Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

AusCERT Week in Review for 7th October 2016


As another Friday comes to a close, there have been numerous security related news items this week. Here's a summary (including excerpts) of some of the more interesting stories we've seen:


Title: How hard is it to hack the average DVR? Sadly, not hard at all

Author: Dan Goodin

Date: 04/10/2016

Excerpt: A major battle is underway for control over hundreds of millions of network-connected digital video recorders, cameras, and other so-called Internet of Things devices. As Ars has chronicled over the past two weeks, hackers are corralling them into networks that are menacing the security news site KrebsOnSecurity and other Web destinations with some of the biggest distributed denial-of-service attacks ever recorded.

Johannes B. Ullrich, a researcher and chief technology officer for the SANS Internet Storm Center, wanted to know just how vulnerable these devices are to remote takeover, so he connected an older DVR to a cable modem Internet connection. What he saw next—a barrage of telnet connection attempts so dizzying it crashed his device—was depressing.

"The sad part is, that I didn't have to wait long," he wrote in a blog post published Monday. "The IP address is hit by telnet attempts pretty much every minute. Instead of having to wait for a long time to see an attack, my problem was that the DVR was often overwhelmed by the attacks, and the telnet server stopped responding. I had to reboot it every few minutes."


Title: Victoria opens cyber security mega-hub

Author: Allie Coyne

Date: 06/10/2016

Excerpt: The CSIRO's digital research unit Data61 has opened the doors to its new national cyber security centre in Melbourne, situated alongside IT security experts from Oxford University and the state government.

Data61 agreed to move its national cyber security centre to the Docklands Goods Shed earlier this year, after Oxford University picked the spot as the location for its own global cyber security capacity centre (GCSCC) last December.

It marked the introduction of Oxford University's first ever international office.

The Victorian government at the time announced the GCSCC would be co-located with a new Oceania Cyber Security Centre (OCSC), which brings together eight Victorian universities as well as the Defence Science Institute and private sector organisations.


Title: We Need to Save the Internet from the Internet of Things

Author: Bruce Schneier

Date: 07/10/2016

Excerpt: Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive DDoS attack.

In many ways, this is nothing new. Distributed denial-of-service attacks are a family of attacks that cause websites and other internet-connected systems to crash by overloading them with traffic. The "distributed" part means that other insecure computers on the internet—sometimes in the millions—are recruited to a botnet to unwittingly participate in the attack. The tactics are decades old; DDoS attacks are perpetrated by lone hackers trying to be annoying, criminals trying to extort money, and governments testing their tactics. There are defenses, and there are companies that offer DDoS mitigation services for hire.


Title: Google's Chrome cloaks Pirate Bay in red screen of malware death

Author: Team Register

Date: 07/10/2016

Excerpt: Google is warning users to stay away from infamous unauthorised content distribution site The Pirate Bay, as it says the torrent attic is bad for PC health.

Mountain View has generally shied away from flagging the torrent site as a malicious entity, other than a handful of times when it was caught serving malware through its rotation of sometimes-dodgy advertisements.

"Attackers on this site might try to trick you to download software or steal your information, for example passwords, messages, or credit card information," Google warns in its Safe Browsing checks.

Visitors to the site on Chrome could face Google's red screen of malware death, requiring them to bypass a warning to reach The Pirate Bay.

The Pirate Bay hosts a variety of ordinary and unscrupulous advertisements. Many link to scam sites regarding investments and fake infections on users' devices.


Finally, here are some of this week's more interesting security bulletins (sorted by oldest to newest):
1) ESB-2016.2319 - ALERT [Appliance][Virtual] EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances: Root compromise - Remote/unauthenticated

Multiple remote code execution vulnerabilities have been identified in EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances. An unauthenticated attacker may be able to execute commands with root level privileges. Customers should update to version 8.3.0.

2) ESB-2016.2350 - ALERT [Appliance] Animas OneTouch Ping: Multiple vulnerabilities

The Animas OneTouch Ping insulin pump is vulnerable to multiple vulnerabilities. The most severe of these could allow an attacker to execute commands on the insulin pump, including the administration of insulin. Animas will not be releasing firmware updates but has provided a number of counter-measures such as disabling remote access. Animas has stated that exploits require a high level of technical expertise and physical proximity, however detailed proof of concept is publicly available.

Have a happy, bug free, weekend!