Security Roundup - 2017-09-22

Posted on  by , and

CCleaner malware carried out targeted attacks. CCleaner made the rounds this week, when a backdoor was discovered in official releases from Avast. Further investigation has indicated that this backdoor was actually used in a targeted fashion against specific companies, including Cisco, Intel, Akamai and Microsoft. In total, it looks like this backdoor was active for 31 days, infecting 700K machines in just 4 of those days.

AI improves upon password guessing techniques. Until now, “smart” password guessing techniques relied upon permutations supplied data and common password choosing techniques. However, due to the numerous breaches and resulting disclosure in passwords, we’ve reached a point where there is enough data to train learning algorithms to guess passwords. That’s right, by using known passwords, we can now more accurately predict unknown passwords. This is yet another case for password managers, and letting them generate random, long, passwords for you, for every single login.

iTerm accidentally discloses passwords. iTerm was making DNS requests on your behalf, trying to determine if your DNS provider could resolve the name in question. If the domain resolved, the UI would make the link blue, indicating that you could click through. We tried this out by holding the command button while hovering over this fabricated domain name to test:

iTerm Input

Here comes the response- the domain wasn’t found, so the UI does not highlight the domain name:

iTerm Request

This issue was fixed tremendously fast by the developer, and you can see the timeline here.

iTerm Response

International Standards Organization Rejects NSA Encryption Algorithms. As a result of the leaks by Edward Snowden, and the exposure of the NSA conspiring to advocate for algorithms that they could penetrate, the International Standards Organization(ISO) has rejected two proposed block ciphers from the NSA: SIMON and SPECK. The general sentiment was that the NSA is in the business of undermining standards, while members of the ISO are in the business of securing standards.

SEC attempts to bury breach disclosure amid 4k word statement. In Section II, second paragraph, the SEC admits to being breached in this post, which then continues to ramble on about many other things in an effort to mitigate the fact that filings had been accessed, and trades were probably made based upon the information that was not yet public.

Sparkfun analyzes credit card skimmers. We’ve covered credit card skimmers in the past, and ones at the pump most recently. Sparkfun goes over some recent skimmers they helped law enforcement evaluate, as well as an app they designed to try to detect skimmers that pretty much anyone can use.

Ichidan is a Shodan-like Search engine for the Dark Web. Recently, a Bleeping Computer staff member came across Dark Web portal called Ichidan which is used to search for Tor onion sites, similarly to how Shodan is used to search for exposed IoT devices. A researcher contacted by Bleeping Computer commented saying the Search Engine is quite useful, and allowed him to discover security issues with a Dark Web service in a matter of minutes. They also mention this is useful when tracking cyber-criminals, but is a bit less desirable when you’re a legitimate user just trying to stay anonymous. Ichidan isn’t the only way to discover such data, but it is a more convenient method over cumbersome command-line pen-testing tools. Also of note is the ease with which Ichidan allowed the researchers to confirm a previous result that the Dark Web is shrinking 85% in size in just last year, from about 30000 websites down to around 5000.