블로그 이미지
Jack2
http://jack2.codebreaking.org (2012.11.10 ~ )

calendar

  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2013.03.12 14:00 Smart Platform/Android


Mobile Threat Report Q4 2012.pdf

Mobile Threat Report Q4 2012 Report by F-Secure


The Most Mobile Malware Award Goes To … Android


According to one antivirus vendors, Android is host to 96 percent of all mobile malware.


In a report from F-Secure, there were no new malware families reported for iOS, J2ME, BlackBerry or Windows Mobile at the end of last year, strongly suggesting that malware development has solidly locked on Android systems. Android appears to be taking shares away from Symbian, the previous malware record holder. In final quarter of 2012, Android malware jumped from 49 to 96, while Symbian malware dropped from 21 to just 4.



출처 : https://mocana.com/blog/2013/03/11/the-most-mobile-malware-award-goes-to-android/

해당 보고서 : http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf

posted by Jack2
2012.11.06 18:00 Translate

 

 

5th November 2012 was the most exciting day in Cyberspace, yesterday we have report about few major hacks and leaks including Hacking of ImageShack Server , thousands of researchers database leak from Symantec portal, then NBC Sports Rotoworld forums and NBC Mobile site was defaced by pyknic hacker and a claim that user names and passwords for the site had been compromised, Anonymous leaks the VMware ESX Server Kernel source code online , numerous Australian sites, and the Organization for Security and Cooperation in Europe.

 

2012 년 11월 5일은 사이버 공간에서 가장 흥미로운 날이었다. 어제 ImageShack 서버 해킹, Symantec 포탈로부터 수 천명의 연구원 데이터베이스 유출, 그리고 NBC 스포츠 Rotoworld 포럼과 NBC 모바일 사이트가 pyknic 해커에 의해 훼손되었고 해당 사이트에 대한 사용자 이름과 비밀번호가 도용되었다는 주장, Anonymous 가 VMware ESX 서버 커널 소스 코드를 온라인, 다양한 호주 사이트와 유럽 보안 협력 기구 유출한 것을 포함한 몇 몇 주요 해킹과 유출대해 보도했다.


The Guy Fawkes Day start with the hack of  28,000 Paypal Accounts. AnonymousPress tweeted, "Paypal hacked by Anonymous as part of our November 5th protest privatepaste.com/e8d3b2b2b1 #5Nov" (File Removed now)

 

The Guy Fawkes Day 는 28,000 Paypal 계정 해킹과 함께 시작되었다. AnonymusPress 는 "Paypal 은 11월 5일 결의의 일환으로 Anonymous 에 의해 해킹되었다. privatepaste.com/e8d3b2b2b1  #5Nov"라고 트위터에 남겼다.

(현재 해당 파일은 제거됨)  


Private Paste documents contained 27,935 entries from Paypal database table “mc_customers” including emails, names, passwords (encrypted) and corresponding telephone numbers.

 

이메일, 이름, (암호화된) 비밀번호 그리고 전화번호를 포함한 Paypal "mc_customers" 데이터베이스 테이블로부터 Private Paste 문서는 27,935 항목을 담고있었다.

However according to PayPal’s head of PR, they claim to be investigating the alleged hack, but so far they have stated that they are unable to validate any evidence that there has been a security breach which we can only take to be a good thing.

 

그러나 Paypal 의 홍보 책임자에 따르면, 해킹으로 의심되고 있는 것을 조사중이라고 한다. 그리고 우리에게만 좋은 일이 될 수 있는 보안 위반 사항이 있다는 어떤 유효한 증거를 지금까지는 확인 할 수 없다고 언급했다.

 

원문 : http://thehackernews.com/2012/11/guy-fawkes-day-ends-with-hack-of-28000.html#sthash.ERUfILSS.7MLVtHX0.dpuf

posted by Jack2
2012.07.26 09:52 Smart Platform/Android

Original release date:07/25/2012

Last revised:07/26/2012

Source: US-CERT/NIST


Overview

Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.


Android 환경에서 Bionic (libc) 내에 있는 libc/bionic/malloc_debug_leak.c 의 (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign 함수의 Integer overflows


Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6


CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized modification


References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.


