pfSense – Jupiter Broadcasting

OpenSSH has been updated to version 7.5p1.
OpenSSL has been updated to version 1.0.2o.
The clang, llvm, lldb and compiler-rt utilities have been updated to version 6.0.0.
The libarchive(3) library has been updated to version 3.3.2.
The libxo(3) library has been updated to version 0.9.0.
Major Device driver updates to:

cxgbe(4) – Chelsio 10/25/40/50/100 gigabit NICs – version 1.16.63.0 supports T4, T5 and T6
ixl(4) – Intel 10 and 40 gigabit NICs, updated to version 1.9.9-k
ng_pppoe(4) – driver has been updated to add support for user-supplied Host-Uniq tags

New drivers:
+ drm-next-kmod driver supporting integrated Intel graphics with the i915 driver.

mlx5io(4) – a new IOCTL interface for Mellanox ConnectX-4 and ConnectX-5 10/20/25/40/50/56/100 gigabit NICs
ocs_fc(4) – Emulex Fibre Channel 8/16/32 gigabit Host Adapters
smartpqi(4) – HP Gen10 Smart Array Controller Family

The newsyslog(8) utility has been updated to support RFC5424-compliant messages when rotating system logs
The diskinfo(8) utility has been updated to include two new flags, -s which displays the disk identity (usually the serial number), and -p which displays the physical path to the disk in a storage controller.
The top(1) utility has been updated to allow filtering on multiple user names when the -U flag is used
The umount(8) utility has been updated to include a new flag, -N, which is used to forcefully unmount an NFS mounted filesystem.
The ps(1) utility has been updated to display if a process is running with capsicum(4) capability mode, indicated by the flag ‘C’
The service(8) utility has been updated to include a new flag, -j, which is used to interact with services running within a jail(8). The argument to -j can be either the name or numeric jail ID
The mlx5tool(8) utility has been added, which is used to manage Connect-X 4 and Connect-X 5 devices supported by mlx5io(4).
The ifconfig(8) utility has been updated to include a random option, which when used with the ether option, generates a random MAC address for an interface.
The dwatch(1) utility has been introduced
The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager.
The etdump(1) utility has been added, which is used to view El Torito boot catalog information.
The linux(4) ABI compatibility layer has been updated to include support for musl consumers.
The fdescfs(5) filesystem has been updated to support Linux®-specific fd(4) /dev/fd and /proc/self/fd behavior
Support for virtio_console(4) has been added to bhyve(4).
The length of GELI passphrases entered when booting a system with encrypted disks is now hidden by default. See the configuration options in geli(8) to restore the previous behavior.

In addition to the usual CD/DVD ISO, Memstick, and prebuilt VM images (raw, qcow2, vhd, and vmdk), FreeBSD 11.2 is also available on:
- Amazon EC2
- Google Compute Engine
- Hashicorp/Atlas Vagrant
- Microsoft Azure
In addition to a generic ARM64 image for devices like the Pine64 and Raspberry Pi 3, specific images are provided for:
- GUMSTIX
- BANANAPI
- BEAGLEBONE
- CUBIEBOARD
- CUBIEBOARD2
- CUBOX-HUMMINGBOARD
- RASPBERRY PI 2
- PANDABOARD
- WANDBOARD
Full Release Notes

###Setting up an MTA Behind Tor

This article will document how to set up OpenSMTPD behind a fully Tor-ified network. Given that Tor’s DNS resolver code does not support MX record lookups, care must be taken for setting up an MTA behind a fully Tor-ified network. OpenSMTPD was chosen because it was easy to modify to force it to fall back to A/AAAA lookups when MX lookups failed with a DNS result code of NOTIMP (4).

Note that as of 08 May 2018, the OpenSMTPD project is planning a configuration file language change. The proposed change has not landed. Once it does, this article will be updated to reflect both the old language and new.

The reason to use an MTA behing a fully Tor-ified network is to be able to support email behind the .onion TLD. This setup will only allow us to send and receive email to and from the .onion TLD.

Requirements:
A fully Tor-ified network
HardenedBSD as the operating system
A server (or VM) running HardenedBSD behind the fully Tor-ified network.
/usr/ports is empty
Or is already pre-populated with the HardenedBSD Ports tree
Why use HardenedBSD? We get all the features of FreeBSD (ZFS, DTrace, bhyve, and jails) with enhanced security through exploit mitigations and system hardening. Tor has a very unique threat landscape and using a hardened ecosystem is crucial to mitigating risks and threats.

Also note that this article reflects how I’ve set up my MTA. I’ve included configuration files verbatim. You will need to replace the text that refers to my .onion domain with yours.

On 08 May 2018, HardenedBSD’s version of OpenSMTPD just gained support for running an MTA behind Tor. The package repositories do not yet contain the patch, so we will compile OpenSMTPD from ports.

Steps
Installation
Generating Cryptographic Key Material
Tor Configuration
OpenSMTPD Configuration
Dovecot Configuration
Testing your configuration
Optional: Webmail Access

iXsystems
https://www.forbes.com/sites/forbestechcouncil/2018/06/21/strings-attached-knowing-when-and-when-not-to-accept-vc-funding/#30f9f18f46ec
https://www.ixsystems.com/blog/self-2018-recap/

###Running pfSense on a Digital Ocean Droplet

I love pfSense (and opnSense, no discrimination here). I use it for just about anything, from homelab to large scale deployments and I’ll give out on any fancy for a pfSense setup on a decent hardware.

I also love DigitalOcean, if you ever used them, you know why, if you never did, head over and try, you’ll understand why.
JupiterBroadcasting.com, the best technology content out there, they have coupon codes to get you started with DO>.

Unfortunately, while DO offers tremendous amount of useful distros and applications, pfSense isn’t one of them. But, where there’s a will, there’s a way, and here’s how to get pfSense up and running on DO so you can have it as the gatekeeper to your kingdom.

Start by creating a FreeBSD droplet, choose your droplet size (for modest setups, I find the 5$ to be quite awesome):

There are many useful things you can do with pfSense on your droplet, from OpenVPN, squid, firewalling, fancy routing, url filtering, dns black listing and much much more.

One note though, before we wrap up:

You have two ways to initiate the initial setup wizard of the web-configurator:
Spin up another droplet, log into it and browse your way to the INTERNAL ip address of the internal NIC you’ve set up. This is the long and tedious way, but it’s also somewhat safer as it eliminates the small window of risk the second method poses.
or
Once your WAN address is all setup, your pfSense is ready to accept https connection to start the initial web-configurator setup.
Thing is, there’s a default, well known set of credential to this initial wizard (admin:pfsense), so, there is a slight window of opportunity that someone can swoop in (assuming they know you’ve installed pfsense + your wan IP address + the exact time window between setting up the WAN interface and completing the wizard) and do .

I leave it up to you which of the path you’d like to go, either way, once you’re done with the web-configurator wizard, you’ll have a shiny new pfSense installation at your disposal running on your favorite VPS.

Hopefully this was helpful for someone, I hope to get a similar post soon detailing how to get FreeNAS up and running on DO.
Many thanks to Tubsta and his blogpost as well as to Allan Jude, Kris Moore and Benedict Reuschling for their AWESOME and inspiring podcast, BSD Now.

##News Roundup
###One year of C

It’s now nearly a year that I started writing non-trivial amounts of C code again (the first sokol_gfx.h commit was on the 14-Jul-2017), so I guess it’s time for a little retrospective.

In the beginning it was more of an experiment: I wanted to see how much I would miss some of the more useful C++ features (for instance namespaces, function overloading, ‘simple’ template code for containers, …), and whether it is possible to write non-trivial codebases in C without going mad.

Here are all the github projects I wrote in C:

sokol: a slowly growing set of platform-abstraction headers
sokol-samples – examples for Sokol
chips – 8-bit chip emulators
chips-test – tests and examples for the chip- emulators, including some complete home computer emulators (minus sound)

All in all these are around 32k lines of code (not including 3rd party code like flextGL and HandmadeMath). I think I wrote more C code in the recent 10 months than any other language.

So one thing seems to be clear: yes, it’s possible to write a non-trivial amount of C code that does something useful without going mad (and it’s even quite enjoyable I might add).

Here’s a few things I learned:
Pick the right language for a problem
C is a perfect match for WebAssembly
C99 is a huge improvement over C89
The dangers of pointers and explicit memory management are overrated
Less Boilerplate Code
Less Language Feature ‘Anxiety’
Conclusion

All in all my “C experiment” is a success. For a lot of problems, picking C over C++ may be the better choice since C is a much simpler language (btw, did you notice how there are hardly any books, conferences or discussions about C despite being a fairly popular language? Apart from the neverending bickering about undefined behaviour from the compiler people of course There simply isn’t much to discuss about a language that can be learned in an afternoon.

I don’t like some of the old POSIX or Linux APIs as much as the next guy (e.g. ioctl(), the socket API or some of the CRT library functions), but that’s an API design problem, not a language problem. It’s possible to build friendly C APIs with a bit of care and thinking, especially when C99’s designated initialization can be used (C++ should really make sure that the full C99 language can be used from inside C++ instead of continuing to wander off into an entirely different direction).

###Configuring OpenBGPD to announce VM’s virtual networks

We use BGP quite heavily at work, and even though I’m not interacting with that directly, it feels like it’s something very useful to learn at least on some basic level. The most effective and fun way of learning technology is finding some practical application, so I decided to see if it could help to improve networking management for my Virtual Machines.

My setup is fairly simple: I have a host that runs bhyve VMs and I have a desktop system from where I ssh to VMs, both hosts run FreeBSD. All VMs are connected to each other through a bridge and have a common network 10.0.1/24. The point of this exercise is to be able to ssh to these VMs from desktop without adding static routes and without adding vmhost’s external interfaces to the VMs bridge.

I’ve installed openbgpd on both hosts and configured it like this:

vmhost: /usr/local/etc/bgpd.conf
AS 65002
router-id 192.168.87.48
fib-update no

network 10.0.1.1/24

neighbor 192.168.87.41 {
    descr "desktop"
    remote-as 65001
}

Here, router-id is set vmhost’s IP address in my home network (192.168.87/24), fib-update no is set to forbid routing table update, which I initially set for testing, but keeping it as vmhost is not supposed to learn new routes from desktop anyway. network announces my VMs network and neighbor describes my desktop box. Now the desktop box:

desktop: /usr/local/etc/bgpd.conf
AS 65001
router-id 192.168.87.41
fib-update yes

neighbor 192.168.87.48 {                                                                                                                                                                                           
        descr "vmhost"                                                                                                                                                                                             
        remote-as 65002                                                                                                                                                                                            
}

It’s pretty similar to vmhost’s bgpd.conf, but no networks are announced here, and fib-update is set to yes because the whole point is to get VM routes added. Both hosts have to have the openbgpd service enabled:

/etc/rc.conf.local
openbgpd_enable="YES"

Conclusion

As mentioned already, similar result could be achieved without using BGP by using either static routes or bridging interfaces differently, but the purpose of this exercise is to get some basic hands-on experience with BGP. Right now I’m looking into extending my setup in order to try more complex BGP schema. I’m thinking about adding some software switches in front of my VMs or maybe adding a second VM host (if budget allows). You’re welcome to comment if you have some ideas how to extend this setup for educational purposes in the context of BGP and networking.

As a side note, I really like openbgpd so far. Its configuration file format is clean and simple, documentation is good, error and information messages are clear, and CLI has intuitive syntax.

Digital Ocean

###The Power to Serve

All people within the IT Industry should known where the slogan “The Power To Serve” is exposed every day to millions of people. But maybe too much wishful thinking from me. But without “The Power To Serve” the IT industry today will look totally different. Companies like Apple, Juniper, Cisco and even WatsApp would not exist in their current form.

I provide IT architecture services to make your complex IT landscape manageable and I love to solve complex security and privacy challenges. Complex challenges where people, processes and systems are heavily interrelated. For this knowledge intensive work I often run some IT experiments. When you run experiments nowadays you have a choice:

Rent some cloud based services or
DIY (Do IT Yourself) on premise

Running your own developments experiments on your own infrastructure can be time consuming. However smart automation saves time and money. And by creating your own CICD pipeline (Continuous Integration, Continuous Deployment) you stay on top of core infrastructure developments. Even hands-on. Knowing how things work from a technical ‘hands-on’ perspective gives great advantages when it comes to solving complex business IT problems. Making a clear distinguish between a business problem or IT problem is useless. Business and IT problems are related. Sometimes causal related, but more often indirect by one or more non linear feedback loops. Almost every business depends of IT systems. Bad IT means often that your customers will leave your business.

One of the things of FeeBSD for me is still FreeBSD Jails. In 2015 I had luck to attend to a presentation of the legendary hacker Poul-Henning Kamp . Check his BSD bio to see what he has done for the FreeBSD community! FreeBSD jails are a light way to visualize your system without enormous overhead. Now that the development on Linux for LXD/LXD is more mature (lxd is the next generation system container manager on linux) there is finally again an alternative for a nice chroot Linux based system again. At least when you do not need the overhead and management complexity that comes with Kubernetes or Docker.

FreeBSD means control and quality for me. When there is an open source package I need, I want to install it from source. It gives me more control and always some extra knowledge on how things work. So no precompiled binaries for me on my BSD systems! If a build on FreeBSD fails most of the time this is an alert regarding the quality for me.

If a complex OSS package is not available at all in the FreeBSD ports collection there should be a reason for it. Is it really that nobody on the world wants to do this dirty maintenance work? Or is there another cause that running this software on FreeBSD is not possible…There are currently 32644 ports available on FreeBSD. So all the major programming language, databases and middleware libraries are present. The FreeBSD organization is a mature organization and since this is one of the largest OSS projects worldwide learning how this community manages to keep innovation and creates and maintains software is a good entrance for learning how complex IT systems function.

FreeBSD is of course BSD licensed. It worked well! There is still a strong community with lots of strong commercial sponsors around the community. Of course: sometimes a GPL license makes more sense. So beside FreeBSD I also love GPL software and the rationale and principles behind it. So my hope is that maybe within the next 25 years the hard battle between BSD vs GPL churches will be more rationalized and normalized. Principles are good, but as all good IT architects know: With good principles alone you never make a good system. So use requirements and not only principles to figure out what OSS license fits your project. There is never one size fits all.

June 19, 1993 was the day the official name for FreeBSD was agreed upon. So this blog is written to celebrate 25th anniversary of FreeBSD.

###Dave’s BSDCan trip report

So far, only one person has bothered to send in a BSDCan trip report. Our warmest thanks to Dave for doing his part.

Hello guys! During the last show, you asked for a trip report regarding BSDCan 2018.
This was my first time attending BSDCan. However, BSDCan was my second BSD conference overall, my first being vBSDCon 2017 in Reston, VA.
Arriving early Thursday evening and after checking into the hotel, I headed straight to the Red Lion for the registration, picked up my badge and swag and then headed towards the ‘DMS’ building for the newbies talk. The only thing is, I couldn’t find the DMS building! Fortunately I found a BSDCan veteran who was heading there themselves. My only suggestion is to include the full building name and address on the BSDCan web site, or even a link to Google maps to help out with the navigation. The on-campus street maps didn’t have ‘DMS’ written on them anywhere. But I digress.
Once I made it to the newbies talk hosted by Dan Langille and Michael W Lucas, it highlighted places to meet, an overview of what is happening, details about the ‘BSDCan widow/widower tours’ and most importantly, the 6-2-1 rule!
The following morning, we were present with tea/coffee, muffins and other goodies to help prepare us for the day ahead.
The first talk, “The Tragedy of systemd” covered what systemd did wrong and how the BSD community could improve on the ideas behind it.
With the exception of Michael W Lucas, SSH Key Management and Kirk McKusick, The Evolution of FreeBSD Governance talk, I pretty much attended all of the ZFS talks including the lunchtime BoF session, hosted by Allan Jude. Coming from FreeNAS and being involved in the community, this is where my main interest and motivation lies. Since then I have been able to share some of that information with the FreeNAS community forums and chatroom.
I also attended the “Speculating about Intel” lunchtime BoF session hosted by Theo de Raddt, which proved to be “interesting”.
The talks ended with the wrap up session with a few words from Dan, covering the record attendance and made very clear there “was no cabal”. Followed by the the handing over of Groff the BSD goat to a new owner, thank you’s from the FreeBSD Foundation to various community committers and maintainers, finally ending with the charity auction, where a things like a Canadian $20 bill sold for $40, a signed FreeBSD Foundation shirt originally worn by George Neville-Neil, a lost laptop charger, Michael’s used gelato spoon, various books, the last cookie and more importantly, the second to last cookie!
After the auction, we all headed to the Red Lion for food and drinks, sponsored by iXsystems.
I would like to thank the BSDCan organizers, speakers and sponsors for a great conference. I will certainly hope to attend next year!
Regards,
Dave (aka m0nkey_)

Thanks to Dave for sharing his experiences with us and our viewers

##Beastie Bits

Tarsnap

##Feedback/Questions

Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

The post Goes to 11.2 | BSD Now 252 first appeared on Jupiter Broadcasting.

Comment & Control | TechSNAP 323

chris — Tue, 13 Jun 2017 22:24:31 +0000

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Yellow dots give you away

How to remove the yellow dots
List of Printers Which Do or Do Not Display Tracking Dots – no longer updated
More on Steganography: in pornography

Hiding command and control in plain text

The ESET report

Feedback

Round Up:

The post Comment & Control | TechSNAP 323 first appeared on Jupiter Broadcasting.

Cyber Liability | TechSNAP 314

chris — Wed, 12 Apr 2017 02:09:54 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Researchers demonstrate how PINs and other info can be gathered through phone movement

Team was able to crack four digit-PINs with 70 percent accuracy on the first try, with 100 percent accuracy by try number five
A site accessed with malicious code can open the device to such sensor-based monitoring working in the background when browser tabs are left open.
The team suggests a number of ways to help combat vulnerabilities, including regularly changing PINs and quitting out of any apps not currently in use
Dan suggests: Simple way around this: randomize the display of numbers on the keypad. I think this should be standard for all PIN entry. I recall seeing this somewhere, years ago, but I don’t recall where. I’ve always wondered why I’ve never seen it again. If the numbers have a narrow field of vision, nobody can watch over your shoulder.
A better article on the issue
The PDF of the study
From the PDF: . In the latest Apple Security Updates for iOS 9.3 (released in March 2016), Safari took a similar countermeasure by “suspending the availability of this [motion and orientation] data when the web view is hidden”x

Computer security is broken from top to bottom

Robert Watson spoke at the very first BSDCan
There are three main fundamental causes of insecurity: technology complexity, culture, an the economic incentives of the computer business.

Deep Dive starts with Dan’s first blog post about PostgreSQL

PostgreSQL
PostgreSQL < 9.6 has DATADIR is the same for all versions
PostgreSQL 9.6+ on FreeBSD, each major version has it’s own DATADIR
Installing in a FreeBSD jail means you can easily upgrading another jail, then start using it

Feedback

10 messages this past week. Requests for deep dives on PostgreSQL, DNS, ZFS, Jails.
The guy who asked us about that free DNS service, wrote in to say he has no connection with them.
Building pfsense box
Suggestion for a Simple Inventory & Change Management Software
Raidz-1 with hotspare vs raidz-2

Round Up:

The post Cyber Liability | TechSNAP 314 first appeared on Jupiter Broadcasting.

Botnet of Things | TechSNAP 286

chris — Thu, 29 Sep 2016 19:18:38 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Krebs hit with record breaking DDoS attack

“On Tuesday evening, KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. The attack did not succeed thanks to the hard work of the engineers at Akamai/Prolexic, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed.”
“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.”
“Martin McKeay, Akamai’s senior security advocate, said the largest attack the company had seen previously clocked in earlier this year at 363 Gbps. But he said there was a major difference between last night’s DDoS and the previous record holder: The 363 Gpbs attack is thought to have been generated by a botnet of compromised systems using well-known techniques allowing them to “amplify” a relatively small attack into a much larger one.”
Almost all of the previous large scale DDoS attacks were the result of ‘reflection’ and ‘amplification’ attacks
That is, exploiting DNS, NTP, and other protocols to allow the attackers to send a small amount of data, while spoofing their IP address to that of the victim, and cause the reflection server to send a larger amount of data.
Basically, have your bots send spoofed packets of a few bytes, and the reflector send as much as 15 times the amount of data to the victim. This attack harms both the victim and the reflector.
Thanks to the hard work of many sysadmins, most DNS and NTP servers are much more locked down now, and reflection attacks are less common, although there are still some protocols vulnerable to amplification that are not as easy to fix
“In contrast, the huge assault this week on my site appears to have been launched almost exclusively by a very large botnet of hacked devices. According to Akamai, none of the attack methods employed in Tuesday night’s assault on KrebsOnSecurity relied on amplification or reflection. Rather, many were garbage Web attack methods that require a legitimate connection between the attacking host and the target, including SYN, GET and POST floods.”
“There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.”
“I’ll address some of the challenges of minimizing the threat from large-scale DDoS attacks in a future post. But for now it seems likely that we can expect such monster attacks to soon become the new norm.”
“Many readers have been asking whether this attack was in retaliation for my recent series on the takedown of the DDoS-for-hire service vDOS, which coincided with the arrests of two young men named in my original report as founders of the service.”
“I can’t say for sure, but it seems likely related: Some of the POST request attacks that came in last night as part of this 620 Gbps attack included the string “freeapplej4ck,” a reference to the nickname used by one of the vDOS co-owners.”

The shot heard round the world

In this followup post, Krebs discusses “The Democratization of Censorship”
You no longer need to be a nation state to censor someone, you just need a big enough botnet
“Allow me to explain how I arrived at this unsettling conclusion. As many of you know, my site was taken offline for the better part of this week. The outage came in the wake of a historically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at Krebsonsecurity.com that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor.”
“Let me be clear: I do not fault Akamai for their decision. I was a pro bono customer from the start, and Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company’s paying customers, they explained that the choice to let my site go was a business decision, pure and simple.”
This poses a huge problem. The bad guys now know the magic number, 650 gbps, at which point even the most expensive DDoS protection service will boot you off and shutdown your site.
“Nevertheless, Akamai rather abruptly informed me I had until 6 p.m. that very same day — roughly two hours later — to make arrangements for migrating off their network. My main concern at the time was making sure my hosting provider wasn’t going to bear the brunt of the attack when the shields fell. To ensure that absolutely would not happen, I asked Akamai to redirect my site to 127.0.0.1 — effectively relegating all traffic destined for KrebsOnSecurity.com into a giant black hole.”
“Today, I am happy to report that the site is back up — this time under Project Shield, a free program run by Google to help protect journalists from online censorship. And make no mistake, DDoS attacks — particularly those the size of the assault that hit my site this week — are uniquely effective weapons for stomping on free speech, for reasons I’ll explore in this post.”
This raises another question, what happens when the bad guys perform an attack large enough to disrupt Google?
This was the topic of the closing keynote at EuroBSDCon last weekend, sadly no video recordings are available.
“Why do I speak of DDoS attacks as a form of censorship? Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.”
“In an interview with The Boston Globe, Akamai executives said the attack — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.”
“Earlier this month, noted cryptologist and security blogger Bruce Schneier penned an unusually alarmist column titled, “Someone Is Learning How to Take Down the Internet.” Citing unnamed sources, Schneier warned that there was strong evidence indicating that nation-state actors were actively and aggressively probing the Internet for weak spots that could allow them to bring the entire Web to a virtual standstill.”
“Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services,” Schneier wrote. “Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that.”
“Furthermore, the size and scale of these probes — and especially their persistence — points to state actors. It feels like a nation’s military cyber command trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.”
“What exactly was it that generated the record-smashing DDoS of 620 Gbps against my site this week? Was it a space-based weapon of mass disruption built and tested by a rogue nation-state, or an arch villain like SPECTRE from the James Bond series of novels and films? If only the enemy here was that black-and-white.”
“No, as I reported in the last blog post before my site was unplugged, the enemy in this case was far less sexy. There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords. Most of these devices are available for sale on retail store shelves for less than $100, or — in the case of routers — are shipped by ISPs to their customers.”
“Some readers on Twitter have asked why the attackers would have “burned” so many compromised systems with such an overwhelming force against my little site. After all, they reasoned, the attackers showed their hand in this assault, exposing the Internet addresses of a huge number of compromised devices that might otherwise be used for actual money-making cybercriminal activities, such as hosting malware or relaying spam. Surely, network providers would take that list of hacked devices and begin blocking them from launching attacks going forward, the thinking goes.”
While we’d like to think that the hacked devices will be secured, the reality is that they probably won’t be. Even if there was a firmware update, how often do people firmware update their IP Cameras? Their DVRs?
The cable companies might be able to help by pushing firmware updates, and they have some incentive to do so, as the attacks use up their bandwidth
In the end, even if ISPs notified their customers that they were part of the attack, how is a regular person supposed to determine which of the IoT devices was used as part of the attack?
If you don’t know how to use a protocol analyzer, and the attack is not ongoing right now, how do you tell if it was your DVR, your SmartTV, your Thermostat, or your refrigerator that was attacking Krebs?
And if we thought that 650 gbps was enough to make almost any site neel to an attacker, OVH.net reports a botnet of 150,000 CCTV/Camera/DVR units, each with 1 – 30 mbps of upload capacity, attacking their network with a peak of 1.1 terabits (1100gbps) of traffic, but they estimate the capacity of the botnet at over 1.5 terabits
“I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and ecommerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections.”
“The sad truth these days is that it’s a lot easier to censor the digital media on the Internet than it is to censor printed books and newspapers in the physical world. On the Internet, anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor.”
The possible solutions presented at EuroBSDCon were even scarier. Breaking the Internet up along national borders, and only allowing traffic to pass between countries on regulated major services like Facebook and Google.
Additional Coverage: Forbes
Additional Coverage: Ars Technica

Firefox preparing to block Certificate Authority for violating rules

“The organization that develops Firefox has recommended the browser block digital credentials issued by a China-based certificate authority for 12 months after discovering it cut corners that undermine the entire transport layer security system that encrypts and authenticates websites.”
“The browser-trusted WoSign authority intentionally back-dated certificates it has issued over the past nine months to avoid an industry-mandated ban on the use of the SHA-1 hashing algorithm, Mozilla officials charged in a report published Monday. SHA-1-based signatures were barred at the beginning of the year because of industry consensus they are unacceptably susceptible to cryptographic collision attacks that can create counterfeit credentials. To satisfy customers who experienced difficulty retiring the old hashing function, WoSign continued to use it anyway and concealed the use by dating certificates prior to the first of this year, Mozilla officials said. They also accused WoSign of improperly concealing its acquisition of Israeli certificate authority StartCom, which was used to issue at least one of the improperly issued certificates.”
“Taking into account all the issues listed above, Mozilla’s CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA,” Monday’s report stated. “Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly issued certificates issued by either of these two CA brands.”
So, existing certificates will continue to work, to avoid impact on those who paid for certificates, but Mozilla will not trust any newly issued certificates
“WoSign’s practices came under scrutiny after an IT administrator for the University of Central Florida used the service to obtain a certificate for med.ucf.edu. He soon discovered that he mistakenly got one for www.ucf.edu. To verify that the error wasn’t isolated, the admin then used his control over the github subdomains schrauger.github.com and schrauger.github.io to get certificates for github.com, github.io, and www.github.io. When the admin finally succeeded in alerting WoSign to the improperly issued Github certificates, WoSign still didn’t catch the improperly issued www.ucf.edu certificate and allowed it to remain valid for more than a year. For reasons that aren’t clear, Mozilla’s final report makes no explicit mention the certificates involving the Github or UCF domains, which were documented here in August.”
Some other issues highlighted in the Mozilla report:
- “WoSign has an “issue first, validate later” process where it is acceptable to detect mis-issued certificates during validation the next working day and revoke them at that point. (Issue N)”
- “If the experience with their website ownership validation mechanism is anything to go by, It seems doubtful that WoSign keep appropriately detailed and unalterable logs of their issuances. (Issue L)”
- “The level of understanding of the certificate system by their engineers, and the level of quality control and testing exercised over changes to their systems, leaves a great deal to be desired. It does not seem they have the appropriate cultural practices to develop secure and robust software. (Issue V, Issue L)”
- “For reasons which still remain unclear, WoSign appeared determined to hide the fact that they had purchased StartCom, actively misleading Mozilla and the public about the situation. (Issue R)”
- “WoSign’s auditors, Ernst & Young (Hong Kong), have failed to detect multiple issues they should have detected. (Issue J, Issue X)”
Mozilla Report
Mozilla Wiki: WoSign issues
WoSign incident report

Feedback:

Round Up:

The post Botnet of Things | TechSNAP 286 first appeared on Jupiter Broadcasting.

I Can’t Believe It’s Not Ethernet | TechSNAP 283

chris — Thu, 08 Sep 2016 20:00:44 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Modified USB ethernet adapter can steal windows and mac credentials

“Security researcher Rob Fuller has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested).”
Thesis: “If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out”
“The researcher used USB-based Ethernet adapters, for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it’s connected to.”
“The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. This means that even if a system is locked out, the device still gets installed”
“Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list.”
“When installing the new (rogue) plug-and-play USB Ethernet adapter, the computer will give out the PC credentials needed to install the device. Fuller’s modified device includes software that intercepts these credentials and saves them to an SQLite database. The password is in its hashed state, but this can be cracked using currently available technology. The researcher’s modified device also includes a LED that lights up when the credentials have been recorded.”
So, just like in a spy movie, you plug in the device, wait until the light comes on, and you have stolen the credentials
“An attacker would need physical access to a device to plug in the rogue USB Ethernet adapter, but Fuller says the average attack time is 13 seconds.”
The attack was tested against versions of Windows as far back as Windows 98 SE, and as modern as Windows 10 Enterprise and OS X El Capitan
The device pretends to be an ethernet adapter, and provides access to a ‘network’, where a DHCP server tells you to install this proxy configuration
“This means that by plugging in the device it quickly becomes the gateway, DNS server, WPAD server and others”
It gives you the hashes password for the logged in user, which you can then crack offline, and return later and login with the known password
Researcher blog

Zstandard, a new compression algorithm from Facebook

Unlike the new Dropbox algorithm that is designed specifically for jpeg images, this is a general purpose algorithm, designed to replace gzip
“Today, the reigning data compression standard is Deflate, the core algorithm inside Zip, gzip, and zlib. For two decades, it has provided an impressive balance between speed and space, and, as a result, it is used in almost every modern electronic device (and, not coincidentally, used to transmit every byte of the very blog post you are reading). Over the years, other algorithms have offered either better compression or faster compression, but rarely both. We believe we’ve changed this.”
There are three standard metrics for comparing compression algorithms and implementations:
- Compression ratio: The original size (numerator) compared with the compressed size (denominator), measured in unitless data as a size ratio of 1.0 or greater.
Compression speed: How quickly we can make the data smaller, measured in MB/s of input data consumed.
Decompression speed: How quickly we can reconstruct the original data from the compressed data, measured in MB/s for the rate at which data is produced from compressed data.
“The type of data being compressed can affect these metrics, so many algorithms are tuned for specific types of data, such as English text, genetic sequences, or rasterized images. However, Zstandard, like zlib, is meant for general-purpose compression for a variety of data types. To represent the algorithms that Zstandard is expected to work on, in this post we’ll use the Silesia corpus, a data set of files that represent the typical data types used every day.”
The post compares the best of the modern compression algorithms, lz4 (what ZFS uses), zstd (Facebook’s new thing), libz (gzip, what your browser uses for webpages), and xz (what most unix distros have switched to for compressing tar and log files)
In the comparison, LZ4 does not compress the data as much, but does so at almost 450 MB/s, while zlib compresses more, but only 23 MB/s. XZ compresses even better, but at only 2.3 MB/s
zstd gets about the same compression as zlib, but at almost 6 times the speed (136 MB/s)
Decompression is similar: LZ4: 2165 MB/s, zstd: 536 MB/s, zlib: 281 MB/s, xz: 63 MB/s
When comparing the command line tools, zstd is about 5x faster at compression, and 3.6x faster at decompression
As with gzip and xz, zstd also supports different ‘levels’ of compression. Although instead of having a range from 1 to 9, it instead offers a range of 1-22 (which suggests that additional levels might be added in the future)
It looks like it can get xz levels of of compression if turned up high enough
“By design, zlib is limited to a 32 KB window, which was a sensible choice in the early ’90s. But, today’s computing environment can access much more memory — even in mobile and embedded environments.

Zstandard has no inherent limit and can address terabytes of memory (although it rarely does). For example, the lower of the 22 levels use 1 MB or less. For compatibility with a broad range of receiving systems, where memory may be limited, it is recommended to limit memory usage to 8 MB. This is a tuning recommendation, though, not a compression format limitation.”

I forgot the password for my consumer grade NAS

“I got my WD My Book World Edition II NAS out of the closet. The reason it went in the closet is that I locked myself out of SSH access, and in the meantime I forgot most of its passwords.”
“I miraculously still remember the password to my regular user, but the admin password is nowhere to be found and you need the old one to change it. So I start poking around to see if there is any way to recover it.”
“One of the most common vulnerabilities on these thingies is allowing anyone to download a “config backup” that includes all the juicy passwords, and indeed, this screen looks promising”
The download was just base64 encoded random data. Definitely encrypted
“Mandatory Open Source releases usually have LICENSE files or some other indication of what libraries are being used, so he’s hoping to find some clue on what they used.”
Apparently WD releases everything, including the php script that generates the config download
“Looks like it’s a tarball encrypted with something called encodex and a fixed password”
“So we got the config file. Is it over? Nope. No passwords in it. This system does everything wrong. it’s unsalted MD5. Then it is stored a second time as a plain MD5 anyway”
I have never seen anyone do that before. I didn’t even know that would work…
So they reversed the process and uploaded a new configuration file with the hash of a known password (faster than brute forcing). Why is this allowed by a non-admin user anyway?
“Great. Fun. Is it enough? No! I locked myself out of ssh access too, by adding an unmatchable AllowUsers directive to my sshd_config.”
“First realization, the whole webgui runs as root. Look at ChangeWebAdmin above, it calls passwd and reads /etc/shadow!”
So, when you upload a new config, it just decrypts it and runs the untar, as root
“plus the fact that it’s probably a BusyBox implementation of tar might mean that the oldest trick in the book works: creating an archive with a fully-qualified /etc/sshd_config file in it and hope it gets extracted directly at the absolute path.”
“No luck. Second try: we see that it’s extracted in /tmp, what if we call it ../etc/sshd_config? No luck with that neither.”
“But hey… we can extract as much as we want in /tmp and nothing will get deleted between a run and the next! So let’s try with a convenient symlink :). First we plant a root => / symlink, and now that /tmp/root points to / we try calling our file root/etc/sshd_config and hope it gets extracted inside the symlink”
And, we’re in. The sshd_config has been replaced with one uploaded by a unprivileged user.
“This is all nice, but I started from a vantage point: I remembered a user login. Can we do something from scratch?”
“For example, extracting the config… It didn’t look like that PHP file had any access control, is it possible that… Oh God.”
“If we can crack any user password from the MD5, we can go from zero to root”
“All actions are actually unauthenticated. If you are not logged in the NAS will answer with a HTTP 302 Redirect… AND THEN PROCEED HANDLING THE REQUEST and sending the output. As if you were logged in. That’s a first for me.”
“Let me repeat this: if you are not logged in, the only thing the system will do is add a redirect to the login page in the HTTP Headers and carry on, obeying whatever you are telling it to do.”
Most browsers will respect the header, and redirect you to the login page, and ignore the excess content that was included in the response (like a config backup, or downloading a file, or doing any action what-so-ever
“So with the admin password reset trick above, we can get a full escalation from unauth to admin+root. Pwn’d. (The hardest thing was emulating the browser request with curl well enough to upload the file.)”
“So yeah, don’t expose these thingies on the Internet and don’t worry too much if you lose the passwords ;-)”
And in the end, the mystery was solved: “Turns out all the password fields except the login form have maxlength=16, so when resetting the password I pasted it from the password manager and it got cut without me knowing”

Feedback:

Round Up:

The post I Can't Believe It's Not Ethernet | TechSNAP 283 first appeared on Jupiter Broadcasting.

