Blog

A regularly updated website or web page, typically one run by an individual or small group, that is written in an informal or conversational style.

Dark Matter (Apple vs Wikileaks)

Article found on the Wikileaks :

March 23rd 2017, WikiLeaks releases Vault 7 « Dark Matter », which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the « Sonic Screwdriver » project which, as explained by the CIA, is a « mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting » allowing an attacker to boot its attack software for example from a USB stick « even when a firmware password is enabled ». The CIA’s « Sonic Screwdriver » infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

« DarkSeaSkies » is « an implant that persists in the EFI firmware of an Apple MacBook Air computer » and consists of « DarkMatter », « SeaPea » and « NightSkies », respectively EFI, kernel-space and user-space implants.

Documents on the « Triton » MacOSX malware, its infector « Dark Mallet » and its EFI-persistent version « DerStarke » are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA’s « NightSkies 1.2 » a « beacon/loader/implant tool » for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

Article found on the Businessinsider :

Julian Assange’s website WikiLeaks is in possession of what appears to be CIA hacking tools that can target popular computers like Apple’s iPhones and Macs as well as products from other big tech companies like Microsoft and Google. Assange has said that WikiLeaks will share details of the vulnerabilities with Apple and other big tech companies, so they can fix the vulnerabilities that the CIA uses for its hacking tools.

« We have decided to work with them to give them some exclusive access to the additional technical details that we have so that fixes can be developed and pushed out, » Assange said in a press conference earlier this month.

But Apple didn’t sound very grateful to Assange for his « exclusive » offer. In fact, Apple’s public response to WikiLeaks was downright frosty. « We have not negotiated with Wikileaks for any information, » said Apple in a statement provided to Business Insider on Thursday. The statement said that WikiLeaks was just like anyone else, despite its stolen CIA files: It could submit bugs through a standard process, and that while they may have been briefly in touch, Apple hasn’t seen anything that hasn’t been tweeted or posted to the WikiLeaks website.

« We have given them instructions to submit any information they wish through our normal process under our standard terms, » according to the statement. « Thus far, we have not received any information from them that isn’t in the public domain. »

Then, to top it off, Apple says that WikiLeaks, with its public threat to release ways to attack Apple and other tech companies’ products after 90 days if bugs are not « fixed, » is actively working to harm iPhone users:

« We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users. »

There’s no other way to read this as anything but an unconditional slam on Julian Assange, and essentially, a promise that Apple will not work with him or WikiLeaks.

Apple is not happy with WikiLeaks at all.

Why this matters

What hackers like those that work for the CIA need to really control someone’s phone or computer is what’s called a « zero-day » vulnerability. Zero-days are basically secret bugs that can be used by professionals to break software and gain access to a system. But one problem for the CIA and other hackers is that zero-days expire: as soon as they’re known, the tech companies fix the bug, making the exploit useless. Apple, in particular, kills vulnerabilities all the time, and said all the bugs mentioned in the WikiLeaks files so far have already been patched. (Google and Microsoft are also equally good at squashing zero-days — maybe even better than Apple.) The documents that WikiLeaks is publishing are not code or instructions to recreate an exploit, but strongly suggest that the CIA had an arsenal of zero-days at some point — and if any organization can be expected to have a library of zero-day vulnerabilities, it’s the CIA. This doesn’t just affect Apple: So far, WikiLeaks has dumped two batches of documents from the CIA. The one released earlier this week included details on old Mac and iPhone exploits. The first batch mentioned alleged vulnerabilities in Microsoft Windows and Google Android as well — all patched so far, according to the companies. But WikiLeaks says they have more files they haven’t shown the public yet. Microsoft said in a statement to Business Insider that all the vulnerabilities mentioned in the first WikiLeaks batch have been fixed: « Our investigation confirmed that the information released on March 7 is dated, and the disclosed issues are already addressed in modern systems. » Google said that security updates « already shield users from many of these alleged vulnerabilities. » Google, Microsoft, and Apple have encouraged their users to update their software.

