What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-04-01 16:18:36 | Analyse cyber-physique des armes des systèmes de détection de destruction massive: Partie 1 - Darpa \\ 's Sigma Cyber-Physical Analysis of Weapons of Mass Destruction Detection Systems: Part 1 - DARPA\\'s SIGMA (lien direct) |
Index1. Introduction2. Practical Gamma Spectroscopy for Security Researchers3. SIGMA Network4. ConclusionsDisclaimerTo avoid any misunderstandings, I want to clarify that all the information in this post is based on open-source intelligence, publicly available documents, and reverse engineering. I have not attempted to compromise or replicate any potential attacks on internet-facing SIGMA systems. Instead, I conducted a simple, non-invasive reconnaissance phase, which involved accessing public websites, reviewing their source code, and examining generic endpoints to gather general information, such as system versions. A month before publishing this post, I gave a heads-up about it to those who needed to be informed.Introduction  This is the first part of a series on the cyber-physical analysis of weapons of mass destruction detection systems, focusing on technologies like CBRN networks and nuclear safeguards. These posts will cover how these systems integrate physical methods with cyber capabilities to counter potential threats. By analyzing both the hardware and software components, I aim to highlight the challenges and advancements in ensuring these systems function effectively in real-world scenarios, as well as some of the vulnerabilities, exploits, and security-related issues discovered during the research. Above all, the goal is to contribute to a better understanding of these systems and encourage critical thinking, especially in these challenging times.Thirty years ago, the Japanese apocalyptic cult \'Aum Shinrikyo\' managed to fabricate sarin gas in-house and released it in multiple trains during rush hour on the Tokyo subway system. The deadly nerve agent killed 14 people, injured over 1000, and caused severe health issues for thousands more. Initial reports only mentioned \'an explosion in the subway,\' causing the first 30 police officers who arrived at the scene to overlook the possibility of a chemical attack. As a result, they were exposed to and harmed by the sarin gas, which also delayed their ability to provide a timely and proper response to the other victims.Could a similar event happen today in a modern city? Probably yes, but at least in theory, it would be orders of magnitude harder for the perpetrators to achieve their goals. Even if they succeeded, the immediate aftermath (essentially the ability to mitigate the consequences), would (is expected to) be managed much more effectively, due to technological progress in countering Chemical, Biological, Radiological, |
Tool Vulnerability Threat General Information Legislation Mobile Prediction Cloud Commercial | ★★ | |
|
2025-01-22 14:43:46 | La cyber-dimension de l'occupation du NPP Zaporizhzhia The Cyber Dimension of the Zaporizhzhia NPP Occupation (lien direct) |
 The war that began with Russia\'s full-scale invasion of Ukraine has led to a series of unprecedented nuclear-related situations. During the first 48 hours, Chernobyl-a symbol of the deep-seated fear of nuclear disaster, especially within Europe-was taken by Russian troops.This was accompanied by reports of radiation spikes, various plots involving dirty bombs and nuclear materials, and Russian soldiers allegedly killed by acute radiation syndrome. In the end, all of it was proven to be as fictitious as the reported radiation levels.We should view these mutual accusations between Ukraine and Russia as part of the information war, which likely didn\'t come as a complete surprise to those in the know. For instance, in an insightful piece Politico published documenting the \'first-ever oral history of how top U.S. and Western officials saw the warning signs of a European land war,\' John Kirby stated the following: Without time to recover from the shock caused by the events in the Chernobyl Exclusion Zone, just a few days later, Russia attacked and eventually occupied Europe\'s largest nuclear power plant: Zaporizhzhia. Four weeks later, Russian forces withdrew from Chernobyl, but they did not withdraw from Zaporizhzhia NPP, which remains occupied to this day. With a new administration taking over the U.S. government, likely to have a significant influence on the conditions and terms for ending this armed conflict-if it ends at all-now seems like the right moment to address a gap in the existing coverage of the Zaporizhzhia NPP occupation: its cyber dimension.Ukraine: From Non-Proliferation to the Modernization of Its Nuclear Power PlantsAfter the Soviet Union\'s collapse in 1991, Ukraine agreed to give up its nuclear weapons under the Budapest Memorandum (1994), in exchange for security assurances from Russia, the U.S., and the UK. Some might argue that this move has not aged well, |
