Android IMSI Dectector

The second article talks about a man in the middle technique that is used on android mobile phones. It is a false tower that acts between a mobile device and the real network tower. Most of the devices in the USA are known as sting rays and can be used for many different attacks. The article is a catcher that detects these fake towers and protects you from being vulnerable to them. Building an IMSI catcher is quite cheap and easy and is something people can do. It’s interesting to think about how attackers can use a man in the middle attack to get information from your mobile device.

http://www.reddit.com/r/netsec/comments/32soaz/android_imsicatcher_detector/

Youtube Comment Vulnerability

The first article this week talks about an exploit on moving YouTube comments from your video to any other video. Basically it worked by having your comments put onto a hold comments for review option and then the comments were listed in a review tab. When you accepted the comments it sent a simple http request full of information. There was simple parameters of comment id and video id. If you don’t change the video id and only change the comment id to any other comment id that is located on another YouTube video the request gets accepted and gets appeared on said video. The user reported it to the google security team and within a day it was already patched. It was interesting to see how you can change parameters like that and effect a website.

http://www.secgeek.net/youtube-vulnerability/

LG Split Screen UAC

The second article this week talks about a piece of software from LG called LG Split screen that allows you to split the screen of your LG TV to your computer monitor. The user had installed the software and used it for a week when he wondered why his NotePad++ program was being run in administrator mode. He checked with his run command and that was also being ran in administrator mode. The user found out that his User Account Control had been disabled. To test it, he started up a virtual machine and only installed the LG Split Screen software and found out that the software just turns UAC off. The software itself probably needs admin rights to run correctly but to disable UAC completely is a lack of security foresight.

http://www.developerscouch.com/lg-split-screen-improves-usability-and-reduces-security-drastically/

LG Split Screen UAC

The second article this week talks about a piece of software from LG called LG Split screen that allows you to split the screen of your LG TV to your computer monitor. The user had installed the software and used it for a week when he wondered why his NotePad++ program was being run in administrator mode. He checked with his run command and that was also being ran in administrator mode. The user found out that his User Account Control had been disabled. To test it, he started up a virtual machine and only installed the LG Split Screen software and found out that the software just turns UAC off. The software itself probably needs admin rights to run correctly but to disable UAC completely is a lack of security foresight.

http://www.developerscouch.com/lg-split-screen-improves-usability-and-reduces-security-drastically/

Backdoor API Apple Mac OS X

The first article talks about a hidden backdoor in the API to access root privileges in Apple OS X. Apparently the user found and hidden backdoor API in the Admin framework that will let an user have root privileges. It’s been in the operating system since 2011 and it can be used to escalate privileges to root status from any user account in the system. It has recently been patched in the latest patch but the real question comes from why it was in use for such a long period of time. Any attacker could have taken this vulnerability and been able to use it for their own misguided attacks. It’s scary to think about all the different backdoors and loop holes that are left in software products for years and years. It is good though that once brought to light, apple was pretty quick on getting a fix pushed out.

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

NG Vault Encryption

This next article talks about how one user was able to crack a very popular android file vault apps encryption policy. The vault ends up first encrypting only parts of the file it seems with a simple XOR, which is easily reversed if you are looking at the encrypted file in hex. The user found out that everything after 128 bytes ends up remaining untouched and not encrypted. He also wrote a very simple c program that decrypts the XOR and then brute forces they key from 00 to ff. It ends up working very quick and is frightening. It’s crazy to think that a very popular app that costs money and sells on the notation that it offers you protection is scary. People believe their files are being encrypted securely when they are very loosely being secured.

https://ninjadoge24.github.io/#002-how-i-cracked-nq-vaults-encryption

Amazon Information HTTP

This article talks about how using simple listening techniques you can actually see what people are buying on Amazon.com if you listening to them when they are browsing the website. According to the article all of the item browsing is done over regular HTTP and not HTTPS, leaving it open for anyone to be able to see it while you’re doing it. The author also found out by just using simple HTTP Metadata you could find out what items the user has actually bought. When you are looking at your order history it is over an HTTPS connection making it secure but if you view the item from your order history it sends you back to the page on HTTP with a simple tag of OH, indicating you once bought the item. It’s interesting to see how websites use HTTP for some things and HTTPS only when they need to.

http://smerity.com/articles/2015/amazon_information_leakage.html