Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Google and Android have your back by protecting your backups

Google Security Blog - 12 Říjen, 2018 - 22:01
Posted by Troy Kensinger, Technical Program Manager, Android Security and Privacy

Android is all about choice. As such, Android strives to provide users many options to protect their data. By combining Android’s Backup Service and Google Cloud’s Titan Technology, Android has taken additional steps to securing users' data while maintaining their privacy.

Starting in Android Pie, devices can take advantage of a new capability where backed-up application data can only be decrypted by a key that is randomly generated at the client. This decryption key is encrypted using the user's lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user's passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks. The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user's backed-up application data without specifically knowing their passcode.

To increase our confidence that this new technology securely prevents anyone from accessing users' backed-up application data, the Android Security & Privacy team hired global cyber security and risk mitigation expert NCC Group to complete a security audit. Some of the outcomes included positives around Google’s security design processes, validation of code quality, and that mitigations for known attack vectors were already taken into account prior to launching the service. While there were some issues discovered during this audit, engineers corrected them quickly. For more details on how the end-to-end service works and a detailed report of NCC Group’s findings, click here.

Getting external reviews of our security efforts is one of many ways that Google and Android maintain transparency and openness which in turn helps users feel safe when it comes to their data. Whether it’s 100s of hours of gaming data or your personalized preferences in your favorite Google apps, our users' information is protected.

We want to acknowledge contributions from Shabsi Walfish, Software Engineering Lead, Identity and Authentication to this effort
Kategorie: Hacking & Security

Threatpost News Wrap Podcast For Oct. 12

Threatpost - 12 Říjen, 2018 - 21:38
Threatpost's editors discuss the top news of this week.
Kategorie: Hacking & Security

Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm

Threatpost - 12 Říjen, 2018 - 19:01
The official update from Microsoft only limits the vulnerability, according to 0Patch.
Kategorie: Hacking & Security

CCNA Study Resources

InfoSec Institute Resources - 12 Říjen, 2018 - 19:00

Passing the CCNA exam can be a big challenge for many candidates, as the minimum passing score is 825 out of 1000. That means a passing grade requires 82.5% correct answers. In the CCNA exam, candidates are presented with approximately 60-70 questions to be answered within 90 minutes, and the questions are of following three […]

The post CCNA Study Resources appeared first on InfoSec Resources.

CCNA Study Resources was first posted on October 12, 2018 at 12:00 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Maintaining Your CCNA Certification – Renewal Requirements

InfoSec Institute Resources - 12 Říjen, 2018 - 18:44

Cisco is one of the biggest network device manufacturers, and a university for millions of network professionals around the globe who want to learn advanced networking technologies. Cisco offers a series of certifications in various networking technologies, and Cisco-certified professionals are recognized worldwide and accepted by top companies. The CCNA certification is valid for three […]

The post Maintaining Your CCNA Certification – Renewal Requirements appeared first on InfoSec Resources.

Maintaining Your CCNA Certification – Renewal Requirements was first posted on October 12, 2018 at 11:44 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Shining a Light on a New Technique for Stealth Persistence

Threatpost - 12 Říjen, 2018 - 17:25
Researchers devise post-intrusion attack that use existing system binaries to achieve arbitrary code execution to maintain stealth and persistence.
Kategorie: Hacking & Security

Facebook Bans More Than 800 Accounts in Disinformation Purge

Threatpost - 12 Říjen, 2018 - 16:19
The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation.
Kategorie: Hacking & Security

What Kanye West can teach us about passcodes

Sophos Naked Security - 12 Říjen, 2018 - 16:00
Pulling out an iPhone XS to show the assembled throng a picture of the hydrogen-powered aircraft that “our president should be flying in,” West casually unlocked it using the passcode ‘000000’.

Control Flow Integrity in the Android kernel

Google Security Blog - 12 Říjen, 2018 - 15:28

Posted by Sami Tolvanen, Staff Software Engineer, Android Security & Privacy

[Cross-posted from the Android Developers Blog]

Android's security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks.
Google's Pixel 3 will be the first Android device to ship with LLVM's forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.
Protecting against code reuse attacksA common method of exploiting the kernel is using a bug to overwrite a function pointer stored in memory, such as a stored callback pointer or a return address that had been pushed to the stack. This allows an attacker to execute arbitrary parts of the kernel code to complete their exploit, even if they cannot inject executable code of their own. This method of gaining code execution is particularly popular with the kernel because of the huge number of function pointers it uses, and the existing memory protections that make code injection more challenging.
CFI attempts to mitigate these attacks by adding additional checks to confirm that the kernel's control flow stays within a precomputed graph. This doesn't prevent an attacker from changing a function pointer if a bug provides write access to one, but it significantly restricts the valid call targets, which makes exploiting such a bug more difficult in practice.

