Home » 2015 » July (Page 3)

Hacking Team 的 BGP Routing Hijack

Hacking Team 的事情告訴我們,只能是能做的,都有人會包成 Total Solution 賣。

洩漏出來的資料說明了 Hacking Team 在 2013 年幹的 BGP Routing Hijack:「How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack」。

The Wikileaks document described how the Italian ROS reached out to Hacking Team to work together on recovering the VPS server that ran on 46.166.163.175. In ROS terminology, the server was called “Anonymizer”. The emails also revealed that this server relays updates to another back end server called “Collector” from which ROS presumably recovers the targets’ data.

然後:

When we look at historical BGP data we can confirm that AS31034 (Aruba S.p.A) indeed started to announce the prefix 46.166.163.0/24 starting on Friday, 16 Aug at 2013 07:32 UTC. The Wikileaks emails outline how ROS complained to Hacking Team that the IP was reachable only via Fastweb but not yet through Telecom Italia, concluding not all RCS clients were able to connect back to the server immediately, since the prefix was not seen globally. BGP data further confirms this per the visualization below.

這些主要的 ISP 分別是:

AS12874 Fastweb
AS6939 Hurricane Electric, Inc.
AS49605 Reteivo.IT
AS4589 Easynet
AS5396 MC-link Spa

時間線:

這也證明了「鎖 IP」的方法其實還是很危險的。

AWS 推出的 Device Farm

AWS Device Farm 正式啟用了,可以測 AndroidAmazonFire OS 手機:「AWS Device Farm – Test Mobile Apps on Real Devices」。

有支援各種測試框架:

也可以設定手機的狀態:

然後各種 screenshot:

以及測試時的資源使用狀態:

價錢就如同之前提到的,USD$0.17/min 或是單隻包月 USD$250 (大約是測一整天的價錢):

Pricing is in units of device minutes, basically the duration of a single test run on a particular device. You get 250 minutes at no charge as part of a Free Trial; after that you pay $0.17 per device minute. You can also opt in to our unmetered testing plan; you can perform unlimited testing on any supported Android or FireOS device for a flat monthly fee of $250.

Hacking Team 購買 Flash Exploit 的信件

前情提要:「Hacking Team 被黑而洩漏出來的資料」。

在「How a Russian hacker made $45,000 selling a 0-day Flash exploit to Hacking Team」這邊提到了 Hacking Team 被黑而洩漏出來的信件,透漏了俄羅斯的人賣 Flash Exploit 給 Hacking Team 的過程。

從內容就可以看出不同的賣法,包括「首次」與「獨家」都是可以談的條件:

1) The price is US$45,000.00 for the non-exclusive sale of any special discount for the "first" deal together will be greatly appreciated :)

然後有些東西是另外加密通信的:

The two men then exchanged PGP keys, which they used to exchange a number of encrypted messages, presumably one including how Toporov would like to be paid.

然後還有 invoice:

而買了幾個建立關係後,後面還會有 discount:

Now your discount on the next buy is -5k and -10k is for a third bug.

最近應該會有不少人跳下去解讀洩漏出來的資料...

Hacking Team 被黑而洩漏出來的資料

這幾天資安領域最熱鬧的消息莫過於 Hacking Team 被黑之後洩漏出來的 400GB+ 的資料:「Hacking Team hacked, attackers claim 400GB in dumped data」、「Hacking Team hacked, attackers claim 400GB in dumped data」。

洩漏的資料可以在 GitHub 上的「hackedteam」取得,或是透過 BitTorrent 取得 (i.e. 51603bff88e0a1b3bad3962614978929c9d26955)。

烏雲上的「人手一份核武器 - Hacking Team 泄露(开源)资料导览手册」這篇寫得很完整了,現在的系統已經整合到這樣,於是要對這個人做任何事情都很容易:

也因為這次的 leak 而使得不少軟體在修正 0day exploit...

好精緻的核武...

AWS 推出 Device Farm (行動裝置測試平台)

AWS 最近動作很多,預定在 2015/07/13 推出 AWS Device Farm,可以讓使用者直接租機器測試,價錢則是 USD$0.17/minute,或是租用一整個月 USD$250/month (一個裝置):

Pricing is based on device minutes, which are determined by the number of devices you use and the duration of your tests. AWS Device Farm comes with a free tier of 250 device minutes. After that you are charged $0.17 per device minute. As your testing needs grow, you can opt for our unmetered testing plan, which allows unlimited testing for a flat monthly fee of $250 per device.

等推出了之後再來研究看看,另外問問看公司內的同事來安排測試好了?

OpenSSL 的重大 bug:拿 Certificate 當 CA...

OpenSSL 發佈了「Alternative chains certificate forgery (CVE-2015-1793)」安全性通報:

An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.

拿一個合法的 leaf certificate 當 CA root... 這下又有一票東西要更新了 @_@

這次從 1.0.1n 到 1.0.2b 的版本會受到影響。

starting from version 1.0.1n and 1.0.2b

AWS 推出 Amazon API Gateway

AWS 推出了「Amazon API Gateway – Build and Run Scalable Application Backends」,使得 Scalable API 又前進了一步。

API Gateway 可以直接將 HTTP Endpoint 接上 AWS Lambda 提供服務,並且也會自動接上 CloudFront,不過 CloudFront 不可選等級,目前看起來是最低的 Class 100,所以老問題還是沒解,如果不是用 168.95.1.1168.95.192.1,我們家的 IP 會被解去 ARN (Stockholm Arlanda Airport) XD

  4.|-- snuh-3201.hinet.net        0.0%    10    0.3   0.3   0.3   0.3   0.0
  5.|-- tpdt-3011.hinet.net        0.0%    10    6.7   9.0   4.8  12.5   2.8
  6.|-- r4101-s2.tp.hinet.net      0.0%    10    0.5   0.9   0.5   1.5   0.0
  7.|-- r4001-s2.tp.hinet.net      0.0%    10    3.8   1.1   0.5   3.8   1.2
  8.|-- r11-pa.us.hinet.net        0.0%    10  199.8 151.6 143.1 199.8  19.0
  9.|-- las-bb1-link.telia.net     0.0%    10  140.6 142.6 140.5 159.7   6.0
 10.|-- sjo-b21-link.telia.net     0.0%    10  141.6 142.1 141.5 146.1   1.2
 11.|-- nyk-bb2-link.telia.net     0.0%    10  217.0 218.9 217.0 224.0   2.6
 12.|-- kbn-bb4-link.telia.net     0.0%    10  305.7 305.8 305.7 306.2   0.0
 13.|-- s-bb4-link.telia.net       0.0%    10  316.4 316.4 316.4 316.6   0.0
 14.|-- s-b9-link.telia.net       10.0%    10  316.4 316.5 316.4 317.5   0.0
 15.|-- amazon-ic-300293-s-b9.c.t 10.0%    10  311.5 311.5 311.4 311.5   0.0
 16.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
 17.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
 18.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
 19.|-- server-54-230-96-67.arn1. 10.0%    10  311.5 311.8 311.5 313.2   0.4

除了使用提供的 url 以外 (HTTPS Endpoint),也可以接上自己的 domain (以及對應的 SSL certificate):

另外功能是產生 SDK,支援 iOSAndroid 以及 JavaScript 三種版本:

這樣又簡化了不少東西...

Archives