Detect DLL Hijacks on Windows

March 26, 2015 – 6:30 PM

DLL hijacking is an attack that makes applications load malicious dynamic link libraries instead of the intended — clean and legit — library on a Windows system.

Programs that don’t specify paths to libraries are vulnerable to DLL hijacking as Windows uses a priority based search order in this case to load libraries.

If attackers manage to place malicious libraries in a location with a high priority, then it will be loaded by the application.

Users cannot really do anything about this as it is not clear if paths are set properly or not in applications that they run on the system. It is up to programmers to make sure paths are set properly in the programs before they are released to the public.

As an end user, you can use a program like Dll Hijack Detect to scan the computer system for potential hijacks.

The program identifies all DLLs loaded by running processes on the system. It inspects all library locations where malicious files could be placed and checks in addition if a loaded library appears multiple times in the search order, determines which library is currently loaded and warns you if hijacks are possible.


Secure your wireless router

March 24, 2015 – 5:35 AM

There is no such thing as perfect security. Given enough knowledge, resources, and time any system can be compromised. The best you can do is to make it as difficult for an attacker as possible. That said there are steps you can take to harden your network against the vast majority of attacks.

The default configurations for what I call consumer-grade routers offer fairly basic security. To be honest, it doesn’t take much to compromise them. When I install a new router (or reset an existing), I rarely use the ‘setup wizards’. I go through and configure everything exactly how I want it. Unless there is a good reason, I usually don’t leave it as default.

I cannot tell you the exact settings you need to change. Every router’s admin page is different; even router from the same manufacturer. Depending on the specific router, there may be settings you can’t change. For many of these settings, you will need to access the advanced configuration section of the admin page.


Noobs can pwn world’s most popular BIOSes in two minutes

March 20, 2015 – 7:16 PM

Millions of flawed BIOSes can be infected using simple two-minute attacks that don’t require technical skills and require only access to a PC to execute.

Basic Input/Output Systems (BIOS) have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, persistence and stealth.

LegbaCore researchers Xeno Kopvah and Corey Kallenberg revealed the threat to El Reg ahead of a presentation How Many Million BIOSes Would You Like to Infect? at CanSecWest tomorrow.

“Because almost no one patches their BIOSes, almost every BIOS in the wild is affected by at least one vulnerability, and can be infected,” Kopvah says.

“The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable.

“The point is less about how vendors don’t fix the problems, and more how the vendors’ fixes are going un-applied by users, corporations, and governments.”

Kopvah and Kallenberg’s talk aims to both highlight the dangers and capabilities of BIOS attacks and the need for system administrators to apply vendor patches, something which they say is not being done.


All Major Web Browsers Fall in Pwn2Own Hacking Contest

March 20, 2015 – 5:25 PM

Security researchers nabbed $552,500 in bounties at this year’s Pwn2Own hacking contest, demonstrating exploits against the top four Web browsers, plus Adobe Reader and Flash Player.

On Thursday, the second and final day of the competition, the star of the show was South Korean security researcher JungHoon Lee, aka “lokihardt,” who nabbed the single biggest payout of the competition and Pwn2Own history: $75,000 for a Chrome bug affecting both the stable and beta versions of Google’s browser. For that same bug, he also earned an extra $25,000 for gaining SYSTM access, and another $10,000 for hitting the beta version for a grand total of $110,000.

“To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration,” HP’s security research team wrote in a blog post Thursday. “There are times when ‘Wow’ just isn’t enough.”

Sponsored by HP’s Zero Day Initiative program, the Pwn2Own contest takes place at the CanSecWest security conference in Vancouver, Canada. All told, the hackers who participated in this year’s event discovered five bugs in the Windows operating system; four in Internet Explorer 11; three each in Mozilla Firefox, Adobe Reader and Flash; two in Apple’s Safari; and the one aforementioned bug in Chrome.


Killer USB Drive is Designed to Fry Laptops

March 12, 2015 – 5:40 AM

[Dark Purple] recently heard a story about how someone stole a flash drive from a passenger on the subway. The thief plugged the flash drive into his computer and discovered that instead of containing any valuable data, it completely fried his computer. The fake flash drive apparently contained circuitry designed to break whatever computer it was plugged into. Since the concept sounded pretty amazing, [Dark Purple] set out to make his own computer-frying USB drive.

While any electrical port on a computer is a great entry point for potentially hazardous signals, USB is pretty well protected. If you short power and ground together, the port simply shuts off. Pass through a few kV of static electricity and TVS diodes safely shunt the power. Feed in an RF signal and the inline filtering beads dissipate most of the energy.

To get around or break through these protections, [Dark Purple]’s design uses an inverting DC-DC converter. The converter takes power from the USB port to charge a capacitor bank up to -110VDC. After the caps are charged, the converter shuts down and a transistor shunts the capacitor voltage to the data pins of the port. Once the caps are discharged, the supply fires back up and the cycle repeats until the computer is fried (typically as long as bus voltage is present). The combination of high voltage and high current is enough to defeat the small TVS diodes on the bus lines and successfully fry some sensitive components—and often the CPU. USB is typically integrated with the CPU in most modern laptops, which makes this attack very effective.