External Source: CONFIRM

Name: https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385

Type: Patch Information; Exploit

Hyperlink: https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385


External Source: MLIST

Name: [oss-security] 20120607 Re: memory allocator upstream patches

Hyperlink:http://www.openwall.com/lists/oss-security/2012/06/07/13


External Source: MLIST

Name: [oss-security] 20120605 memory allocator upstream patches

Hyperlink: http://www.openwall.com/lists/oss-security/2012/06/05/1


External Source: MISC

Name: http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/

Hyperlink: http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/


Vulnerable software and versions

  Configuration 1

OR

* cpe:/a:google:bionic:::%7E%7E%7Eandroid%7E%7E

* Denotes Vulnerable Software

* Changes related to vulnerability configurations


Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)


CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2674


[출처] : NIST(National Institute of Standards and Technology)

posted by Jack2
2012.07.26 09:34 Smart Platform/Android

Original release date:07/25/2012

Last revised:07/25/2012

Source: US-CERT/NIST


Overview

The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.


The Sleipnir Mobile application 2.1.0 이전 버전과 Sleipnir Mobile Black Edition application 2.1.0 이전 버전에서 제대로 WebView class를 구현되지 않았다. 제대로 구현되지 않은 WebView class는 remote attacker가 조작된 application을 통해 민감한(중요한) 정보를 얻을 수 있다.


Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0


CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information


References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.


External Source: CONFIRM

Name: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black

Hyperlink: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black


External Source: CONFIRM

Name: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir

Hyperlink: https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir


External Source: JVNDB

Name: JVNDB-2012-000071

Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000071


External Source: JVN

Name: JVN#88643450

Hyperlink: http://jvn.jp/en/jp/JVN88643450/index.html


Vulnerable software and versions

  Configuration 1

OR

* cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4 and previous versions

* cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4::black and previous versions

* Denotes Vulnerable Software

* Changes related to vulnerability configurations


Technical Details

Vulnerability Type (View All)

Information Leak / Disclosure (CWE-200)


CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2646


[출처] : NIST(National Institute of Standards and Technology)

posted by Jack2
2012.07.25 09:39 Smart Platform/Android

Android DNS poisoning: Randomness gone bad (CVE-2012-2808) Jul 24 2012 12:35PM

Roee Hay (roeeh il ibm com)


1 Introduction

===========

Recently we discovered a very interesting vulnerability in Android'DNS resolver

a weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible.


최근 Android의 DNS resolver 에서 매우 흥미있는 취약점을 발견했다.

의사난수생성기(PRNG)의 약점이 DNS poisoning 공격을 가능하게 한다.


The full advisory can be found at http://bit.ly/MkteBx

A blog post can be found at http://bit.ly/MkoU5j

Demo of our PoC can be found at http://youtu.be/ffnF7Jej7l0


2 Vulnerability

============

The PRNG that the DNS resolver uses is

random_id = 0xffff & (time_usec ^ time_sec ^ pid)


DNS resolver가 사용하는 PRNG 는  0xffff & (time_usec ^ time_sec ^ pid) 이다.


where time_sec is the current time in seconds, time_usec is the m                                                                                                                                                                                                                                                                                                    icroseconds

fraction and pid is the process identifier.


여기에서 time_sec 은 현재시간에서 seconds, time_usec 은 microseconds, pid 는 process 식별자 이다.


Both the TXID and source port are generated by this PRNG.

Since both calls occur subsequently, the values are very much correlated to each other. 

This yields a feasible attack expected time as we show that the number of random bits is brought down from 32 (ideally) to less than 21.


TXID 와 source port 모두 PRNG에 의해 생성된다.

두 calls 는 연속적으로 발생하기 때문에, 그 값들은 서로 큰 관련이 있다.

random bit의 수가 32에서 21미만으로 떨어지게 되는 것을 보여줌으로써 예상된 시간에 공격을 할 수 있다.



Check our advisory for full details.


3 Vulnerable versions

================

Android 4.0.4 and below.


Android 4.0.4 이하 버전에서 취약함


4 Vendor Response

===============

Android 4.1.1 has been released, and patches are available on AOSP.

The random sample is now pulled from /dev/urandom, which should have adequate entropy by

the time network activity occurs.


Android 4.1.1 버전이 릴리즈 되었고 Android Open Source Porject 에서 패치를 이용할 수 있다.

현재 무작위 표본은 network 활동이 발생하는 시간에 따라 적절한 엔트로피가 있는 /dev/urandom 에서 가져온다. 


5 Identifier

========

CVE-2012-2808


6 Discovered by

============

Roee Hay & Roi Saltzman

IBM Application Security Research Group


7 Disclosure timeline

================

07/24/2012 Public disclosure

06/05/2012 Issue confirmed by Android Security Team and patch provided

to partners.

05/21/2012 Disclosed to Android Security Team.



[관련 자료] : 영문보고서 다운


posted by Jack2
prev 1 next