Security News #0x57
- If you are evaluating the security of a router, you should definitely head over to routerpwn; they have exploits for a large number of SOHO products.
- In one of the most under-reported things I have seen is the work of Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Described in a post of Brian Hayes, she apparently scanned the Internet looking for RSA public keys with common factors. One would not expect that these keys would possess common prime factors, yet roughly 1 in 200 of the tested keys was found to share a common prime with another key. Something is seriously wrong here folks!
- Props to Caleb Coffie, a student at RIT, for his excellent write up of the preseason round for the National Cyber League.
- One of the stories making the rounds is about "badBIOS". Some accounts of this malware have given it almost super-powers: it is supposed to live in the BIOS and jump airgaps by using inaudible high frequency sounds and the system’s microphone. Certainly extraordinary claims require extraordinary skepticism and extraordinary evidence, so I suggest that you also take a look at RootWyrm’s analysis and its corresponding Reddit page.
- You may recall the recent attack on Adobe systems where attacker made off with the source code for a number of Adobe products as well as the passwords for as many as 130 million accounts. Well, Ars Technica reports that Adobe did not hash the passwords, but instead used (reversible) encryption. Oh dear.