Rootpipe — Critical Mac OS X Yosemite Vulnerability Allows Root Access Without Password

A Swedish Security researcher has discovered a critical vulnerability in Apple’s OS X Yosemite that gives hackers the ability to escalate administrative privileges on a compromised machine, and allows them to gain the highest level of access on a machine, known as root access.

The vulnerability, dubbed as "Rootpipe", was uncovered by Swedish white-hat hacker Emil Kvarnhammar, who is holding on the full details about the privilege escalation bug until January 2015, as Apple needs some time to prepare a security patch.

"Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users," Emil Kvarnhammar, IT specialist and hacker security company Truesec,tweeted from his twitter account.

By exploiting the vulnerability in the Mac OS X Yosemite, an attacker could bypass the usual safeguard mechanisms which are supposed to stop anyone who tries to root the operating system through a temporary backdoor.

ROOT ACCESS WITHOUT PASSWORD

Once exploited, hackers could install malicious software or make other changes to your computer without any need of a password.

Hackers could steal victims’ sensitive information such as passwords or bank account information, or if required, they could format the entire affected computer, deleting all your important data from the computer.

Kvarnhammar has also provided a video to explain his initial finding.

“It all started when I was preparing for two security events, one in Stockholm and one in Malmö,” Kvarnhammar says. “I wanted to show a flaw in Mac OS X, but relatively few have been published. There are a few ‘proof of concepts’ online, but the latest I found affected the older 10.8.5 version of OS X. I couldn’t find anything similar for 10.9 or 10.10.”

Kvarnhammar tested the vulnerability on OS X version 10.8, 10.9 and 10.10. He has confirmed that it has existed since at least 2012, but probably is much older than that.

INFORMED APPLE

Kvarnhammar contacted Apple about the issue but he initially didn’t get any response, and Apple silently asked him for more details. When he provided with the details, Apple asked TrueSec not to disclose until next January.

Kvarnhammar said, "The current agreement with Apple is to disclose all details in mid-January 2015. This might sound like a long wait, but hey, time flies. It's important that they have time to patch, and that the patch is available for some time."

HOW TO PROTECT

The full disclosure of the vulnerability would be made public in January, after Apple will provide a fix. Apple Yosemite OS X users are advised to follow the below steps in order to protect yourself from the exploitation of the Rootpipe:

• Avoid running the system on a daily basis with an admin account. An attacker that will gain control on this account will obtain anyway limited privileges.
• Use volume encryption Apple’s FileVault tool, which allows encryption and decryption on the fly, protecting your information always.

However, the best way to protect yourself from such security vulnerabilities is to ensure that the operating system running on your system is always up-to-date, and always be careful to the links and documents others send to you.

By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates 

Researcher Found TextSecure Messenger App Vulnerable to Unknown Key-Share Attack

Do you use TextSecure Private Messenger for your private conversations? If yes, then Are you sure you are actually using a Secure messaging app?

TextSecure, an Android app developed by Open WhisperSystems, is completely open-source and claims to support end-to-end encryption of text messages. The app is free and designed by keeping privacy in mind.

However, while conducting the first audit of the software, security researchers from Ruhr University Bochum found that the most popular mobile messaging app is open to an Unknown Key-Share attack.

After Edward Snowden revealed state surveillance programs conducted by the National Security Agency, and meanwhile when Facebook acquired WhatsApp, TextSecure came into limelight and became one of the best alternatives for users who want a secure communication.

"Since Facebook bought WhatsApp, instant messaging apps with security guarantees became more and more popular," the team wrote in the paper titled, "How Secure is TextSecure?".

The messaging app attracted a lot of attention lately and was downloaded by half a million users from the Google's Play Store. The research team explained a complete and precise document and analyze of TextSecure’s secure push messaging protocol.

"We are the first to completely and precisely document and analyses TextSecure's secure push messaging protocol," the team wrote.

"We show that if long-term public keys are authentic, so are the message keys, and that the encryption block of TextSecure is actually one-time stateful authenticated encryption [and] prove TextSecure's push messaging can indeed achieve the goals of authenticity and confidentiality."

According to the research team, TextSecure works on a complex cryptographic protocol which is the part of the CyanogenMod Android operating system — a popular open source aftermarket Android firmware that has been installed on about 10 million Android devices. But researchers discovered an Unknown Key-Share Attack (UKS) against the protocol.

The research was conducted by Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jorg Schwenk and Thorsten Holz. For better understanding the UKS against the protocol, the team explained it via an example as follows:

"Bart wants to trick his friend Milhouse. Bart knows that Milhouse will invite him to his birthday party using TextSecure. He starts the attack by replacing his own public key with Nelson's public key and lets Milhouse verify the fingerprint of his new public key. This can be justified, for instance, by claiming to have a new device and having simply re-registered ... if Milhouse invites Bart to his birthday party, then Bart may just forward this message to Nelson who will believe that this message was actually sent from Milhouse. Thus, Milhouse believes that he invited Bart to his birthday party, where in fact, he invited Nelson."

The researchers also provided a mitigation strategy, which has already been acknowledged by TextSecure's developers, that prevents the UKS attack. The proposed method actually resolves the issue, making TextSecure's push messaging secure and achieves one-time stateful authenticated encryption.

By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates 

Facebook Now Accessible Via Tor Anonymous Network Using .Onion Address

If you are fan of the largest social networking site Facebook, but also want to remain anonymous while using your Facebook account, then there is really a Good news for you.

Facebook on Friday began offering a way for security and Privacy conscious users to connect to its social networking service using the anonymizing service running on the Tor network, by launching a .onion address. This is really a historic move of the social network.

Tor Browser is an open source project, launched in 2002, designed to increase the anonymity of your activities on the Internet by not sharing your identifying information such as your IP address and physical location with websites and your service providers. Browsing and data exchange over a network is made through encrypted connections between computers.

The social network just created a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to connect Facebook’s Core WWW Infrastructure. Hidden services accessed through the Tor network allow both the Web user and website to remain anonymous. Do note that the Tor link will only work on Tor-enabled browsers.

"Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud," Alec Muffett, a software engineer with Facebook’s security infrastructure group, said in a blog post. "It provides end-to-end communication, from your browser directly into a Facebook datacenter."

Facebook has previously been criticised by Tor users as the company’s security features treated Tor as a botnet — a collection of computers designed to attack the site. Users were able to access their Facebook account before today, but it often loaded irregularly with incorrectly displayed fonts and sometimes didn't load at all.

Back in 2013, the social network assured Tor users that the company would work with Tor service on a possible solution. Now, after a year, we can see a great move from Facebook’s side with the launch of a dedicated Tor access address. However, the company said that the Tor network may poses some risks as the .onion address is described as an "experiment" by the social network.

"Tor challenges some assumptions of Facebook's security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada," Alec Muffett said.

"In other contexts such behaviour might suggest that a hacked account is being accessed through a "botnet", but for Tor this is normal. Considerations like these have not always been reflected in Facebook’s security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor."

Furthermore, the company also offers encryption using SSL over Tor with a certificate that cites the unique Tor address, so that users won’t have to deal with SSL certificate warnings and can therefore be assured they are connecting to a secure and real Facebook, preventing users from being redirected to fake sites.

Runa Sandvik, a security researcher who was consulted by Facebook on the project and previously worked at the Tor Project, tweeted, "The launch of the Facebook Tor hidden service also marks the first time a CA has issued a legitimate SSL cert for a .onion address."

By "Kunal Vohra", Director@H2K

Having Problem.??!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates 

Hacking Smart Electricity Meters To Cut Power Bills

Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face some enormous number of challenges.

Millions of Network-connected electricity meters or Smart meters used in Spain are susceptible to cyberattack by hackers due to lack of basic and essential security controls that could put Millions of homes at risk, according to studies carried out by a pair of security researcher.

HACKERS TO CAUSE BLACKOUT AND BILL FRAUD

The security vulnerabilities found in the electricity meters could allow an intruder to carry out billing fraud or even shut down electric power to homes and cause blackouts.

