Thank you to everyone who tried to solve our FortiChallenge 2k11! We've had way more participants than expected, and two winners : Shirley Chen Nagy Ferenc László Shirley and Nagy found the secret sentence, without even using the hints. A special mention for another participant (StalkR) who tried to solve it in the wake of Insomni’Hack 2011, and managed to reach the md5 collision step. Stay tuned for the official solution! -- the Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 15, 2011  |  Filed in: Security Research
Any progress on our FortiChallenge 2k11? After the first clue, here is the second. Just a reminder that the first hint is meant to help you to find the good way with hashes. Don't miss the modification, Crypto Girl hates MD5 for this reason ! By the way, challenge's submission deadline is extended to Nov 13th, 2011. -- The Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 03, 2011  |  Filed in: Security Research
Stuck on our FortiChallenge 2k11? Here's a first hint! Translations: La fin est encore loin surtout quand on est sur le mauvais chemin ! Wrong track, go back! La fin est proche, l'anneau est inclus. Dawn is close, search for the ring. Mon precieux My precious Hint: -6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357 -ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca -BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645 -3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789 -5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77 –... [Read More]
by RSS Alexandre Aumoine  |  Oct 21, 2011  |  Filed in: Security Research
Hello all, At Insomni'Hack 2011, we created a challenge dedicated to static reversing of Symbian executables (using SDK S60 Ed3 FP1). Sadly, nobody found the full solution, so we finally decided to put it online for you to try, until November 1st, 2011. We will then post the winner's solution on this blog, along with the 'official' solution. To help you out - if needed - this post will be updated with a hint in a few days. Challenge prize? the winner (first good solution) receives ... fame and glory :)) i.e. nothing besides marketing goodies,... [Read More]
by RSS Alexandre Aumoine  |  Oct 17, 2011  |  Filed in: Security Research
Last week we attended Insomni'Hack 2011, where our Crypto Girl (Axelle Apvrille) presented on mobile phone threats. Debriefing of the conference may be found here and there. Both blog authors highlighted the main goal of Axelle's talk, which was to raise awareness about existing threats on smartphones. Mobile phones had already been targeted for a long time (by application sending sms for instance) but since recently (approximately one year) it has been hit by more advanced attacks - probably with the help of cybercriminal organizations. Their... [Read More]
by RSS Alexandre Aumoine  |  Mar 18, 2011  |  Filed in: Security Research
A few days ago we encountered a new variant of the Symbian worm, Yxes, that we named SymbOS/Yxes.H!worm. This worm contacts malicious remote servers, which host Java Server Pages, and propagates by sending 'attractive' SMS messages. For instance, this new variant sends an SMS with an URL promising private information concerning a Chinese actress. Globally, the logic (and much of the code) is the same as in previous variants. Yet, there are a few updates, one of the main ones being the use of new remote malicious Java Server Pages. I guess every... [Read More]
by RSS Axelle Apvrille  |  Mar 04, 2010  |  Filed in: Security Research
There has been a lot of confusion lately concerning the SymbOS/Yxes worm. Among those, it has now dawned on me the so-called Transmitter.C reported in numerous articles on the net (for instance, here and here), is not sexySpace.sisx (detected as SymbOS/Yxes.E!worm): those are two different malware. Why ? As a matter of fact, several issues startled me (ordered from weakest to strongest point): Transmitter.C is reported to send a massive amount of SMS messages (they are talking about 500 SMS). If Transmitter.C is Yxes.E, it is surprising because... [Read More]
by RSS Axelle Apvrille  |  Aug 26, 2009  |  Filed in: Security Research
In case you are not familiar with the Symbian development process, application development features two major security meatures in Symbian OS 9.1 and greater. First, applications must specify their capabilities, i.e if an application uses Bluetooth connection, it must have the Symbian LocalServices capability. A few other interesting capabilities for malware are: NetworkServices: required to make a call, send HTTP requests etc. ReadUserData/WriteUserData: required to read/write user's contacts. UserEnvironment: to use the camera. Location: particularly... [Read More]
by RSS Axelle Apvrille  |  Aug 04, 2009  |  Filed in: Security Research
With February's Threat Landscape Report out, it's time to highlight some of the most interesting movement happening from late January 2009 to now: New vulnerabilities (NVC) were up nearly three fold, with 117 posted in comparison to 43 from January's edition; 25.6% of these new vulnerabilities were detected to be actively exploited. Two new high-profile zero-day exploits (CVE-2009-0238 and CVE-2009-0658) affecting MS Excel (XLS) and Adobe Reader (PDF) have since been disclosed. Given these facts, and Conficker's success, there is no better time... [Read More]
by RSS Derek Manky  |  Feb 27, 2009  |  Filed in: Security Research