Sony Confirms PS3 Root Key Hack, But the Problem Is In the Hardware!

The FailOverflow hacker team revealed a flaw in the PS3 a few days ago at the 27C3 hackers conference in December 2010. Initially, Sony was not interested in commenting on the hack. However, in a recent reply to the Edge magazine, Sony has confirmed the matter saying,

We are aware of this, and are currently looking into it. We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details.

While Sony has confirmed the fix through a network update, FailOver believes that the hardware is compromised and no amount of software fixes can work in this case.


Pytey from the FailOver team throws light on the hack saying,

We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details. Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal. The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way. However, Sony wrote their own signing software, which used a constant number for each signature.

The hack allows developers to create and sign their own apps to run on the PS3. Sony might be gearing up to fight this in court but FailOver has an upper hand in the matter being an ethical hacker.

Microsoft Plans to Fail – Two Critical Bugs Left Unpatched

Next week, Microsoft’s first Patch Tuesdayfor 2011 will occur. A post in the Microsoft Security Response Center blog, outlines the planned patches. It appears that it’s going to be a smaller download than the 17 patches in December. That would be welcome, but the January downloads won’t include fixes for two serious flaws.

malwareThey said This month we will not be releasing updates to address Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer). We continue to actively monitor both vulnerabilities and for Advisory 2488013 we have started to see targeted attacks.

The Internet Explorer vulnerability affects nearly every PC running today. The Graphics Engine bug was only recently revealed at the POC conference a few days ago. It affects XP, Vista and 7 machines. We can forgive them for not reacting fast on the second one, but the other has been around long enough for at least a temporary fix to have been approved.

newyear-iconWe can’t wait much longer for these fixes. With users already seeing targeted attacks, Microsoft needs to recover from their New Year’s hangover and get back to work.

Stuxnet Worm May Be Quietly Making Way Into India

Almost a couple of weeks back we told you about the possibility of Iran being infected by the Stuxnet worm after Iran’s  President Mahmoud Ahmadinejad acknowledged that the Stuxnet worm could actually penetrate Iran’s nuclear facility. Well, now it looks like India is under threat from the Stuxnet worm. Internet Security Giant, Symantec has said that this Windows-specific computer worm – Stuxnet has already affected more than 10,000 Indian systems, across power units and petrochemical plants.

The actual threat to India is in the fact that the country is surrounded by hostile neighbours and tomorrow’s terror attacks could be through Stuxnet. India currently holds the third position after Iran and Indonesia among other countries which are severely affected by this computer Worm.

Shantanu Ghosh – vice-president of product operations at Symantec India has said that the Stuxnet-infected machines contact servers in Malaysia and Denmark. However he did not reveal the names of the Indian installations affected by the Stuxnet worm, in public. Symantec’s latest 2010 Critical Infrastructure Protection survey reports that almost 57% of   the companies in India are either not aware of such worms or do not have protection against the infestation of these computer worms.

The Tor Network is Flawed

The 27th Chaos Communication Congress (27C3) has found a rather important flaw in the Tor anonymity network. The Tor (short for The Onion Router) has long been a faithful companion of whistleblowers, hackers and other people for whom anonymity on their network is of prime importance. In its simplest form the Tor network consists of a large number of volunteer nodes that know only the location of the next node in a large routing queue. The data is encrypted from your computer and sent to the first node, from which it is sent to the next in the queue and eventually to the server you want to information from, and then the data is sent back in a similar fashion. Thus, if someone is trying to spy on your web browsing habits, they will essentially be sent for a toss as they will never know where the data is exactly being sent to.


However, security researchers at the 27C3 have shown that, with a carefully executed attack, the surfer’s browsing habits can be revealed. If the attacker is on the same local network (such as the same Wi-Fi network or ISP regime) then they can coax out the path of the Tor routing process and can eventually find out the main server that the surfer is accessing.

The process requires a bit of preparation and has a sequence of steps attached to it:-

  1. The attacker will have to know a series of sites that the target is known to visit, either through network logs gained before the target used Tor, or by other surveillance means.
  2. Next, the attacker will run Tor on their own system for the potential sites, seeing how Tor routes the net and developing a fingerprint-like profile for the target’s Tor routing.
  3. When the target next goes online, the attacker can use the packet streams captured on the local network (thus it is imperative that the attacker be on the same network) and associate the data streams with the fingerprint using a pattern matching technology (akin to Bioinformatics applications).

Dominik Herrmann, a PhD student at Regensburg said that this pattern matching would only provide 55 to 60% chances of a correct guess which is not enough as a legal evidence, but enough for privacy paranoid people to be edgy.

Solving this issue might be a little difficult for the Tor project, but only time will tell how much they can solve.

[via Ars Technica]

Internet Explorer Critical Security Flaw – Early Present for Microsoft

malwareHave you opened all of your Christmas presents yet? Microsoft’s biggest present was a huge security headache that hit them just before Christmas. On December 22nd, Microsoft was forced to warn everyone that Windows users are now vulnerable to a flaw in all versions of Internet Explorer. This flaw, known to take advantage of specially formatted CSS (web page code), doesn’t have an easy fix.

metaploit-logoSo far, nobody has detected hackers using an exploit based on this zero-day CSS flaw. However, an exploit has been published and even included in the Metasploit security defense suite. That means that it’s only a matter of time before Microsoft’s problem becomes a problem for all users of Internet Explorer. Microsoft has promised that they are working in a fix for this flaw. Will it get here in time to save us from thousands of hacked home computers?

Here’s my suggestion to all of those using   Internet Explorer:

Download and install a different web browser such as Firefox, Chrome or Opera. Only use Internet Explorer if it’s absolutely needed. Once you’ve done that, you can patiently wait on Microsoft to fix this problem.

Affected Operating Systems: Windows XP, Vista, 7

Affected Browsers: IE6, 7, 8, 9

Google Security Engineer Blogs About “Rooting”

Nick Kralveich, an Android Security Team engineer, has posted up (via Tim Bray, Android Developer Advocate) his thoughts and concerns about the current state of security on the Android platform. As the amount of Android handsets on the market increases, many users have been rootingtheir devices in order to install customizations, cooked ROMs and unlock third party software and repositories. Nick says that while Google does provide an easy modification to allowing personal boot images by unlocking the bootloader via simple commands (fastboot_oem_unlock), that it is not an indication of lax security. Google developers do aggressively fix known security holes, including those that can be used for rootingand Adobe has given credit to how Android uses a sandbox for application segregation. Google is also known for sending security of relevant patches back upstream to a project, yet many simply don’t know that rooting is an active exploitation of a known security holesays Nick. He says it is possible to design unlocking techniques that protect the integrity of the mobile network, the rights of the content providers, and the rights of the application developers, while at the same time giving users choice. Users should demand no less.and he is absolutely right.

Android straddles the fine line of providing users with a polished device with a booming application ecosystem and a highly customizable interface with open source software. With each iteration and release of Android, these lines are being blurred and Android is quickly climbing to the top.

The Patriot App – for Government Snitches

iphone-patriot-appBig Brother is watching … and he has an iPhone.

It’s now easier than ever to become a government snitch. This iPhone app, Patriot App, gives you almost instant access to the following US agencies:

  • FBI (Federal Bureau of Investigation)
  • EPA (Environmental Protection Agency)
  • GAO (Government Accountability Office)
  • CDC (Centers for Disease Control)

I don’t know if you’d call this patriotic though. Most Americans value their personal privacy, and the thought of their neighbors instantly reporting them to Uncle Sam is scary. It’s already easy enough to call the local authorities, why do we need this? Have you ever heard of 911?


The name of this app will surely remind people about the controversial Patriot Act, which allows the US Government broad powers to bypass Constitutionally protected rights.

It’s one more sign of our times. Privacy is becoming a joke, but I’m not laughing.

Quote: They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety. Benjamin Franklin

Huawei To Set Up Cyber Security Unit In India

Huawei is trying hard to convince the Indian government that its telecom gear does not pose a security threat to India. And as a part of it’s efforts in doing so, Huawei pans to establish a state-of-the-art cyber security centre in India where Indian law enforcement agencies and technical experts from the telecom department and home ministry can test their end-to-end core equipment, hardware and software solutions sold to local mobile phone companies.

Huawei also said that various national security agencies will also be allowed to look for malware, spyware, trapdoors and even assess to see if Huawei’s gear can be remotely managed. Huawei has recently set up a similar center in UK and feels this model could be replicated in India too.

According to a Huawei India spokesperson:

We have not discussed this yet with the Indian government as it is a very new initiative from Huawei to comprehensively address the security issue at an international level, which includes India. We will surely look at ways of trying to incorporate the positives from our new UK initiative and try to localise them for India.

Google Chrome Brings in Sandbox for Adobe Flash Content

Over time, Google Chrome has achieved a reputation for being one of the fastest and most secure browsers. Chrome attributes much of it’s security due to the sandboxing model, which ensures that each tab runs in a separate process and cannot interfere with each other.

Google Chrome Sandbox

Google Chrome has gone the extra step to ensure that one of the most vulnerable software, Adobe Flash, gets constantly updated with bundling and auto-updating the Flash Player automatically. Extending this further, with the latest dev channel editions, Chrome also sandboxes Adobe Flash content. Chrome developers state that Chrome is the first browser under Windows XP which sandboxes Adobe Flash content and hopes this will protect users again most common malware.

For whatever reason, if you want to disable Flash sandboxing, add –disable-flash-sandbox as a command line parameter to your Chrome shortcut and you’re set.

New 0-day Vulnerability in Windows Circumvents UAC

When Microsoft added UAC (User Account Control), the promise was that it will make Windows more secure. Pardon me if I come across as a cynic, but all it seems to be capable of doing is annoying users. Yes, Windows 7 makes UAC a lot more bearable, but it’s still annoying. On top of that, it doesn’t actually do a lot to prevent malware attacks or malicious program execution. To make things even worse, a new flaw has been uncovered that can be used to completely bypass UAC in Windows Vista and 7.

The developers of popular security software Pervx spotted a new 0-day vulnerability being discussed in a Chinese forum. According to them, “This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem. It is a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode.”

This flaw basically enables an attacker to execute applications with system (full) privileges. Unfortunately, there is not a lot you can do to keep yourself safe at this point of time. Sophos has suggested a workaround; however, it is not known how effective the proposed safety measure is.