November 14, 2012

How software defined radios (SDRs) will change security

Locks were considered very secure until the first lock pickers got their hands on it. Phone system were secure until the John Draper discovered some use for the toy whistle in Captain Crunch pack. Infact even the creators of internet didn't think of too much security when it was initially designed.  Its the commoditization of technology which sometimes brings about the worst of all security bugs. And I believe the next round of changes are coming very soon.

Until very recently radios were built for a purpose and they rarely did more than what it was supposed to do.   Think of them like the early computers which took a whole room and could only do only type of a job per computer. Todays computer can do all kinds of stuff and unlike the older versions, they don't need to be rewired physically to make them do a new job. Everything is done using software.

Wikipedia does a good job at defining what this is.
software-defined radio system, or SDR, is a radio communication system where components that have been typically implemented in hardware (e.g. mixers,filtersamplifiersmodulators/demodulatorsdetectors, etc.) are instead implemented by means of software on a personal computer or embedded system.[1] While the concept of SDR is not new, the rapidly evolving capabilities of digital electronics render practical many processes which used to be only theoretically possible.
A group of individuals figured out that some of the TV tuner cards can not only be reprogrammed to listen to a wider range of frequencies but could be driven entirely using software which could make it look like an all purpose radio receiver. Interestingly that USB tuner costs only about USD 20.

PaulDotCom mentioned SDRs in one of the talks as well but he went further and pointed out that SDRs could also be used to send signals which makes it significantly more dangerous. One of the worst examples he gave was that an SDR could be reprogrammed to generate fake transponder signals. They pointed out that modern aircrafts do listen for transponder signals from other nearby aircrafts and some of them are programmed to take automatic sudden evasive measures when it detects another aircraft close by.

The point is not that terrorists can attack airplanes this way... they could do it today by buying and reprogramming a real transponder. The point is that this technology will become so cheap that anyone would be able to do it with just a computer and a simple SDR transmitter.

I'm not really sure how good Transponders are with respect to security.. may be it has a good secure way of authenticating the transmitter. In which case all is good. But if thats not happening today, it will change at some point when this technology becomes as easy to disrupt as DNS is today.

How software defined radios (SDRs) will change security

Locks were considered very secure until the first lock pickers got their hands on it. Phone system were secure until the John Draper discovered some use for the toy whistle in Captain Crunch pack. Infact even the creators of internet didn't think of too much security when it was initially designed.  Its the commoditization of technology which sometimes brings about the worst of all security bugs. And I believe the next round of changes are coming very soon.

Until very recently radios were built for a purpose and they rarely did more than what it was supposed to do.   Think of them like the early computers which took a whole room and could only do only type of a job per computer. Todays computer can do all kinds of stuff and unlike the older versions, they don't need to be rewired physically to make them do a new job. Everything is done using software.

Wikipedia does a good job at defining what this is.
software-defined radio system, or SDR, is a radio communication system where components that have been typically implemented in hardware (e.g. mixers,filtersamplifiersmodulators/demodulatorsdetectors, etc.) are instead implemented by means of software on a personal computer or embedded system.[1] While the concept of SDR is not new, the rapidly evolving capabilities of digital electronics render practical many processes which used to be only theoretically possible.
A group of individuals figured out that some of the TV tuner cards can not only be reprogrammed to listen to a wider range of frequencies but could be driven entirely using software which could make it look like an all purpose radio receiver. Interestingly that USB tuner costs only about USD 20.

PaulDotCom mentioned SDRs in one of the talks as well but he went further and pointed out that SDRs could also be used to send signals which makes it significantly more dangerous. One of the worst examples he gave was that an SDR could be reprogrammed to generate fake transponder signals. They pointed out that modern aircrafts do listen for transponder signals from other nearby aircrafts and some of them are programmed to take automatic sudden evasive measures when it detects another aircraft close by.

The point is not that terrorists can attack airplanes this way... they could do it today by buying and reprogramming a real transponder. The point is that this technology will become so cheap that anyone would be able to do it with just a computer and a simple SDR transmitter.

I'm not really sure how good Transponders are with respect to security.. may be it has a good secure way of authenticating the transmitter. In which case all is good. But if thats not happening today, it will change at some point when this technology becomes as easy to disrupt as DNS is today.

November 13, 2012

Chrome: Fully sandboxed flash engine protect users

The truth is that not everyone gets updates to chrome as soon as its released. And as its usually the case a lot of holes get discovered only after its exploited in the field. Google has finally announced a fully sandboxed flash engine which prevents the malicious code running within the flash component to fully exploit the system. It should keep you safe from unexpected security threats until an update arrives.



Google says sandboxing is now available for Flash “with this release” of Chrome. The most recent version, Chrome 23, arrived last week, which is when the four-year-old browser received its usual dose of security fixes (14 in total), as well as a new version of Adobe Flash. 
Yet the company today wanted to underline today that Chrome’s built-in Flash Player on Mac now uses a new plug-in architecture which runs Flash inside a sandbox that’s as strong as Chrome’s native sandbox, and “much more robust than anything else available.” This is great news for Mac users since Flash is so very widely used, and thus is a huge target for cybercriminals pushing malware. 
Malware writers love exploiting Flash for the same reasons as they do Java: it’s a cross-platform plugin. Such an attack vector allows them to target more than one operating system, more than one browser, and thus more than one type of user. What Google is doing here is minimizing the chances that its users, namely those using Chrome, will get infected by such threats.

Chrome: Fully sandboxed flash engine protect users

The truth is that not everyone gets updates to chrome as soon as its released. And as its usually the case a lot of holes get discovered only after its exploited in the field. Google has finally announced a fully sandboxed flash engine which prevents the malicious code running within the flash component to fully exploit the system. It should keep you safe from unexpected security threats until an update arrives.







Google says sandboxing is now available for Flash “with this release” of Chrome. The most recent version, Chrome 23, arrived last week, which is when the four-year-old browser received its usual dose of security fixes (14 in total), as well as a new version of Adobe Flash. 
Yet the company today wanted to underline today that Chrome’s built-in Flash Player on Mac now uses a new plug-in architecture which runs Flash inside a sandbox that’s as strong as Chrome’s native sandbox, and “much more robust than anything else available.” This is great news for Mac users since Flash is so very widely used, and thus is a huge target for cybercriminals pushing malware. 
Malware writers love exploiting Flash for the same reasons as they do Java: it’s a cross-platform plugin. Such an attack vector allows them to target more than one operating system, more than one browser, and thus more than one type of user. What Google is doing here is minimizing the chances that its users, namely those using Chrome, will get infected by such threats.

November 04, 2012

Top security threats from Oracle, Adobe and Apple

Kaspersky labs came out with its Q3 report and not surprisingly Oracle and Adobe have some of the worst holes impacting the largest number of users. What I was surprised more about was that Apple made it to that list even though Microsoft didn't explicitly get named. The map below shows the % of users infected.

Also found it interesting that iTunes has a lot of holes. Who would have thunk it.

IT Threat Evolution: Q3 2012 - Securelist

Top security threats from Oracle, Adobe and Apple

Kaspersky labs came out with its Q3 report and not surprisingly Oracle and Adobe have some of the worst holes impacting the largest number of users. What I was surprised more about was that Apple made it to that list even though Microsoft didn't explicitly get named. The map below shows the % of users infected.

Also found it interesting that iTunes has a lot of holes. Who would have thunk it.

IT Threat Evolution: Q3 2012 - Securelist