Security Vulnerability Awareness Thread

[anoni]

Every now and again a massive software vulnerability allows hackers to be able to compromise systems that were once thought to be healthy, it's good to know about these hacks so I made this thread where people can share important vulnerabilities or problems hackers could exploit in order to raise awareness.

The current big one is Meltdown and Spectre, a vulnerability in intel (and some AMD) processors that allow programs to access arbitrary memory of other programs through speculative execution. What this means is that a hacker can run a program to read the memory of any other program running on your computer, did you type your password in Google chrome? Well a hacker can now read that.

Who does this affect?

  Basically everyone, if you have an intel CPU then you are definitely affected, no matter what operating system you use. Some AMD processors are also affected but most are not. Even if you are on an AMD processor many large companies such as Google and Oracle use Intel processors in their cloud servers, so it's very possible you can still be affected if one of these companies are hacked and your account information leaked.

How to fix this?

  All major operating systems have released patches to combat Meltdown, keep in mind some users have reported these patches have led to a significant performance hit to their CPUs (about 30% all the way to 500% slower), particularly in programs that rely on system calls. No patches have been made to combat Spectre as of yet, as Spectre uses an attack vector that is difficult to detect, some AV programs are combating spectre by comparing binaries of execs that may be spectre, but this can be worked around pretty easily by an attacker. So currently computers are relatively undefended against spectre bugs. Intel claims they have released a patch to fix spectre, but a lot of security engineers are very skeptical they actually fix the issue, so it's best to assume you are still undefended.


  Stay safe online!

https://www.gizmodo.com.au/2018/01/what-we-know-so-far-about-meltdown-and-spectre-the-devastating-vulnerabilities-in-modern-cpus/

[anoni]

To add to the password notes, a lot of people think that if a password is longer then a certain degree, it is impossible to crack. For example, the famous xkcd article that says the password "correcthorsebatterystaple" would take 550 years at 1,000 guesses per second to solve, but in general password crackers do not use use standard brute force, instead they use dictionary attacks. In a dictionary attack a password will guess random password being comprised of english words, doing random variations to those english words until the password is discovered. Against a dictionary attack a password like correcthorsebatterystaple will be solved relatively easily as its simply just four english words, so it will take considerably less than 550 years (still a little while because it's 4 english words) for a hacker to solve.

As well, many people use the same password for many different sites, which means if one password is leaked via a database leak on a website you joined, then all your passwords for all your sites have now been leaked and yes hackers will test those passwords on other accounts you have. The best thing you can do for passwords is to use a password manager, these programs generate entirely random passwords for you and keep track of which password is used, you only have to remember one password (the password to the password manager) and all your programs can be logged into securely without you happening to remember anything, some examples of password managers are here: https://www.csoonline.com/article/3198507/security/the-6-best-password-managers.html

(Of course be aware using a password manager does create a single point of failure, which means if the password manager is hacked you will be in trouble, so use a trusted and secure password manager). Finally with 2FA, phones can be hacked pretty easily these days, especially via snooping through messages and what-not. If you want to have the most secure 2FA, buy a flip phone (you can get them for like $20) that are used ONLY for 2FA. non-smart phones are difficult to hack!

   

[Momma Bird]

Oh boy, oh boy! Where do I start in on this one.


First, I would like to ask, how is it that a hacker can read memory from a processor regardless of the operating system? Yes, Windows and Macintosh run with UNIX/Linux operating at the core, however, the architecture is vast enough I would imagine that it would be next to impossible to acquire access to the CPU without first navigating the operating system on the system? Unless, of course, it is on the BIOS or UEFI level...


Second - WordPress, WordPress is consistently having problems with black-hat hatters buying ownership of well known plug-ins and creating back doors within future releases. If you employ WordPress in any shape of form, one should be cautious. Seriously, its a growing problem; https://www.wordfence.com/blog/2018/01/wordpress-supply-chain-attacks/


Third - Samsung, Samsung Smart Television where cough recording conversations within the home without user consent. It is even stipulated within there user agreement, something like 'keep cautious of what you say around the television'. It's much older news now, so you would have to research it yourself if you are interested.


Fourth - Bose, Bose spies on what you listen to and for how long. https://smartphones.gadgethacks.com/news/your-bose-headphones-are-spying-you-0177193/


Fifth - ManTistek GK2, ManTistek was caught keylogging! Windows 10 has already been accused of this, however, ManTistek now joins the list.  https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html


Sixth - Lenovo, Lenovo was cough shipping computers with RootKit's! Seriously, why do people still purchase from this companie? https://thehackernews.com/2015/08/lenovo-rootkit-malware.html


Conclusion, This is just a list of the stuff I know about, I know there are many more. Nothing is safe. Anything you do or type is going somewhere, or more even more somewheres, then your intended destination. If it's not hackers, it's giant companies that you pay to use their product.


If anyone is really concerned, I would recommend getting the latest copy of "Network+" and "Hacking the Art of Exploitation, 2nd Edition". Yes, the second book is an older book (2008), however, lots of the info is still relevant. The best network security experts learn how to Hack.




