Salted Links: 30 December 2013

Some light reading for those working on the skeleton crew....

The final weeks of December, including Christmas and New Year's Eve, are the slowest days of the year for those who work in IT (and InfoSec). Offices are open, but only for a few days. The staffing is low, due to vacations or clipped overhead, and those who have to work are often just killing the clock before it's time to head home. That's not to say that important things don't happen during the year's final days, but the workload isn't constant, and sometimes that's a good thing.

As for me, I've spent my downtime during the final two weeks of the year reading. Here's a recap of the interesting bits.

Common shells, such as c99 and r57, hijacked by host (The Hacker Blog)

This story amused me. It's one of those known secrets, script kiddies are often targeted by the same people that are "helping" them, proving that there's no honor among thieves.

Case in point, a popular domain that offers various common shell scripts, such as c99 and r57, has been including JavaScript call that's actually a backdoor. Uploading one of the hijacked shells to a compromised box shares the relevant details with the host responsible for the backdoor. Even more amusing, the host that's adding the backdoors is one that many "hacking tutorials" use as an example and cite as a source for shell scripts. [SOURCE]

Researchers say Samsung's mobile security platform has problems (WSJ)

KNOX, Samsung's mobile security platform, available on devices such as the Galaxy S4, is said to suffer from a flaw that could allow an attacker to monitor emails or record calls. News of the alleged vulnerability comes from researchers studying at Israel's Ben-Gurion University of the Negev.

KNOX is Samsung's offering for business leaders who are looking to address the ever popular BYOD trend. It offers a container that enables businesses to load work related apps and data, which are kept separate from the employee's personal space on the device. Should the device become lost or stolen, administrators can remove the business content, and leave the rest of the employee's content untouched.

According to the Israeli researchers, the vulnerability they've discovered would allow data to leak through the KNOX container, by installing an "innocent" application on the user side of the wall. Samsung has said they will investigate the issue further, but they're not buying the hype. [SOURCE]

Syria's digitized Civil War (Citizen Lab)

An interesting look at how pro-Assad supporters are using malware to track the opposition, a report from Citizen Lab (published in collaboration with the EFF) highlights the various Phishing campaigns and other digital attacks aimed at journalists and humanitarians over the last two years.

In one example however, it would seem that the pro-Assad digital warriors are using the Syrian Electronic Army (known for their high-profile website defacements and propaganda) as a false flag, similar to how others use Anonymous. [SOURCE]


Happy New Year everyone, stay safe and I'll see you in 2014.

New! Download the State of Cybercrime 2017 report