*** The Security News Thread ***

[harrybarracuda]

Harry is a hack, but not a hacker

Shouldn't you be off wanking over your Twatter feed?

[Sumbitch]

^ yah, that's a good 'un.

[harrybarracuda]

It's really good that they're making things easier.... Not!

Windows Security Only Update won’t include Internet Explorer patches anymore

Windows Security Only Update won't include Internet Explorer patches anymore - gHacks Tech News

[harrybarracuda]

HACKERS COULD GAIN COMPLETE CONTROL OF AN INTEL-BASED PC USING A USB 3.0 PORT
By Kevin Parrish — January 14, 2017 5:31 AM

When Intel launched its sixth-generation “Skylake” processors and chipsets in 2015, the company introduced a new technology called Direct Connect Interface (DCI), an easy way for testers to debug hardware without having to break open a PC. However, during the 33rd annual Chaos Communication Congress conference in Hamburg, Germany, security researchers Maxim Goryachy and Mark Ermolov of Positive Technologies revealed that hackers can use DCI to take complete control of a system and conduct attacks under the software layer, which would be undetectable by devices owners.

For a better understanding of what’s going on, start with the debugging interface created by the Joint Test Action Group (JTAG). This standard was originally designed to test printed circuit boards once they were manufactured and installed, but has since expanded to processors and other programmable chips. Scenarios for using the interface include forensics, research, low-level debugging, and performance analysis.

The interface itself resides within the processor and programmable chips. In turn, JTAG-capable chips have dedicated pins that connect to the motherboard, which are traced to a dedicated 60-pin debugging port on a system’s motherboard (ITP-XDP). This port enables testers to connect a special device directly to the motherboard to debug hardware in relation to drivers, an operating system kernel, and so on.

But now the JTAG debugging interface can be accessed through a USB 3.0 port by way of Intel’s Direct Connect Interface “debug transport technology.” When a hardware probe is connected to the target Intel-based device, the USB 3.0 protocol isn’t used, but rather Intel’s protocol is employed so that testers can perform trace functions and other debugging tasks at high speed. Using a USB 3.0 port means testers aren’t forced to break into the PC to physically connect to the XDP debugging port.

Intel’s Direct Connect Interface appears to be embedded in the company’s sixth-generation motherboard chipsets, such as the 100 Series (pdf), and its processors. It’s also used in the new seventh-generation Kaby Lake platform as well, meaning hackers have two generations of Intel-based PCs to infest and possibly render useless, such as by re-writing the system’s BIOS.

As the presentation revealed, one way of accessing the JTAG debugging interface through the USB 3.0 port is to use a device with a cheap Fluxbabbitt hardware implant running Godsurge, which can exploit the JTAG debugging interface. Originally used by the NSA (and exposed by Edward Snowden), Godsurge is malware engineered to hook into a PC’s boot loader to monitor activity. It was originally meant to live on the motherboard and remain completely undetectable outside a forensic investigation.

The problem is, most sixth and seventh-generation Intel-based PCs have the Direct Connect Interface enabled by default. Of course, hackers need to have physical access to a PC in order to take control and spread their malicious love. Typically, the debugging modules in Intel’s processors require Intel’s SVT Closed Chassis Adapter connected via USB 3.0, or a second PC with Intel System Studio installed connected directly to the target PC via USB 3.0 as well.

Goryachy noted in his presentation that the problem only resides with Intel’s sixth and seventh-generation Core “U” processors. Intel is now fully aware of the possibility although there’s no time frame of when the problem will be addressed. In the meantime, the debugging interface on affected PCs can be deactivated. Intel Boot Guard can also be used to prevent malware and unauthorized software from making changes to the system’s initial boot block.

Many Intel-based PCs Could Be Hacked Via USB 3.0, Debugging Interface | Digital Trends

[harrybarracuda]

If you really must have one of these gizmos in your house, remember to turn voice purchasing off!

Amazon Echo’s Alexa Went Dollhouse Crazy
Robert Hackett
Updated: Jan 09, 2017 8:06 PM

Amazon Echo is a gift that keeps on giving.

