DEAD DROP 23 / SYSTEM76 INTEL ME, COVERT CRYPTO MINING, RFID REPEATERS
--

Welcome to Dead Drop number 23, your look at what's happening in the worlds of computer security and digital freedom. All source links mentioned are below.

- Youtube link
- Archive.org mirror
- Torrent

BREACHES

Paypal announced that 1.6 million customers may have been affected by a breach that happened to one of their subsiduaries, TIO Networks. They have begun contacting customers, and have said that no other Paypal systems are involved in the breach.

https://thehackernews.com/2017/12/paypal-tio-data-breach.html

BUGS & VULNERABILITIES

Researchers found out that MacOS has a massive vulnerability related to root passwords not being set by default. That means anyone can potentially set a root password, and have full access to a system. Apple pushed out a patch, but some people are saying that it hasn't worked properly, or has led to other glitches in the OS.

https://twitter.com/lemiorhan/status/935578694541770752
https://www.youtube.com/watch?v=FpOH0lxEGBE
https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/

MalwareBytes have spotted a new browser-based cryptomining technique that goes further than the existing mining scripts we've seen, by using pop-under windows that run in the background, even when you think you've closed the browser. It seems to only effect Windows systems.

https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/

Email spoofing has been around for a long time, but a new method which takes advantage of the email clients themselves has been found by researcher Sabri Haddouche. He found that if you use non-ASCII characters in an email header, most clients will automatically convert that to whatever the attacker wants, without checking it, meaning you can very easily create emails that look like they're from other people.

https://www.mailsploit.com
https://thehackernews.com/2017/12/email-spoofing-client.html
https://www.youtube.com/watch?v=hwjUROtXV5I

Keybase has been notifying some users of their Android app that a new beta version may have inadvertantly uploaded their private keys to Google's servers. They've included instructions on what steps to take, including how to generate new keys.

https://www.bleepingcomputer.com/news/security/keybase-bug-might-have-backed-up-your-private-encryption-key-on-googles-servers/

RFID

I've shown stuff like this before, but police in the UK released a video of car theives using RFID repeaters to steal cars, by remotely activating and cloning the cars wireless key while it's still inside the house. This kind of attack is only going to increase in the future.

https://www.youtube.com/watch?v=8pffcngJJq0
https://nakedsecurity.sophos.com/2017/12/01/rfid-repeater-used-to-steal-mercedes-with-keys-locked-inside-a-house/

INTEL M.E.

Following in the footsteps of Purisms announcement that they will be disabling Intel's Management Engine on all their laptops, Dell have now also included the option to disable it on 3 of their computers, although they are charging up to $30 extra for the privilege.

https://liliputing.com/2017/12/dell-also-sells-laptops-intel-management-engine-disabled.html
https://www.youtube.com/watch?v=bl29wKp5whA

Bryan Lunduke also did an interview with some of the guys at System 76, where they discuss their efforts to disable the hidden processor on their Linux laptops. It's pretty cool to see this expand to other vendors.

https://www.youtube.com/watch?v=MujjuTWpQJk

PRIVACY

This week DEFCON uploaded a load of new videos from their latest privacy village at DEFCON 25. Lots of interesting topics covered in the realms of crypto and privacy.

https://www.youtube.com/user/DEFCONConference/videos
https://www.youtube.com/watch?v=hvGyog57gwI

And finally, Paul Furley wrote a useful tutorial on how to randomize your wifi adaptors MAC address in Ubuntu. This should probably work on most other Debian based systems too, and could be a good way to increase privacy, especially if you're traveling and using various wifi hotspots.

https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/

--
BY NODE