“I don’t think this is the best response we’ve ever done to an attack situation,”
“There is no computer security program out there with 100% confidence that everything you do is going to be safe,” said Mathewson. “We can provide a high probability of safety and get better all the time. But no computer software ever written is able to provide absolute certainty. Have a back-up plan.”
Silk Road 2 : une université américaine a t-elle été payée par le FBI pour faire tomber les admins ?
http://d4n3ws.polux-hosting.com/2015/11/22/silk-road-2-une-universite-americaine-a-t-elle-ete-payee-par-le-fbi-pour-faire-tomber-les-admins/
I think the most “insane” thing about this router is that it’s running the same buggy firmware that D-Link has been cramming in their routers for years…and the hits just keep on coming.
The Snowden leaks have taught us much about the tactics employed by the NSA and GCHQ, from brazen malware attacks to more esoteric dark arts, such as infecting low-level pieces of computer code. Correspondingly, research into more surreptitious activities targeting the guts of modern systems has often been overshadowed by studies of more obvious attacks. Yet such high-tech techniques pose a more severe risk. They can, for instance, allow agencies to spy on Tails, the Linux-based secure operating system favored by Snowden. And they’re not as difficult to exercise as many would imagine. They can totally obliterate the privacy of even the most careful computer user.
The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.
Un chercheur en sécurité a trouvé une faille pour s’introduire à distance dans un grand nombre de prises courant porteur en ligne. Permettant, par exemple, de se greffer sur l’accès Internet d’un parfait inconnu. // http://www.nosuchcon.org/talks/2014/D1_03_Sebastien_Dudek_HomePlugAV_PLC.pdf
Computers, and computing, are broken.
http://www.framablog.org/index.php/post/plus-rien-ne-marche-que-faire
Some random code/data about the backdoor I found in my Linksys WAG200G (TCP/32764). If you don't understand something or want some details, feel free to fill an issue.
The backdoor may be present in other hardware, I'll update this readme accordingly :)
Possible fix :
if it's listening on the internet: add a firewall rule in the web UI (https://twitter.com/domainzero/status/419146140999626752)
Probable source of the backdoor:
SerComm https://news.ycombinator.com/item?id=6998258 (nice finding :) )
Backdoor LISTENING ON THE INTERNET confirmed in :
Netgear DG834B V5.01.14 (https://twitter.com/domainzero/status/419133964528263169)
Backdoor confirmed in:
Linksys WAG200G
Netgear DM111Pv2 (https://twitter.com/eguaj/status/418143024019816448)
Linksys WAG320N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
Linksys WAG54G2 (https://twitter.com/_xistence/status/418616691040350208)
DGN1000[B] Netgear N150 (https://github.com/elvanderb/TCP-32764/issues/3)
NETGEAR DGN1000 (don't know if there is a difference with the others N150 ones... https://github.com/elvanderb/TCP-32764/issues/27)
Netgear DG834G V2 firmware 4.01.40 (thanks Burn2 Dev)
Diamond DSL642WLG / SerComm IP806Gx v2 TI (https://news.ycombinator.com/item?id=6998682)
Linksys WAG120N (https://twitter.com/p_w999/status/418856260973252608/photo/1)
Cisco WAP4410N (https://github.com/elvanderb/TCP-32764/issues/11#issuecomment-31492435)
Linksys WAG160n (https://twitter.com/xxchinasaurxx/status/418886166700507136)
LevelOne WBR3460B (http://www.securityfocus.com/archive/101/507219/30/0/threaded)
Netgear DGN3500 (https://github.com/elvanderb/TCP-32764/issues/13)
NetGear DG834 v3 (thanks jd)
Netgear DG834[GB, N, PN] version < 5 (https://github.com/elvanderb/TCP-32764/issues/19 https://github.com/elvanderb/TCP-32764/issues/25)
