Tag Archive for: Implementation

Critical Backdoor Internet Security Breach Accidentally Found Before Implementation – MishTalk

/in


I am fascinated by a story of how a Microsoft engineer discovered a major, heavily disguised, backdoor security breach that was years in the making, and nearly implemented.

Background

Hidden in a widely use compression utility was a software backdoor that would allow someone remote access to entire systems.

This was a multi-year endeavor by user named Jia Tan, @JiaT75 who gained trust over many years. His account is now suspended everywhere.

HackerNews has this interesting snip.

Microsoft security researcher Andres Freund has been credited with discovering and reporting the issue on Friday.

The heavily obfuscated malicious code is said to have been introduced over a series of four commits to the Tukaani Project on GitHub by a user named JiaT75.

The Long Game

These opensource projects are volunteer work. They pay nothing.

The person normally responsible for the code, Lasse Collin (Larhzu), maintained the utility since 2009 but was suffering burnout.

Jia Tan started contributing in the last 2-2.5 years and gained commit access, and then release manager rights, about 1.5 years ago.

Backdoor Uncovered in Years-Long Hacking Plot

Much of this story is extremely geekish and difficult to understand. An article on Unicorn Riot is generally readable.

Please consider Backdoor Uncovered in Years-Long Hacking Plot

A fascinating but ominous software story dropped on Friday: a widely used file compression software package called “xz utils” has a cleverly embedded system for backdooring shell login connections, and it’s unclear how far this dangerous package got into countless internet-enabled devices. It appears the persona that injected this played a long game, gaining the confidence of the legitimate main developer, and thus empowered to release new versions themselves.

Andreas Freund reported this Friday morning on an industry security mailing list, leading many experts to spend the day poking under rocks and peering into the abyss of modern digital insecurity: “The upstream xz repository and the xz tarballs have been backdoored,” Freund wrote. It cleverly pokes a hole in the SSH daemon (sshd), which is essential to modern-day computing at the most fundamental level.

The…

Source…

Switzerland’s e-voting system has predictable implementation blunder

/in


Last year, I published a 5-part series about Switzerland’s e-voting system.  Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters’ computers are hacked by malware, the malware can change votes as they are transmitted.   Switzerland “solves” the problem of malicious insiders in their printing office by officially declaring that they won’t consider that threat model in their cybersecurity assessment.

But the Swiss Post e-voting system (that Switzerland uses) addresses the malware-in-voter-computer problem in an interesting way that’s worth taking seriously.  Each voter is sent a piece of paper with some special “return codes” that are never seen by the voter’s computer, so any potential malware can’t learn them.  And each voter is instructed to follow a certain protocol, checking the return codes shown on their screen against the return codes on the paper.

I described how it works here.  And then here I described some attacks and vulnerabilities, “threats that their experts didn’t think of”.   And one of those I wrote as,

The hacked app can change the protocol, at least the part of the protocol that involves interaction with the voter, by giving the voter fraudulent instructions.  There could be a whole class of threats there; I invite the reader to invent some.

When I say “predictable implementation blunder”, well, I predicted something like this.  But it’s a bit worse than I thought.

Andreas Kuster is a Swiss computer scientist living abroad, and a few months ago he received his election packet in the mail from his home canton of St. Gallen.  He discovered that the Swiss Post e-voting system had made a basic blunder:  the instructions to the voter about how to perform the return-code-checking protocol are not printed on the paper, they are only on the voting website itself.   That means if the voter’s computer is hacked by malware, the malware can direct the voter to a fake website that has different instructions, with a useless protocol. Or, as Kuster demonstrates, the malware can install a browser…

Source…

Best Practices for Implementation and Management

/in


SSL/TLS Encryption: Best Practices for Implementation and Management

SSL/TLS encryption is a critical component of internet security, providing a secure communication channel between web browsers and servers. It ensures that sensitive data, such as login credentials, credit card information, and personal details, are protected from eavesdropping, tampering, and forgery. As cyber threats continue to evolve, it is essential for organizations to implement and manage SSL/TLS encryption effectively. This article outlines the best practices for SSL/TLS encryption implementation and management, helping organizations to safeguard their online presence and protect their users’ data.

First and foremost, organizations should ensure that they are using the latest version of SSL/TLS protocols. Older versions, such as SSL 2.0, SSL 3.0, and TLS 1.0, have known vulnerabilities that can be exploited by attackers. Upgrading to the most recent version, TLS 1.3, offers significant security improvements, including stronger encryption algorithms, faster connection times, and enhanced privacy. Additionally, it is important to disable any outdated protocols on web servers to prevent their use in potential downgrade attacks.

When configuring SSL/TLS encryption, organizations should prioritize the use of strong cipher suites. A cipher suite is a combination of encryption algorithms that determine the security properties of an SSL/TLS connection. The choice of cipher suites can have a significant impact on the security and performance of encrypted communications. Organizations should avoid using weak or outdated cipher suites, such as those that rely on the RC4 stream cipher or the SHA-1 hash function, as these have been deemed insecure by industry experts. Instead, they should opt for modern cipher suites that utilize robust encryption algorithms, such as AES-GCM and ChaCha20-Poly1305, and secure hash functions, like SHA-256 or SHA-384.

Another crucial aspect of SSL/TLS encryption management is the proper handling of digital certificates. Digital certificates are electronic documents that bind a public key to an entity’s identity, enabling secure communication between parties. Organizations should…

Source…

GBT is Evaluating an Implementation of Advanced NLP Algorithm, To Provide Powerful NLP Features for Its AI Healthcare Advisory System

/in


News and research before you hear about it on CNBC and others. Claim your 1-week free trial to StreetInsider Premium here.

The Advanced NLP (Natural Language Processing) capabilities to enhance the human-to-computer interaction experience, capable of making it significantly more user friendly, mainly intuitive.

SAN DIEGO, Jan. 27, 2022 (GLOBE NEWSWIRE) — GBT Technologies Inc. (OTC PINK: GTCH) (“GBT”, or the “Company”), is evaluating the use of advanced NLP algorithm model to enhance its AI based healthcare advisory system human interaction experience. The Text-To-Text Transfer Transformer (T5) model introduces an efficient technology to perform a wide variety of supervised Natural Language Processing (NLP) tasks such as classification, Q&A and summarization. Typically, most of the new deep learning NLP models are very large and include vast number of parameters. Normally the larger the NLP model, the more learning capacity it has, yet one of the main disadvantages is the huge dataset which may reduce the overall performance. The advanced NLP algorithm model is considered one of the most advanced, high performance NLP algorithms that includes a vast number of parameters, using significantly less memory, and provides high accuracy. GBT will be evaluating the T5, pre-trained model with the goal of using it in its Hippocrates healthcare advisory system, handling Q/A, text, summarization and compositional commonsense knowledge. The model allows more parallel processing than methods like Recurrent Neural Network (RNN) and Convolutional Neural Network (CNN) which significantly increases data understanding and reasoning capabilities. For example, T5 model is capable of processing words together rather than on a word-by-word of a given text. As global data realm is estimated to reach zettabytes range in the near future, our deep learning computing will need powerful processing capabilities, comprehending and scrutinizing data, particularly in the huge, unstructured NLP domain. The system is designed to perform as a general health Q/A advisory system, providing first-line of health-related advice. We plan to further develop the system to include intelligent…

Source…