Broadcast Engineer at BellMedia, Computer history buff, compulsive deprecated, disparate hardware hoarder, R/C, robots, arduino, RF, and everything in between.
4919 stories
·
5 followers

This Week in Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, and More

1 Share

Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and discovered a problem they call the KNOB attack, Key Negotiation Of Bluetooth.

This is actually one of the simpler vulnerabilities to understand. Randomly generated keys are only as good as the entropy that goes into the key generation. The Bluetooth specification allows negotiating how many bytes of entropy is used in generating the shared session key. By necessity, this negotiation happens before the communication is encrypted. The real weakness here is that the specification lists a minimum entropy of 1 byte. This means 256 possible initial states, far within the realm of brute-forcing in real time.

The attack, then, is to essentially man-in-the-middle the beginning of a Bluetooth connection, and force that entropy length to a single byte. That’s essentially it. From there, a bit of brute forcing results in the Bluetooth session key, giving the attacker complete access to the encrypted stream.

One last note, this isn’t an implementation vulnerability, it’s a specification vulnerability. If your device properly implements the Bluetooth protocol, it’s vulnerable.

CenturyLink Unlinked

You may not be familiar with CenturyLink, but it maintains one of the backbone fiber networks serving telephone and internet connectivity. On December 2018, CenturyLink had a large outage affecting its fiber network, most notable disrupting 911 services for many across the United States for 37 hours. The incident report was released on Monday, and it’s… interesting.

“In the early morning of December 27, 2018, a switching module in CenturyLink’s Denver, Colorado node spontaneously generated four malformed management packets.”

These packets were addressed to a broadcast destination, had valid headers and checksums, no expiration time, and were larger than 64 bytes. Because the packets appeared to be properly formed, none of the security infrastructure filtered those packets. The term for what happened next is a “packet storm”. Each device on the node rebroadcast each packet as it was received, quickly saturating the whole fiber network.

“CenturyLink and Infinera state that, despite an internal investigation, they do not know how or why the malformed packets were generated.”
In reading this, I can only suspect this was an intentional attack. Even if this particular instance was accidental, this represents an enormous vulnerability in the CenturyLink backbone network.

Siri, Make a Phone Call

The Better Business Bureau issued a warning about a new scam, apparently discovered through their scam tracker service. More accurately, it’s an old scam that people are falling for in a new way.

How do Siri, Cortana, and the like know what number to call in response to a voice command? They use their respective search engine to look it up. And what happens when the top result has been manipulated through SEO, or an ad purchase? Your assistant might just call a tech support scam by mistake. The BBB suggests that you don’t use the automated calling function, and carefully look up numbers manually instead.

Backdoors in Management Interface

The open source Webmin tool shipped three separate releases that contained intentional backdoors, 1.890, 1.900, and 1.920. The backdoor wasn’t included in the official source, but was instead planted on the build machine by an attacker. Because of the specifics of the build process, that code wasn’t overwritten until the compromised source file was legitimately changed in the project. At least once, the attacker re-injected malicious code after such a change and update.

This sort of attack is just a reminder of the importance of reproducible builds, and the constant need to validate everything. All it takes to discover this attack is for one user to run a reproducible build and compare the output binaries.

Steam Fixes 0-days by Banning Researchers

OK, so maybe it’s not that bad, but this still isn’t great. [Vasily Kravets] discovered a pair of problems in the Steam client that an attacker could use to gain system level privileges. It’s not remote code execution, but both vulnerabilities appear to be legitimate. [Vasily] reported the first problem to HackerOne, the service Steam uses to manage vulnerability reporting. They promptly classified his report as out of scope for Valve’s bug bounty program. This isn’t such a terrible problem, except for the implication that Valve didn’t think that the vulnerability in question wasn’t important enough to fix.

The story gets worse before it gets better. [Vasily] informed HackerOne that he would publicly release the vulnerability, and they responded by informing him that he wasn’t allowed to do so. With no indication of intent to fix, he went ahead with the public disclosure, and was banned from reporting Valve related vulnerabilities on HackerOne.

Valve has reached out to ZDNet, saying that the whole debacle was a mistake, and they are taking steps to make it right. The vulnerabilities have been fixed in a beta release of Steam, and Valve is reviewing [Vasily]’s ban.

Read the whole story
tekvax
22 hours ago
reply
Burlington, Ontario
Share this story
Delete

McDonald's employee burned by customer's "smoldering" dollar bill

1 Share

In Hackettstown, New Jersey, a McDonald's drive-through customer reportedly paid with a "smoldering" dollar bill that burned the employee's hand. From NJ.com:

After taking the money, the employee realized the dollar was still smoldering and she was burned on the palm of her left hand, police said. The employee refused medical treatment.

Police are investigating the incident and said no further information would be released at this time.

Obviously the customer has money to burn. Read the rest

Read the whole story
tekvax
2 days ago
reply
Burlington, Ontario
Share this story
Delete

OpenAI releases larger GPT-2 dataset. Can it write fake news better than a human?

2 Shares

OpenAI has released a more extensive version of its generative language model.

We’re releasing the 774 million parameter GPT-2 language model after the release of our small 124M model in February ...

