Tag: security

Protecting Credit

50% of all Americans still haven’t checked their credit report since the Equifax breach last year exposed the Social Security numbers, dates of birth, addresses and other personal information on nearly 150M people. If you’re in that 50%, please make an effort to remedy that soon.

Gray Hat

Most of all, Hutchins was bored, and he wanted to work again. “Not having access to my botnet-monitoring stuff is depressing”. While Hutchins declined to discuss details of his case, except to maintain his innocence — the trial is still pending, though such cases often end in settlements — he feared the damage was already done. Cybersecurity is a business based in trust, and he worried that the allegations alone made him unemployable. (He had recently noticed a number of Twitter bots commenting on his case with anti-American bents, which he speculated could be someone trying to use his case to divide the American cybersecurity community.)

SSA scams

The letter the Eckensteins received from the SSA indicated that the benefits had been requested over the phone, meaning the crook(s) had called the SSA pretending to be Ruth and supplied them with enough information about her to enroll her to begin receiving benefits. He and his wife immediately called the SSA to notify them of fraudulent enrollment and pending withdrawal, and they were instructed to appear in person at an SSA office in Oklahoma City.

Petya

root cause: dummy companies not patching their systems. these things will continue until everyone in the world is on auto update.

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.

Windows fuzzing

this library allows you to use powerful linux fuzzers to fuzz windows, where fuzzing appears to be stuck in the stone age:

library that allows native Linux programs to load and call functions from a Windows DLL. the library will process the relocations and imports, then provide a dlopen-like API. The code supports debugging with gdb (including symbols), basic block coverage collection, and runtime hooking and patching.

this library has found 3 windows defender critical vulnerabilities in 2 months

Windows Uniscribe Fuzzing

Among the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, there were 29 bugs reported by us in the font-handling code of the Uniscribe library. Admittedly the subject of font-related security has already been extensively discussed on this blog both in the context of manual analysis and fuzzing. However, what makes this effort a bit different from the previous ones is the fact that Uniscribe is a little-known user-mode component, which had not been widely recognized as a viable attack vector before, as opposed to the kernel-mode font implementations included in the win32k.sys and ATMFD.DLL drivers. In this post, we outline a brief history and description of Uniscribe, explain how we approached at-scale fuzzing of the library, and highlight some of the more interesting discoveries we have made so far. All the raw reports of the bugs we’re referring to (as they were submitted to Microsoft), together with the corresponding proof-of-concept samples, can be found in the official Project Zero bug tracker. Enjoy!