Owners complained that their voice-activated devices set off on an inadvertent shopping spree after a California news program triggered the systems to make erroneous purchases, according a local report. A morning show on San Diego’s CW6 News station had been covering a segment about a six-year-old girl in Texas who ordered to her home a dollhouse and four pounds of cookies through her parents' gadget.

Echo devices, powered by Amazon Alexa, the tech giant's artificially intelligent voice assistant, reportedly woke when they heard the name "Alexa" spoken on household television sets. Jim Patton, an anchor on the show, had remarked, "I love that little girl saying 'Alexa ordered me a dollhouse.'"

The comment proved mischievous. A number of Amazon Echos registered the statement as a voice command, and placed orders for dollhouses of their own, the station said.

"A handful" of people said that their devices accidentally tried to buy the toys, reported the Verge, which spoke to the station, although the total figure is not known. Patton told the tech blog that he didn't think any devices actually completed their purchases.

The misfires are attributable to Amazon's decision to enable voice purchasing by default on Echo devices, even though they do not distinguish between different people. The setting is an obvious choice for Amazon, which makes money on e-commerce sales, but the added convenience comes at a cost of being more prone to error.

Customers have the option to add parental controls, including a four-digit code to authorize purchases.The incident highlights privacy and security concerns surrounding a new class of technologies that also includes Google Home, another device featuring a voice-activated assistant. Meanwhile, cops investigating an unrelated, possible murder in Arkansas recently subpoenaed Amazon, asking the company to hand over voice records potentially captured on an Echo device.

Amazon Alexa: Echo Devices Go on Accidental Dollhouse Shopping Spree | Fortune.com

[Dragonfly]

Harry is a hack, but not a hacker

Shouldn't you be off wanking over your Twatter feed?

it's called Twitter, not Twatter, you illiterate hack

see you learn something today

[harrybarracuda]

Harry is a hack, but not a hacker

Shouldn't you be off wanking over your Twatter feed?

it's called Twitter, not Twatter, you illiterate hack

see you learn something today

[harrybarracuda]

Is antivirus getting worse?
Anti-virus software is getting worse at detecting both known and new threats

By Maria Korolov | Follow
Contributing Writer, CSO | Jan 19, 2017 6:00 AM PT

Is anti-virus software getting worse at detecting both known and new threats?
Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.

Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.

"If the industry as a whole is dropping 10 to 15 points in proactive protection, that's really bad," he said. "Anti-virus isn't exactly dead, but it sure smells funny."

According to Sjouwerman, the Virus Bulletin is the industry's premier testing site. The tests are comprehensive, and consistent from year to year, so that a historical comparison is valid.

Several major vendors aren't included in these statistics, he said, because they declined to participate -- and implied that there might be a reason for that.

What's happening is that current anti-virus vendors aren't able to keep up with the attackers, he said, who can generate new malware on the fly.

"The bad guys have completely automated this process," he said. "It's now industrial strength, millions of new variants daily, in an attempt to overwhelm the existing anti-virus engines -- and guess what, the bad guys are winning."

He's not alone in pointing out the problems that anti-virus has been having lately, and other agree with the main thrust of his analysis.

"The report does sound pretty much in sync with what my feeling is, and what the industry is talking about," said Amol Sarwate, director of vulnerability labs at Qualys. "It's not an easy problem to solve. If they make antivirus too aggressive, it causes too many false positives. I think the hope for the future is a combination of multiple technologies. Anti-virus by itself cannot cut it any more."

It's bad, and it will continue to get worse, said Justin Fier, director of cyber intelligence and analysis at Darktrace.

"I would never tell a customer not to invest in it," he said. "But in regards to whether anti-virus is working any more -- I don't think so."

At its core, security reacts to events.

"It's hard to predict what the next big wave of malware or the next big attack platform is going to be and protect against it," he said.

Ransomware in particular is causing problems, said KnowBe4's Sjouwerman, because the malware is so profitable that the cybercriminals are putting more and more resources into development.

Criminals earned $1 billion from their ransomware last year, showing that it's consistently getting through defenses.

But there are some new, early-stage products that specifically target ransomware, he added.

"Some of them work, some of them don't -- this is still very early days," he said.

"Sophos has acquired one of those companies and now have an additional module that specifically protects against ransomware, and that actually works fine, so Sophos is actually scoring well but they're one of the few that do."