Tool Vulnerability Studies Industrial Technical | ★★★ | |
|
2024-01-15 16:59:43 | Que s'est-il vraiment passé à Tchernobyl au début de l'invasion russe? What Really Happened in Chernobyl During the Beginning of the Russian Invasion? (lien direct) |
This blog post contains the web version of my research paper: "Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication", which was unveiled at BlackHat USA 2023. It is intended to ease the indexing and dissemination of the information collected during this research. In a few days, I\'ll be in Brussels presenting this research. The original paper (PDF) can be downloaded here.Additional references:https://www.wired.com/story/chernobyl-radiation-spike-mystery/ (Kim Zetter)https://www.zetter-zeroday.com/p/radiation-spikes-at-chernobyl-a-mystery (Kim Zetter)https://medium.com/war-notes/chornobyl-3-92216d21b223 (Olegh Bondarenko) INDEXForeword Executive summary Introduction 1. Physical 1986 Resuspension Transport Humidity Traffic 2. Cyber |
Malware Vulnerability Mobile Industrial Prediction Cloud Conference Technical Commercial | ★★★ | |
|
2023-10-20 17:13:53 | Quelques réflexions sur les vulnérabilités de vote électronique. Some thoughts on e-Voting vulnerabilities. (lien direct) |
i \\ 'm a un peu surpris par le blog de Schneier d'aujourd'hui " | Malware Vulnerability | ★★★ | |
|
2023-10-08 11:35:58 | Inversion \\ 'France Identité \\': le nouvel ID numérique français. Reversing \\'France Identité\\': the new French digital ID. (lien direct) |
--------------Update from 06/10/2023 : following my publication, I\'ve been in contact with France Identité CISO and they could provide more information on the measures they have taken in the light of these findings:We would like to thank you for your in-depth technical research work on “France Identite” app that was launched in beta a year ago and for which you were rewarded. As you know, the app is now generally available on iOS and Android through their respective app stores.Your work, alongside French cybersecurity agency (ANSSI) research, made us update and modify deeply the E2EE Secure Channel used between the app and our backend. It is now mostly based on TLS1.3. Those modifications were released only a few weeks after you submitted your work through our private BugBounty program with YesWeHack. That released version also fixes the three other vulnerabilities you submitted.From the beginning of “France Identite” program, it was decided to implicate cybersecurity community, launching first a private BugBounty program. We are now happy to announce the BugBounty program will soon be publicly available, and the source code published in early 2024. You and all security researchers are welcome to participate.--------------More than a year ago I was invited to a private bug bounty with an unusual target: \'France Identité\', the new french digital ID. The bug bounty program itself was disappointing to me so I\'d say that, likely, it wasn\'t necessarily worth my efforts, although I\'ve been rewarded with some bounties for the reports. On the other hand, the scope was very interesting so for me, the technical part eventually made up for the negative aspects.It was a pure black-box approach against the preproduction version. I received a \'specimen\' French ID card (carte d\'identité), which obviously did not correspond to any actual citizen. However, I didn\'t get a PIN, so I couldn\'t fully cover all the functionalities implemented in the \'France Identité\' system. Now let\'s see what I found. IntroductionA relatively common approach to designing cost effective, user-friendly, chip-to-cloud solutions is to leverage the communication capabilities of the user\'s mobile phone. As a result, instead of endowing the smart device (e.g., digital ID Card) with all the required electronics and software that would enable it to autonomously transmit and receive data from the internet, the product is developed to use a short-range communication stack such as Bluetooth/NFC (something any modern mobile phone supports by default) and then, an App in the phone will create a communication channel with the backend, thus acting as a bridge for both worlds. |
Vulnerability Mobile Technical | ★★★ | |
|
2023-04-11 16:14:08 | Perdre le contrôle de l'expert du contrôle de l'écostruxure de Schneider \\ Losing control over Schneider\\'s EcoStruxure Control Expert (lien direct) |
