How to get an SSL certificate for other people’s domains, how to decrypt HTTPS traffic with some javascript & the latest storage reliability report.

Plus great questions & a rocking round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Keeping Positive: Obtaining wildcard SSL certificates for arbitrary domains

I recently decided to investigate the security of various certificate authority’s online certificate issuing systems. These online issuers allow certificate authorities to verify that someone owns a specific domain, such as thehackerblog.com and get a signed certificate so they can enable SSL/TLS on their domain.

When I started out hunting for possible vulnerabilities, my initial strategy was to look for the cheapest, most 90’s-looking, poorly designed certificate authority websites. Since the compromise of any certificate authority allows an attacker to bypass all the protections of SSL/TLS it doesn’t even have to be a popular provider because they all have the same power. After doing a bit of searching I realized it would be advantageous to do testing against authorities that had free SSL certificates, since doing tests against these wouldn’t cost me any money. I passed on Let’s Encrypt because I figured it had already been thoroughly audited, the second site I saw was a 30 day free trial from Positive SSL (a company owned by Comodo).

Upon entering your CSR and selecting the software you used to generate it, you then select the email address for domain validation (from the website’s WHOIS) and arrive on a “Corporate Details” page. This is the vulnerable portion of the application, where you fill out your company/personal information getting to the email validation portion

When I first went through this process I mindlessly filled out junk HTML for all of these fields. The service then sent a verification email to the email address on the website’s WHOIS info. Once I received the email, I noticed the HTML was not being properly escaped and the markup I had entered before was being evaluated. This is really bad because the email also contained a verification code which could be used to obtain an SSL/TLS certificate for my website. This means if I had a way to leak a victim’s token, I could obtain a valid certificate for their site, so that I could intercept traffic to that site seamlessly without users knowing I was doing so

• Normally, the email provides the user with a link and the code to validate the certificate. However, because an attacker can fill out the form fields with HTML, they can change the message in the email, instead requiring you to click a link within the next 24 hours to REJECT this bogus certificate
• So, in the field he wrote some HTML that included an form tag and a textarea tag that was never closed
• This resulted in everything that appears after that field in the email, being swallowed by the text area, rather than the body of the email.
• Then a later form field adds a button, “click here to reject this request”. When the user clicks the button, it submits the contents of the HTML textarea (including the verification code) to the attacker’s website, giving them the code, allowing them to approve the certificate for YOUR domain

Form submissions are a great way to leak secrets like this because they work in many different mail clients. Even the iPhone’s Mail app supports this functionality

Once I’ve leaked the code from the victim in this way, I can then log into the account I created during the certificate request process and download the SSL/TLS certificate

One other important thing to note is that resellers of Comodo’s certificates were also affected as well. This risk is amplified because resellers can have a customized HTML header and footer for the verification emails that get sent out. This means that it would be possible for a third party vendor to have a dangling tag in the header combined with a single quote in the footer which would side-channel leak the verification code in the email body (similar to the attack above, but automatic with no user interaction). This style of dangling mark-up injection wasn’t possible in the previously proof-of-concept but is possible for resellers.

• Timeline:
• June 4th, 2016 – Emailed security@comodo.com and reached out on Twitter to @Comodo_SSL.
  • June 6th, 2016 – Robin from Comodo confirms this is the correct contact to report security issues, provides PGP key.
  • June 6th, 2016 – Emailed Comodo the vulnerability PGP-encrypted and sent my PGP public key.
  • June 7th, 2016 – Robin from Comodo confirms they understand the bug and state they will work on a fix as soon as possible.
  • June 20th, 2016 – Emailed Comodo for status update.
  • July 1st, 2016 – Outline timeline for responsible disclosure date (90 days from report date per industry standards).
  • July 25th, 2016 – Robin from Comodo confirms a fix has be put in place.

Normally, the name of the game when it comes to finding a way to mint arbitrary SSL/TLS certificates is to find the smallest, cheapest, and oldest certificate provider you can. Comodo is the exact opposite of this, they have a 40.6% marketshare and are the largest minter of certificates on the internet. Basically, they are the largest provider of SSL/TLS certificates and yet they still suffer from security issues which would be (hopefully) caught on a regular penetration testing engagement. This paints a grim picture for the certificate authority system. If the top providers can’t secure their systems, how could the smaller providers possibly be expected to do so? It’s a hard game to play since the odds are heavily stacked in the attacker’s favor with tons of certificate authorities all with the power to mint arbitrary certificates. A single CA compromise and the entire system falls apart.

Luckily, we have some defences against this with newer web technologies such as Public Key Pinning which offers protection against attackers using forged certificates. This is a fairly powerful mitigation against an attacker with a forged certificate. However, the support is iffy with a lack of support in Internet Explorer, Edge, Safari, and Safari on iOS.

Many people like to speak of a certificate authority hack as if it was something only a nation state could accomplish, but just a day’s worth of searching led me to this issue and I don’t doubt that many providers suffer from much more severe vulnerabilities. What happens when your attacker doesn’t care about ethical boundaries and is willing to do much more in-depth testing? After all, this is Comodo, the largest provider. What about the smaller certificate providers? Do they really stand a chance?

HEIST: New attack allows stealing sensitive information web HTTPS encrypted pages

• HEIST: HTTP Encrypted Information can be Stolen through TCP-windows
• This new attack exploits how HTTPS responses are delivered over TCP, and how compression is used, and the new Javascript API

The exploit is notable because it doesn’t require a man-in-the-middle position. Instead, an end user need only encounter an innocuous-looking JavaScript file hidden in an Web advertisement or hosted directly on a webpage. The malicious code can then query a variety of pages protected by the secure sockets layer or transport layer security protocols and measure the precise file sizes of the encrypted data they transmit.

Once attackers know the size of an encrypted response, they are free to use one of two previously devised exploits to ferret out the plaintext contained inside it. Both the BREACH and the CRIME exploits are able to decrypt payloads by manipulating the file compression that sites use to make pages load more quickly.

• “HEIST makes a number of attacks much easier to execute,” Tom Van Goethem, one of the researchers who devised the technique, told Ars. “Before, the attacker needed to be in a Man-in-the-Middle position to perform attacks such as CRIME and BREACH. Now, by simply visiting a website owned by a malicious party, you are placing your online security at risk.”
• Rather than having to visit a malicious website, all that is required is that you end up being served a malicious advertisement, on any website

Using HEIST in combination with BREACH allows attackers to pluck out and decrypt e-mail addresses, social security numbers, and other small pieces of data included in an encrypted response. BREACH achieves this feat by including intelligent guesses—say, @gmail.com, in the case of an e-mail address—in an HTTPS request that gets echoed in the response. Because the compression used by just about every website works by eliminating repetitions of text strings, correct guesses result in no appreciable increase in data size while incorrect guesses cause the response to grow larger.

To determine the size of an HTTPS-protected response, the attacker uses an oracle technique that returns what amounts to a yes-or-no response to each guess. When a request containing “value=” results in the same data size, the attacker knows that string is inside the encrypted response and then tries to modify the guess to include the next character, say “value=0”. If that guess results in a larger file size, the attacker knows it’s wrong and will try “value=1”, “value=2”, and so on until the new guess similarly results in a response that shows no increase in file size. The attacker then tries to guess the next character and repeats the process until the entire token has been recovered.

Until now, this BREACH-style exploit required the attacker to be able to actively manipulate the traffic passing between the Web server and end user. A HEIST-enabled BREACH exploit removes that limitation. It does this by using TCP characteristics as a quasi cryptographic side channel to measure the size of an HTTPS response. TCP divides large transmissions into smaller fixed-sized chunks called frames and further groups frames inside what are called TCP windows, which are sent one at a time. TCP sends a new window only after receiving confirmation that frames from the previous window were received by the end user.

HEIST is able to count the number of frames and windows sent by interacting with a set of newly approved APIs, one called Resource Timing and another called Fetch. In the process, they allow a piece of JavaScript to determine the exact size of an HTTPS response.

Van Goethem said the only mitigation he knows of is to disable the third-party cookies, since responses sent by the HTTPS site are no longer associated with the victim. At the moment, most Web browsers by default enable the receipt of third-party cookies, and some online services don’t work unless third-party cookies are allowed.

Wednesday’s demo will show how a malicious ad displayed on The New York Times website is able to painstakingly measure the size of an encrypted response sent by a fictitious third-party site they dubbed targetwebsite.com (see the image below). It will go on to show how that information can be used to infer the characters contained in a security token designed to prevent cross-site request forgery attacks

• And, we are not protected by the next generation HTTP protocol either

HEIST is also effective against HTTP/2, the drop-in replacement for the older HTTP standard that encrypts all Web traffic. In some cases, HEIST can abuse new features of HTTP/2 to increase the damaging effects.

• If we know that HTTP/2 is used, we can let the browser simultaneously request the targeted resource, and another resource that contains reflected content,” Vanhoef and Van Goethem wrote in a research paper.

Since HTTP/2 is used, both requests are sent in parallel to the server, and the server replies to them in parallel as well.

It’s too early to know if HEIST combined with BREACH will be exploited against real people visiting real HTTPS-protected websites. While there’s no indication that BREACH has ever been exploited in the wild, the new convenience offered by HEIST may change that.

• Blackhat Slides
• Research Paper

Backblaze: 2016 Q2 hard drive failure rates

• Backblaze has published their latest numbers on drive failures
• This is the first report to feature the newer 8TB drives
• As before, the HGST drives are doing very well, although some models seem to be doing better than others. The Seagate drives are on spec, and the Western Digital drives are not doing so well. Although there is relatively few WD drives, not because of the high failure rate, but as explained in the 2016Q1 report, just difficulty acquiring large numbers of them
• Almost half of all drives in BackBlaze are the Seagate 4TB desktop model
• I think it would help for BackBlaze’s formula to consider the age of the drive. Of course the failure rate of older drives will increase over time. It would be interesting to see a graph of the failure rate vs drive age
• The Seagate 4TB drives seem to be doing as expected. I feel confident in my decision to purchase these exact drives for my own use
• Backblaze explains their formula, and reminders readers to consider the formula when looking at the numbers. A single drive failure in a new set of Toshiba 5TB drives gives a result of a nearly 9% failure rate, but obviously the sample set is too small
• There is also an interesting discussion of their migration process, moving data from 64+ month old hard drives to new larger drives
• Further down, they also provide a breakdown of their failure statistics from 2013 through 2016, which makes for much more interesting reading
• In general, most of the drives seem to perform as expected, with a 1 – 3 % annual failure rate
• Of course, BackBlaze does not buy the fancier Enterprise drives. Hopefully someone else will produce a similar report using Enterprise drives, so we can see if they are worth the extra money.

The 4TB Seagate drives are our workhorse drives today and their 2.8% annualized failure rate is more than acceptable for us. Their low failure rate roughly translates to an average of one drive failure per Storage Pod per year. Over the next few months expect more on our migrations, a look at the day in the life of a data center tech, and an update of the “bathtub” curve, i.e. hard drive failure over time

• If you would like to do your own thing with the data, here it is

Feedback:

• Any way to guess or estimate how many drives would be needed? // Slexy 2.0

• how secure are long unique links?

• Google’s Unguessable URLs – Schneier on Security

• Redirecting domain requests, mail and linking droplets

  • DNS Made Easy for dns or backup mx

• Hosting your own email – follow up to Feedback Episode 277

Round Up:

• Networking hardware vendor TP-Link today admitted violating US radio frequency rules by selling routers that could operate at power levels higher than their approved limits. In a settlement with the Federal Communications Commission, TP-Link agreed to pay a $200,000 fine, comply with the rules going forward, and to let customers install open source firmware on routers
• FireFox 48 finally ships, with multiprocess support. For the next few days, only a fraction of a percent of Firefox 48 users will have Electrolysis turned on by default. If this mini-rollout goes well, the multiprocess feature will be rolled out to about half of all Firefox 48 users
• Malvertising Campaign Infected Thousands of Users per Day for More than a Year
• EFF Files lawsuit challenging DMCA provisions that place restrictions on security researchers
• Iranian hackers compromise Telegram’s secure messaging
• FireEye releases: Overload: Critical lessons from 15 years of ICS vulnerabilities
• QRLJacking attack can bypass any QR login system
• Something I have been saying for years, FTC says frequent forced password changes are the enemy of security Allan’s post from 2009 came to the same conclusion
• Japanese Olympic Gymnist racks up $5000 mobile data bill playing Pokemon go in Brazil
• Deanonymizing Windows users and stealing Microsoft and VPN accounts
• SwiftKey was accidently sharing your autocorrect suggestions with other people, leaking email contents, search history, and more

The post Dangerous Dangling Quotes | TechSNAP 278 first appeared on Jupiter Broadcasting.

Lenovo & HP are caught injecting malware even after you format the drive, Ubiquiti Networks is socially engineered out of 46 million & are we entering the era of Security Research Prohibition? We debate.

Plus a great batch of your questions, our answers, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Lenovo and HP caught injecting Malware even after your wipe the machine

• A user on the Ars Technica forums discovered the malware being installed on his freshly re-formatted computer
• How is that possible, the entire disk was erased…
• Well, it turns out Microsoft has a solution for that, the “Windows Platform Binary Table
• Details on Microsoft’s “Windows Platform Binary Table”
• An area in the bios where you can stick some files, and they will be run with ‘SYSTEM’ privileges, after Windows (8+) starts
• They have access to the file system, even if the disk is encrypted with bitlocker, because the code is run after the file system is mounted
• “Microsoft’s Windows Platform Binary Table WPBT feature allows PC manufacturers and corporate IT to inject drivers, programs and other files into the Windows operating system from the motherboard firmware. The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run. Said executable will take care of the job of installing files before the operating system starts.”
• “During operating system initialization, Windows will read the WPBT to obtain the physical memory location of the platform binary,” Microsoft’s documentation states. “The binary is required to be a native, user-mode application that is executed by the Windows Session Manager during operating system initialization. Windows will write the flat image to disk, and the Session Manager will launch the process.”
• “The LSE (Lenovo Service Engine) makes sure C:\Windows\system32\autochk.exe is Lenovo’s variant of the autochk.exe file; if Microsoft’s official version is there, it is moved out of the way and replaced. The executable is run during startup, and is supposed to check the computer’s file system to make sure it’s free of any corruption.”
• “Lenovo’s variant of this system file ensures LenovoUpdate.exe and LenovoCheck.exe are present in the operating system’s system32 directory, and if not, it will copy the executables into that directory during boot up. So if you uninstall or delete these programs, the LSE in the firmware will bring them back during the next power-on or reboot.”
• In the Microsoft documentation, they try to make it clear:
• “The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration … Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions.”
• Which is funny, because the entire WPBT feature, “exposes Windows users to exploitable conditions”
• “Secure as possible? Not in this case: security researcher Roel Schouwenberg found and reported a buffer-overflow vulnerability in the LSE that can be exploited to gain administrator-level privileges.”
• “After Lenovo learned of this bug in April, it dawned on the company that its LSE was falling foul of Microsoft’s security guidelines for using the powerful WPBT feature. Two months later, in June, it pulled the whole thing: the LSE software is no longer included in new laptops.”
• Luckily, if you are not running Windows 8 or higher, your computer is not affected
• Note: This has been observed on desktop computers too, not just laptops
• Note Well: This is a “feature” of Windows, so every computer with Windows 8 or higher is actually vulnerable to having malicious code injected, there just might not be any code in your firmware, currently.
• Microsoft say: “If partners intentionally or unintentionally introduce malware or unwanted software though the WPBT, Microsoft may remove such software through the use of anti-malware software. Software that is determined to be malicious may be subject to immediate removal without notice.”
• However, since the file that gets executed only ever exists in memory, Microsoft’s malware scanner won’t find the WPBT binary, only the malware it drops into your system
• Lenovo used Windows anti-theft feature to install persistent crapware
• Lenovo Busted For Stealthily Installing Crapware Via BIOS On Fresh Windows Installs

Ubiquiti Networks loses 46 million in cyber bank heist

• “Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers”
• So, pretend to be the boss, and get a secretary, or the finance department to approve expenses or transfers
• The attack was disclosed as part of the company’s quarterly filings with the SEC
• “This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties,” Ubiquiti wrote. “As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred.”
• “The swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments”
• “Ubiquiti didn’t disclose precisely how it was scammed, but CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “example.com” the thieves might register “examp1e.com” (substituting the letter “L” for the numeral 1) or “example.co,” and send messages from that domain.”
• “The FBI’s advisory on these scams urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.”
• “Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.”
• These won’t be your typical phishing emails for of broken english and bad punctuation
• These will be highly researched scams designed to make you think you are communicating with the real person
• “On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, the BEC attack is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the BEC scam the crooks trick the victim into doing that for them.”
• Even two factor auth can be defeated here, because you are tricking someone into doing the transfer for you

We may be entering the era of Security Research Prohibition

• As if the Oracle nonsense last week was not bad enough, the Wassenaar Arrangement threatens to send us into the dark ages
• “The U.S. implementation of the rules, which govern the export of so-called intrusion software among other things, has been criticized sharply by lawyers, security researchers, and software vendors, who say that the proposed rules are too vague and threaten to chill legitimate security research and other activities.”
• “The rules that we got on May 20 are confusing to say the least. The Commerce Department didn’t have any experience with these kind of rules,” Nate Cardozo, a staff attorney at the EFF, said during a panel on Wassenaar at the Black Hat conference here Thursday. “They are really horrendously vague.”
• “The Bureau of Industry and Security at the Commerce Department proposed the rules in May and opened up a 60-day comment period. Many security researchers and attorneys submitted comments, and the BIS has said it will revise the rules and open them up for public comment again, a somewhat unusual move.“
• “The Wassenaar rules have been compared in many circles to the export controls on encryption software that came into effect in the 1990s in the U.S. There is an important lesson to be drawn from the way the crypto controls were handled.“ “We should learn how much those controls did the opposite of what was intended, which is weakening the security of the Internet as a whole”
• “Because the BIS rules as currently written are so vague about what constitutes intrusion software, things such as Metasploit and other common offensive tools could be regulated. And even sharing information about your own security research with a co-worker in another country could cause issues. Researchers are quite wary of these vagaries and worry that their day-to-day work may be restricted.“

Feedback:

• ICMP Traffic

• LVM -> ZFS follow-up

• Loading FreeBSD on a TP-Link Router with Serial Port
  • FreeBSD Wifi Build

• ZFS checksum errors don’t add up

Round Up:

• Snapdragon 820 is official: A look at its GPU
• Ad publishing networks purposely making sites slower to let ad slot auctions run longer, so they make more money
• Design flaw in Intel processors opens door to rootkits, researcher says
• RowHammer.js – most ingenious hack ever?
• MIT Researchers claim Gallium Nitride chips could cut energy consumption by 20%
• Samsung v-NAND claims 5,500 MB/s read, 1,800 MB/s write, 1,000,000 read IOPS, and 120,000 write IOPS, a 6.4 TB capacity rated for 32 TB/day of writes for 5 years
• US Decides how to retaliate against China’s hacking
• Comparing Expert and non-Expert security practices
• European Central Bank announces it was the victim of an attack
• Microsoft releases patch for actively exploited USB bug. Includes a tool to log when the exploit is attempted against you
• Defcon: How to fake death records – Kill anyone, online
• Defcon: 115 stupid things that have been put online
• Battery Status API could be used to track you online
• Multipath TCP used in Mobile networks in Korea allows devices to reach up to 1 gigabit/sec
• A final word

The post Export Grade Vulnerabilities | TechSNAP 228 first appeared on Jupiter Broadcasting.

Find out how hackers robbed a bank for nearly $6 million dollars over the Internet, the Zappos security breach, the fall of the koobface botnet, and what happened to Megaupload.

Plus we look back at the web’s SOPA protest this week, and see where things stand.

All that, and much more, on this week’s episode of TechSNAP!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes: