Show Notes: techsnap.systems/428

The post RAID Reality Check | TechSNAP 428 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/426

The post Storage Stories | TechSNAP 426 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/423

The post Hopeful for HAMR | TechSNAP 423 first appeared on Jupiter Broadcasting.

How to get an SSL certificate for other people’s domains, how to decrypt HTTPS traffic with some javascript & the latest storage reliability report.

Plus great questions & a rocking round up!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Keeping Positive: Obtaining wildcard SSL certificates for arbitrary domains

I recently decided to investigate the security of various certificate authority’s online certificate issuing systems. These online issuers allow certificate authorities to verify that someone owns a specific domain, such as thehackerblog.com and get a signed certificate so they can enable SSL/TLS on their domain.

When I started out hunting for possible vulnerabilities, my initial strategy was to look for the cheapest, most 90’s-looking, poorly designed certificate authority websites. Since the compromise of any certificate authority allows an attacker to bypass all the protections of SSL/TLS it doesn’t even have to be a popular provider because they all have the same power. After doing a bit of searching I realized it would be advantageous to do testing against authorities that had free SSL certificates, since doing tests against these wouldn’t cost me any money. I passed on Let’s Encrypt because I figured it had already been thoroughly audited, the second site I saw was a 30 day free trial from Positive SSL (a company owned by Comodo).

Upon entering your CSR and selecting the software you used to generate it, you then select the email address for domain validation (from the website’s WHOIS) and arrive on a “Corporate Details” page. This is the vulnerable portion of the application, where you fill out your company/personal information getting to the email validation portion

When I first went through this process I mindlessly filled out junk HTML for all of these fields. The service then sent a verification email to the email address on the website’s WHOIS info. Once I received the email, I noticed the HTML was not being properly escaped and the markup I had entered before was being evaluated. This is really bad because the email also contained a verification code which could be used to obtain an SSL/TLS certificate for my website. This means if I had a way to leak a victim’s token, I could obtain a valid certificate for their site, so that I could intercept traffic to that site seamlessly without users knowing I was doing so

• Normally, the email provides the user with a link and the code to validate the certificate. However, because an attacker can fill out the form fields with HTML, they can change the message in the email, instead requiring you to click a link within the next 24 hours to REJECT this bogus certificate
• So, in the field he wrote some HTML that included an form tag and a textarea tag that was never closed
• This resulted in everything that appears after that field in the email, being swallowed by the text area, rather than the body of the email.
• Then a later form field adds a button, “click here to reject this request”. When the user clicks the button, it submits the contents of the HTML textarea (including the verification code) to the attacker’s website, giving them the code, allowing them to approve the certificate for YOUR domain

Form submissions are a great way to leak secrets like this because they work in many different mail clients. Even the iPhone’s Mail app supports this functionality

Once I’ve leaked the code from the victim in this way, I can then log into the account I created during the certificate request process and download the SSL/TLS certificate

One other important thing to note is that resellers of Comodo’s certificates were also affected as well. This risk is amplified because resellers can have a customized HTML header and footer for the verification emails that get sent out. This means that it would be possible for a third party vendor to have a dangling tag in the header combined with a single quote in the footer which would side-channel leak the verification code in the email body (similar to the attack above, but automatic with no user interaction). This style of dangling mark-up injection wasn’t possible in the previously proof-of-concept but is possible for resellers.

• Timeline:
• June 4th, 2016 – Emailed security@comodo.com and reached out on Twitter to @Comodo_SSL.
  • June 6th, 2016 – Robin from Comodo confirms this is the correct contact to report security issues, provides PGP key.
  • June 6th, 2016 – Emailed Comodo the vulnerability PGP-encrypted and sent my PGP public key.
  • June 7th, 2016 – Robin from Comodo confirms they understand the bug and state they will work on a fix as soon as possible.
  • June 20th, 2016 – Emailed Comodo for status update.
  • July 1st, 2016 – Outline timeline for responsible disclosure date (90 days from report date per industry standards).
  • July 25th, 2016 – Robin from Comodo confirms a fix has be put in place.

Normally, the name of the game when it comes to finding a way to mint arbitrary SSL/TLS certificates is to find the smallest, cheapest, and oldest certificate provider you can. Comodo is the exact opposite of this, they have a 40.6% marketshare and are the largest minter of certificates on the internet. Basically, they are the largest provider of SSL/TLS certificates and yet they still suffer from security issues which would be (hopefully) caught on a regular penetration testing engagement. This paints a grim picture for the certificate authority system. If the top providers can’t secure their systems, how could the smaller providers possibly be expected to do so? It’s a hard game to play since the odds are heavily stacked in the attacker’s favor with tons of certificate authorities all with the power to mint arbitrary certificates. A single CA compromise and the entire system falls apart.

Luckily, we have some defences against this with newer web technologies such as Public Key Pinning which offers protection against attackers using forged certificates. This is a fairly powerful mitigation against an attacker with a forged certificate. However, the support is iffy with a lack of support in Internet Explorer, Edge, Safari, and Safari on iOS.