Drip drip drip

The way WikiLeaks is dripping its leaks out in batches leaves companies like Apple, Google, and Microsoft in a tricky position.

These companies can’t really confirm without the code whether the zero-days are legitimate or not. (All they really have is descriptions of the exploits.) But it also can’t wholly dismiss the leaks — or even future leaks — in case some do end up being live exploits. For example, since the vulnerabilities are described in top secret confidential files, it could be legally dangerous for a company like Apple or Microsoft to talk to Assange and WikiLeaks to see purported tools and files that haven’t been made public yet, the Financial Times reported. So companies need to be careful about how they’re talking to Assange. « WikiLeaks made initial contact via secure@microsoft.com and we have followed up, treating them as we would any other finder, » a Microsoft spokeperson told Business Insider. Essentially, tech companies can’t treat WikiLeaks differently than any other bug finder. Making it more difficult is that WikiLeaks seems to be misrepresenting the content of the dumps in its widely-viewed announcements, spurring knee-jerk and potentially misleading news coverage, security experts who evaluated the contents of the dump previously told Business Insider.

WikiLeaks never mentions in its announcement how old any of the various files are, for example. And WikiLeaks uses grandiose language, declaring that the CIA has « lost control of the majority of its hacking arsenal. » Plus, by releasing the leaked files bit-by-bit, WikiLeaks is making it nearly impossible for a big tech company to say that all the problems in the leak have been fixed — what if Assange is sitting on a doozy of a bug? It doesn’t look that way — so far, the security community has been laughing at how old and outdated many of the documents published by WikiLeaks have been.

Not an ally

Speaking privately, tech companies and their lawyers do not see Assange as a defender, as he has been described in the New York Times.

Tech companies aren’t particularly upset at the CIA for finding vulnerabilities in their products, pointing out that most people expect the CIA to develop vulnerabilities — spying is kind of the agency’s purpose — and that the targeted attacks described in the WikiLeaks files are preferable to the mass remote surveillance described in the NSA files leaked by Edward Snowden.

But Assange is not Snowden, and his CIA leaks have not been received warmly in the tech industry. Ultimately, he puts tech companies in a bad position.

Obviously companies like Apple and Microsoft want to patch any possible vulnerabilities as soon as possible, but the way Assange is releasing the CIA files puts them in a terrible position: there’s not enough to go on, it’s possibly illegal to obtain more details, and WikiLeaks is withholding information. So as Assange continues to publish bits and pieces of his trove of files, expect big tech companies to go through a predictable dance: First the files will appear online, and about 24 hours later, you’ll hear that security researchers have found that the files are already old news.

Sources :

https://wikileaks.org/vault7/darkmatter/releases/
http://www.businessinsider.fr/uk/apple-vs-wikileaks-why-tech-isnt-happy-with-julian-assange-2017-3/

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

Amazon Piraté ?

Bonjour,

Ce matin j’ai reçu ce message de la part d’Amazon.

Bonjour *,

Chez Amazon, nous prenons très au sérieux la confidentialité de vos informations personnelles. Or, nous avons trouvé en libre consultation sur Internet une liste d’adresses email et de mots de passe. Nous pensons que votre adresse email et que votre mot de passe Amazon pourraient figurer dans cette liste. Aussi, par précaution, nous avons dû désactiver votre mot de passe Amazon aux fins d’éviter une quelconque intrusion sur votre Compte Amazon sans votre consentement

Pour avoir de nouveau accès à votre compte Amazon :

1. Cliquez sur le bouton intitulé "Votre Compte", en haut à droite de toutes nos pages ou visitez l'adresse http://www.amazon.fr/votre-compte
2. Cliquez sur le lien "Vous avez oublié votre mot de passe ?" sous "Paramètres du compte".
3. Suivez les instructions pour créer un nouveau mot de passe pour votre compte.

Merci de choisir un nouveau mot de passe et de ne pas utiliser le même mot de passe que vous utilisiez précédemment. Nous vous recommandons également d’utiliser un mot de passe que vous n’utilisez pas sur d’autres sites.
Nous vous remercions pour votre compréhension et vous prions de bien vouloir nous excuser pour ce désagrément.
A bientôt sur Amazon.fr.

Cordialement,

Amazon.fr

Veuillez noter que ce message vous a été envoyé d'une adresse ne pouvant recevoir d'e-mails. Pour toute autre question, merci de bien vouloir consulter les pages d'aide de notre site.

Étrange…

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

Roundcube fuzzing

Greetings,

I generated for your usage a fuzzing list for the Roundcube 1.2.3 webmail.

Roundcube

Download the list

Roundcube 1.2.3 Fuzzing list

Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking. More information…

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

UED Extension for Safari

UED Extension for Safari

UED
Screenshot of UED :

UED Screenshot 1

Screenshot of UED inside the Safari window

UED Screenshot 2

Information about UED Extension for Safari :

Encode and decode an URL from Internet.

Examples of usage :

Default : https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&url=http%3A%2F%2Fwww.rbcafe.com%2F&usg=

Decode : https://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&url=http://www.rbcafe.com/&usg=

Encode : https%3A%2F%2Fwww.google.fr%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D%26url%3Dhttp%253A%252F%252Fwww.rbcafe.com%252F%26usg%3D

Download UED :

 

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

Mokes

Mokes Backdoor Malware

Sad Finder

A Kaspersky researcher discovered a variant of the backdoor Mokes on OS X. It allows to spy or to execute remote code.

Stefan Ortloff, researcher at Kaspersky Lab has published several technical papers on Seculist and especially on this OS X version of the backdoor. Mokes for OS X has the same characteristics as the variants for Windows and Linux. It is responsible, for example, record sounds and make screenshots every 30 seconds in the PC of the victim. The backdoor is capable of detecting the presence of a removable storage medium such as a USB key, but also to monitor the presence of specific files, such as .docx, .doc, .xls and .xlsx. Attackers can use the backdoor to execute arbitrary commands on the system, monitor and refine them through filters issued by the command and control server. By examining the sample of the backdoor, Stefan Ortloff discovered that once executed, it is copied in various places :

 

Specification of Mokes :

Specifications

Name :

HEUR:Backdoor.OSX.Mokes.a

Hash :

664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c

Inside the system :

$HOME/Library/App Store/storeuserd
$HOME/Library/com.apple.spotlight/SpotlightHelper
$HOME/Library/Dock/com.apple.dock.cache
$HOME/Library/Skype/SkypeHelper
$HOME/Library/Dropbox/DropboxCache
$HOME/Library/Google/Chrome/nacld
$HOME/Library/Firefox/Profiles/profiled

Hosts:

IP : 158.69.241.141
DOMAIN : jikenick12and67.com
IP : 95.211.172.143
cameforcameand33212.com

Dev :

OS X version of Mokes.A. is written in C++ using Qt, a cross-platform application framework, and is statically linked to OpenSSL.

 

More information :

 

Once installed, it establishes a connection with the command-and-control C & C server via HTTP on TCP port 80, it communicates through TCP port 443 using AES-256. This version appeared recently with the Linux variant. Last July, the team Bitdefender alerted the community about the existence of a malware called : « Backdoor.MAC.Eleanor« .

 

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+

Apple Events (070916)

Apple Events September 7th

 

What a great event !!!

 

 

 

In this Apple Events :

 

  • Pokemon Go on the Apple Watch
  •  

  • Mario on The App Store

  •  

  • iWork Real Time Collaboration
  •  

  • iPhone7 & iPhone7 Plus
  • iphone7

    iphone7price

     

  • No more phono but lightning
  • Lightning adapter to phono
  •  

  • Air Pods : Price 169$

  •  

  • Apple Watch Series 2

  •  

  • Apple Watch Series 2 Nike Edition
  •  

  • Apple Watch Series 2 Hermes
  •  

    This Morning :

     

  • iOs10 : 09/13/2016
  • ios10

     

  • macOS Sierra : 09/20/2106
  • macos_sierra

     

  • tvOS : Coming soon
  • tvos

     

  • watchOS3 : This fall
  • watchos3

     

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+
Page 1 sur 6123456
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité