Security Roundup - 2016-07-20

Last week I happened to miss this great interview with Mårten Mickos, the CEO of the HackerOne bug bounty platform. This week, HackerOne has announced their ‘Hack the World’ competition, where all reports submitted on the platform from now until September 19th will give you an opportunity for further prizes.

Automotive security seems to be ramping up, with several bug bounties related to them, as well as security vendors selling solutions aimed at manufacturers.

Watcher of Mr. Robot? You might be interested in this article detailing the amount of realism that goes into making the show.

Google is apparently experimenting with post-quantum computing crypto. They have started to roll out a new encryption algorithm called “Ring Learning with Errors” that users of ‘Chrome Canary’ will be able to take advantage of, while Google gets a better sense of ‘real world performance’.

More security appliance problems recently. The first from Juniper, where specially crafted authentication certificates would allow anyone to connect to the network. The second comes from Cisco, where an attacker could crash routers, also another vulnerability where attackers could actually modify settings using SNMP.

New problems with old RFCs lead to the ‘httpoxy’ vulnerability reported this week. This is apparently due to the documented behavior for CGI handling headers is to append ‘HTTP_’ to them, thus making ‘PROXY’ into ‘HTTP_PROXY’, which is an actual environment variable for configuring an outbound proxy. This potentially means that for certain CGI apps, an attacker could configure a host to send all outbound http requests through a proxy they specify. Cloudflare and Akamai customers are already automatically protected.

BreakingMalware has recently discovered that the usage of ‘hooks’, a method to intercept and monitor system calls, commonly used for things such as Antivirus are exploitable

In more machine learning and cybersecurity news, a few companies point out it is likely to be more of a hybrid approach between automated algorithms and human review. The automated algorithms work to surface the most important stuff, weed out false positives, and flag everything else for reviews by the human element, with the human element providing said review to produce a feedback loop to improve results. The advanced problem is creating systems that aren’t able to just detect known problems, but to flag new things that are not initially noticed as problems, similar to antivirus movement away from signatures to more robust forms of malware detection.

2016 has been a big year for Ransomware and Checkpoint has put together a good writeup of executable evolution. It is an interesting read contrasting the one set of ransomware becoming more difficult, while others are going for simplicity and effectively using the social lever of fear to just get them to pay up quickly.

Researchers from the University of Florida have put together a ransomware detection system. Rather than basing it on signatures, their system (dubbed CryptoDrop) monitors for behavioral changes, such as mass deletions or certain transformations which are indicative of ransomware. They claim to detect more than 500 variants from 14 families, with small amount of file loss (median of 10 files).

As always BleepingComputer has the best ransomware roundup. This week includes ransomware faking other ransomware, new evolutions to existing ransomware, and CryptXXX releasing free decryption keys for old variants.

I’ll be at this year’s HOPE conference. Lots of great talks, and hope to meet some interesting people!

Written on July 20, 2016