Figure 1. In an Android device kernel, LLVM's CFI limits 55% of indirect calls to at most 5 possible targets and 80% to at most 20 targets.Gaining full program visibility with Link Time Optimization (LTO)In order to determine all valid call targets for each indirect branch, the compiler needs to see all of the kernel code at once. Traditionally, compilers work on a single compilation unit (source file) at a time and leave merging the object files to the linker. LLVM's solution to CFI is to require the use of LTO, where the compiler produces LLVM-specific bitcode for all C compilation units, and an LTO-aware linker uses the LLVM back-end to combine the bitcode and compile it into native code.

Figure 2. A simplified overview of how LTO works in the kernel. All LLVM bitcode is combined, optimized, and generated into native code at link time.Linux has used the GNU toolchain for assembling, compiling, and linking the kernel for decades. While we continue to use the GNU assembler for stand-alone assembly code, LTO requires us to switch to LLVM's integrated assembler for inline assembly, and either GNU gold or LLVM's own lld as the linker. Switching to a relatively untested toolchain on a huge software project will lead to compatibility issues, which we have addressed in our arm64 LTO patch sets for kernel versions 4.9 and 4.14.
In addition to making CFI possible, LTO also produces faster code due to global optimizations. However, additional optimizations often result in a larger binary size, which may be undesirable on devices with very limited resources. Disabling LTO-specific optimizations, such as global inlining and loop unrolling, can reduce binary size by sacrificing some of the performance gains. When using GNU gold, the aforementioned optimizations can be disabled with the following additions to LDFLAGS:
LDFLAGS += -plugin-opt=-inline-threshold=0 \
-plugin-opt=-unroll-threshold=0Note that flags to disable individual optimizations are not part of the stable LLVM interface and may change in future compiler versions.
Implementing CFI in the Linux kernelLLVM's CFI implementation adds a check before each indirect branch to confirm that the target address points to a valid function with a correct signature. This prevents an indirect branch from jumping to an arbitrary code location and even limits the functions that can be called. As C compilers do not enforce similar restrictions on indirect branches, there were several CFI violations due to function type declaration mismatches even in the core kernel that we have addressed in our CFI patch sets for kernels 4.9 and 4.14.
Kernel modules add another complication to CFI, as they are loaded at runtime and can be compiled independently from the rest of the kernel. In order to support loadable modules, we have implemented LLVM's cross-DSO CFI support in the kernel, including a CFI shadow that speeds up cross-module look-ups. When compiled with cross-DSO support, each kernel module contains information about valid local branch targets, and the kernel looks up information from the correct module based on the target address and the modules' memory layout.

Figure 3. An example of a cross-DSO CFI check injected into an arm64 kernel. Type information is passed in X0 and the target address to validate in X1.CFI checks naturally add some overhead to indirect branches, but due to more aggressive optimizations, our tests show that the impact is minimal, and overall system performance even improved 1-2% in many cases.
Enabling kernel CFI for an Android deviceCFI for arm64 requires clang version >= 5.0 and binutils >= 2.27. The kernel build system also assumes that the LLVMgold.so plug-in is available in LD_LIBRARY_PATH. Pre-built toolchain binaries for clang and binutils are available in AOSP, but upstream binaries can also be used.
The following kernel configuration options are needed to enable kernel CFI:
CONFIG_LTO_CLANG=y
CONFIG_CFI_CLANG=yUsing CONFIG_CFI_PERMISSIVE=y may also prove helpful when debugging a CFI violation or during device bring-up. This option turns a violation into a warning instead of a kernel panic.
As mentioned in the previous section, the most common issue we ran into when enabling CFI on Pixel 3 were benign violations caused by function pointer type mismatches. When the kernel runs into such a violation, it prints out a runtime warning that contains the call stack at the time of the failure, and the call target that failed the CFI check. Changing the code to use a correct function pointer type fixes the issue. While we have fixed all known indirect branch type mismatches in the Android kernel, similar problems may be still found in device specific drivers, for example.
CFI failure (target: [<fffffff3e83d4d80>] my_target_function+0x0/0xd80):
------------[ cut here ]------------
kernel BUG at kernel/cfi.c:32!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP

Call trace:

[<ffffff8752d00084>] handle_cfi_failure+0x20/0x28
[<ffffff8752d00268>] my_buggy_function+0x0/0x10
…Figure 4. An example of a kernel panic caused by a CFI failure.Another potential pitfall are address space conflicts, but this should be less common in driver code. LLVM's CFI checks only understand kernel virtual addresses and any code that runs at another exception level or makes an indirect call to a physical address will result in a CFI violation. These types of failures can be addressed by disabling CFI for a single function using the __nocfi attribute, or even disabling CFI for entire code files using the $(DISABLE_CFI) compiler flag in the Makefile.
static int __nocfi address_space_conflict()
{
void (*fn)(void);

/* branching to a physical address trips CFI w/o __nocfi */
fn = (void *)__pa_symbol(function_name);
cpu_install_idmap();
fn();
cpu_uninstall_idmap();

}Figure 5. An example of fixing a CFI failure caused by an address space conflict.Finally, like many hardening features, CFI can also be tripped by memory corruption errors that might otherwise result in random kernel crashes at a later time. These may be more difficult to debug, but memory debugging tools such as KASAN can help here.
ConclusionWe have implemented support for LLVM's CFI in Android kernels 4.9 and 4.14. Google's Pixel 3 will be the first Android device to ship with these protections, and we have made the feature available to all device vendors through the Android common kernel. If you are shipping a new arm64 device running Android 9, we strongly recommend enabling kernel CFI to help protect against kernel vulnerabilities.
LLVM's CFI protects indirect branches against attackers who manage to gain access to a function pointer stored in kernel memory. This makes a common method of exploiting the kernel more difficult. Our future work involves also protecting function return addresses from similar attacks using LLVM's Shadow Call Stack, which will be available in an upcoming compiler release.
Kategorie: Hacking & Security

35 state attorneys general tell FCC to pull the plug on robocalls

Sophos Naked Security - 12 Říjen, 2018 - 15:10
The AGs want the FCC to adopt SHAKEN and STIR.

Experian credit-freeze PINs could be revealed by a simple trick

Sophos Naked Security - 12 Říjen, 2018 - 14:28
The credit bureaus' struggles with PINs continue...

Fortnite for Android Released, But Make Sure You Don't Download Malware

The Hacker News - 12 Říjen, 2018 - 14:11
Yes, it is official. The massively popular battle royale video game from Epic Games, Fortnite: Battle Royale is finally available for Android devices. Epic announced Thursday that the Android version of Fortnite is now available for everyone to download for free, so you no longer require an invite to play the most popular battle royale game on your phone. Epic Games have provided a list of
Kategorie: Hacking & Security

Payment skimmers sneaking on to websites via third party code

Sophos Naked Security - 12 Říjen, 2018 - 13:40
Whatever Magecart is, it’s been blamed for several high-profile payment card breaches this summer.

Midterm Elections, Hacking and Information Warfare — CyberSpeak Podcast

InfoSec Institute Resources - 12 Říjen, 2018 - 12:00

On this episode of the CyberSpeak with InfoSec Institute podcast, John Dickson, Principal at Denim Group and a security professional with nearly 20 years experience, talks about cybersecurity issues and information warfare related to the upcoming midterm elections. In the podcast, Dickson and host Chris Sienko discuss: When and where did electronic voting issues start […]

The post Midterm Elections, Hacking and Information Warfare — CyberSpeak Podcast appeared first on InfoSec Resources.

Midterm Elections, Hacking and Information Warfare — CyberSpeak Podcast was first posted on October 12, 2018 at 5:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

The Hacker News - 12 Říjen, 2018 - 11:07
Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored
Kategorie: Hacking & Security

Tesla se chlubí: naše modely 3, S a X jsou podle testů tři nejbezpečnější automobily ze všech

Zive.cz - bezpečnost - 12 Říjen, 2018 - 08:00
Americká organizace NHTSA (National Highway Traffic Safety Administration), která testuje bezpečnost automobilů, zveřejnila výsledky testů nového levného elektromobilu Model 3 od Tesly a výsledky dopadly velmi dobře. Aktualizováno: Tento graf podle NHTSA nevychází čistě z jejich dat, vytvořila ...
Kategorie: Hacking & Security

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals

Threatpost - 11 Říjen, 2018 - 23:11
Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks.
Kategorie: Hacking & Security

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

Threatpost - 11 Říjen, 2018 - 22:24
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot.
Kategorie: Hacking & Security
Syndikovat obsah