Sophos, which offers both network and endpoint security products, is not included in the Virus Bulletin, but received a 100 percent score for blocking zero-day attacks in the latest antivirus reports.

"One of our major advantages is that we don't rely on any one technology," explained Dan Schiappa, senior vice president and general manager of end user and network security groups at Sophos. "We have a little mini analytics engine, and when it's scanning a file or looking at a behavior, it can call on a bunch of different pieces of technology to determine if it's malware."

The new Intercept X product, which is designed specifically for zero-day threats, looks at how malware attacks systems.

"There are only about 24 different ways that you can exploit a vulnerability," he said. "We might get a couple of new techniques a year, and as long as we keep up with those techniques, we're in pretty good shape. For example, one new technique is to get into the pre-boot environment, and we're building protections against that."

Some vendors dispute whether the results of this one set of tests is conclusive.

"Test scores tend to fluctuate as attackers create new techniques and defenders continue to innovate," said Mark Nunnikhoven, vice president of cloud research at

Trend Micro was not included in the Virus Bulletin report.
"I can't speak to why we did not participate in this specific round of testing, we do have a lot of respect for Virus Bulletin," said Nunnikhoven.
Instead, he pointed out to his company's performance with AV Test. There, Trend Micro scored at 100 percent in 11 out of the last 14 zero-day detection tests for Windows 7 and Windows 10, and 99 percent on the other three tests.

In fact, average scores on the AV Test of zero-day detection have been going up, from under 97 percent in early 2015 to over 99.7 percent during the last Windows 10 testing round.

Another problem with some tests is how they measure successful detection, said David Dufour, senior director of engineering at Webroot.

Signature-based antivirus can spot malware early, but behavior-based systems have to wait for the malware to actually try to do something.

"Many testing methodologies still rely on older techniques measuring the number of threats that land on a machine," he said, "Rather than taking the time to understand that zero day and unknown malware will take time to identify."

Webroot was absent from both the Virus Bulletin and the AV Test reports.

Is antivirus getting worse? | CSO Online

[harrybarracuda]

Yahoo Others Make 2016 a Record Year for Data Breaches, Report Finds

By Robert Lemos | Posted 2017-01-26

Documented data breaches exposed almost 4.3 billion records, far more than previous years, although the total number of breaches held steady, according to a report published by Risk Based Security.


The reported breaches at Yahoo exposed approximately 1.5 billion records, which along with a handful of other immense breaches, made 2016 a record year for data loss, according to a report released by security firm Risk Based Security on Jan. 25.
The report collected and sifted through 4,149 confirmed breach reports from a variety of sources, finding that at least 4.2 billion records were potentially compromised in 2016, up from approximately 1.0 billion in 2013, the previous record.

While the total number of reported data breaches held steady over the past few years, the average breach was more severe—and exposed more records—than previous years, Inga Goddijn, executive vice president at Risk Based Security, told eWEEK.

“We have been tracking breach activity since 2005, and the number of breaches this year was not really higher or lower than prior years, but the severity was off the charts,” she said.

The data seems to show that the average data breach involved between 101 and 1,000 records in 2016, at least an order of magnitude greater than the 1 to 100 records in 2015. In addition, the number of breaches involving more than 1 million records has climbed steadily to 94 incidents in 2016, up from 60 incidents in 2015 and 34 incidents in 2013.

The most significant impact on breach numbers, however, came from the compromise of Internet giant Yahoo, which acknowledged two intrusions in 2016, one involving 500 million records that was reported in September and another involving 1 billion records but reported in December. The breach reported in September likely occurred in 2014, while the latter breach likely happened in 2013, according to the firm. The size of the breaches stunned security experts and threatened to derail the proposed buyout of Yahoo by Verizon.

The search company was not the only one to discover more than one breach in the same year. At least 122 other companies reported two or more breaches in 2016, according to Risk Based Security.

“When there was a major breach, it really kicked these security teams into high gear, resulting in some pretty intensive internal investigations, and we did see subsequent second and third breaches being reported, because of that investigation,” Goddijn said. “Yahoo is the classic example.”

The top-10 breaches—including breaches at FriendFinder and MySpace in addition to Yahoo—accounted for about 3 billion of the year’s compromised records, without which 2016 would have resembled most other years.

