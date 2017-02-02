Security News Thursday's security advisories

The design of Chacha20 Chacha20 is a secure, fast, and amazingly simple encryption algorithm. It's author Daniel J. Bernstein explains it well in his Salsa20 and Chacha20 design papers (which I recommend), but did not dwell on details experts already know. Filling the gap took me a while. Quick summary: Chacha20 is ARX-based hash function, keyed, running in counter mode. It embodies the idea that one can use a hash function to encrypt data.

Ransomware completely shuts down Ohio town government [iophk: “Microsoft = lost productivity”] These sorts of attacks are becoming more commonplace and, as mentioned before, can be avoided with good backup practices. Sadly not every computer in every hospital, county office or police department is connected to a nicely journaled and spacious hard drive, so these things will happen more and more. Luckily it improves cryptocurrency popularity as these small office finally give up and buy bitcoin to pay their ransom.

Windows DRM Social Engineering Attacks & TorBrowser HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to it’s proprietary media formats. Despite their prevalence we could not find many tools to misuse these formats. We found only a small number of blog posts [2] on identifying the files being used to spread malware. We observed some interesting behaviours during our analysis which we have shared here. DRM is a licensing technology that attempts to prevent unauthorised distribution and restrictive use of a media file. It works by encrypting the video and audio streams with an encryption key and requesting a license (decryption key) from a network server when the file is accessed. As it requires network connectivity it can cause users to make network requests without consent when opening a media file such as a video file or audio file. WMV is using Microsoft Advanced Systems Format (ASF) to store audio and video as objects. This file format consists of objects that are labelled by GUID and packed together to make a media package. A number of tools such as ffmpeg & ASFView support opening, viewing and browsing these objects. There are three objects with the following GUID’s which are of interest for these attacks.