Tech News

Capcom has apologised to Street Fighter V players after it was caught installing a backdoor on Windows systems as part of its most recent title update. As with many PC games, Street Fighter V suffers from piracy and cheaters - the platforms perennial problems. Unlike most, however, the latest attempt to fix the problem came in the form of a title update bundling a Windows driver - capcom.sys - which disables selected system security features and provides publisher Capcom with administrator-level privileges to the entire operating system and all its files. The problems began with a security update released on September 22nd containing what Capcom described as an "updated anti-crack solution." In its announcement, the company claimed that that software was not DRM, but was designed such that it "prevents certain users from hacking the executable. The solution also prevents memory address hack [sic] that are commonly used for cheating and illicitly obtaining in-game currency and other entitlements that haven’t been purchased yet." Sadly, the update did significantly more than Capcom promised. In a thread on social networking site reddit, users tore down the code included with a kernel-level Windows driver file bundled with the software and discovered that it disabled the Supervisor Mode Execution Protection (SMEP) functionality of affected systems, forced the game to elevate its privileges and run at administrator level, and provided Capcom with complete and unrestricted access to the entire host system. In short: its a backdoor, and one which actively harms the overall security of players systems. Although the code in the driver disables SMEP only long enough to run a chunk of its own code and then re-enables the functionality, the damage is severe: using the driver, any unprivileged process on the system - including malware - can have its code executed at kernel level without question. Capcom, for its part, has apologised and promised to undo the damage caused. "We are in the process of rolling back the security measures added to the PC version of Street Fighter V," the company claimed in a statement on the matter. "After the rollback process to the PC version, all new content from the September update will still be available to players. We apologise for the inconvenience." Those who wish to ensure their systems security are advised to check for the driver "capcom.sys" even after the update which should remove it is installed.

DE-CIX questions legality of government tapping its system. The worlds largest internet exchange point is suing the German government for tapping its communications systems. DE-CIX runs a number of critical exchange points – most of them in Germany, but with others in France, Spain and the United States – and has sued the German interior ministry over orders from the German security services to allow them to tap its exchange centers. The goal of the lawsuit, filed in federal court in Leipzig, is to reach a "judicial clarification" over whether the German governments actions are legal, the company said (in German), and "in particular, legal certainty for our customers and our company."

Now available on the stable release version, users will have five locations globally to choose when using the VPN which features 256-bit AES encrypted connections. If privacy when surfing the World Wide Web is something you value, then using a virtual private network (VPN) to obscure your surfing patterns is a must. While most VPNs either require a subscription fee or installing additional software on your PC, Operas latest update to its stable desktop browser version adds VPN functionality for free and turning it on is as simple as clicking a button. Powered by Opera subsidiary SurfEasy, the VPN uses a 256-bit AES encrypted connection and does not log your browsing history. Users can choose from five server locations: Canada, Germany, the Netherlands, Singapore and the United States, or let the browser select the most optimal server. The free VPN for its desktop browser follows the companys previous announcement back in April where this feature was made available on the developer version of its browser. The company also introduced a mobile VPN service for both iOS and Android. Other new features in the updated browser include Chromecast support, automatic battery saving for unplugged laptops and support for RSS feeds with the newsreader feature. Opera says the VPN should be fast enough for watching video in HD (thats 1,280x720 pixels) but will also depend on the users location to the VPN server. Opera says this depends on the network situation as well, as most video sites have adaptive streaming protocol built-in. The updated Opera browser can be downloaded here: http://www.opera.com/computer/

Networking giant says there is no workaround for the issue Hackers have targeted some Cisco customers using a new vulnerability found thanks to leaked NSA cyber tools. The tools were released in August by a hacker group dubbed ShadowBrokers and are confirmed to belong to the Equation Group which has strong ties with the NSA. It is the second such vulnerability to be found by Cisco as a result of the data dump made by the hackers; Cisco has already fixed a flaw in the SNMP implementation in its ASA firewalls. Cisco has warned its customers that all versions of its IOS, IOS XE and IOS XR software are vulnerable to one of the many exploits released on August 15. The networking firm has not revealed which of its customers may have already been breached but the issue impacts firewalls, routers and switches made by the firm, enabling hackers to get hold of critical and confidential information from its customers. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests, the firm said in a security advisory blog. But despite stating that its incident response team was aware of exploitation of the vulnerabilities of those customers running affected platforms, Cisco has not yet developed a patch for the flaw and has said no workarounds are available. Instead, it has released IPS signatures and Snort rules to mitigate the risks for its customers. The exploit is called BENIGNCERTAIN and is made up of three binaries, each of which can be exploited to obtain RSA private key data and VPN configuration details if used against Cisco PIX firewalls. Cisco isn’t the only networking company to have exploits revealed. The ShadowBrokers data dump included exploits for Juniper and Fortinet, amongst others. French Caldwell, former Gartner fellow and chief evangelist at GRC apps company MetricStream, warned other spy agencies – particularly the other Five Eyes members that they too are vulnerable to a similar hack. If the NSA was hacked, the chances that they too have been targeted are certainly more than 50-50, he said.

A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is aware of the hackers claims, but has not confirmed nor denied the legitimacy of the data. On Monday, the hacker known as Peace, who has previously sold dumps of Myspace and LinkedIn, listed supposed credentials of Yahoo users on The Real Deal marketplace. Peace told Motherboard that he has been trading the data privately for some time, but only now decided to sell it openly. We are aware of a claim, a Yahoo spokesperson told Motherboard in an email, before the data was made public. The company did not deny that the customer details were Yahoo users, despite being asked if it corresponded to the companys own records. We are committed to protecting the security of our users information and we take any such claim very seriously. Our security team is working to determine the facts. Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.

A zero-day exploit has been discovered in a Unified Extensible Firmware Interface (UEFI) driver, this exploit allows the attacker to remove the write protection that is on the flash memory, giving them open-ended access to run any scripts that they wish on the System Management Mode, which is normally a privileged operating mode for the CPU. The exploit has been dubbed ThinkPwn, a play on words of ThinkPad and Pwned. Once the attacker has used ThinkPwn to open the machine to attack, they can disable Secure Boot which is used to verify the authenticity of an OS bootloader, in order to prevent rootkits at the boot-level. After Secure Boot is disabled, Windows security features can then be accessed and disabled, too. One of those features is Credential Guard, which is used to keep enterprise domain credentials secure, amongst other pieces of data. Lenovo says that the affected code is not in its own UEFI file, but in one provided by an independent BIOS vendor (IBV). The extent of the security concern is not yet known. At the moment, it is only known to affect Lenovo ThinkPad machines, but it is a real possibility that other vendors and PC manufacturers could also be affected. Lenovo itself says the issue could be “industry-wide”. The only slightly positive in all of this is that, in order to attack a machine, you need physical access to it, as the UEFI can only be accessed physically, and would require a USB flash drive. You can read more about the exploit by the researcher who discovered it <a href="http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html">here</a>