2. Humans can be convinced by synthetic text. Research from our research partners Sarah Kreps and Miles McCain at Cornell published in Foreign Affairs says people find GPT-2 synthetic text samples almost as convincing (72% in one cohort judged the articles to be credible) as real articles from the New York Times (83%). Additionally, research from AI2/UW has shown that news written by a system called “GROVER” can be more plausible than human-written propaganda. These research results make us generally more cautious about releasing language models

Blockquoted below is something I just had it make (using Talk to Transformer, which has been updated with the new dataset.)

I wrote the first (bolded) paragraph. GPT-2 wrote the rest.

Former Democratic presidential candidate and United States Senator Hillary Clinton was arrested today and charged on four counts of conspiracy, one count of fraud, and one count of lying to Federal investigators.

The details of the case are detailed below.

A Brief Overview of the Case

On June 2, 2014, Clinton (pictured) admitted to FBI agents that, on June 23, 2013, she, and others, had conspired with other political figures to take "official action" in response to a series of negative articles which she wrote in the Washington Times and other outlets.

The following is a summary of Clinton's admission:

Secretary Clinton used the Washington Post as her de facto personal email account and for the official State Department email account. It is important to note that the Federal Records Act (FRA) requires, as a condition for releasing government records, that the subject matter of the records be protected from public disclosure. The State Department records in question pertained to public and official business conducted in the United States Government. The FBI's investigation revealed that on July 2, 2009, Secretary Clinton sent

Hillary Clinton of The Washington Times! GPT-2 has a better sense of humor than any fake news I ever read.

This is amazing generative prose. But it's still not as good as anything even the dumbest human grifters can and do churn out. No-one familiar with newswriting tropes would be convinced for a second, and I suspect that even the legendary Facebook Boomers are harder to fool than the hype suggests.

The danger of GPT-2 is not fake news as sharable, influential longform but as social media chum in brief: imagine a flood of more convincing bots making human actions harder to measure, goosing the "engagement" of emotionally vulnerable users while deflating the value of those interactions. This is the more straightforward "problem" presented by advanced machine bullshit.

Another way of putting it: generative writing is not threatening further political anguish. It's threatening the advertising value of social media platforms that exploit it.

Nevertheless, GPT-2 is like nothing else in machine intelligence. Here I fed it a paragraph of condensed Cormac McCarthy, which it elaborates upon perfectly in-voice, but slowly segueing to a Hallmark movie:

Read the whole story
tekvax
3 days ago
reply
Burlington, Ontario
Share this story
Delete

This footage of New York in 1993 will make you miss New York in 1993

1 Share

Manhattan in the early nineties, captured on what must have at the time been an unusually high-def camera.

The uploader of this incredible archival B-roll footage said to be of New York in 1993 says they captured it off of “a D-Theater HD DVHS Demo Tape by techmoan.com.

It's pretty incredible.

I miss this NYC.

Read the whole story
tekvax
3 days ago
reply
Burlington, Ontario
Share this story
Delete

Microsoft contractors listened to Xbox audio recordings of children in their homes, to improve voice command

1 Share

Contractors who worked for Microsoft say that in the course of their work, they listened to Xbox users' voice recordings, including recordings that were invoked by children accidentally, to improve Microsoft's techFind voice command technology.

That's right.

Many of the unintentionally made audio recordings were of children.

Being listened to by adult strangers outside of the home.

Reports Joseph Cox at VICE:

Contractors working for Microsoft have listened to audio of Xbox users speaking in their homes in order to improve the console’s voice command features, Motherboard has learned. The audio was supposed to be captured following a voice command like “Xbox” or “Hey Cortana,” but contractors said that recordings were sometimes triggered and recorded by mistake.

The news is the latest in a string of revelations that show contractors working on behalf of Microsoft listen to audio captured by several of its products. Motherboard previously reported that human contractors were listening to some Skype calls as well as audio recorded by Cortana, Microsoft’s Siri-like virtual assistant.

"Xbox commands came up first as a bit of an outlier and then became about half of what we did before becoming most of what we did," one former contractor who worked on behalf of Microsoft told Motherboard. Motherboard granted multiple sources in this story anonymity as they had signed non-disclosure agreements.

The former contractor said they worked on Xbox audio data from 2014 to 2015, before Cortana was implemented into the console in 2016. When it launched in November 2013, the Xbox One had the capability to be controlled via voice commands with the Kinect system.

Microsoft Contractors Listened to Xbox Owners in Their Homes

[photos of kid playing Xbox, SHUTTERSTOCK]

Read the whole story
tekvax
3 days ago
reply
Burlington, Ontario
Share this story
Delete

Unintentionally funny voice-over-IP demo from 1978

1 Share

In 1978, researchers were conducting early experiments in group teleconferencing using packet switching over the ARPANET, which became the basis of the Internet. These "packet speech systems" evolved into the VoIP that we know and love (?) today. Above is a 1979 video from the USC Information Sciences Institute of an experiment involving a "dramatization" of a group teleconference. As /r/ObscureMedia user jetRink posted, "The meeting participants are late, unprepared and frustrated, the audio quality is terrible and nothing is accomplished except the scheduling of another meeting."

Just like today!

For more on this, see Stanford University professor Robert Gray's "History of LPC Digital Speech and its impact on the Internet Protocol."

Read the whole story
tekvax
6 days ago
reply
Burlington, Ontario
Share this story
Delete
Next Page of Stories