What is webRTC

WebRTC (Web Real Time Communication) is an Application Programming Interface (API) developed by the W3C that is still on development and being standardized by the RTCWEB IETF group. Its main goal is to allow peer-to-peer communication between web browsers. This communication can be used to transfer multiple type of data: files, video or audio.

 

Why it is important

WebRTC is an API that allows you set up a channel of communication between browsers for video and data. It is built directly into browsers (Chrome, Mozilla, Opera, and a few others), so no external plugin or software is needed.

 

How webRTC works

WebRTC has three major components on which it is designed to work.

getUserMedia: This allows browser or the native app gain access to the device’s camera and microphone to capture the video.
RTCPeerConnection: This allows audio-video calls set up in the device.
RTCDataChannel: This allows the browser or the native app to get peer-to-peer communication established between the devices.

It is designed to do multiple tasks but setting up this real time peer-to-peer audio video call is the prime advantage.
Therefore, each device gets its public IP. So, as to detect other devices trying to make a connection, signalling data channels are created which support the device to device communication and hence a session is established.

 

webRTC and support with ios

Many browsers already started support for webRTC long before because they knew the importance and its significance in current functionality. Web and mobile applications are using webRTC to deliver the quality products. After see its future, finally Apple Announces Support for WebRTC in Safari 11. On January 19, Apple checked WebRTC support into the WebKit open-source project upon which Safari is based. This is kind of a big deal because it suggests that WebRTC will eventually make its way into Safari.

But on a mobile device, things aren’t so clean. While you can wrap WebRTC into into your app for iOS, it’s not native. For the other ~ 82% of the world who are using Android, you can build a native web app with WebRTC. Unfortunately iOS has whopping 43% market share in the US and you can’t ignore that. Thus the lack of native WebRTC on iOS has been a show stopper for trying to deploy a browser base communications applications on any mobile platform. The math doesn’t work.

 

why webRTC is popular

There are so many interesting use cases for WebRTC that I do not know where to start:

Hangouts is an application I use every day and it is powered by WebRTC. SnapChat uses it, and WhatsApp plans to incorporate it if they add voice calling service. Bank of America plans to add video chat customer support services, powered by WebRTC, to their ATM machines. PeerCDN uses WebRTC’s DataChannel to exchange files across a huge network of clients. An independent developer even used WebRTC to remotely control a robot’s movement(Icecomm+ Virtual Karl).

Pretty much any application that wants to share data or video between peers can use WebRTC. The reason for this massive adoption is that browser to browser communication is significantly cheaper than going through a server (up to 90% cheaper from Video Banking and the Economics of the Retail Business).

 

Splendornet and webRTC

Splendornet and webRTC are together since ages because we knew its impact on the future world. We have always encouraged web socket based technology because an application should accomplish the task in lesser amount of time even the size of transaction is very big. We have developed web based multi-user video conferencing system with webRTC and it is working quite fine and efficiently. Similarly we used webRTC in mobile based audio-video chat system which gives user an effortless experience.

These are the applications where we have used webRTC and our clients are quite happy and satisfactory with the results.

1. Use getUserMedia with canvas and CSS filters
2. Stream from a video element to a video element
3. Stream from a video element to a peer connection
4. Record a stream from a canvas element
5. Change bandwidth on the fly
6. Multiple peer connections at once
7. Display peer connection states
8. Web Audio output as input to peer connection
9. Peer connection as input to Web Audio
10. RTCDataChannel

Apart from the communication applications, there are many functionality where we use webRTC to make it working with perfection.

Research Team is working to make this place better and safer

 

Once upon a time, an old man walked down a Spanish beach at dawn, he saw ahead of him what he thought to be a dancer. The young man was running across the sand, rhythmically bending down to pick up a stranded starfish and throw it far into the sea.

The old man gazed in wonder as the young soul again and again threw the small starfish from the sand into the water. The old man approached him and asked why he spent so much energy doing what seemed a waste of time. The young man explained that the stranded starfish would die if left until the morning sun. “But there are thousands of miles of beach, and miles and miles of starfish. How can your effort make any difference?” The young man looked down at the small starfish in his hand, and as he threw it to safety in the sea, said, “It makes a difference to this one!”

Our research team is doing same work in ocean of websites. Their efforts are definitely making a difference to one.

Web security is as much essential as web development these days but many web based applications are not taking it seriously. You are not mugged till now it doesn’t mean robbers do not exist. Our security research and analysis team picks random servers from internet and find the vulnerabilities. They act like an ethical hacker and inform them about vulnerabilities.

One of the vulnerability we found in the site asapp.com. asapp is Built by a team of leading scientists, software engineers and designers. We reported them and got reply from their young and dynamic founder and advisor Marcus Westin. First he did not believe but when we showed him proof, he was surprised. He wanted to know how it was possible for us to hack into their system. Our security researchers not only showed him the steps, they also suggested their team to fix the vulnerability.

Another incident was with the site mypokert.com. It is a site to play poker online. When we sent an email about their vulnerable site, they did not believe but two months later we got an email from site owner Kirill about their site is hacked and it was exact same way what we mentioned in mail. But now it was too late. Their data could not be recovered. Hacker dropped the all the databases.

When they asked our help, we provided solutions to make their site more secure and robust on security front.

A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher is making news this week. The vulnerability is billed as the WannaCry equivalent for *nix operating systems, and some are even calling it SambaCry since it affects the SMB protocol implementation and is potentially wormable – which can cause it to spread from system to system.

A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.

