Security News | 安全資訊 (2015-11-28)

Mobile

• Android Dev Summit
  • Android Studio 2.0 Preview
  • Keep It Secret, Keep It Safe
  • "Mother, May I?" Asking For Permissions
• iOS Reverse Engineering Part One: Configuring LLDB
• Pornography - A Favorite Costume For Android Malware
• 腾讯应用加固的脱壳分析和修复 (Chinese)
• [Video] "Mobile Security in the age of Advanced Persistent Threats" by Anwar Mohamed in CSCAMP15
• Check out all of the work they're doing to get -fsanitize=integer across all
• HTC vulnerabilities by J. Case first, second
• Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones
• SunShine 3.2 BETA for Droid Turbo
• Reduced Annoyances and Increased Security on iOS 9: A Win Win!

Linux

• Chkrootkit Local Privilege Escalation
• i386 ROP mitigation: make more of regrename callable
  • [1/2] This just creates a new function in regrename.c
  • [2/2] This adds a new -mmitigate-rop option to the i386 port. This patch is a small step towards preventing this kind of attack. I have a few more steps queued (not quite ready for stage 1), but additional work will be necessary to give reasonable protection. Here, I'm only concerned with modr/m bytes, and avoiding certain specific opcodes that encode a "return" instruction. Two strategies are available: rename entire chains of registers, or insert extra reg-reg copies if there is a free scratch register.
• Predictable SSH host keys
• syzkaller - linux syscall fuzzer
• iOS Instrumentation without Jailbreak

Windows

• WMI Defense (Chinese)
• Peering into GlassRAT
• Windows 10 November Update mysteriously pulled, as concerns about bugs grow
• Protecting Windows nEtworks – dealing with credential theft
• Microsoft Windows Kernel Use-After-Free
• Privilege Escalation Vulnerabilities Found in Lenovo System Update
• Anti-Disassembly techniques used by malware (a primer)
• Digging into PowerShell Direct

Web

• Google Chrome Integer Overflow
• Catching Up With The ‘EITest’ Compromise, A Year Later
• Vonteera Adware Uses Certificates to Disable Anti-Malware
• Content Security Policy - Lessons learned at Yahoo
• New Website Ransomware Variant Demands $999
• Storytime: SSL Inspection
• Walkthrough for Angular Expression Injection Challenge
• 000webhost Data Leak
• CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
• Malicious Javascript Walk-thru
• Chrome Extensions – AKA Total Absence of Privacy
• Intent to Remove: Insecure origin usage of geolocation
• CVE/2015/8213 - Django settings leak possibility in date template filter
• 护心镜: An anti-XSS Javascript library by 360's Web Security Team (Chinese)

Network

• Master of Puppets: Analyzing And Attacking A Botnet For Fun And Profit
• Nmap 7 Released
• 从异常挖掘到CC攻击地下黑客团伙
• 3 Attacks on Cisco TACACS+: Bypassing the Cisco's auth

Tool

• My Device is Vulnerable … Now What?
• (SP)^3: A Simple Practical & Safe Packet Spoofing Protocol
• Windows Phone Internals
• Win32-OpenSSH

Misc

• Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections
• CopyKittens Attack Group
• CSL Dualcom CS2300-R signalling unit vulnerabilities
• Dude, You Got Dell’d: Publishing Your Privates
• Prototype Nation: The Chinese Cybercriminal Underground in 2015
• British duo arrested for running malware encryption service
• Dell's Malware
  • Dell's Laptops are Infected with 'Superfish-Like' pre-installed Malware
  • Dude, You Got Dell’d: Publishing Your Privates
  • Dell Promised Security … Then Delivered a Huge Security Hole
  • Dell does a Superfish, ships PCs with easily cloneable root certificates
  • Additional Self-Signed Certs, Private Keys Found on Dell Machines
  • Response to Concerns Regarding eDellroot Certificate
• Program obfuscation
• digital signatures are not a poor man's whitelist
• Stay up to date on security and compliance in AWS
• Researchers poke hole in custom crypto built for Amazon Web Services
• MagSpoof - "wireless" credit card/magstripe spoofer. Bob: this is cool!
  • Intro
  • MagSpoof - magnetic stripe spoofer / credit card magstripe emulator
  • WIRED
• List of Bug Bounty Programs, Reward Systems & Security Acknowledgments
• Hackers do the Haka – Part 1
• Broken Performance Tools
• 一步一步学ROP之gadgets和2free篇 (Chinese)
• [Book] Complete Guide to Shodan
• [Conference] CSP 2015
• Macbook charger teardown: The surprising complexity inside Apple's power adapter
• Embedded devices use non-unique X.509 certificates and SSH host keys
• Hacking the ATN X-sight – part1
• Security Analysis of TrueCrypt
• 2015 JSRC电商与智能安全沙龙
• How to Build a Portable Hacking Station with a Raspberry Pi and Kali Linux
• UEFI and related security - detecting and fixing UEFI firmware vulnerabilities
• Hard disk hacking

Writeup

• DockerMaze challenge write-up in DockerCon 2015
• 几期『三个白帽』小竞赛的writeup (Chinese)
• RCTF writeup#复旦六星战队
• NSCTF Bin 1500

Source

The resources are collected in various sources such as blog feeds, Twitter and Weibo. Here, I list some of my personally favorite sources.

• Security feeds in my subscriptions, download OPML
• Security guys in my Twitter following.
  • Tweets of @binitamshah
• Security guys in my Weibo following.
  • 每日安全动态推送 from Weibo @腾讯玄武实验室 (Chinese)