Au cours du Q2 2022, compte tenu de la situation géopolitique qui s'est déroulée après l'invasion russe de l'Ukraine, j'ai décidé qu'il ne ferait aucun mal à tuer certains bugs dans certains des principaux acteurs de l'arène ICS. Je me suis concentré dans les cadres logiciels qui s'exécutent sur les postes de travail d'ingénierie, donc, s'ils sont compromis, les attaquants seraient en position privilégiée pour manipuler la logique des contrôleurs, permettant ainsi des attaques sophistiquées avec un impact physique potentiel (c'est-à-dire Triton). J'ai signalé de manière responsable un groupe de vendeurs non authentifiés à peu de temps à dissolution aux vendeurs correspondants. Dans un cas, après avoir été ignoré pendant des mois, j'ai dû recourir au \\ 'Twitter, faire votre approche magique et tweeter que je divulguerais les problèmes si la situation persistait. Il n'a fallu que quelques heures pour que le vendeur me revienne. Le côté positif est qu'ils ont trouvé les bugs intéressants et que tout ce désordre s'est retrouvé dans un travail payant. Ce billet de blog couvre un scénario similaire dans un autre fournisseur: j'ai signalé ces problèmes à Schneider le 20 juin (2022) qui ont ensuite été largement ignorés pendant 9 mois jusqu'à ce que je devais, une fois de plus, à utiliser la menace \\ '0day \' afin d'obtenir cette situation \\ 'fixé \'. poste de travailRunning Schneider Electric \\ 's Ecostrutuxure Control Expert . CVE-2023-27976 CVSS V3.1 Score de base 8.8 | Haut | CVSS: 3.1 / AV: N / AC: L / PR: N / UI: R / S: U / C: H / I: H / A: H Il s'agit principalement d'un problème de conception dansLe bus de périphérique orienté vers le service (SE.SODB.HOST.EXE). Ce composant est une partie fondamentale de l'architecture d'experts de contrôle, prenant en charge sa fonctionnalité \\ 'topology \' qui permet d'interfacer avec différents types de dispositifs industriels, y compris les contrôleurs de sécurité. \\ 'SE.SODB.HOST.EXE \' expose un ensemble spécifique de services Web, construit sur un | Vulnerability Threat Industrial | ★★★★ | |
|
2023-03-31 20:35:32 | Méfiez-vous de la chaîne de java \\. Beware of Java\\'s String.getBytes (lien direct) |
Parfois, il y a des bogues subtils dont l'origine peut être trouvée dans certaines bizarreries du langage sous-jacent utilisé pour construire le logiciel. Ce billet de blog décrit l'un de ces cas afin de permettre aux collègues chercheurs et développeurs de sécurité, qui ne le connaissent pas, prennent conscience de ce modèle vulnérable potentiel. En fait, je suis presque sûr que des bogues similaires à celui décrit ici affectent probablement un tas de produits / bases de code. dans Précédent Posts , i \\ 'a déjà décrit certains bogues dans le système électronique Swiss post \\ de Swiss. Tout en lisant leur Crypto-Primitifs Spécification , qui, parmi les autres choses, décrit l'algorithme de plan de perfectionnement Swiss Swiss,,, parmi d'autres choses remarqué quelque chose de potentiellement intéressant.  Fondamentalement, il existe 4 types différents qui sont pris en charge: des tableaux d'octets, des chaînes, des entiers et des vecteurs. Avant d'être haché, les chaînes sont converties en un tableau d'octets via l'algorithme \\ ' stringToByTearray \'  Cependant, en comparant \\ ' stringToByTearray \' et \\ ' bytearraytostring \', nous pouvons trouver une différence significative: les séquences UTF-8 invalides sont considérées que dans le second. Soit \\ voir comment cela a été mis en œuvre dans le code: Fichier: crypto-primitive-master / src / main / java / ch / post / it / evoting / cryptoprimitive / interne / utils / conversioninternal.java |
Vulnerability | ★★★ | |
|
2023-02-14 14:58:31 | Trouver des vulnérabilités dans le futur système de vote électronique Swiss Post \\ Finding vulnerabilities in Swiss Post\\'s future e-voting system - Part 1 (lien direct) |
In September \'21, I came across this story "Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System" while catching up with the security news. The headline certainly caught my attention as it looked like an outlier from the regular bug bounty programs or well-known exploit contests, not only for the announced rewards but mainly because of the target. So essentially Swiss Post, the national postal service of Switzerland, was opening to the general public a bug bounty program, using the YesWeHack platform, intended to uncover vulnerabilities in its future e-voting system.The first part of this blog post series will detail the approach used to analyze the Swiss Post e-voting system, as well as the first round of vulnerabilities that I reported during September/October \'21.IndexIntroductionApproachAttack SurfaceVulnerabilities 1. Insecure USB file handling during \'importOperation\' 2. Insecure \'ReturnCodeGenerationInput\' signature generation allows vote manipulation 3. Lack of consistency check allows an adversary to forge the verificationCardId in SecureLog entries 4. Improper parsing of the request body when validating signatures for secure requestsIntroductionE-voting systems immediately raise concerns in a significant part of the security community. Not in vain, we are talking about systems that should be considered a critical infrastructure, as they are intended to support a democratic election process. Therefore, this kind of systems should provide the same guarantees regarding confidentiality, integrity and availability that current, let\'s oversimplify and say \'analog\', election processes provide. However, security people usually don\'t trust computers and everyday