Vulnerabilities-Web Application Security-WhiteHat HackerKast

#HackerKast 26: Rowhammer, uTorrent bitcoin trojan, Chrome Same Origin Policy Bypass

Hey Everybody! Hard to believe we’ve done 26 of these already. Hope you’re having as much fun watching/listening to these as we are having while making them!

First and most importantly this week we HAD to cover Rowhammer. For those of you who haven’t heard, the latest research to come from some smart folks over at Google is pretty scary. This creative attack has to do with circuits in memory being lined up in specific rows (hence “Rowhammer”). By sending different signals to these circuits, these researchers were able to predictably flip certain adjacent bits which would allow for privilege escalation. Robert goes into way more detail so listen up if you’re interested!

Next, I touched a bit on the recent uTorrent debacle. For those of you who use the popular torrent software, beware of the latest update! It comes with a bit of a surprise piece of software. Where I come from, we call that a trojan. Anyway, this time they included a Bitcoin miner called Epic Scale. This of course would cause your performance on your machine to suffer, along with your electric bill. All the while making uTorrent some cash. Not trivial to uninstall this whole mess either, so needless to say, people are pissed.

Finally we finished up with some more great research, this time having to do with a new Chrome Same Origin Policy bypass. This one was super creative and had similar lines of thought from the Pixel Perfect Timing research from last summer because it utilizes some SVG tricks. The researcher will set up a malicious page, source in an image from an external page, and then via javascript can read the image data by jumping through a few hoops. This could be utilized for login detection, private photo snooping, etc.

We didn’t feel like squeezing FREAK into a HackerKast with other stories, so we’ll give it the time it deserves soon. (I know there is some AppSec junkie somewhere out there wondering why we left it out!)

Thanks for listening! Check us out on iTunes if you want an audio-only version for your phone. Subscribe Here

Join the conversation over on Twitter at #HackerKast

or write us directly @jeremiahg, @rsnake, @mattjay

References:

Rowhammer

Beware, μTorrent is installing a Bitcoin miner software

Chrome SOP Bypass with SVG (CVE-2014-3160

Notable stories this week that didn’t make the cut:

To protect itself from attack, Estonia is finding ways to back up its data

Stop the presses: HTTPS-crippling “FREAK” bug affects Windows after all

Where there’s a will, there’s a way – The Ambassador who worked from a Nairobi bathroom to avoid State Dept. IT

The CIA Campaign To Steal Apple’s Secrets