The Internet is Dying | TechSNAP 279

chris — Thu, 11 Aug 2016 06:07:42 +0000

Why the Internet needs it’s own version of cancer researchers, bypassing chip and pin protections & the 2016 Pwnie Awards from Blackhat!

Plus your questions, our answers & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Fixing this Internet before it breaks again

“What we call the Internet, was not our first attempt at making a global data network that spanned the globe. It was just the first one that worked.”
“There is no guarantee that the internet will succeed. And if we aren’t careful we can really screw it up. It has happened before and we can do it again.”
“Kaminsky, who was delivering the keynote to over 6,000 Black Hat USA 2016 attendees, said problems that need to be addressed within the security community are political, technical and how the security community collaborates.”
“The internet doesn’t have the equivalent of ‘the guy’ that’s working on cancer. We need institutions and systems. We need to have something like NIH (National Institutes of Health) for cyber. It needs to have good and stable funding,” Kaminsky said. Research, problem solving and solutions are too often conducted in fiefdoms that seldom share the collective solutions needed to help fix the big security issues of the day. “I’m worried. I’m worried about our ability to innovate and our ability to create and I’m worried that we are not building the sort of infrastructure to make the internet a safe place.”
“By taking a NIH type of approach, Kaminsky argued, the internet would foster a large number of deeply committed security experts to work independently and away from commercial interest that push the security sector to come up with quick fixes to solve big security problems. “We need to make changes and we need to have studies about the way we program and the method that people use to build secure things”
“So what I’m looking to answer is – forget the layers of abstraction and the politics – how do we get 100 nerds working on a project for 10 years without interrupting them or harassing them and telling them to do different things. How do you make that happen? How you don’t make that happen is how we are doing that in InfoSec today – and that’s with the spare time of a small number of highly paid consultants. We can do better than that”
“Kaminsky doesn’t see the NIH approach as a panacea to all that ails the security world. In fact, in his talk he described a delicate balancing act where the security community derives the benefits of broader administration without being hamstrung by potential politics. Control, greed and companies driven by profits, he argue, killed the internet of the 1990s. He argues AOL tried to create a walled garden and control everything and make billions. But that internet failed”
“There are two models of an internet. There is the walled garden and freedom. The walled garden is, ‘okay here is your environment and go ahead and try to use it.’ The other model is that people can put stuff up and other people can use and abuse it. People don’t need to ask for permission they don’t need to beg. Maybe it works and maybe it doesn’t.”
Are Apple, Facebook, Google, and Microsoft, taking us towards their own versions of AOLs walled garden of the Internet?
How often does your family’s internet browsing actually leave Facebook?
He warns, the same way AOL’s walled garden threatened a free internet of the 1990s, government control over encryption could have the same stifling effects on innovation and cyber liberties. “Let’s stop the encryption debate. This is actually useless. It’s driving all the energy away from what are we need to fix,”
Topping Kaminsky’s fixit list was devising better ways for the security community to collectively move the security ball forward and not view security solutions as individual races to win. “Let’s take our obscure knowledge and real expertise and making it available the rest of the security community,” he said. By sharing knowledge and solutions it allows us to find flaws quicker and fix them even faster.”
It is not about the splashiest vuln with the coolest name, or having the fastest fix, it is about being in it for the long term, and actually fixing things.

Researchers bypass chip and pin protections by attacking the PoS terminals

“The payment industry is becoming more driven by security standards. However, the corner stones are still broken even with the latest implementations of these payments systems, mainly due to focusing on the standards rather than security.”
“Credit card companies for the most part have moved away from “swipe and signature” credit cards to chip and pin cards by this point; the technology known as EMV (Europay, MasterCard, and Visa) which is supposed to provide consumers with an added layer of security is beginning to see some wear, according to researchers.”
Except in the US
The chip card transition in the US has been a disaster
“Nir Valtman and Patrick Watson, researchers with NCR Corporation, staged a series of malicious transactions in a talk here at Black Hat on Wednesday, demonstrating how they could capture Track 2 data and bypass chip and pin protections.”
“Instead of attacking the operating system of the POI and POS devices, the researchers bypassed much of the built-in security. This includes integrated cryptographic security schemes. Breaking crypto, after all, is very hard. That’s because cryptography is just math, and math (for the most part) works. But the crypto is just part of the overall security system, the other pieces of which are vulnerable to attack. This was made even easier since much of the information the team sought in their attacks was not encrypted on the payment device.”
“In their first demonstration, the duo used a Raspberry Pi to capture Track 2 data packets in real time. Via a passive man-in-the-middle compromise, Wireshark picked up two interactions from data entered into a pinpad running flawed production software that’s currently in the wild. The two declined to specify the company’s name, but claimed they had spoken with the vendor and asked them to implement TLS connections, but said they couldn’t as they ran old hardware.”
“The garbled data can be transformed into readable bits, service code expiration data, discretionary data, and so on, data that can tip a hacker off whether the card is a chip card.”
The pair showed how easy it’d be to use a malicious form to trick a consumer into re-entering their PIN or a CVV on a card machine. “Consumers trust pinpads, they usually think they entered it wrong,”
“According to the two researchers, attackers could compromise a pinpad – by injecting a form, Malform.FRM in this instance, when no one’s in the store and quickly change it back to a customized “Welcome!” message. Both Valtman and Watson advocate that pin pads leverage strong crypto algorithms and allow only signed whitelist updates. Point of sale pin pads are usually PCI certified but the two pointed out PCI doesn’t require encryption over a local area network, which is how an attacker could carry out a MiTM attack.”
So they used the API of the payment terminal to trick the user into actually typing in the CVV, so they could capture it.
They also socially engineer the user into thinking they mistyped their PIN, and having them enter it a second time. One of which is not expected by the software, and is instead captured by the attackers software
“Consumers should never re-enter their PIN, as it’s a telltale giveaway that a pin pad may have been compromised, Valtman claimed, before adding that he usually frequents stores that allow him to pay with his Apple Watch, as he finds the technology more secure than EMV”
“It’s cool, but not a secure standard,” Nir said.
“As part of our demos, we will include EMV bypassing, avoiding PIN protections and scraping PANs from various channels.”
Slides
Additional Coverage

The 2016 Pwnie Awards!

The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.
The awards are given out once an year. The tenth annual ceremony will take place on Aug 3rd, 2016 in Las Vegas at the BlackHat USA security conference.
Best Server-Side Bug: Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow
Best Client-side bug: glibc getaddrinfo stack-based buffer overflow
Best Privilege Escalation Bug: Widevine QSEE TrustZone
Best Cryptographic Attack: SSLv2 Crypto Attack DROWN
Best Backdoor: Juniper ScreenOS
Best junk or stunt hack: remotely killing a jeep on the highway
Best Branding: Mousejack
Epic Achievement: Never giving up, and never letting us down: Travis Ormandy
Most Innovative Research: Dedup Est Machina Memory Deduplication as an Advanced Exploitation Vector
Lamest Vendor Response: Western Digital: MyPassword Drive
Most over hyped bug: Badlock
Best Song: Cyberlier
Most Epic FAIL: no one…!
Lifetime Achievement Award: Mudge — L0phtcrack, DARPA’s cyber security program
Epic 0wnage: The Juniper Backdoor
Honourable Mentions: ImageTragick, Stagefright, SETFKey (1999), BlueCoat getting an Intermediate CA, Insecurity of self-encrypting drives, 60 Minutes hacked phone, BACKRONYM

Feedback:

Round Up:

The post The Internet is Dying | TechSNAP 279 first appeared on Jupiter Broadcasting.

Dip the Chip | TechSNAP 255

chris — Thu, 25 Feb 2016 17:48:27 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

What’s taking the states so long to catch up to the rest of the civilized world and dip the chip? Turns out it’s really complicated, we explain. Plus keeping a Hospital secure is much more than following HIPAA, and an analysis of Keybase malware.

Plus great questions, our answers, and much much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

The great American EMV fake-out

“Many banks are now issuing customers more secure chip-based credit cards, and most retailers now have card terminals in their checkout lanes that can handle the “dip” of chip-card transactions (as opposed to the usual swipe of the card’s magnetic stripe).”
But how many people have been to a retailer and ended up swiping their chip card?
“Comparatively few retailers actually allow chip transactions: Most are still asking customers to swipe the stripe instead of dip the chip. This post will examine what’s going on here, why so many merchants are holding out on the dip, and where this all leaves consumers”
“Visa CEO Charles W. Scharf said in an earnings call late last month that more than 750,000 locations representing 17 percent of the U.S. face-to-face card-accepting merchant base are now enabled to handle chip-based transactions, also known as the EMV. Viewed another way, that means U.S. consumers currently can expect to find chip cards accepted in checkout lines at fewer than one in five brick-and-mortar merchants.”
This leaves the question of why more retailers are not using the chip. In Canada, and the EU, almost all transactions use chip-and-pin
“New MasterCard and Visa rules that went into effect Oct. 1, 2015 put merchants on the hook to absorb 100 percent of the costs of fraud associated with transactions in which the customer presented a chip-based card yet was not asked or able to dip the chip. The chip cards encrypt the cardholder data and are far more expensive and difficult for card thieves to clone.”
“Some merchants — particularly the larger ones — want to turn the often painful experience of training customers how to use the chip cards and terminals into someone else’s problem.” “They see [chip cards] as just slowing down lines and chose to wait until consumers learned what to do — and do it quickly — at someone else’s store”
It seems that even with the liability shift, which Visa and Mastercard hopes would push merchants to be ready on time, many merchants have not completed upgrades to their payment systems and cash registers. Apparently many of the acquiring banks have long queues to ‘certify’ the upgraded software, further causing delays
“Visa said based on recent client surveys it expects 50% of face-to-face card accepting merchants to have chip card transactions enabled by the end of this year. But even 50 percent adoption can mask a long tail of smaller merchants who will put off as long as they can the expensive software and hardware upgrades for accepting chip transactions.”
In Canada, the transition was fairly quick, although this might be due to the fact that many people use debit cards that already required a pin, so the change for the customer was just inserting the card rather than swiping it
“The United States is the last of the G20 nations to move to more secure chip-based cards. As late as the United States is on EMV implementation globally, the process of merchants shifting to all-EMV transactions is still going to take several more years. Visa has said it typically took about three years after the liability shifts in other countries before 90% of payment card transactions were “chip-on-chip,” or generated by a chip card used at a chip-based terminal.”
“Historically, software was developed by terminal manufacturers and some-few contract programmers who kept up with the old-school operating systems, software development kits and so on for each terminal manufacturer. It was so easy that merchants and processors installed specialized tweaks that created countless variants in the marketplace.”
Now the software is more complicated, as it involves correctly implementing cryptography, and the terminal vendors seem to be struggling to keep up
“There are very few EMV software developers who understand the U.S. market”
“There’s an invisible hand at work that is about to kick everyone in the pants and accelerate U.S. dipping into EMV slots,” Crowley said. “If you use a chip card at a point of sale that says swipe — and you later say that wasn’t me – there’s very little a merchant can do to dispute that charge. It’s going to happen because what people aren’t thinking about is the friendly fraud. When people are made aware that if I swipe and I have a chip card, that lunch can be free if I’m a bad consumer.”
Note that this is still fraud, and you could go to jail
“If you’re curious about chip card swipe adoption in your area, take an informal survey: My own decidedly unscientific survey involved a shopping spree one recent morning to no fewer than seven different retail locations, which revealed exactly seven different chip-capable payment terminals instructing customers to “Please Swipe Card.””
Does typing your pin really take much longer than signing the receipt?

Securing Hospitals

Researchers working for a hospital were able to compromise both Patient Monitors and the Drug Dispensary
“The research results from our assessment of 12 healthcare facilities, 2 health care data facilities, 2 active medical devices from one manufacturer, and 2 web applications that remote adversaries can easily deploy attacks that target and compromise patient health. We demonstrated that a variety of deadly remote attacks were possible within these facilities, of which four attack scenarios are presented in this report.”
“One overarching finding of our research is that the industry focuses almost exclusively on the protection of patient health records, and rarely addresses threats to or the protection of patient health from a cyber threat perspective. The background, motivating factors, nuances, and misunderstandings that perforate the healthcare industry with regard to security are discussed at length in this report. In summary, we find that different adversaries will target or pursue the compromise of patient health records, while others will target or pursue the compromise of patient health itself.”
“The two major flaws in the healthcare industry with regard to threat model are that 1) the focus is almost entirely on protecting patient records, and 2) the measures taken address only unsophisticated adversaries: essentially, only one of the adversaries listed above — the Individual or Small Group adversary highlighted above in yellow. The industry is aware and speaks to Organized Crime and Nation State adversaries, but underestimates their sophistication and motivation. The strategies aim to curtail blanket, untargeted (i.e., indiscriminate) attacks to obtain patient healthcare records, and ignores the motivations and strategies that would be employed if targeting patient health or specific victims’ health records. These motivations and scenarios are highlighted in red in the above table”
The protection of health records has been the focus for quite some time, even before records were computerized, but it seems the industry has not “noticed” that medical devices have been connected to the network, and are insufficiently protected from attack
Devices compromised during the testing were: an insulin infusion pump, a patient monitor station, and a barcode reader
The following attack surfaces / areas of vulnerability were identified:
- Patient Health
- Patient Records
- Service Availability
- Community Confidence and Trust
- R&D, Intellectual Property
- Business Advantage
- Hospital Finances
- Hospital Reputation
- Physician Reputation
PDF Report, 71 pages

KeyBase malware analysis

“The usage of a rather simple keylogger malware has gone through the roof after its builder got leaked online last summer”
“KeyBase is a spyware family that can capture keystrokes, steal data from the user’s clipboard, and take screenshots of the victim’s desktop at regular intervals”
“Caught red-handed, its author promised to stop working on the malware, closed down the website from where he was selling KeyBase for $50 / €45, and abandoned the project.”
“Researchers also discovered that while KeyBase’s control panel was secured with authentication, the folder in which images were sent for storage was not, meaning that after all this time, they could easily put together a simple script and find all the KeyBase panels available online.”
“Using this simple method, Palo Alto staff discovered 62 Web domains where the KeyBase control panel was installed, 82 different control panels, and 125,083 screenshots from 933 Windows computers.”
“Of all infected computers, 216 were workstations in corporate environments, 75 were personal computers, and 134 were used for both. 43 of the 933 computers also included details from more than one user, meaning they were shared assets, used by multiple family members or work colleagues.”
“Taking a look at the screenshots, researchers discovered images depicting banking portals, invoices, blueprints, video camera feeds, email inboxes, social media accounts, financial documents, booking software, and many more.”
Both personal and corporate banking details were seen, as well as a Hotel reservation system
“The set for educational institutions wasn’t notably attributable to any one panel, but equally distributed. What made it stand out though is that the same tactic for delivering the KeyBase phish was applied here and “Admissions” people were targeted. These individuals are constantly sent Word or PDF documents, allegedly from parents, so it’s no surprise they would open the malicious files”
“In the original KeyBase report, Palo Alto revealed that the malware’s creator managed to infect himself during the keylogger’s tests, and had his activities recorded through screenshots and then sent to the Web control panel. This apparently happened again, and 16 of the actors behind this new wave of KeyBase infections also managed to infect their computers. The screenshots saved from their PCs shows that while a few were just curious script kiddies, some of the other hackers were actually professionals involved in highly-targeted campaigns.”
These screenshots provide interesting insight into the attackers
“This next actor’s resolution was such that the screenshots only captured the top left portion of his or her screen; however, it was enough to make some interesting observations on tactics. The actor appears to be trying to engage in romance scams with multiple women, along with preying on seniors through dating sites”
“Our analysis provides a unique opportunity to see the entire life cycle of a malware infection. Commonly, we’d see the first image in a set to be the KeyBase executable or malicious document all the way through until the Anti-Virus alerts of an infection. Sometimes that happened all within one screenshot.”

Feedback:

Round Up:

The post Dip the Chip | TechSNAP 255 first appeared on Jupiter Broadcasting.

Weaponized Comic Sans | TechSNAP 254

chris — Thu, 18 Feb 2016 18:53:24 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

A common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.

Plus some great questions, our answers, a rockin roundup, and much much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

The 7 problems with ATM security

Kaspersky presents a list of the 7 reasons why ATMs are so easily compromised, based on a talk given at the SAS2016 conference
“Automated teller machines (ATM) have always a been a big target for criminals. In the past hunting for ATMs included some heavy tools like a cutting torch or explosives. However with the dawn of the Digital Age, everything has changed. Nowadays culprits can ‘jackpot’ an ATM without such special effects.”

ATMs are basically just computers (PCs)
That PC is likely running an old operating system (in early 2014, 95% of all ATMs still ran Windows XP)
The software other than the OS is also likely vulnerable. Many ATMs still have the bundled version of flash that came with stock Windows XP, which now has 9000 known vulnerabilities
ATMs have no software integrity control, no antivirus solutions, no authentication of an app that sends commands to cash dispenser.
Weak physical security for the PC part of the ATM. While the deposit box and cash dispenser are armored against attack, the PC is usually only hidden behind some thin plastic. “There is no money in that part of the ATM”
ATM control PCs have standard interfaces, that are not secured. Let me just plug this USB stick into your ATM, now it is my ATM
ATMs are increasingly directly connected to the Internet. You can find ATMs on Shodan

ATMs are not replaced very often, so upgrades to the physical protections of the PC component will likely not happen very soon
When was the last time you saw an ATM down for software updates?
Maybe if the criminals keep stealing large amounts of money, the banks will be more interested in replacing the ATMs
This of course doesn’t cover the private ATMs you often see in convenience stores

