Latest Posts | Page 142


Thank you to everyone who tried to solve our FortiChallenge 2k11! We've had way more participants than expected, and two winners : Shirley Chen Nagy Ferenc László Shirley and Nagy found the secret sentence, without even using the hints. A special mention for another participant (StalkR) who tried to solve it in the wake of Insomni’Hack 2011, and managed to reach the md5 collision step. Stay tuned for the official solution! -- the Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 15, 2011  |  Filed in: Security Research
It's high time the Crypto Girl talks about Crypto, isn't it? A few days ago, I analyzed a malicious Opera Updater, named SymbOS/OpFake.A!tr.dial, and was surprised to discover it uses a** 91-byte XOR key** to conceal one of its configuration file. 91 bytes?! Yes, bytes, so 728 bits. This is quite a lot. AES only uses keys up to 256 bits, though I do not mean it would be less secure than this XOR. But it is a first for mobile malware where we had only seen XOR used with a single byte key. Have a look at the disassembled decryption routine below. Actually,... [Read More]
by RSS Axelle Apvrille  |  Nov 08, 2011  |  Filed in: Security Research
Any progress on our FortiChallenge 2k11? After the first clue, here is the second. Just a reminder that the first hint is meant to help you to find the good way with hashes. Don't miss the modification, Crypto Girl hates MD5 for this reason ! By the way, challenge's submission deadline is extended to Nov 13th, 2011. -- The Reverse naM [Read More]
by RSS Alexandre Aumoine  |  Nov 03, 2011  |  Filed in: Security Research
We are pleased to announce Android support for FortiClient Lite. Our beta version is now officially available on the Android Marketplace and features SSL VPN functionality. The FortiClient Android SSL VPN application works with your organization's FortiGate security appliance to establish a secure sockets layer VPN connection. With this application, you can work remotely and securely with your organization's digital assets anywhere and everywhere you have an Internet connection. Key Benefits Flexible, easy and secure access to your organization's... [Read More]
by RSS Derek Manky  |  Oct 28, 2011  |  Filed in: Security Research
Tags:
Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) The similarities and differences between all 5 variants are depicted below. The various blocks represent each variant, and their intersection shows how many methods they share exactly*. All variants share the same malicious commands (CMD box). They can download and install new package, start a program (called... [Read More]
by RSS Axelle Apvrille  |  Oct 26, 2011  |  Filed in: Security Research
This concludes my overview of VB2011, with the final notes for the last tasks I attended. Enhancing filtering proactivity with reverse IP and reverse whois queries - Claudiu Musat (presenting) and Alin Octavian Damian The most typical methods to filter spam is by URLs they contain or domain names. The main problem of those methods is the delay the filter becomes active: somebody has to decide that this URL or domain is malicious, and before that decision is made, the spam is not blocked. There are other methods, which seem more proactive: reverse... [Read More]
by RSS Axelle Apvrille  |  Oct 25, 2011  |  Filed in: Security Research
Stuck on our FortiChallenge 2k11? Here's a first hint! Translations: La fin est encore loin surtout quand on est sur le mauvais chemin ! Wrong track, go back! La fin est proche, l'anneau est inclus. Dawn is close, search for the ring. Mon precieux My precious Hint: -6D01BAE018694CDB446DC7EADBA08BE497A8CBE78BCFE91478AB120B4400E357 -ad23ebc59b720eac0979ead3176de3331ddaa1356466ecc8e8c9fb82f62a6dca -BCA85F09D8D174844C5D5B80095E6EF595181AAB0CABA9144324418B9F291645 -3EE90318AA2881118B8C09A777D52129E61760CCAE1EF679C744A25E9EB50789 -5868049FE51A60811D2C75C3B8896B956EE42114C568DE47531E436CEA2E0F77 –... [Read More]
by RSS Alexandre Aumoine  |  Oct 21, 2011  |  Filed in: Security Research
A second life in a virtual environment: from simple socialization to revealing sensitive information - Sabina Raluca Datcu ** Sabina conducted a study on how much security-aware people are likely to reveal on social networks. To do so, she took 50 people from a hacking community, and 50 from the IT security world, and built a fake female profile in both cases with similar interests. She shows that she makes contact with all 100 people over time, and that over time, all 100 people do reveal some personal information to her. Personal information... [Read More]
by RSS Axelle Apvrille  |  Oct 18, 2011  |  Filed in: Security Research
Tags: vb2011
Hello all, At Insomni'Hack 2011, we created a challenge dedicated to static reversing of Symbian executables (using SDK S60 Ed3 FP1). Sadly, nobody found the full solution, so we finally decided to put it online for you to try, until November 1st, 2011. We will then post the winner's solution on this blog, along with the 'official' solution. To help you out - if needed - this post will be updated with a hint in a few days. Challenge prize? the winner (first good solution) receives ... fame and glory :)) i.e. nothing besides marketing goodies,... [Read More]
by RSS Alexandre Aumoine  |  Oct 17, 2011  |  Filed in: Security Research
Missed those talks at VB2011? A few notes on a first set of talks I attended. A look at the cybercrime ecosystem and the way it works, Dmitry Bestuzhev On the underground market, it is possible to find plenty of things such as clones of real ID documents (shipping with your own picture) and even with real biometric information. You can also find real policeman cards. To access the undergroutnd market, you should however be a 'certified' cybercriminal. There are geographic differences between cybercriminals. In Europe, cybercriminals make quite... [Read More]
by RSS Axelle Apvrille  |  Oct 12, 2011  |  Filed in: Security Research
Tags: vb2011