February 2016 – Paul's Notepad

Pirated App Store client for iOS found on Apple’s App Store

Paul Darr / 2016-02-22 / Leave a Comment

Threat: Pirated App Store client for iOS found on Apple’s App Store
Solution: Do not install software from unapproved third party app stores as the applications are riskware and some of the applications installed may contain malware.

URL: https://www.helpnetsecurity.com/2016/02/22/pirated-app-store-client-ios-found-apples-app-store/

An app called “Happy Daily English” available in the Appale App Store has been revealed to be a fully functional third party app store client. This new discovery shows some techniques that can be used to fool app reviewers and the programing language also allowed the application to be updated without approval from Apple.

The app developer also analyzed Apple’s proprietary protocols to implement some functionalities of Apple’s Xcode IDE to automatically generate free personal development certificates. So far the application hasn’t stolen any account information but has used it for analytical purposes. I recommend avoiding cracked software app stores as they are both illegal and often introduce vulnerabilities.

Pirated App Store client for iOS found on Apple’s App Store Read Post »

Vulnerability in the GNU C library

Paul Darr / 2016-02-16 / Leave a Comment

Threat: A vulnerability in the GNU C library allows a buffer overflow attack to be performed on software compiled with glibc.
Solution: Install software updates for software compiled with glibc immediately.
URL: http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

Basically this vulnerability can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they’re exposed to man-in-the-middle attacks. Devices that are most likely to be vulnerable are Linux based servers and internet devices. The maintainers of glibc have already released an update that patches the vulnerability. So patching for a server admin should be a simple manner of performing updates.

Where the impact of this vulnerability is less clear is various Internet of things devices that often don’t receive a software update over the life of the device. Many of those devices may remain vulnerable until they are replaced. One device that is not vulnerable is Android, as it uses a glibc substitute called Bionic.

Vulnerability in the GNU C library Read Post »

My top two web filters

Paul Darr / 2016-02-11 / Leave a Comment

I was doing a project for my Network Security class last night and I thought I would share some of the results from my review of different web filter products. Many of us might be in the market for a web filter. The reasons might not just be for content filtering, they can also be used as a highly effective tool for blocking malware transmission and hoax/malicious websites. Each of the products I am about to share can perform theses tasks.

1. OpenDNS by Cisco
OpenDNS takes a DNS approach to web filtering and can be enabled on the client and/or the network router. The home use tier offer three options for products. The first is a set and forget “Family Shield”. The second is a “Home” version that allows some customized filtering and identity theft protection. The third “VIP” option costs $20 a year and has usage stats and other useful settings.

2. K9 Web Protection by Blue Coat
K9 takes a software based approach to web filtering. It’s available for Windows, MacOS, iOS, and Android. K9 uses Blue Coat’s unique caching technology, so your Internet experience is always as fast as possible. I have generally found software based solutions slow in the past but K9 seems to do better at this than most others.

My top two web filters Read Post »

Skimmers Hijack ATM Network Cables

Paul Darr / 2016-02-09 / Leave a Comment

Threat: Skimmers Hijack ATM Network Cables
Solution: Don’t use machines that look like they may have been tampered with. ATM manufacturers need to enable encryption of all data from these machines.
URL: http://krebsonsecurity.com/2016/02/skimmers-hijack-atm-network-cables/

Many of us know someone that has had their account compromised. In a blink of an eye their bank account has been emptied by an attacker. In some of these cases you or your friends data may have been stolen using an ATM machine that has been modified to transmit your data like in the article linked to above. Instead of skimming the magnetic strip directly, like some attackers do, these attackers use a device to perform a man-in-the-middle attack.

Unfortunately, these machines normally only encrypt part of your data but leave things like your account number vulnerable. The attacker combines the use of camera for your PIN and they gain access to your account. The best way to avoid these forms of attacks is to not use a machine that looks like it may have been compromised anyway. In addition using indoor machines and not ones that are vulnerable to attack outdoors is advisable.

Skimmers Hijack ATM Network Cables Read Post »