FireEye Detection Evasion and Whitelisting of Arbitrary Malware

Researchers at Blue Frost Security have developed a way to evade the dynamic analysis of the FireEye suite of security appliances
The FireEye appliance works by starting untrusted binaries and applications in virtualization and observing what they do
If the application is found to be malicious, it is blocked
Only applications allowed by the FireEye device can be run on the protected computers
“The analysis engine evasion allows an attacker to completely bypass FireEye’s virtualization-based dynamic analysis on Windows and add arbitrary binaries to the internal whitelist of binaries for which the analysis will be skipped until the whitelist entry is wiped after a day”
“FireEye is employing the Virtual Execution Engine (VXE) to perform a dynamic analysis. In order to analyze a binary, it is first placed inside a virtual machine. A Windows batch script is then used to copy the binary to a temporary location within the virtual machine, renaming it from “malware.exe” to its original file name.”
“No further sanitization of the original filename is happening which allows an attacker to use Windows environment variables inside the original filename which are resolved inside the batch script. Needless to say this can easily lead to an invalid filename, letting the copy operation fail.”
Let’s take the filename FOO%temp%BAR.exe which results in:
copy malware.exe “%temp%\FOOC:\Users\admin\AppData\Local\TempBAR.exe”
The filename, directory name, or volume label syntax is incorrect.
“The batch script continues and tries to execute the binary under its new name which of course will fail as well because it does not exist.”
“Afterwards the behavioral analysis inside the virtual machine is started which is running for a certain amount of time looking for malicious behavior. Since the binary was not started in the virtual machine in the first place, an empty virtual machine will be analyzed and no malicious behavior will be detected.”
“Once a binary was analyzed and did not show any malicious behavior, its MD5 hash is added to an internal list of binaries already analyzed. If a future binary which is to be analyzed matches an MD5 hash in this list, the analysis will be skipped for that file. The MD5 hash will stay in the white list until it is wiped after day.”
The issue was reported to FireEye on September 14th, and responded quickly
FireEye released updates for some of its products on October 5th and 15th
On December 31st FireEye published their Q4 security advisory
FireEye Security Advisory
On January 14th, FireEye asked that BFS delay publication of the vulnerability for another 30 days, as too many clients had not yet installed the update

Libgraphite Vulnerabilities Impact Firefox, OpenOffice, and Others

Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library
Which is used for font processing in Linux, Firefox, OpenOffice, and other major applications.
The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution.
A second vulnerability is an exploitable heap overflow.
Finally, the last two vulnerabilities result in denial of service situations.
To exploit these vulnerabilities, an attacker simply needs the user to run a Graphite-enabled application that renders a page using a specially crafted font that triggers one of these vulnerabilities.
Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).
Graphite is a package that can be used to create “smart fonts” capable of displaying writing systems with various complex behaviors.
Basically Graphite’s smart fonts are just TrueType Fonts (TTF) with added extensions.
The issues that Talos identified include the following:

An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service.

A specially crafted font can cause a buffer overflow resulting in potential code execution.

An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash.

If a malicious font is provided then an arbitrary length buffer overflow can occur when handling context items.
The first denial of service issue results from a NULL pointer dereference.
The second denial of service issue results from an out of bounds read that can not only cause a DoS, but it can also cause a leak of information. When reading an invalid font where the local table size is set to 0, an out of bounds read will occur.
Known Vulnerable Versions:
Libgraphite 2-1.2.4
Firefox 31-42
Firefox ESR before 38.6.1

Feedback:

Make sure you patch your linux machines for the glibc vulnerability

Round Up:

The post Weaponized Comic Sans | TechSNAP 254 first appeared on Jupiter Broadcasting.

Cisco’s Perfect 10 | TechSNAP 253

chris — Thu, 11 Feb 2016 17:50:21 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Cisco has a wormable vulnerability in its Firewall appliances, crimeware that allows unlimited ATM withdrawals & the big problem with the Java installer.

Plus great questions, a rocking round up & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Cisco ASA IPSec vulnerability given highest possible CVSS score

Cisco has released a patch for a critical vulnerability its ASA (Adaptive Security Appliance) firewalls
“The Cisco ASA Adaptive Security Appliance is an IP router that acts as an application-aware firewall, network antivirus, intrusion prevention system, and virtual private network (VPN) server. It is advertised as “the industry’s most deployed stateful firewall.” When deployed as a VPN, the device is accessible from the Internet and provides access to a company’s internal networks.”
“A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.“
“The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.”
So the router can be owned by a single UDP packet. It could then be controlled by the attack and used to send more of those UDP packets, making this a “wormable” exploit
Affected devices include:
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance (ASAv)
- Cisco Firepower 9300 ASA Security Module
- Cisco ISA 3000 Industrial Security Appliance
Users of ASA software versions 7.x, 8.0 – 8.6, will be forced to upgrade to ASA version 9.1
The researchers had dubbed the exploit “Execute My Packet”
“The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data.”
Attempts to exploit the attack can be detected with packet inspection:
“Looking for the value of the length field of a Fragment Payload (type 132) IKEv2 or IKEv1 packet allows detecting an exploitation attempt. Any length field with a value < 8 must be considered as an attempt to exploit the vulnerability. The detection also has to deal with the fact that the multiple payloads can be chained inside an IKEv2 packet, and that the Fragment Payload may not be the only/first payload of the packet.”
Researcher Post
Additional Coverage: SANS
SANS says “We are seeing a LARGE INCREASE in port 500/UDP traffic (see and select TCP Ratio for the left Y axis. earlier spikes affecting this port were mostly TCP)”

Metel crimeware allows unlimited ATM withdrawls

An APT (Advanced Persistent Threat) crimeware package has been found in the wild, being used to drain ATMs and bank accounts
This type of attack was previously the exclusive territory of Nation States
“It contains more than 30 separate modules that can be tailored to the computer it’s infecting. One of the most powerful components automatically rolls back ATM transactions shortly after they’re made. As a result, people with payment cards from a compromised bank can withdraw nearly unlimited sums of money from ATMs belonging to another bank. Because the Metel module repeatedly resets card balances, the criminals never pass the threshold that would normally freeze the card. Last year, the rollback scheme caused an unnamed bank in Russia to lose millions of rubles in a single night.”
“Metel usually gains an initial foothold by exploiting vulnerabilities in browsers or through spear phishing e-mails that trick employees to execute malicious files. Members of the Metel hacking gang then use legitimate software used by server administrators and security researchers to compromise other PCs in an attempt to further burrow into the targeted network. They will often patiently work this way until they gain control over a system with access to money transactions, for example, PCs used by call center operators or IT support.”
“Metel illustrates the growing sophistication of hackers targeting banks. It wasn’t long ago that reconnaissance, social engineering, state-of-the-art software engineering, lateral movements through a network, and long-term persistence were largely the exclusive hallmarks of so-called advanced persistent threat actors that painstakingly hack high-profile targets, usually on behalf of government spy agencies. Hackers targeting financial institutions, by contrast, took a more opportunistic approach that infected the easiest targets and didn’t bother with more challenging ones. Now, sophisticated techniques are increasingly a part of financially motivated hacking crimes as well.”
Other groups have been found doing similar things:
“The so-called GCMAN group, which gets its name because its malware is built using the GCC compiler. Like Metel, its members gain an initial foothold into financial institutions using spearphishing e-mails and from there use widely available tools such as Putty, VNC, and Meterpreter to broaden their access. In one case, GCMAN members had access to one targeted network for 18 months before siphoning any funds. When the group finally sprang into action, it used automated scripts to slowly transfer funds—about $200 per minute—into the account of a so-called “mule,” who was designated to withdraw the money.”
“The Carbanak 2.0 malware, which in one recent case used its access to a financial institution to change ownership details of a large company. The records were modified to list a money mule as one of the shareholders. After attacking a variety of banks last year, the gang took a five-month sabbatical that caused Kaspersky researchers to think it had disbanded. In December, Kaspersky confirmed the group was active and had overhauled its malware to target new classes of victims”
“Kaspersky researchers said all three gangs appear to be active and are known to have collectively infected 29 organizations in Russia. The researchers said they suspect the number of institutions hit by the groups is much higher.”
Researcher Post
Indicators and Signatures

Java installer vulnerable to binary planting

“On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later.”
Oracle Advisory
“On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.”
“The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer’s default download folder.”
This allows an attacker to plant their own malicious binaries there, and then when the “trusted” Java installer is run with enhanced privileges, the malicious .dll gains those enhanced permissions
“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious web site and download files into the user’s system before installing Java SE 6, 7 or 8. Though relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system.”
It is not clear how Oracle’s new java downloader is improved, but it is likely not as good as it should be
Many other downloaders are also likely vulnerable, but the applications do not have the same install base as java
For less sophisticated users, the process of “clearing download history” would seem to imply that the files are removed as well, which is not the case

Feedback:

Round Up:

The post Cisco's Perfect 10 | TechSNAP 253 first appeared on Jupiter Broadcasting.

A Look Back On Feedback | TechSNAP 251

chris — Thu, 28 Jan 2016 08:02:40 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Since Allan is off being fancy at FOSDEM, we decided that now would be a good time to celebrate the audience & feature some of the best feedback we’ve had over the years!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Episode List

The post A Look Back On Feedback | TechSNAP 251 first appeared on Jupiter Broadcasting.

Lights out Management | TechSNAP 250

chris — Thu, 21 Jan 2016 10:00:10 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The bizarre saga of Juniper maybe finally be coming to a conclusion, details about SLOTH, the latest SSL vulnerability that also affects IPSec and SSH & the attack on the Ukrainian power grid made possible by malware.

