Quantcast
Channel: Telspace Africa, The Blog
Viewing all 82 articles
Browse latest View live

Fighting fire with fire using Honey Encryption

0
0
A newly-developed encryption system by independent researcher Ari Juels and Thomas Ristenpart of the University of Wisconsin, has shown that trickery is an underexploited, but very effective tool in data protection.


Dubbed ‘Honey Encryption’, this security method adds an extra layer of protection to encrypted data by returning fake data every time an incorrect password or encryption key is made. If the attacker does at some stage guess the correct combination, the sensitive data will be lost among spools of false data.


Later this year, Juels and Ristenpart will present their Honey Encryption method and findings at the Eurocrypt cryptography conference.


Since cybercriminals have been using decoys since the very beginning, it makes sense for use the same techniques to our advantage. Using deception as a defense mechanism against cyber attacks is not only delightfully ironic, but very effective.


SA needs to shape up


Despite ground-breaking security developments taking place internationally, SA is said to still lack the security awareness and understanding to ensure adequate data protection.


A recent statement by Beza Belayneh, CEO of the SA Centre for Information Security (SACIS), suggests local organisations (outside the financial sector) often view cyber security awareness as sensationalism, resulting in what Belayneh terms "cyber security fatigue".


"Organisations will process and store large amounts of personally identified information and most of their business processes such as HR, finance and legal, are fully computerised and digital. Institutions don't realise that cyber attacks constitute data theft and can interrupt business functions."


According to the SACIS, local organisations are spending resources on cyber attack prevention, but throwing money at the problems will not help people understand the nature of threats and how to counter them effectively – a task which Belayneh says is never-ending. Instead,Belayneh believes the focus should shift to building resilient security frameworks.


"Institutions must develop a holistic approach that responds effectively to attack since they are impossible to avoid," he says.


Telspace is hiring!


And on that note, Telspace Systems is looking to hire a security analyst in South Africa, preferably Gauteng. The ideal candidate should be should be competent in a combination of Web application security, attack and penetration testing, network security,source code reviews, and mobile security.


For a more detailed description, please visit our job listing on LinkedIn or e-mail your CV to admin[at]telspace.co.za 



Telspace Systems appointed sole security supplier to betting and gaming solutions provider BetTech.

0
0
BetTech Gaming, the global provider of turnkey gaming solutions to market-dominating clients, has partnered with Telspace Systems to significantly boost its security operations.

Telspace Systems has been awarded a multi-year contract to conduct round-the-clock attack and penetration testing and analysis. They will also run vulnerability assessments and source code reviews, handle large, complex transactional systems and provide training.


The preventative measure will benefit all of BetTech’s betting and gaming operator customers, ensuring their players receive industry-leading protection against cyber crime.


“Telspace Systems has an impeccable reputation,”said BetTech Gaming chief technology officer Ian Barnes.They make organisations as unattractive to online criminals as possible and keep all sensitive financial and client data safe.We have partnered with them to give the highest possible level of security to BetTech as well as our customers and their organisations.”


Telspace Systems was established in 2002 and is based in Johannesburg, South Africa, with a presence in United Kingdom, Botswana, United Arab Emirates, and Brazil. It services high-profile casinos and banks, and telecommunications, petroleum, and insurance companies around the world.


Chief executive officer Dino Covotsos commented: “There is no room for complacency when it comes to online security. New software vulnerabilities are found daily and attacks can immobilise a business – the potential financial costs are huge so it is always best to take the strongest possible precautions.”

The iPhone on trial

0
0
Recent local events have dramatically highlighted security issues among users of the iPhone. There have been reports of high-tech equipment used to recover data and crack phone encryption – as well as obtaining login details of websites used to manage the phone – and these have raised concerns that personal data is simply not safe.


So how much can someone who has your phone and / or the right tools learn about you?


A common question among Apple users is whether the phone manufacturer pre-installs ‘backdoors’ or some kind of ‘hidden access’ into the handset to be used to gather information for law enforcement.


To answer that, we need to consider what security the iPhone has, and why it has it. When Apple designed the phone’s built-in security (locking, securing data etc.), they did so under the premise that the user requires his/her data protected in the event of loss or theft. Apple would not operate under the impression that its users would need to hide something from law enforcement, or not have their phone used as evidence in a court of law. Regardless, Apple has used high levels of encryption on the iPhone, improving it with each new version of its operating system (iOS).


Various experts in the industry (such as Charlie Miller) have often reiterated that they do not believe Apple actually keeps your passcode on their servers. Apple themselves states the same thing.