Many people like to speak of a certificate authority hack as if it was something only a nation state could accomplish, but just a day’s worth of searching led me to this issue and I don’t doubt that many providers suffer from much more severe vulnerabilities. What happens when your attacker doesn’t care about ethical boundaries and is willing to do much more in-depth testing? After all, this is Comodo, the largest provider. What about the smaller certificate providers? Do they really stand a chance?

HEIST: New attack allows stealing sensitive information web HTTPS encrypted pages

• HEIST: HTTP Encrypted Information can be Stolen through TCP-windows
• This new attack exploits how HTTPS responses are delivered over TCP, and how compression is used, and the new Javascript API

The exploit is notable because it doesn’t require a man-in-the-middle position. Instead, an end user need only encounter an innocuous-looking JavaScript file hidden in an Web advertisement or hosted directly on a webpage. The malicious code can then query a variety of pages protected by the secure sockets layer or transport layer security protocols and measure the precise file sizes of the encrypted data they transmit.

Once attackers know the size of an encrypted response, they are free to use one of two previously devised exploits to ferret out the plaintext contained inside it. Both the BREACH and the CRIME exploits are able to decrypt payloads by manipulating the file compression that sites use to make pages load more quickly.

• “HEIST makes a number of attacks much easier to execute,” Tom Van Goethem, one of the researchers who devised the technique, told Ars. “Before, the attacker needed to be in a Man-in-the-Middle position to perform attacks such as CRIME and BREACH. Now, by simply visiting a website owned by a malicious party, you are placing your online security at risk.”
• Rather than having to visit a malicious website, all that is required is that you end up being served a malicious advertisement, on any website

Using HEIST in combination with BREACH allows attackers to pluck out and decrypt e-mail addresses, social security numbers, and other small pieces of data included in an encrypted response. BREACH achieves this feat by including intelligent guesses—say, @gmail.com, in the case of an e-mail address—in an HTTPS request that gets echoed in the response. Because the compression used by just about every website works by eliminating repetitions of text strings, correct guesses result in no appreciable increase in data size while incorrect guesses cause the response to grow larger.

To determine the size of an HTTPS-protected response, the attacker uses an oracle technique that returns what amounts to a yes-or-no response to each guess. When a request containing “value=” results in the same data size, the attacker knows that string is inside the encrypted response and then tries to modify the guess to include the next character, say “value=0”. If that guess results in a larger file size, the attacker knows it’s wrong and will try “value=1”, “value=2”, and so on until the new guess similarly results in a response that shows no increase in file size. The attacker then tries to guess the next character and repeats the process until the entire token has been recovered.

Until now, this BREACH-style exploit required the attacker to be able to actively manipulate the traffic passing between the Web server and end user. A HEIST-enabled BREACH exploit removes that limitation. It does this by using TCP characteristics as a quasi cryptographic side channel to measure the size of an HTTPS response. TCP divides large transmissions into smaller fixed-sized chunks called frames and further groups frames inside what are called TCP windows, which are sent one at a time. TCP sends a new window only after receiving confirmation that frames from the previous window were received by the end user.

HEIST is able to count the number of frames and windows sent by interacting with a set of newly approved APIs, one called Resource Timing and another called Fetch. In the process, they allow a piece of JavaScript to determine the exact size of an HTTPS response.

Van Goethem said the only mitigation he knows of is to disable the third-party cookies, since responses sent by the HTTPS site are no longer associated with the victim. At the moment, most Web browsers by default enable the receipt of third-party cookies, and some online services don’t work unless third-party cookies are allowed.

Wednesday’s demo will show how a malicious ad displayed on The New York Times website is able to painstakingly measure the size of an encrypted response sent by a fictitious third-party site they dubbed targetwebsite.com (see the image below). It will go on to show how that information can be used to infer the characters contained in a security token designed to prevent cross-site request forgery attacks

• And, we are not protected by the next generation HTTP protocol either

HEIST is also effective against HTTP/2, the drop-in replacement for the older HTTP standard that encrypts all Web traffic. In some cases, HEIST can abuse new features of HTTP/2 to increase the damaging effects.

• If we know that HTTP/2 is used, we can let the browser simultaneously request the targeted resource, and another resource that contains reflected content,” Vanhoef and Van Goethem wrote in a research paper.

Since HTTP/2 is used, both requests are sent in parallel to the server, and the server replies to them in parallel as well.

It’s too early to know if HEIST combined with BREACH will be exploited against real people visiting real HTTPS-protected websites. While there’s no indication that BREACH has ever been exploited in the wild, the new convenience offered by HEIST may change that.

• Blackhat Slides
• Research Paper

Backblaze: 2016 Q2 hard drive failure rates

• Backblaze has published their latest numbers on drive failures
• This is the first report to feature the newer 8TB drives
• As before, the HGST drives are doing very well, although some models seem to be doing better than others. The Seagate drives are on spec, and the Western Digital drives are not doing so well. Although there is relatively few WD drives, not because of the high failure rate, but as explained in the 2016Q1 report, just difficulty acquiring large numbers of them
• Almost half of all drives in BackBlaze are the Seagate 4TB desktop model
• I think it would help for BackBlaze’s formula to consider the age of the drive. Of course the failure rate of older drives will increase over time. It would be interesting to see a graph of the failure rate vs drive age
• The Seagate 4TB drives seem to be doing as expected. I feel confident in my decision to purchase these exact drives for my own use
• Backblaze explains their formula, and reminders readers to consider the formula when looking at the numbers. A single drive failure in a new set of Toshiba 5TB drives gives a result of a nearly 9% failure rate, but obviously the sample set is too small
• There is also an interesting discussion of their migration process, moving data from 64+ month old hard drives to new larger drives
• Further down, they also provide a breakdown of their failure statistics from 2013 through 2016, which makes for much more interesting reading
• In general, most of the drives seem to perform as expected, with a 1 – 3 % annual failure rate
• Of course, BackBlaze does not buy the fancier Enterprise drives. Hopefully someone else will produce a similar report using Enterprise drives, so we can see if they are worth the extra money.

The 4TB Seagate drives are our workhorse drives today and their 2.8% annualized failure rate is more than acceptable for us. Their low failure rate roughly translates to an average of one drive failure per Storage Pod per year. Over the next few months expect more on our migrations, a look at the day in the life of a data center tech, and an update of the “bathtub” curve, i.e. hard drive failure over time

• If you would like to do your own thing with the data, here it is

Feedback:

• Any way to guess or estimate how many drives would be needed? // Slexy 2.0

• how secure are long unique links?

• Google’s Unguessable URLs – Schneier on Security

• Redirecting domain requests, mail and linking droplets

  • DNS Made Easy for dns or backup mx

• Hosting your own email – follow up to Feedback Episode 277

Round Up:

• Networking hardware vendor TP-Link today admitted violating US radio frequency rules by selling routers that could operate at power levels higher than their approved limits. In a settlement with the Federal Communications Commission, TP-Link agreed to pay a $200,000 fine, comply with the rules going forward, and to let customers install open source firmware on routers
• FireFox 48 finally ships, with multiprocess support. For the next few days, only a fraction of a percent of Firefox 48 users will have Electrolysis turned on by default. If this mini-rollout goes well, the multiprocess feature will be rolled out to about half of all Firefox 48 users
• Malvertising Campaign Infected Thousands of Users per Day for More than a Year
• EFF Files lawsuit challenging DMCA provisions that place restrictions on security researchers
• Iranian hackers compromise Telegram’s secure messaging
• FireEye releases: Overload: Critical lessons from 15 years of ICS vulnerabilities
• QRLJacking attack can bypass any QR login system
• Something I have been saying for years, FTC says frequent forced password changes are the enemy of security Allan’s post from 2009 came to the same conclusion
• Japanese Olympic Gymnist racks up $5000 mobile data bill playing Pokemon go in Brazil
• Deanonymizing Windows users and stealing Microsoft and VPN accounts
• SwiftKey was accidently sharing your autocorrect suggestions with other people, leaking email contents, search history, and more

The post Dangerous Dangling Quotes | TechSNAP 278 first appeared on Jupiter Broadcasting.

The theoretical Android flaw becomes reality, a simple phishing scam hits some major companies & why your PIN has already been leaked.

Plus great questions, our answers, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

W2 Phishing scams hit a number of companies

• “Payday lending firm Moneytree is the latest company to alert current and former employees that their tax data — including Social Security numbers, salary and address information — was accidentally handed over directly to scam artists”
• “Seattle-based Moneytree sent an email to employees on March 4 stating that “one of our team members fell victim to a phishing scam and revealed payroll information to an external source.”
• “Moneytree was apparently targeted by a scam in which the scammer impersonated me (the company co-founder) and asked for an emailed copy of certain information about the Company’s payroll including Team Member names, home addresses, social security numbers, birthdates and W2 information,” Moneytree co-founder Dennis Bassford wrote to employees.”
• Why that would even be a reasonable request, I don’t know
• “Unfortunately, this request was not recognized as a scam, and the information about current and former Team Members who worked in the US at Moneytree in 2015 or were hired in early 2016 was disclosed. The good news is that our servers and security systems were not breached, and our millions of customer records were not affected. The bad news is that our Team Members’ information has been compromised.”
• Moneytree joins a growing list of companies disclosing to employees that they were duped by W2 phishing scams, which this author first warned about in mid-February. Earlier this month, data storage giant Seagate acknowledged that a similar phishing scam had compromised the tax and personal data on thousands of current and past employees.
• “On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former U.S.-based employees was sent to an unauthorized third party in response to the phishing email scam. The information was sent by an employee who believed the phishing email was a legitimate internal company request.”
• “W2 information is highly prized by fraudsters involved in tax refund fraud, a multi-billion dollar problem in which thieves claim a large refund in the victim’s name, and ask for the funds to be electronically deposited into an account the crooks control.”
• “For better or worse, most companies that have notified employees about a W2 phish this year are offering employees the predictable free credit monitoring, which is of course useless to prevent tax fraud and many other types of identity theft. But in a refreshing departure from that tired playbook, Moneytree says it will be giving employees an extra $50 in their next paycheck to cover the initial cost of placing a credit freeze (for more information on the different between credit monitoring and a freeze and why a freeze might be a better idea, check out Credit Monitoring vs. Freeze and How I Learned to Stop Worrying and Embrace the Security Freeze).”
• ““When something like this happens, the right thing to do is to disclose what you know as soon as possible, take care of the people affected, and learn from what went wrong. To make good on that last point, we will be ramping up our information security efforts company-wide, because we never want to have to write an email like this to you again”.”

New exploit developed for Android Stagefright

• “Security researchers have successfully exploited the Android-based Stagefright bug and remotely hacked a phone, which may leave millions devices vulnerable to attack.”
• “Israeli software research company NorthBit claimed it had “properly” exploited the Android bug that was originally described as the “worst ever discovered”.”
• “The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.”
• “The Stagefright vulnerability was first highlighted by security firm Zimperium in July 2015. The hack was said to be able to execute remote code on Android devices and could possibly affect up to 95 percent of Android devices.”
• “A second critical vulnerability exploited issues in .mp3 and .mp4 files, which when opened were claimed to be able to remotely execute malicious code, was dubbed Stagefright 2.0 in October.”
• The flaws were originally thought to not be easily exploitable, but this new research provides a simple remote exploit case
• “The researchers from NorthBit say they have been able to create an exploit that can be used against Stagefright on Android 2.2, 4.0, 5.0 and 5.1. Other versions are not affected.”
• Android 5.0 and above are protected by ASLR, however “Dabah claims the exploit “depicts a way to bypass” address space layout randomisation (ASLR)”
• “”We managed to exploit it to make it work in the wild,” Dabah said. The research paper reads: “Breaking ASLR requires some information about the device, as different devices use slightly different configurations which may change some offsets or predictable addresses locations.”
• “”I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem”.”
• Researcher PDF
• I am glad my phone runs Android 6.0.1 with the March 2016 Security Updates applied

PIN analysis

• “There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code. Out of these ten thousand codes, which is the least commonly used?”
• “People are notoriously bad at generating random passwords. I hope this article will scare you into being a little more careful in how you select your next PIN number. Are you curious about what the least commonly used PIN number might be?”
• “I was able to find almost 3.4 million four digit passwords. Every single one of the of the 10,000 combinations of digits from 0000 through to 9999 were represented in the dataset”
• “A staggering 26.83% of all passwords could be guessed by attempting the top 20 combinations”
• “The first “puzzling” password I encountered was 2580 in position #22. What is the significance of these digits? Why should so many people select this code to make it appear so high up the list?”
• This turns out to be straight down the middle of a telephone style number pad. Not the same as on on a computer, but most ABMs use the telephone style
• “Another fascinating piece of trivia is that people seem to prefer even numbers over odd, and codes like 2468 occur higher than a odd number equivalent, such as 1357”
• “Statistically, one third of all codes can be guessed by trying just 61 distinct combinations! The 50% cumulative chance threshold is passed at just 426 codes (far less than the 5,000 that a random uniformly distribution would predict)”
• The most unpopular pin is: 8068
• “Warning Now that we’ve learned that, historically, 8068 is (was?) the least commonly used password 4-digit PIN, please don’t go out and change yours to this! Hackers can read too! They will also be promoting 8068 up their attempt trees in order to catch people who read this (or similar) articles.”
• “Many of the high frequency PIN numbers can be interpreted as years, e.g. 1967 1956 1937 … It appears that many people use a year of birth (or possibly an anniversary) as their PIN. This will certainly help them remember their code, but it greatly increases its predictability”
• Pins that start with 19 dominate the top 10%, and all appear within the top 20%
• The heatmap also shows that people tend to use Birthdays a lot as well (MMDD)

Feedback:

• Techsnap feedback
• Network printing
• Linux printing using CUPS (Raspberry Pi)
• OPNsense?

Round Up:

• Hands-on with Intel’s Skull Canyon NUC, the most powerful game-ready mini-PC
• Microsoft has lost their audit data on all Certificate Authorities
• tcpdump is amazing – Julia Evans
• A study by Rutgers University and Microsoft has found that hard drives are more prone to failure due to high levels of humidity [PDF] than high temperature
• U.S. army developing encrypted radar waveform
• AMEX warns customers about breach at third party service provider, in 2013
• Big-name sites hit by rash of malicious ads spreading crypto ransomware
• Inside NIST, how time servers work
• I stayed in a hotel with Android lightswitches and it was just as bad as you’d imagine
• How quickly and easily a card skimmer can be installed
• Hurricane Electric Hosted DNS

The post Metaphorically Exploited | TechSNAP 258 first appeared on Jupiter Broadcasting.

D-Link publishes its private code signing keys, exploiting Windows Symbolic Links & why encryption is not sufficient protection.

Plus some great questions, our answers, a rockin roundup & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

D-Link accidentally publishes its private code signing keys

• As part of its GPL license complain, D-Link makes its firmware source code available for many of its devices
• “He had purchased the DCS-5020L-surveillance camera from D-Link and wanted to download the firmware. D-Link firmware source code of many open source under a GPL license available.”
• “When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link”
• “In fact, in some batch files were the commands and pass phrases that were needed.”
• The certificates have already been revoked
• Fox-IT confirms: “The code signing certificate is indeed in the firmware packages, firmware version 1.00b03 released February 27 of this year, was released this certificate was therefore issued for expired, a big mistake.”
• We’ll have to cover this in more detail once more information is available, in English

“Investigating the Computer Security Practices and Needs of Journalists”

• A survey found that 50% of journalists do not use any security tools
• Those that do, may not realize that the tools they are using are ineffective, or that the way they are using them hurts their security
• “Observation: The computer security community builds a lot of tools that might be useful for journalists, but we don’t deeply understand the journalistic process!”
• “I report on unauthorized immigrants a great deal and have concerns about how to communicate with them without putting them at risk. That said, asking them to use encrypted methods of communication I think would create a greater sense of threat about talking to me and make it more difficult to report. Many are also not extremely computer-savvy. This is something I struggle with a great deal”
• “Objective: Conduct in-depth interviews with full-time journalists at recognized media organizations operating across a range of media, including print, digital, broadcast and wire services”
• Figure out the typical workflow for a journalist, model security tools that work with them, instead of forcing them to a workflow dictated by the tools
• Findings:
  • “Audio recording and digital note-taking were primary forms of interview documentation.”
  • “Many participants use third-party cloud services, but few voiced concern about possible security risks”
  • Long-term sources are common
• Sources like Snowden, a big one-time data dump, are rare
• Security Concerns:
• Negative effects on source
• Loss of credibility if source information was exposed
• Government identification of sources
• Disciplinary actions (e.g., losing job)
• Loss of competitive advantage
• Potential financial consequences
• The project found that in most cases of a journalist using security tools, it was because the source requested it, or because the journalist had had specific security training
• “A lot of services out there say they’re secure, but having to know which ones are actually audited and approved by security professionals — it takes a lot of work to find that out.”
• “There were different kinds of litigation software that I was familiar with as a lawyer, where, let’s say, you have a massive case, where you have a document dump that has 15,000 documents. […] There are programs that help you consolidate and put them into a secure database. So it’s searchable [and provides a secure place where you can see everything related to a story at once]. I don’t know of anything like that for journalism.”
• It will be interesting to see what comes out of this research

Exploiting Windows Symbolic Links

• “For the past couple of years I’ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I’ve used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context.”
• “Symbolic links in themselves are not vulnerabilities, instead they’re useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use.”
• A time-of-check time-of-use vulnerability works like this:
  • You setup a symlink to a file you are allowed to access
  • You try to access a resource
  • The software checks that you are allowed to access the resource, you are
  • You quickly re-target the symlink to something else
  • You try to access the resource, and the software allows you, since it has already checked that you are allowed
  • You now have access to a resource you should not
• “This blog post contains details of a few changes Microsoft has made to Windows 10, and now back ported (in MS15-090) as far back as Windows Vista which changes who can use certain types of symbolic links. There’s not been many mitigations of this type which get back ported to so many older versions of Windows. Therefore I feel this is a good example of a vendor developing mitigations in response to increased attacks using certain techniques which wouldn’t have traditionally been considered before for mitigations.”
• Almost everything in the Windows file system is a symbolic link. Even C: is actually a symbolic link to \Device\HarddiskVolume4 (since NT 3.1)
• Microsoft has released three new mitigations:
• “Registry Key Symbolic Link Mitigation (CVE-2015-2429) — The simplest mitigation implementation is for registry keys. Effectively a sandboxed process is not allowed to ever create a registry key symbolic link. This is implemented by calling RtlIsSandboxToken function when creating a new key (you need to specific a special flag when creating a key symbolic link). It’s also called when setting the SymbolicLinkValue value which contains the link target. This second check is necessary to prevent modifying existing symbolic links, although it would be unlikely to be something found on a real system.”
• “Object Manager Symbolic Link Mitigation (CVE-2015-2428) — If an application tries to create an object manager symbolic link from a sandbox process it will still seem to work, however if you look at where the check is called you’ll find it doing something interesting. When the symbolic link is created the RtlIsSandboxToken function is called but the kernel doesn’t immediately return an error. Instead it uses it to set a flag inside the symbolic link kernel object which indicates to the object manager a sandboxed process has created this link. This flag is then used in the ObpParseSymbolicLink function which is called when the object manager is resolving the target of a symbolic link. The RtlIsSandboxToken is called again, if the current caller is not in a sandbox but the creator was in a sandbox then the kernel will return an error and not resolve the symbolic link, effective making the link useless for a sandboxed to unsandboxed elevation.”
• “NTFS Mount Point Mitigation (CVE-2015-2430) — The final mitigation is for NTFS mount points. In early technical previews of Windows 10 (I first spotted the change in 10130) the check was in the NTFS driver itself and explicitly blocked the creation of mount points from a sandboxed process. Again for presumably application compatibility reasons this restriction has been relaxed in the final release and the back ported mitigations. Instead of completely blocking creation the kernel function IopXxxControlFile has been modified so whenever it sees the FSCTL_SET_REPARSE_POINT file system control code being passed to a driver with a mount point reparse tag it tries to verify if the sandboxed caller has write access to the target directory. If access is not granted, or the directory doesn’t exist then setting the mount point fails. This ensures that in the the majority of situations the sandboxed application couldn’t elevate privileges, as it could already write to the directory already. There’s obviously a theoretical issue in that the target could later be deleted and replaced by something important for a higher privileged process but that’s not very likely to occur in a practical, reliable exploit.”
• “These targeted mitigations gives a clear indication that bug hunting and disclosing the details of how to exploit certain types of vulnerabilities can lead into mitigation development, even if they’re not traditional memory corruption bugs. While I didn’t have a hand in the actual development of the mitigation It’s likely my research was partially responsible for Microsoft acting to develop them. It’s very interesting that 3 different approaches ended up being taken, reflecting the potential application compatibility issues which might arise.”
• “Excluding any bypasses which might come to light these should make entire classes of resource planting bugs unexploitable from a compromised sandboxed process and would make things like time-of-check time-of-use harder to exploit. Also it shows the level of effort that implementing mitigations without breaking backwards compatibility requires. The fact that these only target sandboxes and not system level escalation is particularly telling in this regard.”