Plus your questions with a special theme, a rockin roundup & much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Still more questions about Dual_EC in Juniper devices

“Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system”
“The networking giant said it was not only removing Dual_EC, but also the ANSI X9.31 algorithm from ScreenOS starting with an upcoming release sometime in the first half of this year”
Questions still remain as to why it was used in the first place
Also, questions about some strange coding decisions that lead to the ANSI X9.31 algorithm being subtle broken
It is still unclear how the backdoors were added to the code, or by whom
At last week’s Real World Crypto conference a team of crypto experts presented a number of revelations, including the news that Juniper’s use of Dual_EC dates to 2009, perhaps 2008, at least a year after Dan Shumow and Neils Ferguson’s landmark presentation at the CRYPTO conference that first cast suspicion on Dual_EC being backdoored by the NSA. Shumow’s and Ferguson’s work showed that not only was Dual_EC slow compared to other pseudo random number generators, but it also contained a bias
“Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, told Threatpost that he and his colleagues on this investigation looked at dozens of versions of NetScreen and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output”
“And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.”
“It’s very bizarre. I’ve never seen anything like that before where gone from something that was working and written in a standard manner to something as strange as this,” he said. It’s that bug that enabled another attacker to replace the Dual_EC constant—thought to belong to the NSA—with their own constant
“The scenario harkens back to the documents leaked by NSA whistleblower Edward Snowden, in particular the NSA’s Project BULLRUN, which explains the NSA’s subversion of Dual_EC and eventually the revelation that RSA Security was allegedly paid $10 million by the NSA to use the algorithm in its products”
The SSH backdoor on the other hand, is clearly malicious
A network diagram

SLOTH, the latest SSL/TLS vunerability, but also affects IPSec and SSH

“If you thought MD5 was banished from HTTPS encryption, you’d be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely used in the transport layer security protocol that underpins HTTPS. Now, researchers have devised a series of attacks that exploit the weaknesses to break or degrade key protections provided not only by HTTPS but also other encryption protocols, including Internet Protocol Security and secure shell.”
“The attacks have been dubbed SLOTH—short for security losses from obsolete and truncated transcript hashes. The name is also a not-so-subtle rebuke of the collective laziness of the community that maintains crucial security regimens forming a cornerstone of Internet security. And if the criticism seems harsh, consider this: MD5-based signatures weren’t introduced in TLS until version 1.2, which was released in 2008. That was the same year researchers exploited cryptographic weaknesses in MD5 that allowed them to spoof valid HTTPS certificates for any domain they wanted. Although SHA1 is considerably more resistant to so-called cryptographic collision attacks, it too is considered to be at least theoretically broken. (MD5 signatures were subsequently banned in TLS certificates but not other key aspects of the protocol.)”
“”Notably, we have found a number of unsafe uses of MD5 in various Internet protocols, yielding exploitable chosen-prefix and generic collision attacks,” the researchers wrote in a technical paper scheduled to be discussed Wednesday at the Real World Cryptography Conference 2016 in Stanford, California. “We also found several unsafe uses of SHA1 that will become dangerous when more efficient collision-finding algorithms for SHA1 are discovered.””
“The most practical SLOTH attack breaks what’s known as TLS-based client authentication. Although it’s not widely used, some banks, corporate websites, and other security-conscious organizations rely on it to ensure an end user is authorized to connect to their website or virtual private network. It works largely the same way as TLS server authentication, except that it’s the end user who provides the certificate rather than the server.”
OpenVPN uses this to authenticate clients
“When both the end user and the server support RSA-MD5 signatures for client authentication, SLOTH makes it possible for an adversary to impersonate the end user, as long as the end user first visits and authenticates itself to a site controlled by the attacker. The so-called credential forwarding attack is carried out by sending carefully crafted messages to both the end user and the legitimate server. To impersonate the end user, an attacker must complete some 239 (about 5.75 billion) hash computations, an undertaking that requires about an hour using a powerful computer workstation with 48 cores.”
“The impersonation attack is made possible by the susceptibility of MD5 to collision attacks, in which the two different message inputs generate precisely the same cryptographic hash. Because MD5 is a 128-bit function, cryptographers once expected to find a collision after completing 264 computations (a phenomenon known as the birthday paradox reduces the number of bits of security of a given function by one half). Weaknesses in MD5, however, reduce the requirement to just 215 (or 32,768) for a collision or 239 for more powerful chosen-prefix collisions, in which an attacker can choose different message inputs and add values that result in them having the same hash value. Such an attack would be infeasible if MD5 hadn’t been added to TLS in 2008.”
“SLOTH can also be used to cryptographically impersonate servers, but the requirements are steep. An attacker would first have to make an astronomically large number of connections to a server and then store the results to disk. If the attacker made 2X connections, it would then require making 2(128-X) computations. If the number of connections, for example, was 264, the attack would require 264 computations. The precomputation requirements are high enough to be outside the capability of most attackers, but they remain feasible for government-sponsored adversaries or those with similarly deep pockets.”
“The researchers behind SLOTH have been privately working with developers of vulnerable software to come up with a fix. A partial list of protocols that were identified as vulnerable included TLS versions 1.1, 1.2, and 1.3; IKE versions 1 and 2; and SSH version 2. Vulnerable software included various versions of OpenSSL, NSS, Oracle Java, BouncyCastle Java, and PolarSSL/mbedTLS”
The researchers cited this Internet scan indicating 32 percent of TLS servers supported RSA-MD5 signatures.

Attack on Ukrainian power grid, made possible by malware

“The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage. This attack consisted of at least three components: the malware, a denial of service to the phone systems, and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates that the missing component was direct interaction from the adversary and not the work of malware. Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.”
“The cyber attack was comprised of multiple elements which included denial of view to system dispatchers and attempts to deny customer calls that would have reported the power out. We assess with high confidence that there were coordinated attacks against multiple regional distribution power companies. Some of these companies have been reported by media to include specifically named utilities such as Prykarpattyaoblenergo and Kyivoblenergo. The exact timeline for which utilities were affected and their ordering is still unclear and is currently being analyzed. What we do know is that Kyivoblenergo provided public updates to customers, shown below, indicating there was an unauthorized intrusion (from 15:30 — 16:30L) that disconnected 7 substations (110 kV) and 23 (35 kV) substations leading to an outage for 80,000 customers.”
It appears that malware on workstations at the power companies allowed the attackers to gain a foothold in the network and start moving around laterally
They also used this foothold to deny the operators of the power distribution system a correct view of what was happening.
Combined with a denial of service attack against the phone system, the operators were left unaware that a large number of substations had been shut down
The attacks also used the malware to interfere with efforts to regain control of the computers and SCADA systems that control the power grid
From what has been reported, here is the information to date that we are confident took place. The exact timing of the events is still being pieced together.
The adversary initiated an intrusion into production SCADA systems
Infected workstations and servers
Acted to “blind” the dispatchers
Acted to damage the SCADA system hosts (servers and workstations)
Action would have delayed restoration and introduce risk, especially if the SCADA system was essential to coordinate actions
Action can also make forensics more difficult
Flooded the call centers to deny customers calling to report power out
Because of the way the SCADA systems work, it is almost a certainty that the attacks purposefully opened the breakers to turn off the power, as opposed to it just being a side effect of the malware
Luckily, the Ukrainian power grid does not rely heavily on SCADA, using it mostly as a convenience. Other more automated power grids would not have been able to restore power as quickly
“We are very interested in helping power utilities learn as much as they can from this real world incident. We would also note the competent action by Ukrainian utility personnel in responding to the attack and restoring their power system. As a community the power industry is dedicated to keeping the lights on. What is now true is that a coordinated cyber attack consisting of multiple elements is one of the expected hazards they may face. We need to learn and prepare ourselves to detect, respond, and restore from such events in the future.”
Squirrels attacking the power grid

Feedback:

Round Up:

The post Lights out Management | TechSNAP 250 first appeared on Jupiter Broadcasting.

Snappy New Year! | TechSNAP 247

chris — Thu, 31 Dec 2015 08:09:23 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We take a look back at some of the big stories of 2015, at least, as we see it.

Plus the round up & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Episode 227: Oracle’s EULAgy #oraclefanfic

Oracle Chief Security Officer, Mary Ann Davidson, makes a blog post railing against reverse engineering and security research
Claims Oracle is pretty good at finding bugs in their own code, and doesn’t need anyone else’s help, and that is violates their EULA
The blog post was quickly taken down, but this is the Internet, it doesn’t work like that

Episode 196: Sony’s Hard Lessons

Bruce Schneier walks us through what we can learn from the hack of Sony’s corporate network

Episode 217: An Encryptioner’s Conscience

A recurring theme: firmware is terrible
Replace your router with something that runs a real OS
Luckily, more and more routers finally have enough hardware to run a minimal Linux or BSD install
Smaller APU and Atom machines can run full OS or appliance software like pfSense

Episode 211: The French Disconnection

Episodes recorded live in the studio always have a different feel to them, especially when it happens to be the 4th anniversary of the show
The top story in this episode was about how to detect when your network has been breached
Some great detail, and discussion of the Target and Sony hacks as examples of what to do, and what not to do

Episode 212: Dormant Docker Disasters

The man who broke the music business
Detailing the infinalside story of how some of the most popular music albums made it onto the internet before they were even in stores
Again, in person episodes are always special

Episode 237: A Rip in NTP

Recap of my visit to the OpenZFS

Round Up:

The post Snappy New Year! | TechSNAP 247 first appeared on Jupiter Broadcasting.