Email addresses, passwords and names were the most often exposed pieces of information. Hacking accounted for nearly 93 percent of all records exposed in breaches, with Web misconfigurations and leaks accounting for another 6 percent.
Some industries suffered more than others, with business services, retail and technology sectors accounting for 30 percent of all breaches. The industries impacted by another 24 percent of breaches were not known.

Data Breaches at Yahoo, Others in 2016 Set New Record

[harrybarracuda]

Not being a True customer, I'm not sure if the user has admin access to change this, or if they turn off Remote Administration before installing.

It being Thailand I'd guess probably no to both.

TrueOnline failed to fix buggy routers

by Michael Mimoso January 17, 2017 , 12:05 pm

Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered.

Researcher Pedro Ribeiro of Agile Information Security found accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline, Thailand’s largest broadband company.

Ribeiro said he disclosed the vulnerabilities through Beyond Security’s SecuriTeam Secure Disclosure Program, which contacted the affected vendors last July. Ribeiro published a proof of concept exploit yesterday as well.

Ribeiro told Threatpost he’s unsure whether TrueOnline introduced the vulnerabilities as it adds its own customization to the routers, or whether they came from the respective manufacturers. A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developed. A request for comment from Billion was not returned in time for publication.

The commonality between the routers appears to be that they’re all based on the TC3162U system-on-a-chip manufactured by TrendChip. Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2, and Billion 5200 W-T, currently in distribution to TrueOnline customers.

The TC3162U chips run two different firmware variants, one called “ras” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks, and the other called tclinux.

The tclinux variant contains the vulnerabilities found by Ribeiro, in particular several ASP files, he said, are vulnerable to command injection attacks. He also cautions that they could be also vulnerable to Misfortune Cookie, but he did not investigate this possibility.

“It should be noted that tclinux contains files and configuration settings in other languages (for example in Turkish). Therefore it is likely that these firmware versions are not specific to TrueOnline, and other ISP customised routers in other countries might also be vulnerable,” Ribeiro said in his advisory. “It is also possible that other brands and router models that use the tclinux variant are also affected by the command injection vulnerabilities (the default accounts are likely to be TrueOnline specific).”

In addition to Ribeiro’s proof-of-concept, Metasploit modules are available for three of the vulnerabilities.

Most of the vulnerabilities can be exploited remotely, some without authentication.

“These vulnerabilities are present in the web interface. The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN,” Ribeiro said. “Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN, but given the credentials, it is likely.”

The ZyXel P660HN-T v1 router is vulnerable to an unauthenticated command injection attack that can be exploited remotely. Ribeiro said he found the vulnerability in the remote system log forwarding function, specifically in the ViewLog.asp page.

V2 of the same router contains the same vulnerability, but cannot be exploited without authentication, he said.

“Unlike in the P660HN-Tv1, the injection is authenticated and in the logSet.asp page. However, this router contains a hardcoded supervisor password that can be used to exploit this vulnerability,” Ribeiro said. “The injection is in the logSet.asp page that sets up remote forwarding of syslog logs, and the parameter vulnerable to injection is the serverIP parameter.”

The Billion 5200W-T is also vulnerable to unauthenticated and authenticated command injection attacks; the vulnerability was found in its adv_remotelog.asp page.

“The Billion 5200W-T router also has several other command injections in its interface, depending on the firmware version, such as an authenticated command injection in tools_time.asp (uiViewSNTPServer parameter),” Ribeiro said. It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability.”

Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely.

The researcher said it’s unknown whether the routers can be patched remotely.

“Again, given the existence of default credentials that have remote access, it is likely that it is possible to update the firmware remotely,” Ribeiro said.

https://threatpost.com/router-vulner...atched/123115/

[Dragonfly]

ZyXel and Billion routers

glad I changed those when I got them from True

[harrybarracuda]

ZyXel and Billion routers

glad I changed those when I got them from True

What did you change to?

[Dragonfly]

NETGEAR of course

[harrybarracuda]

NETGEAR of course

Yeah update it if you haven't already.