Whether or not this is true, we don’t know for sure. But it appears, given the time and effort required by law enforcement officials (even in other countries) to crack encryption on an iPhone, that they are not working with a passcode simply handed to them by Apple.


The fancy tools available to extract data from iPhones rely on well-known exploits, default configurations or other entry points into the phone. Some can try to brute-force passwords on the phone using methods that do not trigger the built-in protection, or that simply cater for such. Law enforcement officials also rely on simple user mistakes or inexperience to gain access. How many people use their birthday as their iPhone pin? Or use 1234 or 1111 because its easy to type in?


Encryption


With regards to data encryption on the iPhone, keep in mind that not all data is encrypted. Due in part to the access required by certain applications, it can be deduced that some photos, for instance, are not encrypted. Chat programs such as WhatsApp can also implement their own encryption – in which case Apple may have no insight into how this data is protected, nor who has the keys used for decryption.


Could Touch ID, a fingerprint recognition feature devised by Apple, solve these issues? Probably not. Touch ID adds convenience but not necessarily extra strength in cryptography. Remember you still need to enter a PIN code to enable Touch ID, and therefore its highly likely the iPhone is still using the PIN code as part of the key generation for encryption – much like iPhones without Touch ID.


Apple would not have relied solely only on a fingerprint to generate encryption keys because if the print stops working, access to data is lost. Besides, users can simply enter their PIN to bypass the Touch ID requirement. Keep in mind, this is not a failure on Apple’s part since they do not sell Touch ID as an upgrade to your phone’s encryption capabilities.


Solution


Should we be worried then? Yes and no. Apple has put a lot of work and research into iOS and the iPhone itself. Compared to other operating systems, iOS also maintains a relatively good stance on security and lack of critical security flaws.


However, there will always be a way around something, and given enough time and resources someone will find vulnerabilities, a flaw, or an “undocumented feature”.


Switching to Android, BlackberryOS or Windows will not make you any more secure against law enforcement officials, or highly skilled malicious users.


There are, however, some steps you can take to make it more difficult to do so:


  1. Set a random, and strong PIN. Avoid duplicate digits and sequences and definitely avoid anything personal such as your postal code, birthday etc.
  2. Set your iPhone to auto-lock after a reasonably short time. If it is stolen or lands up in unwanted hands you want it to be locked before it can be accessed.
  3. Activate the find-my-iPhone feature on the device. Not only is this useful to know where  it is if you lose it, but you can also request the device to wipe itself remotely as well.  Remember however, the phone keeps a track of where you’ve been, and this info can be  retrieved from the device via the right tools.
  4. If your phone is lost/stolen or in the hands of a malicious person, immediately change  any e-mail, Facebook, and other passwords on the applicable websites. That way, no  further updates can make their way to the phone.
  5. Finally, as a general rule, if you don’t want something to ever be used against you –  don’t say it via text or e-mail. That not only applies to anything related to the law but  even in general life circumstances. Remember, you can’t take back what you typed.

By Dimitri Fousekis, Security Analyst / Team Lead, Telspace Systems


Is That Little Black Box on Your Desk Bleeding Your Confidential Data?

0
0
Every so often, vulnerabilities are found which turn the information security industry upside down, both from a positive and negative sense. The recent OpenSSL vulnerability is no exception. Having surfaced a short time back, it sent social media into a spin, websites and toolsets having being updated to explain, dissect and help exploit the vulnerability have popped-up everywhere. As have the theories that governments may have been using this vulnerability since as early as 2011.


Heartbleed, so aptly named because it is the Heartbeat functionality in OpenSSL that “bleeds” sensitive information, has launched itself into the limelight. Raising concerns amongst professionals, business persons and the general public alike.


One avenue that has not however been focused on too greatly (although mentioned before) is how many “embedded” and/or “appliance” devices are running the vulnerable version of OpenSSL? These usually have much longer and more fragmented patch updates than commercial web-servers and operating systems, especially when firmware is only obtainable from the manufacturer.


We conducted research into an avenue that is not often mentioned as a risk for the Heartbleed vulnerability –ADSL/DSL users. Using legitimate and non-intrusive means of identifying hosts with the Heartbleed vulnerability, we ascertained that there are many such devices, falling into the following categories:


Network-Attached Storage Devices (multiple brands)

Routers/UTM Devices (multiple brands)

CCTV Camera NVRs (multiple brands)

Small-Business Firewalls (multiple brands)

Voice-Over-IP (VOICE) Devices (multiple brands)


(it was not in the scope of this article to name the manufacturers of these devices)


The devices above are not estimated to be available and vulnerable – they are online, and are vulnerable. This raises much concern around the data that is exposed to would-be attackers trying to compromise these systems.


