Posts Tagged: superfish


24
Nov 15

Security Bug in Dell PCs Shipped Since 8/15

All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks. Dell says it is prepping a fix for the issue, but experts say the threat may ultimately need to be stomped out by the major Web browser makers.

d3llAt issue is a root certificate installed on newer Dell computers that also includes the private cryptographic key for that certificate. Clever attackers can use this key from Dell to sign phony browser security certificates for any HTTPS-protected site.

Translation: A malicious hacker could exploit this flaw on open, public networks (think WiFi hotspots, coffee shops, airports) to impersonate any Web site to a Dell user, and to quietly intercept, read and modify all of a vulnerable Dell system’s Web traffic.

According to Joe Nord, the computer security researcher credited with discovering the problem, the trouble stems from a certificate Dell installed named “eDellRoot.”

Dell says the eDellRoot certificate was installed on all new desktop and laptops shipped from August 2015 to the present day. According to the company, the certificate was intended to make it easier for Dell customer support to assist customers in troubleshooting technical issues with their computers.

“We began loading the current version on our consumer and commercial devices in August to make servicing PC issues faster and easier for customers,” Dell spokesperson David Frink said. “When a PC engages with Dell online support, the certificate provides the system service tag allowing Dell online support to immediately identify the PC model, drivers, OS, hard drive, etc. making it easier and faster to service.”

“Unfortunately, the certificate introduced an unintended security vulnerability,” the company said in a written statement. “To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support.”

In the meantime, Dell says it is removing the certificate from all Dell systems going forward. Continue reading →


10
Mar 15

Microsoft Fixes Stuxnet Bug, Again

Microsoft today shipped a bundle of security updates to address more than three dozen vulnerabilities in Windows and associated software. Included in the batch is a fix for a flaw first patched in 2010 — the very same vulnerability that led to the discovery of the infamous cyberweapon known as Stuxnet. Turns out, the patch that Microsoft shipped to fix that flaw in 2010 didn’t quite do the trick, leaving Windows users dangerously exposed all this time.

brokenwindowsOn this, the third Patch Tuesday of 2015, Microsoft pushed 14 update bundles to address at least 43 separate vulnerabilities in Internet Explorer, Exchange, Office and a host of other components.

Five of the the patches released today fix flaws that Microsoft has assigned its most serious “critical” label, meaning the vulnerabilities these patches fix can be exploited to compromise vulnerable systems through little or no action on the part of the user — save for perhaps opening a booby-trapped file or visiting a hacked/malicious Web site.

One of the more curious critical fixes is MS15-020, which according to HP’s Zero Day Initiative researchers addresses the same vulnerability that Microsoft patched in August 2010. That vulnerability — first revealed in a post on this blog July 15, 2010 — was later discovered to have been one of four zero-day flaws used in Stuxnet, a weapon of unprecedented sophistication that is now widely considered to have been a joint U.S. and Israeli project aimed at delaying Iran’s nuclear ambitions. The folks at HP TippingPoint have published a blog post on their work in uncovering the failed fix, and how the original 2010 patch missed the mark. For more on Stuxnet, check out Kim Zetter‘s excellent new book, Countdown To Zero Day. Continue reading →


26
Feb 15

Webnic Registrar Blamed for Hijack of Lenovo, Google Domains

Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google’s Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others.

On Feb. 23, google.com.vn briefly redirected visitors to a page that read, “Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas).” The message also included a link to the group’s Twitter page and its Lizard Stresser online attacks-for-hire service.

Today, the group took credit for hacking Lenovo.com, possibly because it was recently revealed that the computer maker was shipping the invasive Superfish adware with all some new Lenovo notebook PCs (the company has since said Superfish is now disabled on all Lenovo products and that it will no longer pre-load the software).

According to a report in TheVerge.com, the HTML source code for Lenovo.com was changed to read, “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.”

The Verge story notes that both men have been identified as members of the Lizard Squad; to my knowledge this has never been true. In fact, both used to be part of a black hat and now-defunct hacker collective known as Hack The Planet (HTP) along with one of the main current LizardSquad members — Julius “Zeekill” Kivimaki (for more on Julius, see these stories). However, both King (a.k.a “Starfall”) and Godfrey (“KMS”) have been quite publicly working to undermine and expose the group for months.

Reached via instant message, both King and Godfrey said the Lizard Squad used a command injection vulnerability in Webnic.cc to upload a rootkit — a set of hacking tools that hide the intruder’s presence on a compromised system and give the attacker persistent access to that system. Continue reading →