[Dragonfly]

why ? works fine

[harrybarracuda]

why ? works fine

Oh yes it does.

https://www.trustwave.com/Resources/...TGEAR-Routers/

[Dragonfly]

could explain why my passwords to logon into the AdminCP doesn't work anymore

[harrybarracuda]

A new alternative to Google DNS or Open DNS:

https://adguard.com/en/adguard-dns/overview.html

[Dragonfly]

good one harry, could be a nice alt to spying Google and crappy OpenDNS

[harrybarracuda]

*Faints*

[harrybarracuda]

10 Things You Need To Know About 'Wikileaks CIA Leak'
Wednesday, March 08, 2017

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems.

It dubbed the first release as Vault 7.

Vault 7 is just the first part of leak series “Year Zero” that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA).

According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on.

One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assassinations."
While security experts, companies and non-profit organizations are still reviewing 8,761 documents released as Vault 7 archive, we are here with some relevant facts and points that you need to know.

Here's Everything You Need to Know About Vault 7:

Vault 7 purportedly includes 8,761 documents and files that detail intelligence information on CIA-developed software intended to crack any Android smartphone or Apple iPhone, including some that could take full control of the devices.

In fact, Wikileaks alleges that the CIA has a sophisticated unit in its Mobile Development Branch that develops zero-day exploits and malware to "infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads."

Some of the attacks are powerful enough to allow an attacker to remotely take over the "kernel," the heart of the operating system that controls the smartphone operation, or to gain "root" access on the devices, giving the attacker access to information like geolocation, communications, contacts, and more.

These types of attacks would most likely be useful for targeted hacking, rather than mass surveillance.

The leaked documents also detail some specific attacks the agency can perform on certain smartphones models and operating systems, including recent versions of iOS and Android.

CIA Didn't Break Encryption Apps, Instead Bypassed It

In the hours since the documents were made available by WikiLeaks, a misconception was developed, making people believe the CIA "cracked" the encryption used by popular secure messaging software including Signal and WhatsApp.

WikiLeaks asserted that:
"These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."
This statement by WikiLeaks made most people think that the encryption used by end-to-end encrypted messaging clients such as Signal and WhatsApp has been broken.

No, it hasn't.

Instead, the CIA has tools to gain access to entire phones, which would of course "bypass" encrypted messaging apps because it fails all other security systems virtually on the phone, granting total remote access to the agency.

The WikiLeaks documents do not show any attack particular against Signal or WhatsApp, but rather the agency hijacks the entire phone and listens in before the applications encrypt and transmit information.

It’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he's still typing, this doesn't mean that the security of the app the target is using has any issue.

In that case, it also doesn't matter if the messages were encrypted in transit if you are already watching everything that happens on the device before any security measure comes into play.

But this also doesn't mean that this makes the issue lighter, as noted by NSA whistleblower Edward Snowden, "This incorrectly implies CIA hacked these apps/encryption. But the docs show iOS/Android are what got hacked—a much bigger problem."

CIA Develops Malware to targets Windows, Linux & MacOS

The Wikileaks CIA dump also includes information about the malware that can be used by the agency to hack, remotely spy on and control PCs running Windows, macOS, and Linux operating systems.

This apparently means that the CIA can bypass PGP email encryption and even Virtual Private Network (VPN) on your computer in a similar way. The agency can also see everything you are doing online, even if you are hiding it behind Tor Browser.
Again, this also does not mean that using PGP, VPNs, or Tor Browser is not safe or that the CIA can hack into these services.

But the agency's ability to hack into any OS to gain full control of any device — whether it’s a smartphone, a laptop, or a TV with a microphone — makes the CIA capable of bypassing any service spy on everything that happens on that device.

CIA Borrowed Codes from Public Malware Samples

Yes, in addition to the attacks purportedly developed by the CIA, the agency has adopted some of the code from other, public sources of malware. Well, that's what many does.

One of the documents mentions how the agency supposedly tweaks bits of code from known malware samples to develop its custom code and more targeted solutions.
"The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware," the WikiLeaks document reads. "The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions."

Some of the exploits listed were discovered and released by security firms, hacker groups, independent researchers, and purchased, or otherwise acquired by the CIA from other intelligence agencies, such as the FBI, NSA, and GCHQ.
One borrowed exploit in "Data Destruction Components" includes a reference to Shamoon, a nasty malware that has the capability to steal data and then completely wipe out hard-drives.

