A Critical OpenSSH flaw can expose your private keys, a new WiFi spec for IoT devices, that has all the classic issues & Intel’s SkyLake bug.

Plus your feedback, our answers, a rockin’ round up & so much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Critical OpenSSH flaw can expose your private keys and other client memory

• Two major issues have been identified in OpenSSH
• CVE-2016-0777: An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys.
• Vendor contributed code for a feature called Roaming, was added in OpenSSH 5.4, that allowed broken SSH sessions to be resumed. The server side code for this was never activated, only the commercial SSH server supported it.
• However, the Roaming feature is on by default, and due to a but a malicious server can exploit the bug to read memory from the client when it tries to connect to the server
• This includes the ability to steal your SSH private keys
• “The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers.”
• Because OpenSSH checks the host key of the remote server, if you are connecting to trusted servers, there is no risk
• You can disable the feature by adding the following line to your /etc/ssh/ssh_config: UseRoaming no
• The feature can also be disabled on a per-user basis using: ~/.ssh/config
• The patch just disabled this feature by default
• CVE-2016-0778
• A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11.
• Both of these vulnerabilities are fixed in OpenSSH 7.1p2
• It is not clear if the roaming support will be removed entirely
• Researcher Post

Bug in Intel Skylake CPUs means complex workloads can hang the machine

• Intel has confirmed that its Skylake processors suffer from a bug that can cause a system to freeze when performing complex workloads.
• The bug was reportedly discovered and tested by the the community at hardwareluxx.de and passed onto GIMPS (Great Internet Mersenne Prime Search), which conducted further testing. Both groups passed their findings onto Intel.
• Intel states:

“Intel has identified an issue that potentially affects the 6th Gen Intel Core family of products. This issue only occurs under certain complex workload conditions, like those that may be encountered when running applications like Prime95. In those cases, the processor may hang or cause unpredictable system behaviour.”

• Intel has developed a fix, and is working with hardware partners to distribute it via a BIOS update.
• No reason has been given as to why the bug occurs, but it’s confirmed to affect both Linux and Windows-based systems.
• While the bug was discovered using Prime95, it could affect other industries that rely on complex computational workloads, such as scientific and financial institutions.
• Recently, Intel’s Haswell and early Broadwell processors suffered from a TSX (Transactional Synchronization Extensions) bug. Rather than recall the parts, Intel disabled the TSX instructions via a microcode update delivered via new motherboard firmware.
• Additional Coverage

New WiFi spec for IoT devices, WiFi HaLow likely has all the classic issues

• “The new protocol is based on the 802.11ah standard from the IEEE and is being billed as Wi-Fi HaLow by the Wi-Fi Alliance. Wi-Fi HaLow differs from the wireless signal that most current devices uses in a couple of key ways. First, it’s designed as a low-powered protocol and will operate in the range below one gigahertz. Second, the protocol will have a much longer range than traditional Wi-Fi, a feature that will make it attractive for use in applications such as connecting traffic lights and cameras in smart cities.”
• There is also talk of using it for wearables, I suppose as a replacement for bluetooth
• “Wi-Fi HaLow is well suited to meet the unique needs of the Smart Home, Smart City, and industrial markets because of its ability to operate using very low power, penetrate through walls, and operate at significantly longer ranges than Wi-Fi today,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance.
• “But, as with any new protocol or system, Wi-Fi HaLow will carry with it new security considerations to face. And one of the main challenges will be securing all of the various implementations of the protocol. Device manufacturers all implement things in their own way and in their own time, a practice that has led to untold security vulnerabilities and innumerable billable hours for security consultants. Security experts don’t expect Wi-Fi HaLow to be the exception.”
• “While the standard could be good and secure, implementations by different vendors can have weaknesses and security issues. This is common to all protocols,” said Cesar Cerrudo, CTO of IOActive Labs, who has done extensive research on the security of a wide range of smart devices and smart city environments
• Who could possibly be worse at implementing security, than the vendors and government contractors that would be used for a “smart city”
• “Many of the devices that may use the new protocol–which isn’t due for release for a couple of years–are being manufactured by companies that aren’t necessarily accustomed to thinking about threat modeling, potential attacks, and other issues that computer hardware and software makers have had to face for decades. That could lead to simple implementation problems that attackers can take advantage of.”
• This seems to call for a nice clean BSD licensed implementation, although even then, everyone using the same implementation could be just as risky
• Plus, as we have seen, most vendors will ship an old insecure version, rather than the latest, and won’t update the implementation as they iterate their product
• The extended range of HaLow also means that attackers can come from much further away, making it harder to physically protect devices
• “Each new iteration in technology brings with it fresh security and privacy considerations, and the proliferation of connected non-computing devices is no different. The concept of a voice-enabled hub that controls your home’s climate, entertainment, and other systems is now a reality, as is the ability to send an email from your refrigerator. That’s all well and good, until these smart devices start doing really dumb things.”

Feedback:

• Will ZFS work for me?
• HTTP/2 Thoughts?
• UK Government Web Portal Hijacked by Russian Casino Spammers – (I just discovered this)

Round Up:

• US Intelligence director’s personal e-mail, phone hacked
• Seagate announces 10TB helium hard drive, 7 platters, 14 heads
• Why Is Comcast Interrupting My Web-Browsing To Upsell Me On A New Modem?
• Police say they can decrypted Blackberry PGP encrypted emails
• Cisco patches more hard-coded passwords
• Ontario court rules that police “Tower Dumps” violate the Canadian Charter of Rights and Freedoms
• Fixstars Releases 13 TB SSD for Specific Application Workloads
• Apple OS X memory management bug means your porn lives in your video card
• Daily Telegraph Installs Workplace Monitors On Journalists’ Desks