Netgear DGN2000B (https://github.com/elvanderb/TCP-32764/issues/26)
Linksys WRVS4400N (Firmware Version:V2.0.2.1) (https://github.com/elvanderb/TCP-32764/issues/29)
Lynksys WRT300N fw 2.00.17 (https://github.com/elvanderb/TCP-32764/issues/34)
NETGEAR JNR3210 (https://github.com/elvanderb/TCP-32764/issues/37)
Backdoor may be present in:
Netgear DG934 probability: 99.99%
Netgear WPNT834 (http://forum1.netgear.com/showthread.php?p=270354)
Netgear WG602, WGR614 (v3 doesn't work, maybe others...), DGN2000 (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
Linksys WAG160N (http://zaufanatrzeciastrona.pl/post/smieszna-tylna-furtka-w-ruterach-linksysa-i-prawdopodobnie-netgeara/)
all SerComm manufactured devices (https://news.ycombinator.com/item?id=6998258)
Backdoor is not working in:
Netgear WGR614v7 (thanks "Martin from germany" [your e-mail doesn't work])
Netgear WNDR3700 (https://twitter.com/juliengrenier/status/418748575842304000)
Netgear CG3100 (https://github.com/elvanderb/TCP-32764/issues/6)
Netgear WGR614v9 (https://github.com/elvanderb/TCP-32764/issues/7)
Linksys WRT54GS v1.52.8 build 001 (thanks Helmut Tessarek)
Linksys WRT54GL(v1.1) Firmware v4.30.16
Netgear WGR614v3 (https://github.com/elvanderb/TCP-32764/issues/8)
Netgear WNDR4500 (https://twitter.com/TechnicalRah/status/418826996873834496)
Netgear WNDR4000 (https://github.com/elvanderb/TCP-32764/issues/10)
Netgear R7000 (https://twitter.com/LRFLEW/status/418856141032935424)
Netgear R6300 (https://github.com/elvanderb/TCP-32764/issues/15)
Netgear WN2500RP (https://github.com/elvanderb/TCP-32764/issues/15)
Linksys E3000 fwv 1.0.04 (https://github.com/elvanderb/TCP-32764/issues/16)
Netgear VMDG480 (aka. VirginMedia SuperHub) swv 2.38.01 (https://github.com/elvanderb/TCP-32764/issues/16)
Netgear VMDG485 (aka. VirginMedia SuperHub 2) swv1.01.26 (https://github.com/elvanderb/TCP-32764/issues/16)
Cisco E2000 fwv 1.0.02 (https://github.com/elvanderb/TCP-32764/issues/17)
Cisco Linksys E4200 V1 fwv 1.0.05 (https://github.com/elvanderb/TCP-32764/issues/18)
NETGEAR CG3700EMR as provided by ComHem Sweden (https://github.com/elvanderb/TCP-32764/issues/20)
Netgear RP614v[4,2] V1.0.8_02.02 (https://github.com/elvanderb/TCP-32764/issues/22 https://github.com/elvanderb/TCP-32764/issues/24)
Netgear DG834G v5 (manufactured by Foxconn as opposed to the previous versions, nice finding anthologist https://github.com/elvanderb/TCP-32764/issues/28)
NETGEAR WNR3500Lv2
WRT320N (https://github.com/elvanderb/TCP-32764/issues/31)
Netgear DGND3700 (https://github.com/elvanderb/TCP-32764/issues/33)
Cisco WRVS4400N (https://github.com/elvanderb/TCP-32764/issues/36)
Some clarifications: I didn't want to lose my time in writing a full report, it's a very simple backdoor that really doesn't deserve more than some crappy slides. Moreover, my English is quite bad
I had a lot of fun in writing / drawing those slides, all the necessary informations are in them, if people don't understand them or find them "too full of meme" then - well - it's too bad for them :)
Des dizaines de milliers de mails, des documents confidentiels, des carnets d'adresses, des agendas, des correspondances professionnelles mais aussi privées... Le Parlement européen va devoir changer radicalement son système de sécurisation des messageries de l’ensemble des députés européens. Car la démonstration vient d'être faite, par un hacker, de la fragilité de la sécurité des serveurs de mails au sein du Parlement.
http://bluetouff.com/2013/11/21/securite-lapres-snowden-vu-du-smartphone-dun-eurodepute/
https://www.pcinpact.com/news/84541-donnees-perso-mauvaise-histoire-belge-l-eurodepute-louis-miche.htm
Quelle routeur est compromis ?