Another acquired attack by the CIA is SwampMonkey, which allows the agency to get root privileges on undisclosed Android devices.

Persistence, another tool in the CIA arsenal, allows the agency to gain control over the target device whenever it boots up again.

CIA Used Malware-Laced Apps to Spy on Targets

The leaked documents include a file, named "Fine Dining," which does not contain any list of zero-day exploits or vulnerabilities, but a collection of malware-laced applications.

Fine Dining is a highly versatile technique which can be configured for a broad range of deployment scenarios, as it is meant for situations where the CIA agent has to infect a computer physically.

CIA field agents store one or more of these infected applications -- depending upon their targets -- on a USB, which they insert in their target's system to run one of the applications to gather the data from the device.

Developed by OSB (Operational Support Branch), a division of the CIA's Center for Cyber Intelligence, Fine Dining includes modules that can be used to weaponize following applications:

VLC Player Portable
Irfanview
Chrome Portable
Opera Portable
Firefox Portable
ClamWin Portable
Kaspersky TDSS Killer Portable
McAfee Stinger Portable
Sophos Virus Removal
Thunderbird Portable
Opera Mail
Foxit Reader
LibreOffice Portable
Prezi
Babel Pad
Notepad++
Skype
Iperius Backup
Sandisk Secure Access
U3 Software
2048
LBreakout2
7-Zip Portable
Portable Linux CMD Prompt

The CIA's Desperation To Crack Apple's Encryption

This is not the first time when the CIA has been caught targeting iOS devices. It was previously disclosed that the CIA was targeting Apple's iPhones and iPads, following the revelation of top-secret documents from the agency's internal wiki system in 2015 from the Snowden leaks.

The documents described that the CIA had been "targeting essential security keys used to encrypt data stored on Apple's devices" by using both "physical" and "non-invasive" techniques.

In addition to the CIA, the FBI hacking division Remote Operations Unit has also been working desperately to discover exploits in iPhones, one of the WikiLeaks documents indicates.

That could also be the reason behind the agency's effort to force Apple into developing a working exploit to hack into the iPhone belonging to one of the terrorists in the San Bernardino case.

Apple Says It Has Already Patched Most Flaws Documented in CIA Leak

Besides vulnerabilities in Android and Samsung Smart TVs, the leaked documents detail 14 iOS exploits, describing how the agency uses these security issues to track users, monitor their communications, and even take complete control of their phones.

However, Apple is pushing back against claims that the CIA's stored bugs for its devices were effective.

According to Apple, many iOS exploits in the Wikileaks CIA document dump have already been patched in its latest iOS version, released in January, while Apple engineers continue to work to address any new vulnerabilities that were known to the CIA.

Here's the statement provided by an Apple spokesperson:

"Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates."

Hacking 'Anyone, Anywhere,' Thanks to Internet Of 'Insecure' Things

Besides hundreds of exploits, zero-days, and hacking tools that targets a large number of software and services, Vault 7 also includes details about a surveillance technique — codenamed Weeping Angel — used by the CIA to infiltrate smart TVs.
Samsung smart TVs are found to be vulnerable to Weeping Angel hacks that place the TVs into a "Fake-Off" mode, in which the owner believes the TV is off when it is actually on, allowing the CIA to covertly record conversations "in the room and sending them over the Internet to a covert CIA server."

"Weeping Angel already hooks key presses from the remote (or TV goes to sleep) to cause the system to enter Fake-Off rather than Off," the leaked CIA document reads. "Since the implant is already hooking these events, the implant knows when the TV will be entering Fake-Off mode."

In response to the WikiLeaks CIA documents, Samsung released a statement that reads: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

WikiLeaks' CIA Leak Isn't Bigger than Snowden's NSA Leaks

WikiLeaks claims the massive CIA hacking leak is larger than the Edward Snowden revelations about NSA's hacking and surveillance programs, but it is much much smaller.

While the Snowden revelations disclosed the global covert surveillance through text, the voice of people using hacking tools that permitted mass data gathering and analysis, the CIA data dump so far just shows that the CIA gathered and purchased tools that could be used to target individual devices.

