I’ve been doing incident response for quite some time now and there’s a lot a things that are not being put out there. So let’s talk about the “missing server” using, I don’t know, how about facts? I’ve never worked an intrusion where we’ve had all the evidence we wanted. There’s always logs missing, aged off, or deleted by the attacker. In every case, we are forced to look at the data we have and then make judgments even with the missing data. We don’t call the missing data a conspiracy, we just call it business as usual. Continue reading “DNC Hack and So Called The Missing Server”
Well earlier today, security researchers disclosed vulnerabilities, collectively called EFAIL, in how the decryption and display of PGP-encrypted emails are handled in multiple email clients. SecureDrop submissions are not sent via email, and can only be decrypted on the air-gapped Secure Viewing Station, so the content of submissions is not impacted by this vulnerability. This includes the content of messages from and to sources sent via the SecureDrop user interface.
However, SecureDrop does use GPG-encrypted emails for OSSEC security alerts to administrators, and some SecureDrop users receive messages from our support portal that are GPG-encrypted. Beginning in SecureDrop 0.7.0, to be released tomorrow, Tuesday May 15, 2018, journalists can also optionally receive GPG-encrypted alerts about new submissions (these do not contain any submission content or metadata). Continue reading “People are Freaking Out about PGP, You Shouldn’t Be Using it Anyway”
Last week, the hacking crew “JHT” launched a hacking campaign against CISCO devices in Russian and Iranian networks.
The hackers exploited the Cisco CVE-2018-0171 Smart Install to reset the routers to the startup-config and reboot the devices, then they left the following message to the victims:
“Don’t mess with our elections…. -JHT firstname.lastname@example.org” Continue reading “Hackers strike Russia and Iran Networks exploiting Cisco”
As I scroll through Facebook I began seeing posts about ‘Russia in control of our infrastructure’. People reacting to something that most cybersecurity researchers have known about for quite some time. And guess what, we’re not freaking out just yet.
Yesterday, the Department of Homeland Security and the Federal Bureau of Investigation took the unusual step of issuing an alert fingering the Russian government for targeting U.S. critical infrastructure with cyberattacks. Continue reading “Russia in control of critical infrastructure? Let’s not over react”
Israel-based Cellebrite reportedly privately announced the capability to subvert the security of iOS 11 enabled devices including the latest iPhone, iPad, iPad mini, iPad Pro and iPod touch. Cellebrite works with the principal law enforcement and intelligence agencies worldwide.
Cellebrite provides the FBI with decryption technology as part of a contract signed in 2013, its technology allows investigators to extract information from mobile devices.
While the company hasn’t made a public announcement concerning its capabilities, anonymous sources told Forbes that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics firms across the globe. Continue reading “Can Cellebrite really unlock every iPhone?”