Encryption as Protection? Maybe Not

• We often see as part of the coverage of a data breach how the data was not “encrypted”
• As it turns out, having data encrypted on the disk, doesn’t necessarily help, if the data is still “live” on the system
• If your laptop hard drive is encrypted, but you leave it unlocked at the coffee shop and visit the restroom, anyone can access the files on your computer. Having them encrypted did nothing for you
• The way hard drive encryption works, it only protects you if you lock or shutdown the computer, and require a strong passphrase to decrypt the disk to mount it again
• The same applies to a file server or database at a company. Encryption is only useful if access to the data is still strictly controlled
• “A recent espionage prosecution in West Palm Beach, Florida demonstrates that encryption may not be the panacea that organizations think it is. So rather than relying on encryption alone, companies need to adopt and maintain strategies that continue to provide layered security.”
• “After every data breach, we hear the same mantra, “If only the data were encrypted!” As if encryption of data is the answer to data breaches.”
• The case centers in this article centers on Christopher Glenn, a 35-year-old former defense contractor living in his mother’s retirement community
• He worked for the US Government in Honduras
• “He was convicted of stealing and retaining classified documents he obtained which related to U.S. policy in the Middle East”
• “In preparation for his theft, Glenn, a “computer specialist” with a U.S. defense contractor, read up on data security in general and encryption in particular. He apparently read articles about TrueCrypt, a popular freeware encryption product used for On-The-Fly Encryption (OTFE), noting in particular an October 2011 article entitled, “FBI Hackers Fail to Crack TrueCrypt”. Glenn figured that he could create an encrypted partition (called 2012 Middle East) on his drive. He created a 30-character passphrase, thinking that the data would be secured. Indeed, he estimated that it would take the FBI “billions of years” to crack the crypto through brute force.”
• “He was wrong. And he was sentenced to 10 years in jail.”
• “According to case reports, the FBI’s counter-intelligence agents were able to decrypt the encrypted files on Glenn’s computer, which became evidence in his case. Given that this is 2015, they did so in substantially less than the “billions of years” that Glenn anticipated.”
• There is no information on how exactly the FBI decrypted the data, but it was likely an attack against the passphrase, or the machine Glenn had used to encrypt the data
• “Companies need to evaluate not only WHETHER they encrypt data, but when and how they encrypt data. For example, RAM scrapers capture credit card numbers and other personal information, which is encrypted, before the data is encrypted.”
• “All of this must be part of a comprehensive data security program which includes access control, data management, ingress and egress reporting, data loss prevention processes, intrusion detection and prevention, managed and monitored firewalls and other services, threat intelligence, and comprehensive incident response. There are no shortcuts here. Oh yes, and encryption, the right encryption.”
• Encryption of “data at rest” in servers

Feedback

• Will the ZFS port to Linux make BSD less attractive?

• ZFS and low memory machines

• Any drawbacks to hosting multiple domains on one nginx instance?

• LVM?

Round Up:

• LeCie and Seagate wireless external hard drives contain multiple vulnerabilities
• APT malactors using poorly secured satellite links to hide their identity, and the location of their C&C operations
• Apple mitigates but doesn’t fully fix critical iOS Airdrop vulnerability
• Intel says: “OpenSSL – When you come to a fork in the road, take the well-worn path”
• GM stealth patches 5 year old OnStar vulnerability
• Microsoft researcher breaks the security of CryptDB, responds to their dismissal of his research
• How to complain about being spied upon by the government
• 70 year old programmer trying to preserve ancient programming language, on github
• In the Internet of Things, uptime is important
• WSJ: We Need the Right to Repair Our Gadgets
• Woz: “Steve Jobs Played No Role In My Designs For the Apple I & II”
• Symantec/GeoTrust have revoked all SSL certificates issues under the .pw top level domain
• The US State Dept’s email server is named after Henry Stimson, who famously said “Gentlemen do not read each other’s mail”

The post Key Flaw With GPL | TechSNAP 234 first appeared on Jupiter Broadcasting.

A new touchscreen display goes ons ale for the Raspberry Pi that nearly makes it a complete computer, researchers hack the sensors of self driving cars & we speculate rampantly about the iPad Pro, but definitely not the iPhone 6s!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

— Episode Links —

• Raspberry Pi’s official 7″ touchscreen display goes on sale today for $60 | VentureBeat | Dev | by Paul Sawers
• Researcher Hacks Self-driving Car Sensors – IEEE Spectrum
• Time to patch your firmware! Backdoor discovered into Seagate NAS drives

The post Speculated Apples | TTT 210 first appeared on Jupiter Broadcasting.

We break down the critical flaw in OpenSSL, and explain why the Heartbleed catastrophe impacts so many systems we use. the timeline of events, and more.

Plus your great questions, our answers, and much much more.

On this week’s TechSNAP!

Thanks to:

— Show Notes: —

Critical flaw in OpenSSL discloses usernames, passwords and possibly encryption keys

• Two separate groups of researchers discovered a disastrous flaw in OpenSSL, the cryptographic library that protects almost all information on the Internet.
• The flaw is in the rarely used OpenSSL feature ‘heartbeat’ which allows the client to send a block of data to the server and have it returned to the client, keeping the connection and session alive
• The flaw stems from a missing security check, where the software assumes that the ‘length’ of the data send by the client matches the length the client included in the header. When the actual length of the data sent by the client is less than that size, the software returns a larger chunk of memory that intended, disclosing the contents of segments of memory that were recently freed
• This flaw allows an attacker to send a malformed request and in response get up to a 64kb chunk of memory from the server that may contain sensitive information
• There are a number of proof-of-concept tools out there, and when used against an HTTPS server, they often return the HTTP headers of recent requests, which can include POST data (usernames, password, private emails) as well as cookies and other data that could be used for session hijacking
• There also exists the possibility that by brute forcing this exploit an attacker may get some or all of the private key used to decrypt data sent to the server over TLS. In the common case of sessions that lack the newer PFS (Perfect Forward Secrecy) feature, if an attacker managed to compromise the private key, they would be able to decrypt all traffic that was ever encrypted to that key
• It is possible that even PFS sessions may be compromised, if the flaw also leaks the temporary tokens used to make PFS sessions unique
• People I’ve talked to have managed to compromise data from their own servers using only very basic tools, including capturing the admin username and password for a router and hijacking a web forum session
• Because of the risk that the private key for the SSL certificate was compromised, the proper course of action after patching all of the servers and applications, is to re-key the certificate (generate a new private key, and get a fresh certificate signed), and then revoke the old certificate. It is unclear how well the root CAs will handle the load caused by this, or how the CRL and/or OCSP infrastructures will handle the mass revocation of keys
• Luckily, the root CA keys are not likely to have been compromised, as they will not have been on servers exposed to the Internet
• OpenSSL provides SSL/TLS for protocols such as HTTPS (encrypted HTTP, used for online banking, logging in to services including gmail and facebook), IMAP/SMTP and POP3 (encryption for email delivery. This affects all email, and especially the usernames and passwords used to access email), chat servers (IRC and XMPP), many types of VPN (SSL VPNs like OpenVPN) and much more
• The flaw was originally discovered by Neel Mehta of Google Security, and around the same time was independently discovered by Riku, Antti and Matti at Codenomicon. The fix was written by Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org
• OpenSSL versions 1.0.1 through 1.0.1f (including 1.01-beta) are vulnerable. 1.0.2-beta1 is also vulnerable. Versions 1.0.0 and 0.9.8 are not affected. All users of 1.0.1 are encouraged in the strongest terms to upgrade to OpenSSL 1.0.1g (or 1.0.2-beta2).
• Questions are being raised about the fumbling of the responsible disclosure. It seems some companies like CloudFlair and CacheFly were notified as much as a week before anyone else.
• Amazon appears to have not been given any advanced warning – A later post describes steps customers should take
• Also, the security officers of major open source projects including all of the BSDs, Debian/Ubuntu, Suse etc, received absolutely no advanced warning, just the initial security advisory.
• It appears that RedHat has approximately 2 days warning because one of the OpenSSL developers is also on their security team
• The researchers at Codenomicon notified the National Cyber Security Centre Finland (NCSC-FI) and tasked them with coordinating the disclosure to OpenSSL, operating system vendors (which should have included the various BSD and Linux projects), appliance and service vendors (Amazon, Cisco, CloudFlare etc)
• The issue appears to be that while the responsible disclosure was being organized, someone leaked the information and forced OpenSSL to issue the advisory. This was followed quickly by the publishing of the heartbleed.com website (by the researchers at Codenomicon) and the CloudFlare blog post.
• It is unclear why CloudFlare was notified, but Amazon and most open source operating systems were not
• CloudFlare Blog Post features a very long comment thread
• Long thread discussing the issue on the Open Source Software Security list
• Insight on the FreeBSD security process
• Timeline:
  • 2012-01-03 – OpenSSL 1.0.1-beta1 is available
  • 2012-03-14 – OpenSSL 1.0.1 is released, first GA version with heartbeat support
  • (sometime prior to 2014-04-05): Researchers at Codenomicon and Google discover the flaw. The flaw is reported to NCSC-FI (CERT) and OpenSSL
  • 2014-04-07 05:56 – Huzaifa Sidhpurwala (RedHat) add a bug to Red Hat bugzilla
  • 2014-04-07 06:10 – Huzaifa Sidhpurwala sends a mail to linux distros list with no details but an offer to request them privately
  • 2014-04-07 11:34 – Timestamp on RedHat OpenSSL 1.0.1g build
  • 2014-04-07 ??:?? – Information about the bug leaks, forces OpenSSL to issue advisory immediately
  • 2014-04-07 16:53 – Fix is committed to OpenSSL git
  • 2014-04-07 17:27 – OpenSSL releases advisory
  • 2014-04-07 18:00 – CloudFlare posts blog entry (claiming they were notified a week ago)
  • 2014-04-07 19:00 – Heartbleed.com is published
  • 2014-04-09 – The planned disclosure of the bug was to happen here
• Vulnerable:
  • Debian Wheezy (stable) (OpenSSL 1.0.1e-2+deb7u4)
  • Ubuntu 12.04.4 LTS (OpenSSL 1.0.1-4ubuntu5.11)
  • CentOS 6.5 (OpenSSL 1.0.1e-15)
  • Fedora 18 (OpenSSL 1.0.1e-4)
  • OpenBSD 5.3 and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  • FreeBSD 10.0 (OpenSSL 1.0.1e 11 Feb 2013)
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)
• Not Vulnerable:
  • Debian Squeeze (oldstable) (OpenSSL 0.9.8o-4squeeze14)
  • SUSE Linux Enterprise Server
  • FreeBSD 8.4 (OpenSSL 0.9.8y 5 Feb 2013)
  • FreeBSD 9.2 (OpenSSL 0.9.8y 5 Feb 2013)
  • FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
• It is not clear how many appliances are vulnerable, but many consumer grade appliances are likely to be vulnerable and unlikely to receive a fix. If the only solution for these devices is to throw them in the trash and replace them, the issue remains that it would likely take 2-12 months for fresh embedded devices to make it to stores where users could buy new ones
• Analysis:
  • Reddit conspiracy theory – Suggest PHK was right. Did the NSA/GCHQ pay someone to insert this flaw in OpenSSL?
  • Bruce Schneier – Heartbleed is a catastrophic bug in OpenSSL
  • Theo de Raadt – OpenSSL has mitigation counter measures to break the operating systems ability to mitigate such attacks
  • Ted Unangst – Why this didn’t have to happen
  • Ted Unangst – Fixing the mitigation counter measures
  • Brian Krebs – heartbleed exposes web traffic
  • Brian Krebs – heartbleed, what can you do?
  • Elastica – Video explaing heartbleed
  • Sean Cassidy – Diagnosis of Heart Bleed
  • Matthew Green – Attack of the week: OpenSSL Heartbleed
    
