Wednesday, November 4, 2015

DefCon closes its forums out of fear of being attacked like vBulletin

First we believed the attack against vBulletin and Foxit Software forums, this weekend, just compromised emails and passwords of half million users. Now things are getting worse: credit cards would have been stolen, every forum which use the vBulletin software would be exposed too and more serious problems we'll comment down below. Today we also talk about the Android rampant insecurity and about a topic we didn't remove too much: email and its failures.

The last news about the vBulletin case, increasing in importance as the hours go by, are the existence of a 0day exploit based on a failure which would be present in the software over the past three years and which would allow to execute code remotely. The author of the attack, Coldzer0, has offered it for sale in, while vBulletin has launched a patch which theoretically solve the bug. The forums of, which use the vBulletin software, like many others in Internet, have decided to close their doors to apply the patch and wait until the storm fades out.

Wormhole is born

For those the storm doesn’t fade out are the Android mobiles users, frightened again and again: yesterday we knew that a software developer kit from the Chinese browser Baidu, Moplus, would have a vulnerability which would allow to create backdoors and would be present in 14.000 apps, which means 100 millions of Android users exposed to attacks. The failure was named as Wormhole and from Trend Micro are saying that's more dangerous than Stagefright. Read, read.

XcodeGhost goes on

And another one with the same style, or likely, XcodeGhost, strained in thoushand of apps through a platform for Chinese developers, follows its way infecting smartphones despite of the exhaustive clean made by Apple on the App Store. According to a research by FireEye, 4 weeks after the XcodeGhost infection, it would have reached the networks from 210 occidental companies, where it would have generated more than 28.000 attempts of connection with the servers of XcodeGhost Command and Control. 62 % of the companies would be German and 33% North American, which make us think the frontiers between East and West are thinner and thinner.

What's happening with the mails?

And if we weren't really scared with the situation, a study by Austrian researchers reminds us that the email still is a very important and forgotten black hole of insecurity: the migration lived in the web, from certifications of 1024 bits to 2048, hasn’t existed in the mail servers. Millions of these servers are misconfigured and allow an easy access to the mails, as well as the use of fake certifications by the attackers.

As Miss Optimistic would say, more work for the IT security workers.


Post a Comment