Poorly protected credentials inside the devices could let attackers take control over the gadgets, warn the researchers. The utility that deployed the meters is now improving the devices' security to help protect its network.

During an interview on Monday, the security researchers, Javier Vazquez Vidal and Alberto Garcia Illera, said the vulnerability affects smart meters installed by a Spanish utility company, the one on which the Spanish government relied in order to improve national energy efficiency.

The research carried out by the duo researchers will soon be presented at Black Hat Europe hacking conference in Amsterdam next week. The duo will explain on how they reverse engineered smart meters and found blatant security weaknesses that allowed them to commandeer the devices to shut down power or perform electricity usage fraud over the power line communications network.

SMART METER’S REPROGRAMMABLE MEMORY RUNS FLAWED CODE

The Vulnerability resides in the memory chips of the smart meters, which are reprogrammable and contain flawed code that could be exploited to remotely shut down power supplies to individual households, tamper meter readings, transfer meter readings to other customers and insert "network worms" that could leave millions of homes without power causing widespread blackouts.

Though the researchers will not provide any detail explanation on what they actually did, until the problems are fixed by the Smart meter vendor. "We are not releasing the exact details; we are not going to say how we did this," Garcia Illera, a security expert involved in the smart meter research, told Reuters. "This issue has to be fixed."

WEAK ENCRYPTION USED

According to the two researchers, the Smart meters use relatively easy to crack symmetric AES-128encryption, which was designed to secure communications and prevent tampering with billing systems by fraudsters.

There are three major utility companies in Spain — Endesa, Iberdrola and E.ON and collectively 8 million Smart meters have been installed on over 30 percent of households. However, the two haven't yet disclosed the specific smart meter manufacturer at this time.

The duo said they could take full control of the meter box, switch its unique ID to impersonate other customer boxes or turn the meter itself into a weapon for launching attacks against the power network.

"Oh wait? We can do this? We were really scared," said Vazquez Vidal, another security expert involved in the smart meter research. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?" he said.

Internet of Things (IoTs) promise to make life easier in countless ways, but as with any technology seeing an upswing, it’s to be expected that there will be associated security issues and challenges and this was what happened with the Smart meters in Spain.

By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates 

Next 'Android L' To Enable Full Disk Encryption By Default

The search engine giant Google will soon come up with its next version of Android operating system, dubbed as Android L, with full-disk encryption enabled by default, Google confirmed Thursday.

This will be for the first time that Google’s Android OS will be encrypting your information, preventing both hackers and law enforcement agencies from gaining access to users’ personal and highly sensitive data on their devices running the Android operating system.

While Android has been offering data encryption options for some Android devices since 2011. However the options are not enabled by default, so users have had to activate the functionality manually. But Android L will have new activation procedures that will encrypt data automatically.

Although Google is yet to provide more details about Android L, which is set to be released next month. But the move by the web giant will surely provide an extra layer of security on the personal data that users typically have on their Android Smartphones.

“For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” a spokeswoman for the company Niki Christoff has told The Washington Post. “As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”

Google’s announcement for by default encryption comes a day after Apple revealed that it is expanding its two-factor authentication process to include the iCloud storage system, which was recently targeted by hackers to extract over 100 nude celebrities photos.

Meanwhile, Apple also announced that the latest version of its mobile operating system iOS 8 are protected by new automatic encryption methods that prevent even Apple from accessing its users’ personal and sensitive information.

"Unlike our competitors, Apple cannot bypass your pass code and therefore cannot access this data," Apple said in its new privacy policy, updated on Wednesday. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."

Android is the most popular operating system for Smartphones in the world. So, by making the platform more secure, billions of Android users personal data can be protected from hackers as well as law enforcement agencies.

Technology titans are considering encryption a top priority in the wake of revelations by former National Security Agency contractor Edward Snowden that the NSA conducted mass collection of users’ phone and email communications. Till this new release of Android L operating system, if you want to set up encryption on your Android phone today, Google has instructions here.

By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates