Edward Snowden leaks revealed that the NSA had the ability to spy on Cisco firewall traffic for years , but just how did the agency do it? We now have a clearer idea. An analysis of data from the Equation Group hack shows that the NSA used a specialized tool, BenignCertain, that uses an exploit in Cisco’s Internet Key Exchange implementation to extract encryption keys and read otherwise secure virtual private network data. Cisco has confirmed that the attack can compromise multiple versions of its old PIX firewalls, which were last supported in 2009. The issue doesn’t crop up in PIX 7.0 or in Cisco’s newer Adaptive Security Appliance, but that isn’t going to reassure many security experts. Ars Technica warns that there appear to be over 15, 000 networks still clinging on to PIX, and there’s a real possibility that many of them are vulnerable. Other platforms have comparable security holes , too, suggesting that the NSA might have snooped on many VPNs . To make matters worse, the Equation Group breach lets any would-be hacker use the exploit. While the past surveillance is alarming, you may need to worry more about everyday criminals going forward. Via: Ars Technica Source: Musalbas , Cisco
View original post here:
Here’s how the NSA spied on Cisco firewalls for years
An anonymous reader writes: For those of you who have traveled through U.S. airports in recent years, you may have noticed the Transport Security Administration (TSA) use a Randomizer app to randomly search travelers in the Pre-Check lane. The app randomly chooses whether travelers go left or right in the Pre-Check lane so they can’t predict which lane each person is assigned to and can’t figure out how to avoid the random checks. Developer Kevin Burke submitted a Freedom of Information Act request asking for details about the app. The documents he received reveals the TSA purchased the Randomizer iPad app for $336, 413.59. That’s $336, 413.59 for an app, which is incredibly simple to make as most programming languages of choice have a randomizing function available to use. What may be even more intriguing is that the contract for the TSA Randomizer app was won by IBM. The total amount paid for the project is actually $1.4 million, but the cost is not broken down in Burke’s documents. It’s possible IBM supplied all the iPads and training in addition to the app itself. Read more of this story at Slashdot. 
An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225, 000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). “The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device, ” Palo Alto researcher Claud Xiao explained. “KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.” Read more of this story at Slashdot. 
dkatana writes: WiFi Offloading is skyrocketing. This is the conclusion of a new report from Juniper Research, which points out that the amount of smartphone and tablet data traffic on WiFi networks will will increase to more than 115, 000 petabytes by 2019, compared to under 30, 000 petabytes this year, representing almost a four-fold increase. Most of this data is offloaded to consumer’s WiFi by the carriers, offering the possibility to share your home internet connection in exchange for “free” hotspots. But this article on InformationWeek Network Computing also warns that “The capacity of the 2.4GHz band is reaching its limit. the growing number of WiFi devices using unlicensed bands is seriously affecting network efficiency. Capacity is compromised by the number of simultaneously active devices, with transmission speeds dropping as much as 20% of the nominal value. With the number of IoT and M2M applications using WiFi continuously rising, that could become a serious problem soon.” Read more of this story at Slashdot. 
mrflash818 writes: A new report from analytics service SourceDNA found that roughly 1, 500 iOS apps (with about 2 million total installs) contain a vulnerability that cripples HTTPS and makes man-in-the-middle attacks against those apps easy to pull off. “The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1, 500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw.” Read more of this story at Slashdot. 
Mark Wilson writes Two minutes is all it takes to completely destroy a computer. In a presentation entitled ‘How many million BIOSes would you like to infect?’ at security conference CanSecWest, security researchers Corey Kallenberg and Xeno Kovah revealed that even an unskilled person could use an implant called LightEater to infect a vulnerable system in mere moments. The attack could be used to render a computer unusable, but it could also be used to steal passwords and intercept encrypted data. The problem affects motherboards from companies including Gigabyte, Acer, MSI, HP and Asus. It is exacerbated by manufactures reusing code across multiple UEFI BIOSes and places home users, businesses and governments at risk. Read more of this story at Slashdot. 