Wednesday, September 17, 2014

To endear oneself to vulnerabilities

"From less to more" - which is the title of one of the songs by Spanish actress and singer Rocio Durcal - "I let you love me, you came into my life."

This is something that happens every day in the third environment. German telecoms let the NSA and the GCHQ in the UK love them under the umbrella of the "Treasure Map", a world map aimed to locate and monitor every Internet-connected device in almost "real" time. Divided into different layers, as shown on the picture, it would offer (if is not already doing so) one of the most powerful tools for the massive espionage.

Other things that like being loved are the PoS, the payment systems that we can see in most of the stores, which nowadays are a very appealing bounty for cyber criminal gangs. Last week Home Depot, the famous American DIY store chain, suffered a spate of attacks based on different techniques, which affected most of its outlets and endanger its customers’ financial data.

The Citadel Trojan, an acquaintance of all those who work involved with technological risks, shared love among its victims, even affecting oil companies. This situation has turned to red given that such malicious code is able to compromise critical infrastructure wreaking havoc on the nature or the death of hundreds / thousands people.

Speaking about love without mentioning Android seems a sacrilege. The truth is that Google’s mobile OS has once again demonstrated that it is able to "endear" itself to the black hat community, thanks to a new vulnerability which would affect all versions of its default browser prior to 4.4, and allow the theft of shown or introduced data (hijacking).

We are not so used to that with Amazon though, and particularly with its Kindle. Presumably it is not a risky device, right? Well, Amazon has reintroduced a vulnerability in one of the latest upgrades of its cloud library service that could allow an attacker to steal his victim’s Amazon login credentials through corrupted meta tags (for example, the title of a book). It would be enough a user opening a malicious book for the script to take control of his account.

We end up this article with a compilation for all the security auditors who read us. Perhaps Nmap is one of the best known pentesting tools, so it never hurts to have on hand a crib sheet with the most useful commands and some scripts that allow you to package actions, save time and find the right moment in which "the spark came."

"Silent love that grew little by little, beautiful love that scream inside me today." We close these lines with Durcal, but not before remembering that the best expression of love you can give us is sharing and supporting our articles on your favourite social networks. Thank you very much!


Post a Comment