Keep in mind that the Heartbleed vulnerability allows one to obtain pieces of memory from the SSL process that may contain usernames, passwords and authentication cookies. In our internal lab experiments, we found this to be easily obtainable in almost 90% of the tests done.


It’s a disquieting thought, not only that so many devices with sensitive data (even hard disks!) are exposed to the Internet, but also it becomes even more important when we consider that these devices are now vulnerable – most without even new firmware on their manufacturers websites.


Embedded and appliance-like devices may be the answer for out-of-the-box and affordable solutions for many services, but in the case of this article one has to ask – Is your internet-connected appliance bleeding your confidential data?


Security Challenge at ITWeb Security Summit

0
0
The ITWeb Security Summit is just around the corner, and speakers, exhibitors and visitors alike are finalising their plans.


We expect this year to be filled with excellent talks, presentations and exhibits to help South Africans in all industries and environments benefit from what has been learnt the past year, as well as what we need to do going forward to ensure the security of our people and systems.


This year Telspace will host a security challenge at the summit. The goal of the challenge is to test the skills of information security enthusiasts at the summit. Contestants are required to attempt to hack into a test environment, hosted on a Wi-Fi network, and obtain a flag from the competition server. The first two contestants that are able to explain how they obtained the flag, as well as present it, will be awarded with a Pebble watch.

The challenge aims for contestants to think out of the box, to think logically about how the system is put together, and how it can be exploited. 
Automated tools and exploits will be of little help and what seems to be secure may turn out not to be. The challenge is designed to be both fun and challenging at the same time. Do you have what it takes?

Try out your skills and techniques on the Telspace challenge while you are at the summit – you might walk away with a prize. Be sure to visit our stand often as we might drop a clue or two as the summit progresses.


Details on how to gain access to the system will be provided at the Telspace Systems stand in the exhibition hall, as well as on the coupon in the ITWeb Security Summit booklet. We look forward to seeing you there!



Please note that the challenge is not open to staff of companies exhibiting at the summit, or their immediate families.

We are hiring! Again!

0
0
Telspace Systems is expanding rapidly and looking to hire an additional security analyst in South Africa, preferably Gauteng as the office is based in JHB. The analyst should be competent in a combination of the following skills:

- Web application security,
- Attack and penetration testing,
- Network security,
- Source code reviews,
- Mobile security.

Along with these penetration tests and security assessments, you'll be conducting regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.

If you are interested applying, email us your cv(admin[at]telspace.co.za) or get in touch via www.telspace.co.za ! 


Tasks include:

· Performing application penetration testing and application source code review against software applications

· Conduct vulnerability assessments and penetration testing on Internet-facing and internal client systems
· Exploit known and unknown vulnerabilities and discover logic flaws.
· Document technical issues identified during security assessments.
· Assist with building recommendations for hardening, and maintaining systems used for penetration testing
· Research cutting edge security topics and new attack vectors

Desired Skills & Experience:


· At least 1-2 years experience as a security analyst or relevant experience as a penetration tester.
- Bsc, Bcom or B degree, preferably MSC.
· Good technical, analytical, interpersonal, communication and writing skills.
· Good understanding of attack and defence techniques
· Excellent self management skills
· Ability to work both independently and as team lead on individual assessments.
- Additional information security certifications beneficial (CREST/CISSP/ETC).

CTF - SkyTower 1

0
0



During the ITWeb Security Summit 2014 and BSides Cape Town 2014 we decided to host a CTF competition whereby the winner could win a pebble watch if they grabbed the correct flag.

It was a popular challenge during the conferences with many groups of people collaborating to try solve the CTF. At the end of the ITWeb Security Summit we had no winners of the CTF and we therefore rolled it over to BSides in Cape Town. We were lucky enough to have a winner of the CTF in Cape Town (Todor). 



We were then asked to upload it to VulnHub, so that attendees could look at it at a later date and gain something from the CTF long term.

Therefore we have released SkyTower 1, you can download it and give it a try at:

http://vulnhub.com/entry/skytower-1,96/

If you need some assistance or help getting through the CTF, there are multiple walkthroughs available by the community already - they are in great detail and we are grateful that everyone is enjoying the challenge and interacting with one another to solve problems.

Please enjoy the CTF and happy hacking!

