This month’s smart home cybersecurity news roundup includes the Windows XP source code leak, Zoom’s 2FA support, Twitter’s API keys leak, and the surge in DDoS attacks against the education sector.
Twitter warns browser caching issue might have lead to compromised keys and tokens… again
On the 25th, Twitter announced in an email sent to developers that developer API keys might have been leaked through access to their developer.twitter.com portal.
Twitter said that their developer site told browsers to create and store copies of the API keys, account access tokens, and account secrets inside their browser’s cache file. Although this might not seem like a big deal for developers using their own computers to access the portal, it could be a real problem for developers using shared or public computers.
“Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter.com, they may have been temporarily stored in the browser’s cache on that computer,” read the email from Twitter to developers.
“If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed.”
Image Credit: Ian Dorfman, AlternativeTo
Just this past June, Twitter announced that its business customers had been affected by an improperly configured browser caching issue that caused user billing information to become compromised.
These keys and tokens, meant to be kept private, are similar to passwords. If an access token becomes compromised, it can allow for a hacker to gain access to a person’s account and post on their behalf—without ever actually needing to know that user’s password.
It isn’t known how many, if any, developers were affected by this issue.
Zoom adds 2FA support to all user accounts
On Sept. 10, Zoom announced that it would be adding two-factor authentication (2FA) support to all user accounts in order to better protect against identity theft and security breaches.
2FA allows users to have that second security layer that protects against account compromisation. With Zoom, users can now use SAML, OAuth, and/or password-based authentication to log in to their accounts.
Zoom included detailed instructions on how to enable 2FA in user accounts in their blog announcement.
With the shift to remote learning comes a surge in DDoS attacks
The education sector has seen a rise in DDoS attacks since the shift to remote learning. It’s been reported that cybersecurity companies are seeing an increase in network downtime and buffering or completely paused classes.
Cybersecurity company Check Point says that there was an average weekly increase of 30% during July and August in the academic sector alone—meaning a jump from 468 to 608 compared with May and June.
Image Credit: Check Point
It’s speculated that the surge has been caused by hacktivists and students attempting to use freely distributed tools found online.
It’s also important to note that many other threats have wreaked havoc on the education sector: malware and phishing attempts disguised as legitimate sites and apps such as Zoom, Moodle, or Google Classroom have been commonly seen.
One school district in particular, Fairfax County Public Schools, the 10th largest school division in the U.S., was severely affected to the point of FBI involvement. It was hit with the Maze ransomware which leaked information about students, administrative documents, and an LSASS dump that can be used to extract Windows credentials.
Previously, Clark County School District and Toledo Public Schools were also severely affected by ransomware.
Windows XP source code is now floating freely on the internet
The alleged source code for Windows XP has been leaked online, and now the race is on to patch legacy code users.
The leak was initially spread through a thread on 4chan which also came with leaks for other Microsoft products, including Windows NT 3.5 and original Xbox source code dumps that originally appeared online in May.
The Windows XP SP1 source code leak looks pretty legit
— Greg Linares (@Laughing_Mantis) September 24, 2020
Thanks to @RoninDey for confirming https://t.co/A2Ap1fKX5x
Although Windows XP officially reached its end-of-life date in 2014, this can still have some huge consequences for current Windows users.
“There is a lot of legacy [code] in Windows 10,” said Greg Linares in another Tweet. “This leak will have a direct effect on security on current Windows platforms. How much, how detrimental? Well, that's hard to say. But I will tell you, as a red teamer I'm looking at it, so are the bad guys.”
According to NetMarketShare, PCs running Windows XP account for about 1.26% of PCs generating web traffic around the world. But, there are a large number of systems still in use in industrial sectors that can’t be accurately represented in these metrics which are still connected to the internet and can't be upgraded due to the requirements of the software they're running.
As with any source code leak, new vulnerabilities are expected to be found even in downstream projects. Over the next few months, users can expect to see an increase in the diversity of attacks against modern Windows iterations, likely to be reflected in Windows updates (they'll become more important—users should not put these off).
