DEAD DROP 25 / CALI VOTER DB, VBULLETIN 0-DAY, MONERO MINING, NO PASSWORD PRINTERS
--

Welcome to Dead Drop number 25, your look at what's happening in the worlds of computer security and digital freedom. All source links mentioned are below.

- Youtube link
- Archive.org mirror
- Torrent

BREACHES

After a massive breach on thousands of MongoDB databases earlier in the year, researchers recently found an unprotected server containing over 19 million voter registration records for the state of California, pointing to the likelihood that the official database was hacked. This seems to effect every single voter in California, and contains a lot of information, including names, addresses, dates of birth, email addresses, phone numbers and more.

https://mackeepersecurity.com/post/cyber-criminals-steal-voter-database-of-the-state-of-california
https://www.youtube.com/watch?v=H3P0lW94L2Q

And speaking of breaches, researchers at UCSD created a tool that let them know whether a site was likely breached.

They used a simple method of creating accounts on thousands of websites, using unique email addresses for each that had never been used before on the web. The passwords used were also the same as the email account itself, meaning when someone logged into the email, they knew where the breach took place.

During the study of over 2000 websites, they found 19 were breached, including one, which they won't name, that has over 45 million users. The tool, tripwire is available on Github.

https://www.bleepingcomputer.com/news/security/data-breach-at-website-with-45-million-users-discovered-during-academic-research/
https://github.com/ccied/tripwire/
https://www.sysnet.ucsd.edu/~jdeblasio/papers/tripwire-imc17.pdf

VULNERABILITIES

Two researchers have found a couple of 0-day exploits in the popular forum software VBulletin, used by thousands of websites. This effects version 5, and both exploits allow for remote code execution on servers where the software's installed. At the time of making this video, there is no patch yet.

https://thehackernews.com/2017/12/vbulletin-forum-hacking.html
https://www.youtube.com/watch?v=5h8JJRH_UgI

MOZILLA

Last week Mozilla installed a mandatory browser extension onto users machines without permission, as a promotion for the Mr Robot season finale, and people are understandably angry. Who on earth over at Mozilla HQ thought this would be a good idea?

https://sircmpwn.github.io/2017/12/16/Firefox-is-on-a-slippery-slope.html
https://gizmodo.com/mozilla-slipped-a-mr-robot-promo-plugin-into-firefox-1821332254
https://www.bleepingcomputer.com/news/software/mozilla-angers-firefox-users-after-force-installing-mr-robot-promo-add-on/

MINING

A new strain of a malware originally found in 2015 has resurfaced. Loapi, an evolution of Podec, has many features similar to other malware, including aggressive advertising, web crawling, acting as a ddos slave node, and also now a Monero mining process. What's worse is that the intensive mining the malware carries out overheats phones to such an extent that batteries bulge. Imagine something like this on the Note 7.

https://securelist.com/jack-of-all-trades/83470/
https://www.bleepingcomputer.com/news/security/android-malware-will-destroy-your-phone-no-ifs-and-buts-about-it/

There's another attack named Zealot, which infects Windows and Linux based Apache servers, using some of the leaked NSA tools, and again this one is installing Monero cryptocurrency mining software on there. I've got a feeling this kind of thing is going to explode in the coming years.

https://f5.com/labs/articles/threat-intelligence/cyber-security/zealot-new-apache-struts-campaign-uses-eternalblue-and-eternalsynergy-to-mine-monero-on-internal-networks

INTERNET OF FAILS

Researchers at Dell Secureworks found a vulnerability in two AMAG IP-based RFID door controllers, allowing attackers with network access to remotely open locked doors, by sending unauthenticated requests to the controllers. They also found that it's possible to insert fake values for RFID cards, so an attacker could also gain access with their own cards.

https://threatpost.com/vulnerability-found-in-two-keyless-entry-locks/129132/
https://www.secureworks.com/research/advisory-2017-001
https://www.scmagazine.com/vulnerabilities-found-in-amag-technology-symmetry-ip-based-access-door-controllers/article/713740/
https://www.youtube.com/watch?v=jRhb4_O3IIg

Another week, another round of printer vulnerabilities, this time with Lexmark. This one is more a general problem with internet connected devices.

Researchers scanned the internet for vulnerable Lexmark printers that hadn't bothered to set a password. They found over 1100 exposed printers that could be traced back to businesses, universities and government buildings, meaning all of these could be compromised by doing things like installing malicious firmware, or intercepting all the data that's sent to the printer, which is obviously not good for privacy and security.

https://threatpost.com/user-gross-negligence-leaves-hundreds-of-lexmark-printers-open-to-attack/129187/
https://www.youtube.com/watch?v=4dypOxfkbkY

INTERNET FREEDOM

As you all know, last week the FCC repealed net neutrality in the US, though congress could still overturn it, or legal battles could ensue. For now, I think it is more wait and see, and like I said before, the eyes of the world are watching this very closely, so if things do start going bad, it will spur on many people to create alternative systems that are more resiliant to this sort of thing.

And on that note, that's it for this week. Thanks for watching, and I'll see you in the next video.

https://www.youtube.com/watch?v=fmQn_pDnUDE

--
BY NODE