Just because you are paranoid doesn't mean your phone isn't listening to everything you say
We discuss a set of 0-day kernel vulnerabilities in CNU (Cisco Native
Unix), the operating system that powers all Cisco TNP IP phones. We
demonstrate the reliable exploitation of all Cisco TNP phones via
multiple vulnerabilities found in the CNU kernel. We demonstrate
practical covert surveillance using constant, stealthy exfiltration of
microphone data via a number of covert channels. We also demonstrate the
worm-like propagation of our CNU malware, which can quickly compromise
all vulnerable Cisco phones on the network. We discuss the feasibility
of our attacks given physical access, internal network access and remote
access across the internet. Lastly, we built on last year's presentation
by discussing the feasibility of exploiting Cisco phones from
compromised HP printers and vice versa.
Cisco PSIRT has assigned CVE Identifier CVE-2012-5445 to this issue.
<Begin RNE Text>
Symptoms:
Cisco Unified IP Phone 7900 series devices also referred to as Cisco TNP
Phones contain an input validation vulnerability. A local,
authenticated attacker with the ability to place a malicious binary on
the phone could leverage this issue to elevate their privileges or take
complete control of the device.
The issue is due to a failure to properly validate certain system calls
made to the kernel of the device. This failure could allow the attacker
to overwrite arbitrary portions of user or kernel space memory.
The following Cisco Unified IP Phone devices are affected:
Cisco Unified IP Phone 7975G
Cisco Unified IP Phone 7971G-GE
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7965G
Cisco Unified IP Phone 7962G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7961G-GE
Cisco Unified IP Phone 7945G
Cisco Unified IP Phone 7942G
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7941G-GE
Cisco Unified IP Phone 7931G
Cisco Unified IP Phone 7911G
Cisco Unified IP Phone 7906
The following models have reached end-of-life (EOL) status (for hardware
only):
Cisco Unified IP Phone 7971G-GE
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7961G-GE
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7941G-GE
Cisco Unified IP Phone 7906
Refer to the following link to determine what product upgrade and
substitution options are available:
http://www.cisco.com/en/US/products/hw/phones/ps379/prodeolnotices_list.html
Conditions:
Cisco Unified IP Phones within the 7900 Series running a version of
Cisco IP Phone software prior to 9.3.1-ES10 are affected. The fixed
software release is expected to be available for customers mid-to-late
November 2012.
Workaround:
Restrict SSH and CLI access to trusted users only. Administrators may
consider leveraging 802.1x device authentication to prevent unauthorized
devices or systems from accessing the voice network.
Further Problem Description:
This issue was reported to Cisco PSIRT by Ang Cui of Columbia
University. Cisco PSIRT would like to thank Ang and his staff for
working with Cisco to resolve this issue.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 6.8/5.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-5445 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/productssecurityvulnerability_policy.html
<End RNE Text>
Oracle launch new version of Java for Oracle Java 7 Security Manager Bypass Vulnerability
Systems Affected
Any system using Oracle Java 7 (1.7, 1.7.0) including
Java
Platform Standard Edition 7 (Java SE 7)
Java SE Development Kit (JDK
7)
Java SE Runtime Environment (JRE 7)
All versions of Java
7 through update 10 are affected. Web browsers using the Java 7 plug-in
are at high risk.
Overview
A vulnerability in the way Java 7 restricts the permissions of Java applets
could allow an attacker to execute arbitrary commands on a vulnerable
system.
Description
A vulnerability in the Java Security Manager allows a Java applet to grant
itself permission to execute arbitrary code. An attacker could use social
engineering techniques to entice a user to visit a link to a website hosting a
malicious Java applet. An attacker could also compromise a legitimate web site
and upload a malicious Java applet (a "drive-by download"
attack).
Any web browser using the Java 7 plug-in is affected. The Java
Deployment Toolkit plug-in and Java Web Start can also be used as attack
vectors.
Reports indicate this vulnerability is being actively exploited,
and exploit code is publicly available.
Further technical details are
available in Vulnerability Note VU#625617.
Impact
By convincing a user to load a malicious Java applet or Java Network
Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a
vulnerable system with the privileges of the Java plug-in process.
In Europe the consumer does not loose the obligatory 2-year warranty on the device just because the device is flashed.
FSFE Legal team has analysed this issue and the answer, if the consumer bought it inside the EU, is no.
The consumer does not loose the obligatory 2-year warranty on the device just because the device is flashed.
"A good test to see if it is the software’s fault is to flash it
back with stock firmware/OS and see if the problem persists. If it does,
it is not a software-caused problem. If it is not possible to revert it
to stock software any more, it is also not a software-caused defect.
There are very few hardware defects that are caused by software".
Directive 1999/44/CE dictates1
that any object meeting certain criteria (incl. telephones, computers,
routers etc.) that is sold to a consumer2. inside the European Union,
has to carry a warranty from the seller that the device will meet the
quality that you would expect for such a device for a period of 2 years.
