor | TechSNAP 116

Opera’s code signing certificate gets compromised, resulting in malware getting push out via their automatic update system.

Plus the backdoor that ships in some high-end HP products, your questions, and much much more.

On this week’s TechSNAP!

Thanks to:

Use our code tech249 to score .COM for $2.49!

35% off your ENTIRE first order just use our code 35off3 until the end of the month!


Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

Opera code signing certificate compromised

  • On June 19th Opera uncovered, halted and contained a targeted attack on their internal network infrastructure.
  • There is no evidence of any user data being compromised.
  • The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware.
  • This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser.
  • It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.

How much is your gmail account worth?

  • University of Illinois at Chicago has developed ‘CloudSweeper’
  • Connects to your gmail account via oauth and scans all of your email
  • Finds which accounts you have connected to your gmail
  • If an attacker were to compromise your gmail account, they could reset the passwords for and gain control over all of these accounts
  • The service uses an index of the value of these accounts from various underground forums
  • Tells you how much your gmail account would be worth to an attacker
  • Finds services such as: Amazon, Apple, Groupon, Hulu, Newegg, Paypal, Skype, UPlay and Yahoo
  • Optionally, it can also scan your email for plain text passwords in emails
  • If found, CloudSweeper can connect to gmail via imap and edit these emails, either removing the password entirely (redacting), or encrypting it (replacing it with an encrypted string), Then provides you with a decryption key (a long string of text, or a QRcode for simplicity)
  • If you ever need to decrypt the password, you return to CloudSweeper and scan the QRCode
  • Krebs on Naming and Shaming Plain Text Passwords
  • PlainTextOffenders.com
  • PasswordFail.com – Browser extension to warn you before you sign up

$80,000 HP Backup device contains undocumented support user with fixed password

  • HP announced that their D2D/StoreOnce deduplication backup products contained a flaw
  • It seems there is an undocumented support user, named ‘HPSupport’, with a fixed 7 character password
  • That means that if a person were to brute force that password, they would have SSH access to every StoreOnce device deployed around the world
  • It just so happens, that is what someone has done, and they have even been helpful enough to provide the SHA1 hash of the password, so with a little effort, everyone else can brute force the password too
  • HP will release a patch to disable this account on July 7th
  • “In the interim, customers who wish to disable the backdoor can contact HP support for assistance on this,” the advisory noted. “HP support personnel will provide the assistance to manually disable the HPSupport user account.”
  • Full Disclosure researcher
  • HP Said: “HP identified a potential security issue with older HP StoreOnce models. This does not impact StoreOnce systems with the current version 3.0 software, including the HP StoreOnce B6200 and HP StoreOnce VSA product offerings. HP takes security issues very seriously and is working actively on a fix.”

  • In December 2010, a similar problem was exposed with some HP NAS devices


Round Up:

Question? Comments? Contact us here!