Proprietary Junk and Security Problems

posted by Roy Schestowitz on Sep 15, 2022

• Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

  A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here’s a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.

• Iranian nationals charged in alleged ransomware conspiracy [iophk: Windows TCO]

  The four-count grand jury indictment returned in Newark federal court charged the trio with [cracking] conspiracy, two counts of computer [cracking] and a count of computer extortion over an alleged ransomware conspiracy that targeted a range of organizations and critical infrastructure sectors such as healthcare centers, power companies and transportation services inside the U.S. and abroad.

  Mansour Ahmadi, Ahmad Aghda, and Amir Ravari [broke] into hundreds of computers inside the U.S. and around the world by often exploiting known vulnerabilities in network devices or software programs, the indictment said.

• Three Iranian [Crackers] Charged in 'Ransomware-Style' Hacking Campaign [iophk: Windows TCO]

  The three Iranian nationals — identified as Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari — are accused of carrying out "computer intrusions and ransomware-style extortion" between October 2020 and August 2022, according to a 30-page indictment unsealed Wednesday.

  The men remain at large and are believed to be in Iran, according to U.S. law enforcement officials.

• DOJ indicts Iranians for allegedly [cracking] and extorting US groups [iophk: Windows TCO]

  U.S. officials accused the defendants of exfiltrating data from the organizations’ computer systems and attempting to extort money from them by either threatening to release the stolen data or keeping the data encrypted unless the hackers were paid.

  The [crackers] allegedly demanded hundreds of thousands of dollars in ransom payments, which some victims paid to regain access to their data, a senior DOJ official said during a background call on Wednesday.

• Istio / Support for Istio 1.13 ends on October 12th, 2022

  According to Istio’s support policy, minor releases like 1.13 are supported until six weeks after the N+2 minor release (1.15 in this case). Istio 1.15 was released on August 31st, and support for 1.13 will end on October 12th, 2022.

  At that point we will stop back-porting fixes for security issues and critical bugs to 1.13, so we encourage you to upgrade to the latest version of Istio (1.15). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

  We care about you and your clusters, so please be kind to yourself and upgrade.

• Using Pushdown Automata to verify Packet Sequences - vanitasvitae’s blog

  As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach;

  An OpenPGP message contains of a sequence of packets. There are signatures, encrypted data packets and their accompanying encrypted session keys, compressed data and literal data, the latter being the packet that in the end contains the plaintext body of the message.

  Those packets can be sequential, e.g. a one-pass-signature followed by a literal data packet and then a signature, or nested, where for example an encrypted data packet contains a compressed data packet, in turn containing a literal data packet. A typical OpenPGP message can be visualized as follows:

  [...]

  From “start” we transition to “OpenPGP Message” by pushing ‘#’ and ‘m’ on the stack. The we read “Compressed Packet from input, pop ‘m’ from the stack and transition to state “Compressed Message”. Since the “Literal Packet” is part of the Compressed Packet”s contents, we now create a new child PDA with input stream “Literal Packet”. After initializing this PDA by pushing ‘#’ and ‘m’ to the stack, we then transition from “OpenPGP Message” to “Literal Message” by reading “Literal Packet” and popping ‘m’, after which we transition to “Valid” by popping ‘#’. Now this PDA is ended up in a valid state, so our parent PDA can transition from “Compressed Message” by reading nothing from the input (remember, the “Compressed Packet” was the only packet in this PDAs stream), popping ‘#’, leaving us with an empty stack and empty input in the valid state.

  In PGPainless’ code I am planning to implement OpenPGP message validation by using InputStreams with individual PDAs. If a packet contains nested data (such as the Compressed or Encrypted Packet), a new InputStream will be opened on the decompressed/decrypted data. This new InputStream will in turn have a its own PDA to ensure that the content of the packet forms a valid OpenPGP message on its own. The parent stream on the other hand must check, whether the PDA of it’s child stream ended up in a valid state before accepting its own packet stream.

• 5 Kali Linux books you should read this year - Help Net Security

  Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.

  Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone.

• The Digital Soldiers Taking America’s Forever Wars Online

  The three men and three women stood with their right arms raised. Behind them the remains of the daylight hued the sky a bluish gray. As a fire danced at their feet, they gazed straight ahead at a camera recording their words. The square-jawed man in the middle, retired Lt. Gen. Michael T. Flynn, spoke first. The others, including members of his family, repeated after him.