  • Matthew Sullivan – Hijacking user sessions with the Heartbleed vulnerability
  • EFF – Possibile evidence that HeartBleed was used by Intelligence Agencies last year
  • [RETRACTED] Errata Security – Why heartbleed doesn’t leak private keys
  • The Hacker News OpenSSL Game
  • List of sites that were vulnerable
  • XKCD
• Canada Halts Online Tax-Filing Services
• The Heartbleed Hit List: The Passwords You Need to Change Right Now
• Additional Coverage – The Register
• Additional Coverage – Washington Post
• Additional Coverage – ThreatPost
• IDS Signature for detecting heartbleed
• What you should know about heartbleed
• Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style
• FreeBSD Security Advisory

Feedback:

• Heartbleed is manna from heaven for spooks and criminals?

• Amazing FreeNAS Motherboard

• PKI at Home

• Applying for an internship at an IT security consulting company

Round Up:

• Comcast: Without Time Warner Cable, we can’t compete against Google, Netflix
• 18 year old security researcher claims to have ability to print airline boarding passes and get free flights around Europe – Will present at “Hack in the box” next month in Amsterdam
• The #1 New Paid App In The Play Store Costs $4, Has Over 10,000 Downloads, A 4.7-Star Rating… And It\’s A Total Scam
• Seagate releases first 6TB drives using perpendicular magnetic recording, no helium required. 25% faster than the WD 6TB Helium drive (which never specified what RPM it ran at). Available in 2, 4, 5 and 6 TB sizes, with SAS 12g/s or SATA 6g/s interfaces and featuring 128mb of cache with a max sustained data transfer rate of 216 MB/s (226 MB/s with SAS interface)
• Drop Condoleezza Rice or we will #dropdropbox
• 5 year old discovered XBox security flaw, access an account without the password by pressing the sparebar a few times… Microsoft sends a gift package including four free games, US$50 and a one-year Xbox Live subscription
• Hewlett-Packard Admits To International Bribery and Money Laundering Schemes
• Before anyone called it “the cloud”, game companies depended on GameSpy to do multiplayer matchmaking “in the cloud”. Since is now shutting down, leaving many older makes unplayable
• Zeus malware found with valid digital certificate
• Scenes from the 2014 Kaspersky Security Analyst Summit
• Microsoft announces Skype TX with studio-grade audio and video for broadcasters
• Schneier: Unbreaking encryption is likely not unbreakable
• MtGox CEO faces likely US arrest as legal woes mount over failed bitcoin exchange

The post SSL Heartbreak | TechSNAP 157 first appeared on Jupiter Broadcasting.

We’ve warned against it for nearly 100 episodes, this week we’ll share the fallout from NBC.com getting hacked, Bit9’s whitelist technology is use against them and their customers.

Plus the bad news for Java users, a batch of your questions, and some big surprises.

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Support the Show: