Attachments of Mass Destruction | TechSNAP 163

Attachments of Mass Destruction | TechSNAP 163

Microsoft and Adobe have a boatload of emergency fixes, the Replicant project finds a nasty backdoor in popular Android devices & the exploit that weaponize your webcam that’s one attachment away.

Plus a great big batch of your questions, and our answers. All that and much, much more!

Thanks to:




Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Microsoft and Adobe release flood of critical patches

  • “Microsoft: eight bulletins, two critical – addressing 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework”
  • The first critical issue that involves IE MS14-029 we’re learning about for the first time today. Researchers with Google’s Security Team have already spotted limited instances of one of the vulnerabilities (CVE-2014-1815) being targeted, which means this should probably be No. 1 on users’ patching agendas.
  • The batch of patches also includes a second critical security update for IE MS14-021 that addresses a previously disclosed vulnerability in versions 6 through 11 of the browser.
  • “Missing from the updates are patches for vulnerabilities dug up at March’s Pwn2Own hacking competition, including three IE vulnerabilities that bypassed sandboxes and compromised the underlying system”
  • “In a blog entry yesterday the company pointed out that it has extended its requirement for consumer customers to update to 8.1 from today until June 10 but that after that date, like it promised, those who haven’t updated will not receive security updates.”
  • “Adobe: released two updates today, fixing critical issues in Reader and Acrobat XI (11.0.06), Strung together the wrong way, they could cause a crash and potentially let an attacker take control of an affected system.”
  • “Along with a surprise Flash issue. The Flash Player update involves version of the software and earlier versions for Windows, Macintosh and Linux. The issues were not previously made clear in a security bulletin but address vulnerabilities discovered by Keen Team and other researchers that could result in arbitrary code execution and ultimately let an attacker take control of the affected system.”
  • Adobe also released a minor security hotfix for Adobe Illustrator CS6 today, fixing a stack overflow vulnerability – something also marked critical by the company – that could lead to remote code execution.

Open Source Android fork Replicant finds and closes backdoor

  • While working on Replicant, a fully free/libre version of Android, they discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system.
  • This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone\’s storage. On several phone models, this program runs with sufficient rights to access and modify the user\’s personal data.
  • Today\’s phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network.
  • These systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device. The spying can involve activating the device\’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator\’s network, making the backdoors nearly always accessible.
  • A technical description of the issue, as well as the list of known affected devices is available at the Replicant wiki.

Heartbleed certificate regeneration done wrong in large number of cases

  • Netcraft did a survey of SSL certificates to see how Heartbleed affected SSL certificates
  • There are 3 required steps to properly replace the SSL certificate
    • Generate a new private key
    • Get issued a new certificate with the new key
    • Revoke the old certificate so it can no longer be used
  • They found that 43% of certificates had been reissued
  • However they found that only 20% of certificates had been revoked (meaning 23% replaced their certificate but did not revoke the old one, so the old one can still be used by an attacker to perform a man-in-the-middle attack)
  • Worse, they found that 7% of certificates had been reissued with the SAME private key, meaning if the private key was stolen, the new certificate is compromised as well
  • So in total, only 14% of sites had taken all three steps required to replace their possibly compromised certificates


Round Up:

Question? Comments? Contact us here!