we see examples that certainly do not facilitate changing your mind on this aspect. That said, we implicitly trust the outcome of safety-critical computer operations happening everyday in our life: from the state estimator that guarantees we have a stable power-grid, the train control systems providing a safe commute, or the avionics systems that keep you alive while flying. It doesn\'t mean those systems can\'t be hacked but supposedly they are being supported to keep up with the attacks they may face, while still successfully performing the tasks modern societies rely on. I know, it\'s not a perfect scenario but it\'s what it is.Although e-voting may not be suitable for every country, Switzerland seems to have a long tradition on referendums, and actually, they have been already using e-voting for many years. However, when the Swiss Post e-voting platform was published, back in 2019, it faced some public scrutiny, mostly from the academic community. As a result, some significant issues were uncovered, so eventually Swiss Post decided to suspend the deployment of the system. The first version had been developed by | Vulnerability Threat | ★★★ | |
|
2023-02-14 12:57:29 | Trouver des vulnérabilités dans le futur système de vote électronique Swiss Post \\ - Partie 2 Finding vulnerabilities in Swiss Post\\'s future e-voting system - Part 2 (lien direct) |
Earlier this year I published the Part I of this series of blog posts on vulnerabilities in Swiss Post\'s future e-voting system. That publication comprehensively explains the context, methodology and attack surface for the Swiss Post e-voting system, so it is highly recommended to go through it before reading this post, if you\'re really interested in getting the whole picture.This second round of bugs (reported during December \'21 and January \'22 ) includes multiple cryptographic vulnerabilities and a deserialization issue. For me, the most interesting issue is \'#YWH-PGM2323-65\', not only because it would have prevented ballot boxes from being decrypted during the tally phase, but also due to the potential design weaknesses that I\'m coming across as a result of its analysis. Let\'s briefly discuss the reported issues before going into detail:IDTitleReward (€)Attack Surface Areas*CVSS#YWH-PGM2323-53Multiple unchecked length values during SafeStreamDeserialization may crash Control Components35003 & 4 | Ransomware Vulnerability | ★★★ | |
|
2023-02-10 11:06:16 | Terminaux de Satcom attaqués en Europe: une analyse plausible. SATCOM terminals under attack in Europe: a plausible analysis. (lien direct) |
------Update 03/12/2022Reuters has published new information on this incident, which initially matches the proposed scenario. You can find the update at the bottom of this post.------February 24th: at the same time Russia initiated a full-scale attack on Ukraine, tens of thousands of KA-SAT SATCOM terminals suddenly stopped working in several european countries: Germany, Ukraine, Greece, Hungary, Poland...Germany\'s Enercon moved forward and acknowledged that approximately 5800 of its wind turbines, presumably those remotely operated via a SATCOM link in central Europe, had lost contact with their SCADA server. In the affected countries, a significant part of the customers of Eutelsat\'s domestic broadband service were also unable to access Internet. From the very beginning Eutelsat and its parent company Viasat, stated that the issue was being investigated as a cyberattack. Since then, details have been scarcely provided but few days ago I came across a really interesting video in the following tweet.In the video, the Commander General Michel Friedling confirms that the incident was originated by a cyberattack. However, he also provides a key detail that has the potential to turn a boring DDoS scenario, as some initially pointed out, into something much more interesting: "the terminals have been damaged, made inoperable and probably cannot be repaired" Based on the information publicly available and my experience researching into SATCOM terminals I\'ll try to present a plausible explanation for such a destructive attack. IntroductionPlease note that this is merely a speculative exercise, although backed by a realistic technical reasoning...anyway probably I\'m totally wrong.Back in 2014 and then in 2018 I presented at BlackHat USA two different papers mainly focused on evaluating the security posture of multiple SATCOM terminals, by uncovering a plethora of vulnerabilities and real-world scenarios across different sectors. Within these papers the reader can find an introduction to the SATCOM architecture, threat scenarios and some technical terms that will be used during this blog post.2014 - A Wake-Up call for SATCOM Security |
Vulnerability Threat Technical Commercial | ★★★★ | |
|
2022-06-08 17:36:48 | Attaques de désanonymisation contre les services de proton De-Anonymization attacks against Proton services (lien direct) |