EDIT: Corrected one semi-correct statement and touched up format.

[Momma Bird]

Okay, your explanation seems to make sense.


As for Windows with UNIX/Linux core, that is how it was explained to me, so I may be wrong. Mac and Linux are my primary, wheres Win I only really use for the GameMaker IDE. Thank you for pointing out my error.

[Momma Bird]

Yea, sadly this issue is one of the worst parts of 2017. I have an old router that the supplier does not even update anymore and a BlackBerry Leap on BlackBerry 10 OS which is not supported anymore either. Financially, it is not the best idea to purchase a new router as of yet, and I dislike iOS and Android. For the most part, I habitually turn off WiFi when not in use on most of my devices anyway, but sadly, I can not help but wonder in the back of my mind how much is exposed to some kid with a laptop in range of our broadcast.


I am usually busy with software development, but me thinks it's time to dust off a copy of Kali Linux and start playing network monitor on the side. I am running an online business at home, so these issues are a rather big concern considering future potential monetary gains are at stake.


Might have to bite the bullet on a new router sooner then desired.



 

[Momma Bird]

- Use Ethernet to connect your computers to the router: no Ethernet data can be leaked wirelessly, the only way to intercept Ethernet data is packet sniffing, and to achieve this attack an attacker already has to be inside your local network, and to prevent this... we'll come to that later.

This is what we did at my parent's place before I moved out in '08. We had Cat 5s running to different rooms from one central room with a router. These wires where actually strategically placed behind the drywall. I really miss that.

- Use mobile data on your phone. In short, avoid wireless traffic as much as possible if you live in a crowded place, if you don't live in such a place, you could ignore these safety cautions but safer always equals better.

I wish. Data plans are too expensive. It's like $80 a month minimum with Telus. I got a "Pay Your Way" plan with Freedom, but it's a $1 a MB.

- Install HTTPS Everywhere: this is a browser extension for Opera, Chrome, and Firefox that forces every packet to be sent through a SSL tunnel, in short, it makes HTTP data encrypted like in HTTPS. Although an attack called SSL Strip exists to decrypt SSL-protected data, it's mostly outdated and won't work in most upgraded browsers, since it relied on vulnerabilities of older browsers versions, so this brings us to our last two points:

I have looked into this, however, to my understanding, it's only works on sites that support HTTPS. Please do correct me if I am wrong.

You should also keep your local network as an Intranet, so that it's not directly connected to the Internet except for a machine that interfaces between the two, and that machine will have to be as secure and safe as possible because it will be the only entry point to your precious Intranet.

This is a really good idea. I used to have my devices behind a wired router that was behind our wireless router. Thus having my own network and did not have to worry about worm viruses. However, it's a moot point now considering it died and that our wireless router is out of date and thus the week point.

[anoni]

Okay, your explanation seems to make sense.


As for Windows with UNIX/Linux core, that is how it was explained to me, so I may be wrong. Mac and Linux are my primary, wheres Win I only really use for the GameMaker IDE. Thank you for pointing out my error.

MacOS and linux are Operating systems that share the same kernel which is called Unix. A kernel is just the foundations of an operating system, it basically is the "core functionality" of the OS, sharing start up, I/O operations and stuff like that. The operating system is then built ontop of the kernel to act as an interface for acting on the kernel.

I guess if you want to develop a computer map it would work like this

Hardware: The very basics of computing starts off with hardware, attacks on hardware are rare because they would rely on physically developing the software. But an attack on the hardware of a CPU (IE: If someone gave you a CPU that they built a backdoor on) would be impossible to detect or fix on any level of the computer (potentially, depends on the attack ofc).

Firmware: Firmware is programming on the hardware (such as the CPU) that acts as instructions on how the hardware is to operate. Firmware is the stuff that handles how the hardware operates like controlling speculative execution. This is the level that Spectre and Meltdown attack.

Kernel: Kernel is the software that runs ontop of the firmware, unlike firmware the kernel is purely software and thus can be programmed and modified very easily. The kernel primarily acts as a method of initializing the operating system, and acting as an interface between the operating system and the firmware.

Operating System: This is the enclosed space in which all userland programs run, the operating system can be kinda seen as an interface between the USER and the KERNEL, and obviously is what we mostly use.

Programs: Programs are applications that run on the operating system, the program is what we actually use when we want the computer to do something.

So on this level, a bug affecting an OS can't in general be fixed by a program, a bug in a kernel can't be fixed in the operating system and a bug on the firmware can't be fixed in the kernel. This is the general case, specific bugs will have specific work arounds in the upper layer, for example there are some OS system level measures that can make spectre (a firmware bug) very difficult to utilize, but not necessarily impossible.

[Momma Bird]

Hmm, so has anyone heard about on-line adds using your computer to mine for ctyptocurrency? YouTube, allegedly is also susceptible to this. I had just heard about it now, but seem to be not so new news...


https://www.inquisitr.com/4756569/youtube-serves-ads-with-cryptocurrency-miners/


Add-blockers and anti-viruses seem to assist in curbing this annoyance, however.


Just thought it may be of interest.