A telephone is an example of such a device and is an object that
comprises many parts, from the case to the screen to the radio, to a
mini-computer, to the battery, to the software that runs it. If any of
these parts3 stop working in those 2 years, the seller has to fix or
replace them. What is more these repairs should not cost the consumer a
single cent — the seller has to cover the expenses (Directive
1999/44/CE, §3). If the seller has any expenses for returning it to the
manufacturer, this is not your problem as a consumer.
If your device becomes defective in the first 6 months, it is presumed
that the defect was there all along, so you should not need to prove
anything.
If your device becomes defective after the first 6 months, but before 2
years run out, you are still covered. The difference is only that if the
defect arises now, the seller can claim that the defect was caused by
some action that was triggered by non-normal use of the device4. But in
order to avoid needing to repair or replace your device, the seller has
to prove that your action caused5 the defect. It is generally recognised
by courts that unless there is a sign of abuse of the device, the
defect is there because the device was faulty from the beginning. That
is just common sense, after all.
So, we finally come to the question of rooting, flashing and changing
the software. Unless the seller can prove that modifying the software,
rooting your device or flashing it with some other OS or firmware was
the cause for the defect, you are still covered for defects during those
2 years. A good test to see if it is the software’s fault is to flash
it back with stock firmware/OS and see if the problem persists. If it
does, it is not a software-caused problem. If it is not possible to
revert it stock software any more, it is also not a software-caused
defect. There are very few hardware defects that are caused by software —
e.g. overriding the speaker volume above the safe level could blow the
speaker.
Many manufacturers of consumer devices write into their warranties a
paragraph that by changing the software or “rooting” your device, you
void the warranty. You have to understand that in EU we have a
“statutory warranty”, which is compulsory that the seller must offer by
law (Directive 1999/44/CE, §7.1) and a “voluntary warranty” which the
seller or manufacturer can, but does not need to, offer as an additional
service to the consumer. Usually the “voluntary warranty” covers a
longer period of time or additional accidents not covered by law6. If
though the seller, the manufacturer or anyone else offers a “voluntary
warranty”, he is bound to it as well!
So, even if, by any chance your “voluntary warranty” got voided, by
European law, you should still have the 2 year “compulsory warranty” as
it is described in the Directive and which is the topic of this article.
In case the seller refuses your right to repair or replace the device,
you can sue him in a civil litigation and can report the incident to the
national authority. In many European countries such action does not
even require hiring a lawyer and is most of the time ensured by
consumers associations.
The warranty under this Directive is only applicable inside the European Union and only if you bought the device as a consumer.
[1] EU member states must have by now imported the Directive 1999/44/CE
into their national laws. So you should quote also your local law on
that topic.
[2] A consumer is a natural person who acts for their own private purposes and not as a professional. .
[3] Batteries can be exempt of this and usually hold only 6 months warranty.
[4] E.g. a defect power button could be caused by spreading marmalade in
it or hooking it onto a robot that would continuously press the button
every second 24/7 — of course that is not normal or intended use.
[5] Note that correlation is not causation — the defect has to be proven
to be caused by your action, not just correlate with it.
[6] E.g. if a device manufacturer guarantees the phone is water- and
shock-proof or a car manufacturer offers 7 years of warranty against
rust.
For some it may be nothing new, because of the comments on Youtube and news. But for some it may be.
So comments like these so frequent, I decided to research in detail, I found that it is developed by Portuguese and is linked to a Portuguese company and University ofAveiro.
And all this information is publicly available on Linkedin.
Triworks ANALYST / PROGRAMMER | Information Technology and Services
Responsible for developing and modeling a database with an
average size which had various problems of optimization and management
for the project, it can be see in here : http://www.megabox.com
Responsible for developing and modeling a database and backoffice in
Symphony of the project for Ghossyp, it can be see here
http://ghossyp.com PHP, MySQL, Actionscript 3.0, HTML, CSS, XML
Source: https://talent.me/
Content Management, Team Leader Triworks Privately Held; 11-50 employees; Software industry Leader of a four people team dedicated to content management. The team has worked on several projects for Megamedia, including Megabox.
Megaupload / Megabox / Triworks.net - Design Studio October 2009 to Present Team Members: XXXX Megabox.com is an online music locker from the Megaupload network, which allows the user to upload his entire music collection, and listen to it from anywhere.
Source: linkedin.com
Out of respect forthe peoplewhoputthis informationin theirprofiles,do notputdirect linksfrom theirprofiles.
This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'Samba4'.
Major enhancements in Samba 4.0.0 include:
Active Directory service
File Services
DNS
NTP
Python Scripting Interface
Active Directory services
=========================
Samba 4.0 supports the server-side of the Active Directory logon
environment used by Windows 2000 and later, so we can do full domain
join and domain logon operations with these clients.
Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.
When running an AD DC, you only need to run 'samba' (not smbd/nmbd/winbindd),
as the required services are co-coordinated by this master binary.
The tool to administer the Active Directory services is called 'samba-tool'.
A short guide to setting up Samba 4 as an AD DC can be found on the wiki:
http://wiki.samba.org/index.php/Samba4/HOWTO
