Oct 31 2015

Take 5 minutes and up your opsec game with Tor Messenger

(credit: Samuel Huron)

On Thursday, the Tor Project released its first public beta of Tor Messenger, an easy-to-use, unified chat app that has security and cryptography baked in. If you care about digital security, you should ditch whatever chat program you're using and switch to it right now.

The app is specifically designed to protect location and routing information (by using Tor) and chat data in transit (by using the open source Off-The-Record, or OTR, protocol). For anyone who has used a similar app (like Pidgin or Adium), Tor Messenger’s interface will be fairly self-explanatory, but there are two notable quirks.

First, by default, it will not allow you to send messages to someone who doesn’t support OTR—but there is an option to disable that feature. (We’ll get to that in a minute.) Second, unlike Pidgin or Adium, Tor Messenger cannot log chats, which is handy if you’re privacy-minded.

Read 17 remaining paragraphs | Comments

Oct 30 2015

Don’t count on STARTTLS to automatically encrypt your sensitive e-mails

(credit: Yzmo)

Researchers have some good and bad news about the availability of secure e-mail. Use of STARTTLS and three other security extensions has surged in recent months, but their failure rate remains high, in large part because of active attacks that downgrade encrypted connections to unencrypted ones.

That conclusion, reached in a recently published research paper, means that a significant chunk of e-mail continues to be transmitted in plaintext and with no mechanism for verifying that a message hasn't been tampered with while it travels from sender to receiver. The downgrades are largely made possible by the simple mail transfer protocol used by many e-mail services. Because it wasn't originally designed to provide message confidentiality or integrity, it relies on later-developed extensions including STARTTLS, domainkeys Identified Mail, sender policy framework, and domain-based message authentication that often don't work as intended.

The researchers wrote:

Read 6 remaining paragraphs | Comments

Oct 30 2015

DAMM – Differential Analysis of Malware in Memory

Differential Analysis of Malware in Memory (DAMM) is a tool built on top of Volatility Framework. Its main objective is as a test bed for some newer techniques in memory analysis, including performance enhancements via persistent SQLite storage of plugin results (optional); comparing in-memory objects across multiple memory samples, for example...

Read the full post at darknet.org.uk
Oct 29 2015

Xen patches 7-year-old bug that shattered hypervisor security

(credit: ||read||)

For seven years, Xen virtualization software used by Amazon Web Services and other cloud computing providers has contained a vulnerability that allowed attackers to break out of their confined accounts and access extremely sensitive parts of the underlying operating system. The bug, which some researchers say is probably the worst ever to hit the open-source project, was finally made public Thursday along with a patch.

As a result of the bug, "malicious PV guest administrators can escalate privilege so as to control the whole system," Xen Project managers wrote in an advisory. The managers were referring to an approach known as paravirtualization, which allows multiple lower-privileged users to run highly isolated computing instances on the same piece of hardware. By allowing guests to break out of those confines, CVE-2015-7835, as the vulnerability is indexed, compromised a core tenant of virtualization.

"The above is a political way of stating the bug is a very critical one," researchers with Qubes OS, a desktop operating system that uses Xen to security sensitive resources, wrote in an analysis published Thursday. "Probably the worst we have seen affecting the Xen hypervisor, ever. Sadly."

Read 3 remaining paragraphs | Comments