Points :

1. CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)3.
2. This vulnerability is the Linux version of WannaCry, appropriately named SambaCry. A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.
3. The flaw allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it with the privileges of smbd (typically root).
4. This flaw affects all versions of Samba from 3.5.0 onwards, except for the most recent releases of Samba 4.6.4, 4.5.10 and 4.4.14.

 

Exploit samba vulnerability

https://github.com/opsxcq/exploit-CVE-2017-7494

 

 

Solution :

Updating SAMBA will fix this vulnerability.

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution

 

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io.

It’s common to see subtitle files (usually a .srt or .sub) included in torrents and other less-than-legal movie downloads, so people tend to simply ignore them. You can load this file into most video players to display subtitles in the chosen language synced to the video. Check Point says that there are roughly 200 million installations of video players vulnerable to this exploit including VLC, Kodi, Popcorn-Time, and Stream.io.

Details can be found here

http://code610.blogspot.in/2017/04/multiple-crashes-in-vlc-224.html

https://www.cvedetails.com/cve/CVE-2017-9301/

 

Solution :  Download Subtitle Hack Fix

Check Point researchers contacted the developers of the affected media players in April 2017. Thankfully, the security patches have been released.

In the case of VLC, the attacker can leverage memory corruption bug. The media player had four vulnerabilities (CVE-2017-8310, CVE-2017-8311, CVE-2017-8312 and CVE-2017-8313) which have been fixed by VideoLan.

A fix for VLC is available as the latest version 2.2.5.1 which is present on the VideoLan’s website. The same is the case of Stremio.

WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the EternalBlue exploit to enter a computer, taking advantage of a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. It installs DoublePulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. It is also being called WanaCrypt0r 2.0.

 

 

Main Functionality

 

The WinMain of this executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. It doesn’t actually download anything there, just tries to connect. If the connection succeeds, the binary exits.

It was probably some kind of kill switch or anti-sandbox technique. Whichever it is, it has backfired on the authors of the worm, as the domain has been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the executable. This only applies to the binary with the hash listed above; there may well be new versions released in the future. The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT), so the worm will still work on any system that requires a proxy to access the Internet, which is the case on the majority of corporate networks.

 

 

After this check passes, the first thing the worm does is check the number of arguments it was launched with. If it was run with less than two arguments passed, it installs a service called mssecsvc2.0 with display name Microsoft Security Center (2.0) Service (where the binary ran is itself with two arguments), starts that service, drops the ransomware binary located in the resources of the worm, and runs it.

If it was run with two arguments or more—in other words, if it was run as a service—execution eventually falls through to the worm function.

 

 

The initialization function called first calls WSAStartup() to initialize networking, then CryptAcquireContext() to initialize the crypto API so it can use a cryptographically-secure pseudo-random number generator. It then calls a function that initializes two buffers used for storing the worm payload DLLs, one x86 and one x64. It copies the payload DLLs from the .data section of the worm and then copies the entire worm binary after it.

 

 

The code of each payload DLL is very small, just getting the resource content (i.e. the worm binary), dropping to disk as C:\WINDOWS\mssecsvc.exe (this path is actually hardcoded) and executing it.

 

 

SMB Vulnerability

 

After initializing the functionality used by the worm, two threads are created. The first thread scans hosts on the LAN. The second thread gets created 128 times and scans hosts on the wider Internet.

The first thread (in charge of scanning LAN) uses GetAdaptersInfo() to get a list of IP ranges on the local network, then creates an array of every IP in those ranges to scan.

 

 

The LAN scanning is multithreaded itself, and there is code to prevent scanning more than 10 IP addresses on the LAN at a time.

 

 

The scanning thread tries to connect to port 445, and if so creates a new thread to try to exploit the system using MS17-010/EternalBlue. If the exploitation attempts take over 10 minutes, then the exploitation thread is stopped.

 

 

The threads that scan the Internet generate a random IP address, using either the OS’s cryptographically secure pseudo-random number generator initialized earlier, or a weaker pseudo-random number generator if the CSPRNG failed to initialize. If connection to port 445 on that random IP address succeeds, the entire /24 range is scanned, and if port 445 is open, exploit attempts are made. This time, exploitation timeout for each IP happens not after 10 minutes but after one hour.

 

In December-2016, attackers were exploiting misconfigured open-source MongoDB databases and holding them for ransom. Bitcoin chart The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. Bitcoin exchange chart 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking control of over 10,000 database instances.

Mongo databases which were not password protected have paid heavy price for this vulnerability. Well it was not a vulnerability. Vulnerability is a quality or state of being exposed to the possibility of being attacked or harmed. It was ignorance and when you ignore serious aspects like security, you have to pay unbearable price.

 

 

Above is a screenshot, which shows how hacker hacked into vulnerable mongo databases. Now after taking control of the database, they are simply removing the existing db and putting a ransom note in the table.


In above example, they removed the database and created a db name warning.

Here is ransom note in collection warning :

Send 0.1 Bitcoin to walletaddress 131qpnP9v2qGKbrAQirCZzunyw5x3dADsB and contact m3lk@sigaint.org to get your databases back.

 

Remedy :

Mongo DB admin must need to implement strong password for their databases as well as if code is on same server, they need to close the port 27017. They do not need an opened port for remote access if code is able to access database locally.

There are many variations of passages of Lorem Ipsum available, but the majority have suffered alteration in some form, by injected humour, or randomised words which don’t look even slightly believable. If you are going to use a passage of Lorem Ipsum, you need to be sure there isn’t anything embarrassing hidden in the middle of text. All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet. It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem Ipsum which looks reasonable. The generated Lorem Ipsum is therefore always free from repetition, injected humour, or non-characteristic words etc.