En novembre 2021 Yeswehack m'a invité à participer à un programme privé Bounty organisé par bodke Suisse au nom de Proton Ag. La portée du programme était assez intéressante et hétérogène, car elle couvrait la plupart des applications et services offerts par Proton, tels que ProtonMail et ProtonVPN. En conséquence, plusieurs technologies et bases de code étaient dans la portée, allant de TypeScript, dans la partie open source de ProtonMail, à .NET / SWIFT utilisé par les applications protonvpn pour Windows et MacOS respectivement. | Vulnerability Threat Legislation Industrial Technical | ★★★ | |
|
2022-04-21 12:59:05 | Le gars avec des outils rudimentaires qui ont excité des choses The guy with rudimentary tools who hyped things (lien direct) |
I\'ve just released a new research that describes in detail the reverse engineering methodology and vulnerabilities found in a DAL-A, safety-critical, certified avionics component: Collins\' Pro Line Fusion - AFD-3700, a LynxOS-178 based system deployed in both commercial and military aircraft. At the time of writing this I don\'t know exactly what will happen after the disclosure. However, this time, I certainly know what will not happen. I understand this statement does sound a little bit cryptic, so you should keep reading to understand the context; from where this situation is coming and why this point has been reached. Right, the title is probably more suited for a cheap sequel of Stieg Larsson\'s "Millenium" trilogy rather than for the usual technical contents I publish over here, so for the fans of that saga I would kindly ask you to forgive the liberty of giving myself that license. You\'ll understand that title afterwards.This post contains traces of a \'plot\' spanning several years now. As a compulsive fiction reader I didn\'t want to miss this opportunity to follow a dramatic structure, thus having a little bit of fun out of situation that, for me, has been everything but fun. That said, I\'ve learnt a lot along the way, which is probably the only thing that paid off.In this story there are no evil or good characters, I guess it\'s just people doing their job the best they can. Obviously there has to be some kind of conflict, which emerges from the fact that the nature of their jobs, although theoretically pursuing the same objectives, usually makes them clash. There is also an escalation on the action over the years, some plot twists included, until reaching a high tension moment that determines how the conflict will be resolved. The resolution is yet to be written...As one would have expected I\'ll write this story from my perspective, others may have a different one. Let\'s start.Index1. 20182. 20193. 20204. 20215. 20226. Paper7. Personal Statement2018.During a flight to Copenhagen, aboard a Norwegian Boeing 737, I noticed something weird in the In-Flight WiFi, which was provided by a satellite network. Once at the hotel I found out it was possible to reach, over the internet through a misconfigured SATCOM infrastructure, tens of in-flight aircraft from different airlines. We coordinated |
Hack Tool Vulnerability Threat Studies Industrial Conference Technical Commercial | ★★★ | |
|
2022-04-05 20:09:00 | Incident du Viasat: de la spéculation aux détails techniques. VIASAT incident: from speculation to technical details. (lien direct) |
34 days after the incident, yesterday Viasat published a statement providing some technical details about the attack that affected tens of thousands of its SATCOM terminals. Also yesterday, I eventually had access to two Surfbeam2 modems: one was targeted during the attack and the other was in a working condition. Thank you so much to the person who disinterestedly donated the attacked modem. I\'ve been closely covering this issue since the beginning, providing a plausible theory based on the information that was available at that time, and my experience in this field. Actually, it seems that this theory was pretty close to what really happened. Fortunately, now we can move from just pure speculation into something more tangible, so I dumped the flash memory for both modems (Spansion S29GL256P90TFCR2) and the differences were pretty clear. In the following picture you can see \'attacked1.bin\', which belongs to the targeted modem and \'fw_fixed.bin\', coming from the modem in working conditions. A destructive pattern, that corrupted the flash memory rendering the SATCOM modems inoperable, can be observed on the left, confirming what Viasat stated yesterday. After verifying the destructive attack, I\'m now statically analyzing the firmware extracted from the \'clean\' modem. Firmware version is 3.7.3.10.9, which seems to date back to late 2017.Besides talking about a \'management network\' and \'legitimate management commands\', Viasat did not provide any specific details about this. In my previous blog post I introduced the |
Malware Vulnerability Threat Technical | ★★★ |
1
We have: 13 articles.
We have: 13 articles.
To see everything:
Our RSS (filtrered)