You can view walkthroughs by various people at:

Telspace Systems will be speaking at PasswordsCon 14 in Las Vegas, USA

0
0
This year, Telspace Systems will be speaking at PasswordsCon 14 in Las Vegas, USA.

PasswordsCon is a place where people from all backgrounds including researchers, specialists, password crackers and security experts gather to discuss and learn about all things Password related. A simple term; “Password” carries a very large impact to humans in today’s world. We use a password to access a wide variety of systems, communication, documents, email and more. With so much advancement in technology and user education one would think that the humble “Password” is now a perfected art amongst people. However it is not as can be seen repeatedly by the breaches occurring throughout the world. When password crackers obtain the plain text to the hashed passwords leaked from websites, it becomes apparent that passwords like “12345”, “Password”, “Password123” and others like it are still very much in use. Raising the questions; Why is it like that? How can we get more secure passwords? Why do people choose insecure passwords? 

Telspace Systems’s talk at PasswordsCon will answer those questions in the context of one of the most critical areas of impact – The Enterprise. How do large corporates ensure their passwords are secure? How do they ensure their staff choose strong passwords? What about SOA Architecture and Cloud Computing? A large enterprise and corporate IT environment is not only critical but highly complex. We will show you what challenges are faced, how to overcome them and how some companies have both succeeded and failed to do so. We will additionally also cover technical aspects such as what algorithms should corporates use for their systems, and why choosing certain ones can be highly secure but also a pitfall of note. 

The presentation outline is as follows:

1. Introduction to Presentation, Speaker BIO and Purpose of the
Presentation. 
2. Why is an Enterprise an entirely different scenario to other
entities that use Passwords? 
3. Top 5 points of failure - Where do Enterprises make the biggest
mistakes with their Password usage? 
4. SOA (Server Oriented Architecture) - When good ideas get bad
passwords. Discussion into why and what happens? 
5. Server Administrators in the Enterprise - Friend or Foe? 
6. Doing it the right way - Simple points to make Passwords in your
Enterprise a positive security aspect. Is your password policy
working? 
7. Q&A & Concluding Comments. 


Don’t miss this talk on a critical aspect of your company’s security. Presented by our in-house password specialist Dimitri Fousekis. Stick around for the Q&A to ask your questions to both Dimitri and other industry password experts. Additionally look out for us at the Vegas 2.0 gathering where you will have more time to engage in high-level, technical and specific information about passwords and security. 

Hacker Halted 2014 - Atlanta, USA

0
0
Telspace Systems’ will offer Wireless Hacking 101 as a certification class to teach information security professionals how to ensure their wireless infrastructures are secure. Hacker Halted will be taking place during October 2014 in Atlanta, USA.


Due to the explosion of “always-connected” devices, sensitive and classified information have become lucrative targets for exploitation. Wherever you look, people are using laptops, tablets and smartphones, both for personal and business reasons. This opens up massive opportunities for wireless hackers and other types of cybercrime.


Among these threats, is a rise in ransomware infecting mobile phones, as a recent claim by McAfee reiterates. The interception of data between a wireless device and the website or application the user is using is also lucrative for farming usernames and passwords or attempting to hijack user sessions. Additionally, simply “grabbing” whatever comes through the air to look for interesting files, photos and data is increasingly common.


Telspace Systems’ Wireless Hacking 101 will be offered as a certification class to teach information security professionals how to ensure their wireless infrastructures are secure. The course will run from 14th-15th October 2014, and will be taking place at the Georgia World Congress Center.  Telspace Systems will be running a two-day course addressing wireless hacking issues ahead of, and in conjunction with, the Hacker Halted IT Security conference.


The new culture of Bring Your Own Device (BYOD) brings additional security issues to the fore, as businesses have to protect their critical company information on user-controlled devices. Companies are now faced with the problem of personnel bringing in personal cellular access points, often bypassing company security policies and transmitting sensitive data over an unsecured, out-of-band channels. This adds to the list of vectors an attacker could pursue. Since BYOD hardware often contains company sensitive information, it is too a target for attackers either directly or via Wi-Fi attacks.


This course covers one of the most widely used forms of data transmission available to mankind today – wireless. Wireless Hacking 101 will provide real world, hands-on instruction on not only how to attach wireless, but also how to defend against attacks.