However, there is no evidence of mass surveillance of smartphones or computers in the leaked documents. Technologically, the NSA is much more forward in sophistication and technical expertise than the CIA.

Ex-CIA Chief Says Wikileaks dump has made US 'less safe'

Former CIA boss Michael Hayden said the latest leak of highly sensitive CIA documents and files by Wikileaks is "incredibly damaging" and has put lives at risk, BBC reports, while the CIA has not yet commented on the leaks.
The CIA revelations by the whistleblower organization are just beginning. People will see more revelations about the government and agencies from the WikiLeaks in coming days as part of its Year Zero leaks.

10 Things You Need To Know About 'Wikileaks CIA Leak'

[harrybarracuda]

Amazing what web sites get up to....

www.urlscan.io

[Dragonfly]

Amazing what web sites get up to....

www.urlscan.io

not working...

[crackerjack101]

Worked for me;

https://urlscan.io/result/e9d9da7f-3...909754#summary



teakdoor.com 119.81.0.75
URL: TeakDoor: The Thailand Forum
Submission: 3 minutes ago via manual, finished a few seconds later (March 14th 2017, 749 am) Lookup Browse Rescan
Summary
HTTP 39
Links 14
Console 0
Cookies 9
Security 0
IoCs
API
JSON
Map
DOM
39
Requests

9
Ad-blocked

0
Malicious

13%
Secure

17%
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

1,282kB
Transfer

1,309kB
Size

9
Cookies
This website contacted 7 IPs in 4 countries across 7 domains to perform 39 HTTP transactions. Of those, 5 were secure (13 %) and 17% were IPv6.
The main IP is 119.81.0.75, located in Singapore, Singapore and belongs to SoftLayer Technologies Inc..
In total, 1 MB of data was transfered, which is 1 MB uncompressed. It took 3.865 seconds to load this page. 9 cookies were set, and 0 messages to the console were logged.
IP/ASNs
IP Detail
(Sub)Domains
Domain Tree
Links
Certificates
IP Address AS Autonomous System
27 119.81.0.75 36351 (SOFTLAYER - SoftLayer Technologies Inc.)
3 2a00:1450:400f:803::200e 15169 (GOOGLE - Google Inc.)
2 163.47.178.206 24482 (SGGS-AS-AP SG.GS)
1 151.101.112.193 54113 (FASTLY - Fastly)
1 68.232.35.169 15133 (EDGECAST - MCI Communications Services)
4 35.161.97.15 16509 (AMAZON-02 - Amazon.com)
39 7
Summary by...

Type
Domain
IP
Protocol
TLS
Server
Type # X-Fer Size IPs
Image 28 1 MB 1 MB 1.0x 6 4
Script 7 93 KB 121 KB 1.3x 2 2
Other 1 894 B 894 B 1.0x 1 1
Stylesheet 1 7 KB 7 KB 1.0x 1 1
Document 1 65 KB 65 KB 1.0x 1 1
Total 39 1 MB 1 MB 1.0x 7 4
Screenshot (click to see full image) ExpandImage


Server locations

Server locations

[baldrick]

Ubiquity router web server has security issues - I guess you might want to think about patching when ubiquity releases new firmware

Security researchers have gone public with details of an exploitable flaw in Ubiquiti's wireless networking gear – after the manufacturer allegedly failed to release firmware patches.

Austrian-based bods at SEC Consult Vulnerability Lab found the programming cockup in November and contacted Ubiquiti – based in San Jose, California – via its HackerOne-hosted bug bounty program. Ubiquiti first denied this was a new bug, then accepted it, then stalled issuing a patch, we're told. After repeated warnings, SEC has now shed light on the security shortcomings.

Essentially, if you can trick someone using a Ubiquiti gateway or router to click on a malicious link, or embed the URL in a webpage they visit, you can inject commands into the vulnerable device. The networking kit uses a web interface to administer it, and has zero CSRF protection. This means attackers can perform actions as logged-in users.

A hacker can exploit this blunder to open a reverse shell to connect to a Ubiquiti router and gain root access – yes, the builtin web server runs as root. SEC claims that once inside, the attacker can then take over the entire network. And you can thank a very outdated version of PHP included with the software, we're told.

https://www.theregister.co.uk/2017/0...king_php_hole/