Students will leave equipped with the knowledge of how to analyze wireless networks, enumerate them, and then attack them. The course is not all theory. After covering the basics and fundamentals of how Wi-Fi works, how encryption works and how clients associate with wireless access points, the course will then examine how to attack them. With in-depth and hands-on instruction, the students will learn to competently hack their way through a wireless network. Challenging assessments, and a “capture-the-flag” examination will ensure students are immersed in this highly technical, but highly rewarding course. Subjects covered will include; Wi-Fi enumeration, WEP and WPA1/2 hacking, obtaining passwords, spoofing and attacking wireless clients and defending against wireless attacks.


Telspace to present at Alligator Security Conference - Brazil

0
0
Telspace Systems is happy to announce that we will be presenting at the 5th edition of Alligator Security Conference [1] on the 19th and 20th of September 2014. 


AlligatorCon is an independent and "invite only" Information Security Conference held in Recife, Brazil [2]. 


Our analyst Marcos Álvares (Head Of Research) will be talking about relations between Source Code Complexity and historical vulnerability data. Marcos will be performing a live demonstration of the proposed technique over the whole Linux Device Drivers source code database! 


Not much more can be disclosed about the talk as it is a invite only conference, so you'll have to be invited to see the full talk.



Good luck Marcos!


August tops attack list

0
0
The number of hacks, breaches and threats worldwide last month was record-breaking - and a clear indication that businesses are still not doing enough to safeguard themselves against cybercriminals.

itgovernance.co.uk published a list of attacks on their website and claimed August’s list of cyberattacks to be the most lengthy it has seen in a long time.


According to Dimitri Fousekis, Security Analyst and Team Lead at Telspace Systems, “We at Telspace are not surprised at the surge of cyberattacks in August. Cybercrime is increasing exponentially, and even though a large majority of the attacks culminated overseas, South Africa is far from immune.”


Fousekis says the escalating number of cyberthreats will only start to decrease once there is enough awareness. “Sure, people know what cybercrime is, and have read about the devastating effects it may have on a company. But it is only after business decision-makers understand how cybercrime can cripple the very foundation of their own operations, and realise that security is a business enabler, will they start to see the urgency of having a strong security framework in place.” 


According to the website, some of the more prominent cyberattacks for August, included:


Data Breaches:



Payment Information:



Social Media:



DDoS:



Other:



From the above list it is evident that cybercrime is a reality and only set to increase - if businesses let it. It is the responsibility of every organisation to ensure that they are well protected from threats and cybercriminal activity. Practicing ignorance and maintaining a “it won’t happen to me” attitude is no longer acceptable in today’s ever-increasing threat landscape. 

Telspace Systems Security Advisory (TSA-2017-001)

0
0

Telspace Systems Security Advisory


TSA-2017-001: WPS Office Spreadsheet invalid pointer write vulnerability

CVE number
CVE-2017-12914

Summary
A remote vulnerability exists in the .xls parsing functionality of WPS Spreadsheet. A specially crafted .xls file can cause an invalid pointer write vulnerability resulting in potential denial of service. User interaction is required to trigger this vulnerability.

Vendor
Kingsoft

Product
WPS spreadsheet

Versions
10.2.0.5908

Vendor URL
https://www.wps.com

Details and crash information
The affected component is etmain.dll library in this function : etmain!EtCommentRevisionShape::InitCmtRevShape+0xd9c03

(1154.13d4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Users\User-Pc\AppData\Local\Kingsoft\WPS Office\10.2.0.5908\office6\etmain.dll -
eax=00000000 ebx=06142550 ecx=08255c78 edx=00000000 esi=08255c78 edi=00000000
eip=6701cb50 esp=08f7fc14 ebp=08f7fc1c iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246

etmain!EtCommentRevisionShape::InitCmtRevShape+0xd9c03:
6701cb50 ff40fc inc dword ptr [eax-4] ds:002b:fffffffc=????????

Description: User Mode Write AV
Short Description: WriteAV
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at etmain!EtCommentRevisionShape::InitCmtRevShape+0x00000000000d9c03 (Hash=0x88e5e0e0.0x02d402a9)

Vendor response
The vendor has patched the vulnerability and released a new version - 10.2.0.5934

Disclosure Timeline
09-08-2017 – Initial Discovery
18-08-2017 – Vendor Notification
29-08-2017 – Vendor Patch
04-09-2017 – Public Disclosure

Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Telspace Systems Security Advisory (TSA-2017-002)

0
0

Telspace Systems Security Advisory

TSA-2017-002: WPS Office Spreadsheet invalid pointer read vulnerability

CVE number
CVE-2017-12915

Summary
A remote vulnerability exists in the .xls parsing functionality of WPS Spreadsheet. A specially crafted .xls file can cause an invalid pointer read vulnerability resulting in a potential information leak or a denial of service. User interaction is required to trigger this vulnerability.

Vendor
Kingsoft

Product
WPS spreadsheet

Versions
10.2.0.5908

Vendor URL
https://www.wps.com

Details and crash information
The affected component is excelrw.dll library in this function :
excelrw!chart::KETSeriesDataSourceProvider::chartTypeEx


(1e14.560): Access violation - code c0000005 (first chance)

First chance exceptions are reported before any exception handling.

This exception may be expected and handled.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Users\User-Pc\AppData\Local\Kingsoft\WPS Office\10.2.0.5908\office6\excelrw.dll -

eax=0439f78c ebx=9d953784 ecx=9d953784 edx=07f86948 esi=9d953784 edi=06012490

eip=6b8772bd esp=0439f774 ebp=0439f798 iopl=0 nv up ei pl nz na pe nc

cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206


excelrw!chart::KETSeriesDataSourceProvider::chartTypeEx+0x461fd:

6b8772bd 8b7e4a mov edi,dword ptr [esi+4Ah] ds:002b:9d9537ce=????????

Vendor response
The vendor has patched the vulnerability and released a new version - 10.2.0.5934

Disclosure Timeline
09-08-2017 – Initial Discovery
18-08-2017 – Vendor Notification
29-08-2017 – Vendor Patch
05-09-2017 – Public Disclosure

Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Telspace Systems Security Advisory (TSA-2017-003)

0
0

Telspace Systems Security Advisory

TSA-2017-003: WPS Office Spreadsheet out of bounds read vulnerability

CVE number
CVE-2017-12918

Summary
A remote vulnerability exists in the .xls parsing functionality of WPS Spreadsheet. A specially crafted .xls file can cause an out of bounds read vulnerability resulting in potential information leak or code execution. User interaction is required to trigger this vulnerability.

Vendor
Kingsoft

Product
WPS spreadsheet

Versions
10.2.0.5908

Vendor URL
https://www.wps.com

Details and crash information
The affected component causes a crash at a memcpy function:

(1ddc.1fd0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Users\User-Pc\AppData\Local\Kingsoft\WPS Office\10.2.0.5908\office6\MSVCR100.dll -
(1ddc.1fd0): Access violation - code c0000005 (!!! second chance !!!)
eax=07862b89 ebx=07b500b4 ecx=000066e3 edx=00000000 esi=07848ffd edi=07b52aa4
eip=6f1d1ed7 esp=047df7ec ebp=047df7f4 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202

MSVCR100!memcpy+0x57:
6f1d1ed7 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]

Vendor response
The vendor has patched the vulnerability and released a new version - 10.2.0.5934

Disclosure Timeline
09-08-2017 – Initial Discovery
18-08-2017 – Vendor Notification
29-08-2017 – Vendor Patch
05-09-2017 – Public Disclosure

Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Telspace Systems Security Advisory (TSA-2017-004)

0
0
Telspace Systems Security Advisory

TSA-2017-004: WPS Office Writer out of bounds read vulnerability

CVE number
CVE-2017-12916

Summary
A remote vulnerability exists in the .doc parsing functionality of WPS Writer. A specially crafted .doc file can cause an out of bounds read vulnerability resulting in potential information leak or denial of service. User interaction is required to trigger this vulnerability.

Vendor
Kingsoft

Product
WPS Writer

Versions
10.2.0.5908

Vendor URL
https://www.wps.com

Details and crash information
The affected component is docreader.dll which causes a crash at a dr_CreateSource function:

(7f8.1c0): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=00000000 ecx=0a9fab15 edx=0bcc03f0 esi=0aa26ad8 edi=019fab15
eip=6bb76604 esp=0019ea24 ebp=0019ea6c iopl=0         nv up ei ng nz na pe cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010287
docreader!dr_CreateSource3Ex+0x1cff:
6bb76604 0fb607          movzx   eax,byte ptr [edi]         ds:002b:019fab15=??



Vendor response
The vendor has patched the vulnerability and released a new version 10.2.0.5934

Disclosure Timeline
09-08-2017 – Initial Discovery
18-08-2017 – Vendor Notification
29-08-2017 – Vendor Patch
xx-09-2017 – Public Disclosure

Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Telspace Systems Security Advisory (TSA-2017-005)

0
0
Telspace Systems Security Advisory

TSA-2017-005: Internet Explorer Information Disclosure Vulnerability

CVE number
CVE-2017-11790

Summary
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user’s system 

Vendor
Microsoft

Product
Internet Explorer

Version
11.0.15063.540

Vendor URL

Details and crash information
iertutil!CreateUriPriv+0x43:
00007ff8`001be203 66391479 cmp word ptr [rcx+rdi*2],dx ds:0000012f`76037000=????

Vendor response
The vendor has patched the vulnerability and released a new version 

Disclosure Timeline
02-08-2017 – Initial Discovery
14-09-2017 – Vendor Notification
10-10-2017 – Vendor Patch
11-10-2017 – Public Disclosure


Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Flux capacitors charged and back to the future Telspace goes. BSides Cape Town 2017

0
0
This past weekend (2 December 2017) a few of our Telspace team members traveled to the annual BSides Cape Town conference.  This year the con was inspired by the classic movie “Back to the Future”.  Kicking off the con was the pre-party Friday evening at the Cape Town Science Centre. 

This was the perfect venue not only to compliment the theme but to also tickle the fancy of all us geeks and nerds attending.  After welcome drinks and exploring the Science Centre with all of its fantastic scientific illustrations it was time for a movie. You guessed it, we watched “Back to the Future”.  And so, we ended off Friday evening.  
From left to right: Charlie Smith, Cobus Mentz, Kenny Matima and Frank Allenby

From left to right: Charlie Smith, Cobus Mentz, Kenny Matima and Frank Allenby

Finally!!!  D-day, the con starts.  Up early Saturday morning we headed off to Observatory.  Full of excitement we got our SWAG-on and headed off to the talks but first, coffee.  This was clearly a mutual feeling as everyone was standing in line to get their cuppa for the morning.  

The con was packed with great talks, loads of challenges such as the CTF, lock picking and a bunch more.  Frank from our team did a great talk on Data Huffing and ways in which we can use data breaches to aid with pentests and information security in general. 


Telspace - Hackers for hire

The CTF from Nclose was also great fun with Charlie and Frank being the only 2 participants (out of about 15) to successfully capture the flag.  Charlie was the overall winner because, through his years of experience breaking Web Apps, he generated the least number of alerts. He actually found a path that not even the CTF creators knew about, he truly hacked the CTF!


Telspace - Hackers for hire


As Telspace regularly does we once again chose a charity to contribute to.  This time around we chose the South African Depression and Anxiety Group (@TheSADAG).  They do fantastic and much-needed work and we are proud to be associated with them.   To spread awareness, we asked delegates to track down our team members, take a selfie with them and post it to Twitter.  As a thanks to the participants, we gave them a special limited edition 15 Year Anniversary Telspace shirt.  Selfies can be found on Twitter by searching for @telspacesystems or #BSidesCPT17. 

Telspace - Hackers for hire

In conclusion, BSides Cape Town 2017 was a huge success and it is great to see how the information security community within South Africa is growing not only in numbers but with the quality of research as well. 

To summarise, the highlights were:
  • Awesome talks
  • CTF Victors 
  • Selfies for charity
  • Great Conference

2017 Highlights, a great year and even greater things to come!

0
0
As we enter a new year Telspace would like to look back on 2017 and thank everyone who made 2017 one of our greatest yet. We have had the pleasure of attending a number of conferences where we were able to present, train and share ideas with like-minded individuals. 2017 saw a growth in the Telspace Team, in particular in our Research and Development space (more to come!). This blog post provides an overview of some of the highlights this year, if we have missed anything let us know in the comments below! We kicked the year off by joining up with Carte Blanche to provide comment on mobile privacy and the tools used to spy on people.


Left to right: Stieler (Standard Bank), Bongani Bingwa (Carte Blanche), Simphiwe (PIC), Dino Covotsos (Telspace Systems)

Telspace has always been very close to the local infosec community and we believe in giving back. As part of this, Telspace got heavily involved in ITWeb’s first Hackathon where we provided our time to train, mentor and judge the participants. The inaugural Hackathon brought young professionals with an interest in developing their skills in Information Security together. The overall theme, “Innovation in Security”, challenged disruptive innovators to build the most secure systems possible, as well as to explore new innovative mechanisms for the industry.

The Hackaton was a great event / initiative as it made the participants aware of the importance of information security. Telspace also took on board one of the participants from the Hackathon that demonstrated the most passion, as we always like to say, we can teach you skills but we can’t teach you passion!

Left to right: Manny Corregedor (COO of Telspace Systems), Nithen Naidoo (CEO of Snode) at the Hackathon Ideathon

For more information on the Hackathon go to:
In addition to supporting the ITWeb Hackathon we also sponsored, provided training (ethical and wireless hacking) and spoke at the ITWeb Security Summit. We also got the opportunity to catchup with some old friends such as Jayson Street, an international speaker, that gave a keynote at the conference. We also made a donation to CANSA for every Telspace shirt that was given away to attendees that visited our stand.

Left to right: Eric Lundberg, Manny Corregedor and Jayson Street


Manny Corregedor giving a talk on ‘A false sense of information security’ at the ITWeb Security Summit.

The conference was well attended and had great international speakers such Jayson Street and Mati Aharoni who gave keynotes.

Telspace also attended the first local Johannesburg 0xCon conference where our COO Manny Corregedor presented his talk “Breaking AVs for fun and the greater good”. A great day was had by everyone and it was great seeing the community come together for this local conference.

Left to right (front): Manny, Mariska (No longer with Telspace), Sibusiso, Mark, Richard. Back: Eric.

Throughout the year we also participated in other local and international conferences, round table events and provided comments on news stories in the media.

In addition to supporting local events, we also attended Blackhat, Defcon 25 and Bsides in Las Vegas. Our analyst Richard Hocking gave a presentation on Hacking Stock Markets at BSides Las Vegas titled ‘(In)Outsider Trading - Hacking stocks using public information and influence.’

In Vegas many bonds were made and many beers were enjoyed. We look forward to attending again in 2018. We also donated to the fantastic Hackers for Charity, which is an amazing initiative which we fully support (Thanks Johnny!). More information on this great initiative can be found by going to: http://www.hackersforcharity.org/ .

Telspace also sponsored and presented at Bsides Cape Town 2017, where we were proud to run a “selfies for charity” fundraiser for the South African Depression and Anxiety Group (@TheSADAG). Our analyst Frank Allenby also presented his talk titled ‘Breach huffing; a culinary exploration of data breaches’.

Frank Allenby speaking at Bsides Cape Town

Our analyst Charlie Smith, also won the capture the flag competition at BSides Cape Town, the prize was a Google Home device, sponsored by NClose Security.

Charlie Smith receiving his prize for winning the CTF at BSides Cape Town


Some “selfies for charity” at BSides Cape Town 2017

For a complete write up on our experience at BSides Cape Town visit:

http://blog.telspace.co.za/2017/12/flux-capacitors-charged-and-back-to.html

This year we officially kicked off our security advisory service, Telspace Security Advisories (TSA), where we responsibly disclosed a number of unknown vulnerabilities (0day) to vendors. In 2018 we plan to continue our research in not only finding unknown vulnerabilities but also releasing research that would be valuable to our clients and more importantly the community as a whole - stay tuned :) Lastly, we would like to thank everyone who made our 2017 year so amazing, a huge thank you to our staff, clients, friends and most importantly the local Information Security community. We wish you all the best and a prosperous year for 2018.

Telspace Systems Security Advisory (TSA-2018-001)

0
0

Security Advisory



TSA-2018-001: Microsoft Access Information Disclosure Vulnerability

CVE Number: CVE-2018-0853


Summary

An information disclosure vulnerability exists when Microsoft Office Access software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.


Details and crash information

VCRUNTIME140!memcpy+0x4e:

72edd1ce f3a4            rep movs byte ptr es:[edi],byte ptr [esi]


Vendor: Microsoft

Product: Access

Version: 16.0.8625.2127

Vendor URLs:



Vendor Response

The vendor has patched the vulnerability and released a new version.


Disclosure Timeline

  • 23-11-2017 – Initial Discovery
  • 25-11-2017 – Vendor Notification
  • 19-01-2018 – Vendor Patch
  • 13-02-2018 – Public Disclosure


Credit

This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Telspace Systems Security Advisory (TSA-2018-002)

0
0

Security Advisory


TSA-2018-002: Microsoft Edge Information Disclosure Vulnerability

CVE Number: CVE-2018-0839

Summary

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.


Details and crash information

edgehtml!Ordinal125+0xe3c86:

5ef196d6 8b5928          mov     ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????


Vendor: Microsoft

Product: Edge

Version: 11.0.15063.67

Vendor URLs:
Vendor Response

The vendor has patched the vulnerability and released a new version

Disclosure Timeline
  • 23-11-2017 – Initial Discovery
  • 29-11-2017 – ZDI Notification
  • 07-12-2017 - Vendor notification
  • 21-02-2018 - Coordinated public release of advisory
Credit

This vulnerability was discovered by Dmitri Kaslov of Telspace Systems
Viewing all 82 articles
Browse latest View live




Latest Images